Add jellyfin service

ansible_playbooks/setup-cluster.yml

@@ -95,6 +95,9 @@
       - name: media-read
         path: /srv/volumes/media-write
         read_only: true
+      - name: media-overflow-read
+        path: /srv/volumes/nas-overflow/Media
+        read_only: true
       - name: media-write
         path: /srv/volumes/media-write
         owner: "root"
@@ -131,6 +134,9 @@
       - name: radarr-config
         path: /srv/volumes/nas-container/radarr
         read_only: false
+      - name: jellyfin-config
+        path: /srv/volumes/nas-container/jellyfin
+        read_only: false
       - name: bazarr-config
         path: /srv/volumes/nas-container/bazarr
         read_only: false

core/authelia.tf

@@ -4,7 +4,7 @@ module "authelia" {
   name                = "authelia"
   instance_count      = 2
   priority            = 70
-  image               = "authelia/authelia:4.38"
+  image               = "authelia/authelia:4.37"
   args                = ["--config", "$${NOMAD_TASK_DIR}/authelia.yml"]
   ingress             = true
   service_port        = 9999
@@ -172,7 +172,7 @@ resource "nomad_acl_auth_method" "nomad_authelia" {
     oidc_discovery_url = "https://authelia.${var.base_hostname}"
     oidc_client_id     = module.nomad_oidc_client.client_id
     oidc_client_secret = module.nomad_oidc_client.secret
-    bound_audiences    = [module.nomad_oidc_client.client_id]
+    bound_audiences    = ["nomad"]
     oidc_scopes = [
       "groups",
       "openid",
@@ -190,7 +190,7 @@ resource "nomad_acl_auth_method" "nomad_authelia" {
 resource "nomad_acl_binding_rule" "nomad_authelia_admin" {
   description = "engineering rule"
   auth_method = nomad_acl_auth_method.nomad_authelia.name
-  selector    = "\"nomad-admin\" in list.roles"
+  selector    = "\"nomad-deploy\" in list.roles"
   bind_type   = "role"
   bind_name   = "admin" # acls.nomad_acl_role.admin.name
 }

services/jellyfin.tf

@@ -0,0 +1,53 @@
+module "jellyfin" {
+  source = "./service"
+
+  name  = "jellyfin"
+  image = "lscr.io/linuxserver/jellyfin:10.10.3"
+
+  ingress      = true
+  service_port = 8096
+  use_wesher   = var.use_wesher
+  ports = [
+    {
+      name        = "discovery"
+      static      = 7359,
+      task_config = true,
+    },
+    {
+      name        = "dnla",
+      static      = 1900,
+      task_config = true,
+    },
+  ]
+
+  env = {
+    PGID = 100
+    PUID = 1001
+    TZ   = "America/Los_Angeles"
+
+    JELLYFIN_PublishedServerUrl = "https://jellyfin.thefij.rocks"
+  }
+
+  host_volumes = [
+    {
+      name      = "jellyfin-config"
+      dest      = "/config"
+      read_only = false
+    },
+    {
+      name      = "media-read"
+      dest      = "/media"
+      read_only = true
+    },
+    {
+      name      = "media-overflow-read"
+      dest      = "/media-overflow"
+      read_only = true
+    },
+  ]
+
+  resources = {
+    cpu    = 500
+    memory = 1200
+  }
+}