jellyfin: Go through SSO auth

2022-11-20 14:55:59 +01:00 · 2022-11-20 14:55:59 +01:00 · 3c4caaaea5
commit 3c4caaaea5
parent 9efea759e4
1 changed files with 21 additions and 18 deletions
--- a/hosts/architect/jellyfin.nix
+++ b/hosts/architect/jellyfin.nix
@ -1,9 +1,11 @@
-{ pkgs, ... }:
+{ pkgs, lib, ... }:

 let
  network = import ./network.nix;
  domain = "media.giugl.io";
-in {
+  auth_block = (import ./openid.nix { inherit lib; }).openresty_oidc_block;
+in
+{
  disabledModules = [ "services/misc/jellyfin.nix" ];
  imports = [ ./modules/jellyfin.nix ];

@ -17,30 +19,31 @@ in {
    nginx.virtualHosts.${domain} = {
      forceSSL = true;
      enableACME = true;
-      extraConfig = ''
-        # External Javascript (such as cast_sender.js for Chromecast) must be whitelisted.
-        #add_header Content-Security-Policy "default-src https: data: blob: http://image.tmdb.org; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' https://www.gstatic.com/cv/js/sender/v1/cast_sender.js https://www.gstatic.com/eureka/clank/95/cast_sender.js https://www.gstatic.com/eureka/clank/96/cast_sender.js https://www.gstatic.com/eureka/clank/97/cast_sender.js https://www.youtube.com blob:; worker-src 'self' blob:; connect-src 'self'; object-src 'none'; frame-ancestors 'self'";
-        # Disable buffering when the nginx proxy gets very resource heavy upon streaming
-        proxy_buffering off;
-      '';
+      extraConfig = auth_block { access_role = "jellyfin"; } +
+        ''
+          # External Javascript (such as cast_sender.js for Chromecast) must be whitelisted.
+          #add_header Content-Security-Policy "default-src https: data: blob: http://image.tmdb.org; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' https://www.gstatic.com/cv/js/sender/v1/cast_sender.js https://www.gstatic.com/eureka/clank/95/cast_sender.js https://www.gstatic.com/eureka/clank/96/cast_sender.js https://www.gstatic.com/eureka/clank/97/cast_sender.js https://www.youtube.com blob:; worker-src 'self' blob:; connect-src 'self'; object-src 'none'; frame-ancestors 'self'";
+          # Disable buffering when the nginx proxy gets very resource heavy upon streaming
+          proxy_buffering off;
+        '';

      locations."/" = {
        proxyPass = "http://127.0.0.1:8096";
-#        extraConfig = ''
-#          allow 10.0.0.0/24;
-#          allow 10.3.0.0/24;
-#          deny all;
-#        '';
+        #        extraConfig = ''
+        #          allow 10.0.0.0/24;
+        #          allow 10.3.0.0/24;
+        #          deny all;
+        #        '';
      };

      locations."/socket" = {
        proxyPass = "http://127.0.0.1:8096";
        proxyWebsockets = true;
-#        extraConfig = ''
-#          allow 10.0.0.0/24;
-#          allow 10.3.0.0/24;
-#          deny all;
-#        '';
+        #        extraConfig = ''
+        #          allow 10.0.0.0/24;
+        #          allow 10.3.0.0/24;
+        #          deny all;
+        #        '';
      };
    };
  };