parent
228f7e8b46
commit
0500096b45
1 changed files with 10 additions and 27 deletions
|
@ -89,10 +89,14 @@ in
|
||||||
default = "jellyfin_user";
|
default = "jellyfin_user";
|
||||||
};
|
};
|
||||||
|
|
||||||
sopsFile = lib.mkOption {
|
ldapPasswordFile = lib.mkOption {
|
||||||
type = lib.types.path;
|
type = lib.types.path;
|
||||||
description = "Sops file location";
|
description = "File containing the LDAP admin password.";
|
||||||
example = "secrets/jellyfin.yaml";
|
};
|
||||||
|
|
||||||
|
ssoSecretFile = lib.mkOption {
|
||||||
|
type = lib.types.path;
|
||||||
|
description = "File containing the SSO shared secret.";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -223,21 +227,6 @@ in
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
sops.secrets."jellyfin/ldap_password" = {
|
|
||||||
inherit (cfg) sopsFile;
|
|
||||||
mode = "0440";
|
|
||||||
owner = "jellyfin";
|
|
||||||
group = "jellyfin";
|
|
||||||
restartUnits = [ "jellyfin.service" ];
|
|
||||||
};
|
|
||||||
sops.secrets."jellyfin/sso_secret" = {
|
|
||||||
inherit (cfg) sopsFile;
|
|
||||||
mode = "0440";
|
|
||||||
owner = "jellyfin";
|
|
||||||
group = "jellyfin";
|
|
||||||
restartUnits = [ "jellyfin.service" ];
|
|
||||||
};
|
|
||||||
|
|
||||||
shb.backup.instances.jellyfin = {
|
shb.backup.instances.jellyfin = {
|
||||||
sourceDirectories = [
|
sourceDirectories = [
|
||||||
"/var/lib/jellyfin"
|
"/var/lib/jellyfin"
|
||||||
|
@ -371,10 +360,10 @@ in
|
||||||
'';
|
'';
|
||||||
in
|
in
|
||||||
template ldapConfig "/var/lib/jellyfin/plugins/configurations/LDAP-Auth.xml" {
|
template ldapConfig "/var/lib/jellyfin/plugins/configurations/LDAP-Auth.xml" {
|
||||||
"%LDAP_PASSWORD%" = "$(cat /run/secrets/jellyfin/ldap_password)";
|
"%LDAP_PASSWORD%" = "$(cat ${cfg.ldapPasswordFile})";
|
||||||
}
|
}
|
||||||
+ template ssoConfig "/var/lib/jellyfin/plugins/configurations/SSO-Auth.xml" {
|
+ template ssoConfig "/var/lib/jellyfin/plugins/configurations/SSO-Auth.xml" {
|
||||||
"%SSO_SECRET%" = "$(cat /run/secrets/jellyfin/sso_secret)";
|
"%SSO_SECRET%" = "$(cat ${cfg.ssoSecretFile})";
|
||||||
}
|
}
|
||||||
+ template brandingConfig "/var/lib/jellyfin/config/branding.xml" {"%a%" = "%a%";};
|
+ template brandingConfig "/var/lib/jellyfin/config/branding.xml" {"%a%" = "%a%";};
|
||||||
|
|
||||||
|
@ -382,18 +371,12 @@ in
|
||||||
{
|
{
|
||||||
id = cfg.oidcClientID;
|
id = cfg.oidcClientID;
|
||||||
description = "Jellyfin";
|
description = "Jellyfin";
|
||||||
secretFile = config.sops.secrets."authelia/jellyfin_sso_secret".path;
|
secretFile = cfg.ssoSecretFile;
|
||||||
public = false;
|
public = false;
|
||||||
authorization_policy = "one_factor";
|
authorization_policy = "one_factor";
|
||||||
redirect_uris = [ "https://${cfg.subdomain}.${cfg.domain}/sso/OID/r/${cfg.oidcProvider}" ];
|
redirect_uris = [ "https://${cfg.subdomain}.${cfg.domain}/sso/OID/r/${cfg.oidcProvider}" ];
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
sops.secrets."authelia/jellyfin_sso_secret" = {
|
|
||||||
inherit (cfg) sopsFile;
|
|
||||||
key = "jellyfin/sso_secret";
|
|
||||||
mode = "0400";
|
|
||||||
owner = config.shb.authelia.autheliaUser;
|
|
||||||
};
|
|
||||||
|
|
||||||
# For backup
|
# For backup
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue