From 2882889eae293affb1ee7c5820adb779cb5512a3 Mon Sep 17 00:00:00 2001
From: soraefir <soraefir+git@helcel>
Date: Thu, 14 May 2026 14:43:51 +0200
Subject: [PATCH] Add LDAP

---
 modules/server/containers/apps/jellyfin.nix | 92 ++++++++++++---------
 1 file changed, 53 insertions(+), 39 deletions(-)

diff --git a/modules/server/containers/apps/jellyfin.nix b/modules/server/containers/apps/jellyfin.nix
index d75e301..a81f338 100644
--- a/modules/server/containers/apps/jellyfin.nix
+++ b/modules/server/containers/apps/jellyfin.nix
@@ -89,53 +89,67 @@ in {
       sleep 20
       WIZARD_COMPLETE=$(${pkgs.curl}/bin/curl -sSf "$JELLYFIN_URL/System/Info/Public" 2>/dev/null | \
         ${pkgs.jq}/bin/jq -r '.StartupWizardCompleted // false')
-      if [ "$WIZARD_COMPLETE" = "true" ]; then
-        echo "Jellyfin wizard already completed. Exiting cleanly."
-        exit 0
+      if [ "$WIZARD_COMPLETE" = "false" ]; then
+        if ! ${pkgs.curl}/bin/curl -sSf -X POST "$JELLYFIN_URL/Startup/Configuration" \
+          -H "Content-Type: application/json" \
+          -d '{"ServerName":"Flix","UICulture":"en-US","MetadataCountryCode":"US","PreferredMetadataLanguage":"en"}'; then
+          echo "ERROR: Failed to set startup configuration."
+          exit 1
+        fi
+
+        SETUP_USER_PAYLOAD=$(${pkgs.jq}/bin/jq -n \
+          --arg name "$DEFAULT_ADMIN_USERNAME" \
+          --arg pass "$DEFAULT_ADMIN_PASSWORD" \
+          '{"Name": $name, "Password": $pass}')
+        
+        if ! ${pkgs.curl}/bin/curl -sSf -X GET "$JELLYFIN_URL/Startup/User"; then
+          echo "ERROR: Failed to get base user."
+          exit 1
+        fi
+
+        if ! ${pkgs.curl}/bin/curl -sSf -X POST "$JELLYFIN_URL/Startup/User" \
+          -H 'accept: */*' \
+          -H "Content-Type: application/json" \
+          -d "$SETUP_USER_PAYLOAD"; then
+          echo "ERROR: Failed to set admin user."
+          exit 1
+        fi
+
+        if ! ${pkgs.curl}/bin/curl -sSf -X POST "$JELLYFIN_URL/Startup/RemoteAccess" \
+          -H "Content-Type: application/json" \
+          -d '{"EnableRemoteAccess":true,"EnableAutomaticPortMapping":false}'; then
+          echo "ERROR: Failed to configure remote access."
+          exit 1
+        fi
+
+        if ! ${pkgs.curl}/bin/curl -sSf -X POST "''$JELLYFIN_URL/Startup/Complete"; then
+          echo "ERROR: Failed to complete wizard."
+          exit 1
+        fi
+        echo "Jellyfin initialization successfully completed!"
       fi
 
-      #USE CONFIGURATION ENDPOINT
-      if ! ${pkgs.curl}/bin/curl -sSf -X POST "$JELLYFIN_URL/Startup/Configuration" \
+      JELLYFIN_TOKEN=$(${pkgs.curl}/bin/curl -sSf -X POST "$JELLYFIN_URL/Users/AuthenticateByName" \
         -H "Content-Type: application/json" \
-        -d '{"ServerName":"Flix","UICulture":"en-US","MetadataCountryCode":"US","PreferredMetadataLanguage":"en"}'; then
-        echo "ERROR: Failed to set startup configuration."
-        exit 1
+        -H "Authorization: MediaBrowser Client=\"Bash Script\", Device=\"Server Terminal\", DeviceId=\"script-12345\", Version=\"1.0.0\"" \
+        -d "{\"Username\": \"$DEFAULT_ADMIN_USERNAME\", \"Pw\": \"$DEFAULT_ADMIN_PASSWORD\"}" \
+
+        | jq -r '.AccessToken')
+
+      # Verify we got a token
+      if [ "$JELLYFIN_TOKEN" = "null" ] || [ -z "$JELLYFIN_TOKEN" ]; then
+          echo "ERROR: Authentication failed."
+          exit 1
       fi
 
-      #USE AUTH ENDPOINT
-      SETUP_USER_PAYLOAD=$(${pkgs.jq}/bin/jq -n \
-        --arg name "$DEFAULT_ADMIN_USERNAME" \
-        --arg pass "$DEFAULT_ADMIN_PASSWORD" \
-        '{"Name": $name, "Password": $pass}')
-      
-      if ! ${pkgs.curl}/bin/curl -sSf -X GET "$JELLYFIN_URL/Startup/User"; then
-        echo "ERROR: Failed to get base user."
+      if ! ${pkgs.curl}/bin/curl -sSf -X POST "$JELLYFIN_URL/Packages/Installed/LDAP%20Authentication?assemblyGuid=958aad6637844d2ab89aa7b6fab6e25c" \
+          -H "Authorization: MediaBrowser Token=\"$JELLYFIN_TOKEN\"" \
+          -H "Content-Length: 0" 
+        echo "ERROR: LDAP Plugin Setup Failed."
         exit 1
       fi
+      echo "Completed Setup"
 
-      if ! ${pkgs.curl}/bin/curl -sSf -X POST "$JELLYFIN_URL/Startup/User" \
-        -H 'accept: */*' \
-        -H "Content-Type: application/json" \
-        -d "$SETUP_USER_PAYLOAD"; then
-        echo "ERROR: Failed to set admin user."
-        exit 1
-      fi
-
-      # Enable remote access, disable UPnP auto-mapping
-      if ! ${pkgs.curl}/bin/curl -sSf -X POST "$JELLYFIN_URL/Startup/RemoteAccess" \
-        -H "Content-Type: application/json" \
-        -d '{"EnableRemoteAccess":true,"EnableAutomaticPortMapping":false}'; then
-        echo "ERROR: Failed to configure remote access."
-        exit 1
-      fi
-
-      # Complete the wizard
-      if ! ${pkgs.curl}/bin/curl -sSf -X POST "''$JELLYFIN_URL/Startup/Complete"; then
-        echo "ERROR: Failed to complete wizard."
-        exit 1
-      fi
-
-      echo "Jellyfin initialization successfully completed!"
     '';
   };