diff --git a/config/media-jellyfin.nix b/config/media-jellyfin.nix index 6179a8c..80aa624 100644 --- a/config/media-jellyfin.nix +++ b/config/media-jellyfin.nix @@ -4,7 +4,8 @@ enable = true; openFirewall = true; # Manual bind-mount in proxmox - dataDir = "/mnt/nas/app-data/jellyfin"; + # dataDir = "/mnt/nas/app-data/jellyfin"; + dataDir = "/var/lib/jellyfin"; configDir = "/etc/jellyfin/"; logDir = "/var/log/jellyfin"; # user = "root"; diff --git a/containers/monitoring.nix b/containers/monitoring.nix index 63ad831..f8afc8f 100644 --- a/containers/monitoring.nix +++ b/containers/monitoring.nix @@ -8,7 +8,7 @@ in enable = true; cores = 2; memory = 2048; - disk = "13G"; + disk = "13824M"; swap = 1024; }; system = { diff --git a/modules/containers-terraform-authentik.nix b/modules/containers-terraform-authentik.nix index 206b7a5..c2b0565 100644 --- a/modules/containers-terraform-authentik.nix +++ b/modules/containers-terraform-authentik.nix @@ -69,6 +69,12 @@ in protocol_provider = "\${resource.authentik_provider_oauth2.nas.id}"; meta_icon = "https://cdn.jsdelivr.net/gh/homarr-labs/dashboard-icons/png/synology-light.png"; }; + jellyfin = { + name = "jellyfin"; + slug = "jellyfin"; + protocol_provider = "\${resource.authentik_provider_oauth2.jellyfin.id}"; + meta_icon = "https://cdn.jsdelivr.net/gh/homarr-labs/dashboard-icons/png/jellyfin.png"; + }; }; authentik_application_entitlement = { @@ -125,6 +131,10 @@ in outpost = "\${data.authentik_outpost.embedded.id}"; protocol_provider = "\${authentik_provider_oauth2.nas.id}"; }; + jellyfin = { + outpost = "\${data.authentik_outpost.embedded.id}"; + protocol_provider = "\${authentik_provider_oauth2.jellyfin.id}"; + }; }; authentik_property_mapping_provider_scope = { @@ -169,12 +179,9 @@ in client_secret = hass.oidc_client_secret; property_mappings = [ - "\${data.authentik_property_mapping_provider_scope.proxy_outpost.id}" "\${data.authentik_property_mapping_provider_scope.openid_openid.id}" "\${data.authentik_property_mapping_provider_scope.openid_email.id}" "\${data.authentik_property_mapping_provider_scope.openid_profile.id}" - "\${data.authentik_property_mapping_provider_scope.app_entitlement.id}" - "\${data.authentik_property_mapping_provider_scope.openid_offline_access.id}" "\${data.authentik_property_mapping_provider_scope.authentik_api.id}" ]; @@ -270,6 +277,28 @@ in } ]; }; + jellyfin = { + name = "jellyfin"; + authorization_flow = "\${data.authentik_flow.default-authorization-flow.id}"; + invalidation_flow = "\${data.authentik_flow.default-invalidation-flow.id}"; + client_id = "ea5qGtQMHx0w2za2Vf8zX4pxReoMdJtGtpYXnHng"; + client_secret = "f76AUcoIRwsrlL8Nrul82z6rAFSX79PsH6o25xSUfCPeeL25uA2pAJGIaCU8uX0yeqJ43aCnLhDeRkStSd9kf6CUdlDjcvMxMw6GdR1sl9VSyeU6mf4fF37PXETShayt"; + + property_mappings = [ + "\${data.authentik_property_mapping_provider_scope.openid_openid.id}" + "\${data.authentik_property_mapping_provider_scope.openid_profile.id}" + "\${data.authentik_property_mapping_provider_scope.openid_email.id}" + ]; + + signing_key = "\${data.authentik_certificate_key_pair.generated.id}"; + + allowed_redirect_uris = [ + { + matching_mode = "strict"; + url = "https://media.plg.m0rel.eu/sso/OID/start/authentik"; + } + ]; + }; }; authentik_group = {