jellyfin: init

2025-11-10 11:15:33 -05:00 · 2025-11-10 11:15:33 -05:00 · a11eb73270
commit a11eb73270
parent 548d03dbcd
4 changed files with 41 additions and 2 deletions
--- a/modules/nixos/services/homeserver/default.nix
+++ b/modules/nixos/services/homeserver/default.nix
@ -5,6 +5,7 @@
    ./grafana
    ./caddy.nix
    ./cloudflared.nix
+    ./jellyfin.nix
    ./kanidm.nix
    ./nextcloud.nix
    ./ntfy.nix
--- a/modules/nixos/services/homeserver/jellyfin.nix
+++ b/modules/nixos/services/homeserver/jellyfin.nix
@ -0,0 +1,18 @@
+{ config, pkgs, ... }:
+
+{
+  services.caddy.virtualHosts."jellyfin.taild5f7e6.ts.net".extraConfig = ''
+    import default-settings
+
+    bind tailscale/jellyfin
+
+    reverse_proxy localhost:8007
+  '';
+
+  services.jellyfin.enable = true;
+  environment.systemPackages = [
+    pkgs.jellyfin
+    pkgs.jellyfin-web
+    pkgs.jellyfin-ffmpeg
+  ];
+}
--- a/modules/nixos/services/homeserver/kanidm.nix
+++ b/modules/nixos/services/homeserver/kanidm.nix
@ -8,6 +8,10 @@
      owner = "kanidm";
      group = "kanidm";
    };
+    "kanidm/oauth2/jellyfin" = {
+      owner = "kanidm";
+      group = "kanidm";
+    };
    "kanidm/oauth2/nextcloud" = {
      owner = "kanidm";
      group = "kanidm";
@ -73,19 +77,23 @@

        groups = [
          "grafana_users"
+          "jellyfin_users"
          "nextcloud_users"
          "zipline_users"

          "grafana_admins"
+          "jellyfin_admins"
        ];
      };

      groups = {
        grafana_users = {};
+        jellyfin_users = {};
        nextcloud_users = {};
        zipline_users = {};

        grafana_admins.members = [ "grafana_users" ];
+        jellyfin_admins.members = [ "jellyfin_users" ];
      };

      systems.oauth2 = {
@ -100,6 +108,17 @@
          claimMaps.grafana_users.valuesByGroup.grafana_admins = [ "GrafanaAdmin" ];
        };

+        jellyfin = {
+          displayName = "Jellyfin";
+          originUrl = "https://jellyfin.taild5f7e6.ts.net/sso/OID/redirect/Kanidm";
+          originLanding = "https://jellyfin.taild5f7e6.ts.net";
+
+          preferShortUsername = true;
+          basicSecretFile = config.sops.secrets."kanidm/oauth2/jellyfin".path;
+          scopeMaps.jellyfin_users = [ "openid" "profile" "groups" ];
+          claimMaps.grafana_users.valuesByGroup.jellyfin_admins = [ "JellyfinAdmin" ];
+        };
+
        nextcloud = {
          displayName = "Nextcloud";
          originUrl = "https://nextcloud.wo2wz.fyi/index.php/apps/user_oidc/code";