52 lines
1.3 KiB
Nix
52 lines
1.3 KiB
Nix
{ lib, pkgs, ... }: {
|
|
# Intel graphics support for hardware transcoding
|
|
hardware.graphics = {
|
|
enable = true;
|
|
extraPackages = with pkgs; [
|
|
intel-media-driver
|
|
vpl-gpu-rt
|
|
intel-compute-runtime
|
|
];
|
|
};
|
|
|
|
# Set VA-API driver to iHD (modern Intel driver)
|
|
environment.sessionVariables = {
|
|
LIBVA_DRIVER_NAME = "iHD";
|
|
};
|
|
|
|
# Jellyfin user with render/video groups for GPU access
|
|
users.users.jellyfin = {
|
|
isSystemUser = true;
|
|
group = "jellyfin";
|
|
home = "/var/lib/jellyfin";
|
|
createHome = true;
|
|
extraGroups = [ "render" "video" ];
|
|
};
|
|
users.groups.jellyfin = {};
|
|
|
|
# Create jellyfin directory
|
|
systemd.tmpfiles.rules = [
|
|
"d /var/lib/jellyfin 0755 jellyfin jellyfin - -"
|
|
];
|
|
|
|
services.jellyfin = {
|
|
enable = true;
|
|
openFirewall = true;
|
|
};
|
|
|
|
# Override systemd hardening for GPU access
|
|
systemd.services.jellyfin = {
|
|
serviceConfig = {
|
|
PrivateUsers = lib.mkForce false; # Disable user namespacing - breaks GPU device access
|
|
DeviceAllow = [
|
|
"/dev/dri/card0 rw"
|
|
"/dev/dri/renderD128 rw"
|
|
];
|
|
SupplementaryGroups = [ "render" "video" ]; # Critical: Explicit group membership for GPU access
|
|
};
|
|
environment = {
|
|
LIBVA_DRIVER_NAME = "iHD"; # Ensure service sees this variable
|
|
};
|
|
};
|
|
}
|