sora/nixconfig
1
0
Fork 1
Code Issues 2 Pull Requests Actions Releases Activity

Ldap setup jellyfin

Browse Source
This commit is contained in:
soraefir
2026-05-14 17:18:39 +02:00
parent c23ad28f85
commit 143ea35dc1
3 changed files with 31 additions and 40 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
modules/server/containers/apps/gitea.nix
View File

@@ -129,10 +129,11 @@ in {
${lib.optionalString (serverCfg.containers ? authentik) '' ${lib.optionalString (serverCfg.containers ? authentik) ''
$GT admin auth delete --id 1 $GT admin auth add-ldap --name Authentik --host authentik-ldap --port 6636 --security-protocol ldaps --skip-tls-verify \
$GT admin auth add-ldap --name Authentik --host ${builder.host} --port 636 --security-protocol ldaps \
--bind-dn "cn=ldap-service,ou=users,${LDAP_DC_DOMAIN}" --bind-password $DEFAULT_LDAP_PASSWORD \ --bind-dn "cn=ldap-service,ou=users,${LDAP_DC_DOMAIN}" --bind-password $DEFAULT_LDAP_PASSWORD \
--user-search-base "ou=users,${LDAP_DC_DOMAIN}" --user-filter "(|(username=%s)(email=%s))" \ --user-search-base "ou=users,${LDAP_DC_DOMAIN}" \
--user-filter "(&(objectClass=user)(|(uid=%[1]s)(mail=%[1]s)))" \
--admin-filter "(memberOf=cn=admin,ou=groups,${LDAP_DC_DOMAIN})" \
--username-attribute "username" --firstname-attribute "givenName" --surname-attribute "sn" --email-attribute "mail" \ --username-attribute "username" --firstname-attribute "givenName" --surname-attribute "sn" --email-attribute "mail" \
--synchronize-users --synchronize-users
''} ''}

35
modules/server/containers/apps/jellyfin.nix
View File

@@ -1,6 +1,7 @@
{ config, containerCfg, pkgs, lib, builder, name, ... }: { config, containerCfg, pkgs, lib, builder, name, ... }:
let let
serverCfg = config.syscfg.server; serverCfg = config.syscfg.server;
LDAP_DC_DOMAIN = "dc=ldap," + (lib.concatMapStringsSep "," (x: "dc=${x}") (lib.splitString "." serverCfg.hostDomain));
nss = pkgs.dockerTools.fakeNss.override { nss = pkgs.dockerTools.fakeNss.override {
extraPasswdLines = [ extraPasswdLines = [
"jellyfin:x:1000:1000:Jellyfin Daemon:/config/data:/bin/false" "jellyfin:x:1000:1000:Jellyfin Daemon:/config/data:/bin/false"
@@ -23,14 +24,6 @@ let
]; ];
}; };
}; };
#LDAP_DC_DOMAIN = "dc=ldap,dc=helcel,dc=net"
#HOST=...
#LDAP_BIND_USER=ldap-sa
#LDAP_BIND_PASSWORD=...
#LDAP_GROUP=flix
#LDAP_ADMIN=admin
in { in {
paths = [ paths = [
{ {
@@ -153,6 +146,32 @@ in {
echo "ERROR: Server failed to accept restart command." echo "ERROR: Server failed to accept restart command."
exit 1 exit 1
fi fi
sleep 5
until ${pkgs.curl}/bin/curl -sf "$JELLYFIN_URL/health" > /dev/null 2>&1; do
sleep 5
done
echo "Jellyfin is up. Sleeping for 20 seconds..."
sleep 20
SETUP_LDAP_PAYLOAD=$(${pkgs.jq}/bin/jq -n \
--arg ldap_pass "$DEFAULT_LDAP_PASSWORD" \
'{"LdapUsers":[],"LdapServer":"authentik-ldap","LdapPort":6636,"UseSsl":true,"UseStartTls":false,"SkipSslVerify":true,
"LdapBindUser":"cn=ldap-service,ou=users,${LDAP_DC_DOMAIN}","LdapBindPassword":$ldap_pass,
"LdapBaseDn":"${LDAP_DC_DOMAIN}","LdapSearchFilter":"(memberOf=cn=flix,ou=groups,${LDAP_DC_DOMAIN})",
"LdapSearchAttributes":"uid, cn, mail, displayName",
"LdapAdminBaseDn":"","LdapAdminFilter":"(memberOf=cn=admin,ou=groups,${LDAP_DC_DOMAIN})",
"EnableLdapAdminFilterMemberUid":false,"LdapUidAttribute":"uid","LdapUsernameAttribute":"cn","LdapPasswordAttribute":"userPassword",
"EnableLdapProfileImageSync":false,"RemoveImagesNotInLdap":false,"LdapProfileImageAttribute":"jpegphoto","LdapProfileImageFormat":"Default",
"LdapClientCertPath":"","LdapClientKeyPath":"","LdapRootCaPath":"","CreateUsersFromLdap":true,"AllowPassChange":false,
"EnableAllFolders":true,"EnabledFolders":[],"PasswordResetUrl":""}')
if ! ${pkgs.curl}/bin/curl -sSf -X POST "$JELLYFIN_URL/Plugins/958aad66-3784-4d2a-b89a-a7b6fab6e25c/Configuration" \
-H "Authorization: MediaBrowser Token=\"$JELLYFIN_TOKEN\"" \
-H "Content-Type: application/json" -H 'accept: */*' \
-d "$SETUP_USER_PAYLOAD"; then
echo "ERROR: LDAP Plugin Setup Failed."
exit 1
fi
echo "Completed Setup" echo "Completed Setup"

29
modules/server/containers/data/jellyfin/LDAP-Auth.xml
View File

@@ -1,29 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<PluginConfiguration xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<LdapUsers />
<LdapServer>@HOST@</LdapServer>
<LdapPort>389</LdapPort>
<UseSsl>false</UseSsl>
<UseStartTls>false</UseStartTls>
<SkipSslVerify>true</SkipSslVerify>
<LdapBindUser>cn=@LDAP_BIND_USER@,ou=users,@LDAP_DC_DOMAIN@</LdapBindUser>
<LdapBindPassword>@LDAP_BIND_PASSWORD@</LdapBindPassword>
<LdapBaseDn>@LDAP_DC_DOMAIN@</LdapBaseDn>
<LdapSearchFilter>(memberOf=cn=@LDAP_GROUP@,ou=groups,@LDAP_DC_DOMAIN@)</LdapSearchFilter>
<LdapAdminBaseDn />
<LdapAdminFilter>(memberOf=cn=@LDAP_ADMIN@,ou=groups,@LDAP_DC_DOMAIN@)</LdapAdminFilter>
<EnableLdapAdminFilterMemberUid>false</EnableLdapAdminFilterMemberUid>
<LdapSearchAttributes>uid, cn, mail, displayName</LdapSearchAttributes>
<LdapClientCertPath />
<LdapClientKeyPath />
<LdapRootCaPath />
<CreateUsersFromLdap>true</CreateUsersFromLdap>
<AllowPassChange>false</AllowPassChange>
<LdapUidAttribute>uid</LdapUidAttribute>
<LdapUsernameAttribute>cn</LdapUsernameAttribute>
<LdapPasswordAttribute>userPassword</LdapPasswordAttribute>
<EnableLdapProfileImageSync>false</EnableLdapProfileImageSync>
<LdapProfileImageAttribute>jpegphoto</LdapProfileImageAttribute>
<EnableAllFolders>true</EnableAllFolders>
<EnabledFolders />
<PasswordResetUrl />