Ldap setup jellyfin

2026-05-14 17:18:39 +02:00
parent c23ad28f85
commit 143ea35dc1
3 changed files with 31 additions and 40 deletions
--- a/modules/server/containers/apps/jellyfin.nix
+++ b/modules/server/containers/apps/jellyfin.nix
@@ -1,6 +1,7 @@
 { config, containerCfg, pkgs, lib, builder, name, ... }:
 let
  serverCfg = config.syscfg.server;
+  LDAP_DC_DOMAIN = "dc=ldap," + (lib.concatMapStringsSep "," (x: "dc=${x}") (lib.splitString "." serverCfg.hostDomain));
  nss = pkgs.dockerTools.fakeNss.override {
    extraPasswdLines = [
      "jellyfin:x:1000:1000:Jellyfin Daemon:/config/data:/bin/false"
@@ -23,14 +24,6 @@ let
      ];
    };
  };
-
-  #LDAP_DC_DOMAIN = "dc=ldap,dc=helcel,dc=net"
-  #HOST=...
-  #LDAP_BIND_USER=ldap-sa
-  #LDAP_BIND_PASSWORD=...
-  #LDAP_GROUP=flix
-  #LDAP_ADMIN=admin
-
 in {
  paths = [
    {
@@ -153,6 +146,32 @@ in {
        echo "ERROR: Server failed to accept restart command."
        exit 1
      fi
+      sleep 5
+      until ${pkgs.curl}/bin/curl -sf "$JELLYFIN_URL/health" > /dev/null 2>&1; do
+        sleep 5
+      done
+      echo "Jellyfin is up. Sleeping for 20 seconds..."
+      sleep 20
+
+      SETUP_LDAP_PAYLOAD=$(${pkgs.jq}/bin/jq -n \
+          --arg ldap_pass "$DEFAULT_LDAP_PASSWORD" \
+          '{"LdapUsers":[],"LdapServer":"authentik-ldap","LdapPort":6636,"UseSsl":true,"UseStartTls":false,"SkipSslVerify":true,
+          "LdapBindUser":"cn=ldap-service,ou=users,${LDAP_DC_DOMAIN}","LdapBindPassword":$ldap_pass,
+          "LdapBaseDn":"${LDAP_DC_DOMAIN}","LdapSearchFilter":"(memberOf=cn=flix,ou=groups,${LDAP_DC_DOMAIN})",
+          "LdapSearchAttributes":"uid, cn, mail, displayName",
+          "LdapAdminBaseDn":"","LdapAdminFilter":"(memberOf=cn=admin,ou=groups,${LDAP_DC_DOMAIN})",
+          "EnableLdapAdminFilterMemberUid":false,"LdapUidAttribute":"uid","LdapUsernameAttribute":"cn","LdapPasswordAttribute":"userPassword",
+          "EnableLdapProfileImageSync":false,"RemoveImagesNotInLdap":false,"LdapProfileImageAttribute":"jpegphoto","LdapProfileImageFormat":"Default",
+          "LdapClientCertPath":"","LdapClientKeyPath":"","LdapRootCaPath":"","CreateUsersFromLdap":true,"AllowPassChange":false,
+          "EnableAllFolders":true,"EnabledFolders":[],"PasswordResetUrl":""}')
+
+      if ! ${pkgs.curl}/bin/curl -sSf -X POST "$JELLYFIN_URL/Plugins/958aad66-3784-4d2a-b89a-a7b6fab6e25c/Configuration" \
+          -H "Authorization: MediaBrowser Token=\"$JELLYFIN_TOKEN\"" \
+          -H "Content-Type: application/json" -H 'accept: */*' \
+          -d "$SETUP_USER_PAYLOAD"; then
+        echo "ERROR: LDAP Plugin Setup Failed."
+        exit 1
+      fi

      echo "Completed Setup"