peperunas/nixos
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

jellyfin: Go through SSO auth

Browse Source
This commit is contained in:
Giulio De Pasquale 2022-11-20 14:55:59 +01:00
parent 9efea759e4
commit 3c4caaaea5
1 changed files with 21 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
hosts/architect/jellyfin.nix
View File

@ -1,9 +1,11 @@
{ pkgs, ... }: { pkgs, lib, ... }:
let let
network = import ./network.nix; network = import ./network.nix;
domain = "media.giugl.io"; domain = "media.giugl.io";
in { auth_block = (import ./openid.nix { inherit lib; }).openresty_oidc_block;
in
{
disabledModules = [ "services/misc/jellyfin.nix" ]; disabledModules = [ "services/misc/jellyfin.nix" ];
imports = [ ./modules/jellyfin.nix ]; imports = [ ./modules/jellyfin.nix ];
@ -17,30 +19,31 @@ in {
nginx.virtualHosts.${domain} = { nginx.virtualHosts.${domain} = {
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
extraConfig = '' extraConfig = auth_block { access_role = "jellyfin"; } +
# External Javascript (such as cast_sender.js for Chromecast) must be whitelisted. ''
#add_header Content-Security-Policy "default-src https: data: blob: http://image.tmdb.org; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' https://www.gstatic.com/cv/js/sender/v1/cast_sender.js https://www.gstatic.com/eureka/clank/95/cast_sender.js https://www.gstatic.com/eureka/clank/96/cast_sender.js https://www.gstatic.com/eureka/clank/97/cast_sender.js https://www.youtube.com blob:; worker-src 'self' blob:; connect-src 'self'; object-src 'none'; frame-ancestors 'self'"; # External Javascript (such as cast_sender.js for Chromecast) must be whitelisted.
# Disable buffering when the nginx proxy gets very resource heavy upon streaming #add_header Content-Security-Policy "default-src https: data: blob: http://image.tmdb.org; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' https://www.gstatic.com/cv/js/sender/v1/cast_sender.js https://www.gstatic.com/eureka/clank/95/cast_sender.js https://www.gstatic.com/eureka/clank/96/cast_sender.js https://www.gstatic.com/eureka/clank/97/cast_sender.js https://www.youtube.com blob:; worker-src 'self' blob:; connect-src 'self'; object-src 'none'; frame-ancestors 'self'";
proxy_buffering off; # Disable buffering when the nginx proxy gets very resource heavy upon streaming
''; proxy_buffering off;
'';
locations."/" = { locations."/" = {
proxyPass = "http://127.0.0.1:8096"; proxyPass = "http://127.0.0.1:8096";
# extraConfig = '' # extraConfig = ''
# allow 10.0.0.0/24; # allow 10.0.0.0/24;
# allow 10.3.0.0/24; # allow 10.3.0.0/24;
# deny all; # deny all;
# ''; # '';
}; };
locations."/socket" = { locations."/socket" = {
proxyPass = "http://127.0.0.1:8096"; proxyPass = "http://127.0.0.1:8096";
proxyWebsockets = true; proxyWebsockets = true;
# extraConfig = '' # extraConfig = ''
# allow 10.0.0.0/24; # allow 10.0.0.0/24;
# allow 10.3.0.0/24; # allow 10.3.0.0/24;
# deny all; # deny all;
# ''; # '';
}; };
}; };
}; };