1
0
Fork 0

remove dependency of jellyfin.nix on sops-nix

part of #24
This commit is contained in:
ibizaman 2024-02-07 23:34:26 -08:00 committed by Pierre Penninckx
parent 228f7e8b46
commit 0500096b45

View file

@ -89,10 +89,14 @@ in
default = "jellyfin_user"; default = "jellyfin_user";
}; };
sopsFile = lib.mkOption { ldapPasswordFile = lib.mkOption {
type = lib.types.path; type = lib.types.path;
description = "Sops file location"; description = "File containing the LDAP admin password.";
example = "secrets/jellyfin.yaml"; };
ssoSecretFile = lib.mkOption {
type = lib.types.path;
description = "File containing the SSO shared secret.";
}; };
}; };
@ -223,21 +227,6 @@ in
''; '';
}; };
sops.secrets."jellyfin/ldap_password" = {
inherit (cfg) sopsFile;
mode = "0440";
owner = "jellyfin";
group = "jellyfin";
restartUnits = [ "jellyfin.service" ];
};
sops.secrets."jellyfin/sso_secret" = {
inherit (cfg) sopsFile;
mode = "0440";
owner = "jellyfin";
group = "jellyfin";
restartUnits = [ "jellyfin.service" ];
};
shb.backup.instances.jellyfin = { shb.backup.instances.jellyfin = {
sourceDirectories = [ sourceDirectories = [
"/var/lib/jellyfin" "/var/lib/jellyfin"
@ -371,10 +360,10 @@ in
''; '';
in in
template ldapConfig "/var/lib/jellyfin/plugins/configurations/LDAP-Auth.xml" { template ldapConfig "/var/lib/jellyfin/plugins/configurations/LDAP-Auth.xml" {
"%LDAP_PASSWORD%" = "$(cat /run/secrets/jellyfin/ldap_password)"; "%LDAP_PASSWORD%" = "$(cat ${cfg.ldapPasswordFile})";
} }
+ template ssoConfig "/var/lib/jellyfin/plugins/configurations/SSO-Auth.xml" { + template ssoConfig "/var/lib/jellyfin/plugins/configurations/SSO-Auth.xml" {
"%SSO_SECRET%" = "$(cat /run/secrets/jellyfin/sso_secret)"; "%SSO_SECRET%" = "$(cat ${cfg.ssoSecretFile})";
} }
+ template brandingConfig "/var/lib/jellyfin/config/branding.xml" {"%a%" = "%a%";}; + template brandingConfig "/var/lib/jellyfin/config/branding.xml" {"%a%" = "%a%";};
@ -382,18 +371,12 @@ in
{ {
id = cfg.oidcClientID; id = cfg.oidcClientID;
description = "Jellyfin"; description = "Jellyfin";
secretFile = config.sops.secrets."authelia/jellyfin_sso_secret".path; secretFile = cfg.ssoSecretFile;
public = false; public = false;
authorization_policy = "one_factor"; authorization_policy = "one_factor";
redirect_uris = [ "https://${cfg.subdomain}.${cfg.domain}/sso/OID/r/${cfg.oidcProvider}" ]; redirect_uris = [ "https://${cfg.subdomain}.${cfg.domain}/sso/OID/r/${cfg.oidcProvider}" ];
} }
]; ];
sops.secrets."authelia/jellyfin_sso_secret" = {
inherit (cfg) sopsFile;
key = "jellyfin/sso_secret";
mode = "0400";
owner = config.shb.authelia.autheliaUser;
};
# For backup # For backup