wo2w/nixos-config
1
0
Fork 0
Code Issues Pull requests Activity

jellyfin: init

Browse source
This commit is contained in:
wo2wz 2025-11-10 11:15:33 -05:00
parent 548d03dbcd
commit a11eb73270
4 changed files with 41 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

1
modules/nixos/services/homeserver/default.nix
View file

@ -5,6 +5,7 @@
./grafana ./grafana
./caddy.nix ./caddy.nix
./cloudflared.nix ./cloudflared.nix
./jellyfin.nix
./kanidm.nix ./kanidm.nix
./nextcloud.nix ./nextcloud.nix
./ntfy.nix ./ntfy.nix

18
modules/nixos/services/homeserver/jellyfin.nix Normal file
View file

@ -0,0 +1,18 @@
{ config, pkgs, ... }:
{
services.caddy.virtualHosts."jellyfin.taild5f7e6.ts.net".extraConfig = ''
import default-settings
bind tailscale/jellyfin
reverse_proxy localhost:8007
'';
services.jellyfin.enable = true;
environment.systemPackages = [
pkgs.jellyfin
pkgs.jellyfin-web
pkgs.jellyfin-ffmpeg
];
}

19
modules/nixos/services/homeserver/kanidm.nix
View file

@ -8,6 +8,10 @@
owner = "kanidm"; owner = "kanidm";
group = "kanidm"; group = "kanidm";
}; };
"kanidm/oauth2/jellyfin" = {
owner = "kanidm";
group = "kanidm";
};
"kanidm/oauth2/nextcloud" = { "kanidm/oauth2/nextcloud" = {
owner = "kanidm"; owner = "kanidm";
group = "kanidm"; group = "kanidm";
@ -73,19 +77,23 @@
groups = [ groups = [
"grafana_users" "grafana_users"
"jellyfin_users"
"nextcloud_users" "nextcloud_users"
"zipline_users" "zipline_users"
"grafana_admins" "grafana_admins"
"jellyfin_admins"
]; ];
}; };
groups = { groups = {
grafana_users = {}; grafana_users = {};
jellyfin_users = {};
nextcloud_users = {}; nextcloud_users = {};
zipline_users = {}; zipline_users = {};
grafana_admins.members = [ "grafana_users" ]; grafana_admins.members = [ "grafana_users" ];
jellyfin_admins.members = [ "jellyfin_users" ];
}; };
systems.oauth2 = { systems.oauth2 = {
@ -100,6 +108,17 @@
claimMaps.grafana_users.valuesByGroup.grafana_admins = [ "GrafanaAdmin" ]; claimMaps.grafana_users.valuesByGroup.grafana_admins = [ "GrafanaAdmin" ];
}; };
jellyfin = {
displayName = "Jellyfin";
originUrl = "https://jellyfin.taild5f7e6.ts.net/sso/OID/redirect/Kanidm";
originLanding = "https://jellyfin.taild5f7e6.ts.net";
preferShortUsername = true;
basicSecretFile = config.sops.secrets."kanidm/oauth2/jellyfin".path;
scopeMaps.jellyfin_users = [ "openid" "profile" "groups" ];
claimMaps.grafana_users.valuesByGroup.jellyfin_admins = [ "JellyfinAdmin" ];
};
nextcloud = { nextcloud = {
displayName = "Nextcloud"; displayName = "Nextcloud";
originUrl = "https://nextcloud.wo2wz.fyi/index.php/apps/user_oidc/code"; originUrl = "https://nextcloud.wo2wz.fyi/index.php/apps/user_oidc/code";

5
secrets/secrets.yaml
View file

@ -11,6 +11,7 @@ grafana:
kanidm: kanidm:
oauth2: oauth2:
grafana: ENC[AES256_GCM,data:9aWa5SJ4UNWcQCCRT9rL6XnoUjlkXeifBYe3fL4xRbNC3bc5L6jNtJOF9v0ZZ874pTr/dnv5LzLz/ISLDQWfnw==,iv:+V+JjP2EA02cn7aFif262DjqoCXYRLqXv2jR0pc457c=,tag:CI9daTCxkeOueb3d//hx0A==,type:str] grafana: ENC[AES256_GCM,data:9aWa5SJ4UNWcQCCRT9rL6XnoUjlkXeifBYe3fL4xRbNC3bc5L6jNtJOF9v0ZZ874pTr/dnv5LzLz/ISLDQWfnw==,iv:+V+JjP2EA02cn7aFif262DjqoCXYRLqXv2jR0pc457c=,tag:CI9daTCxkeOueb3d//hx0A==,type:str]
jellyfin: ENC[AES256_GCM,data:37edw83rscw19EiFOVUYoq33awKMWw+XXN6KKYYjEdKwtBx7I01RuOha3DkspFM7zJdmZf3E6IL1UT3N/sBB6w==,iv:T9N4h90799xOhFeNxqmKR0nDGn6BXuIGB4DiOIkt6vk=,tag:JZuu+uqRKAbQskKxzOPIEQ==,type:str]
nextcloud: ENC[AES256_GCM,data:P7ha6OwX6A5PyNO4xy+UTfdQBeKbktJbK5Ggv/fLuW+SDrxTehuwM1F9A5el3j1Dsegk3VsrrTPBZTVU6i5qwA==,iv:YcvNvAZHjdBd9q5Uxdp+Phj5uQRqLoRi33rIzUcv7Ng=,tag:cXM58lfOpHbTbaJRNUm1Kw==,type:str] nextcloud: ENC[AES256_GCM,data:P7ha6OwX6A5PyNO4xy+UTfdQBeKbktJbK5Ggv/fLuW+SDrxTehuwM1F9A5el3j1Dsegk3VsrrTPBZTVU6i5qwA==,iv:YcvNvAZHjdBd9q5Uxdp+Phj5uQRqLoRi33rIzUcv7Ng=,tag:cXM58lfOpHbTbaJRNUm1Kw==,type:str]
zipline: ENC[AES256_GCM,data:q25Ugsqj6+we3dTDyczfxuGA1DcnlxUDbJLxlzVAF3wTtzdF4t6p2tkPlTtvvgLQQPg/sYAQB0zFE9DcxpxuCw==,iv:fyhRGFUTx1d0ITygUWOkaDAtVI2h05DMv3aEI/DUM2k=,tag:WaPRXbFXl1+aTC+ZtyITYw==,type:str] zipline: ENC[AES256_GCM,data:q25Ugsqj6+we3dTDyczfxuGA1DcnlxUDbJLxlzVAF3wTtzdF4t6p2tkPlTtvvgLQQPg/sYAQB0zFE9DcxpxuCw==,iv:fyhRGFUTx1d0ITygUWOkaDAtVI2h05DMv3aEI/DUM2k=,tag:WaPRXbFXl1+aTC+ZtyITYw==,type:str]
nextcloud: nextcloud:
@ -34,7 +35,7 @@ sops:
N0U5bkt4aXJOS3N0Z2N4YTg4TDVUVncKCQLUTMmdM/IPzV3NDRhPdta1tvXxy/6P N0U5bkt4aXJOS3N0Z2N4YTg4TDVUVncKCQLUTMmdM/IPzV3NDRhPdta1tvXxy/6P
RYbLzlUryw+tqfTp8nDrdxyOWScLNzPOswAq0Qf7VMcEQ5bJEkAOhQ== RYbLzlUryw+tqfTp8nDrdxyOWScLNzPOswAq0Qf7VMcEQ5bJEkAOhQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2025-11-06T15:31:14Z" lastmodified: "2025-11-09T22:08:25Z"
mac: ENC[AES256_GCM,data:mOKxCnv5dDNuWGairJhV4Es36/MqM61d8ludzIgjpVmDD7arAxaMQA56FpCBU8eu0hVs1pO/Gw7xj0DIo+VTD0k2mdkimsp74gi13eEUdOCN5s+/7Th9sBpk5LeY9hzPp2fDFmBK3LLP9Jvp8IdKsbMgNKu6VzxukrWKOr1RpkM=,iv:HJKu/io7tV0Il06V2aglOaJHkjOxOcZ9JFbFCqFbTFw=,tag:iDmktXmP64OkijUxsQ5FCA==,type:str] mac: ENC[AES256_GCM,data:V7IH1q2sn01fRhfYEcuPqI3K0y1HFNwS8gkO1S/joTXbn0jaTj1IkHj1kIKtGmA0582XViH5YKlPMuErRz2O0Rh3ayQddY3x5FO+CqtAfeWVqUNxThbVev35XGQHNIFyjINHn8W2CaRyAu6bpCYChC0UpkopMpOTIaTIJ4YciGY=,iv:Hictv/vlZGQsFwfXfA7umn+IU6qIY2aqusUjCLwvfn0=,tag:5fZxMA9DlzUcV9dE4gFv/A==,type:str]
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.11.0 version: 3.11.0