diff options
| author | Stonewall Jackson <stonewall@sacredheartsc.com> | 2023-02-04 01:23:43 -0500 |
|---|---|---|
| committer | Stonewall Jackson <stonewall@sacredheartsc.com> | 2023-02-04 01:52:13 -0500 |
| commit | 0261e875679f1bf63c8d689da7fc7e014597885d (patch) | |
| tree | 3f19cd74a0c1070944f75437f30b098d6ef2ffcb /roles/jellyfin/tasks | |
| download | selfhosted-0261e875679f1bf63c8d689da7fc7e014597885d.tar.gz selfhosted-0261e875679f1bf63c8d689da7fc7e014597885d.zip | |
initial commit
Diffstat (limited to 'roles/jellyfin/tasks')
| -rw-r--r-- | roles/jellyfin/tasks/freeipa.yml | 67 | ||||
| -rw-r--r-- | roles/jellyfin/tasks/main.yml | 94 |
2 files changed, 161 insertions, 0 deletions
diff --git a/roles/jellyfin/tasks/freeipa.yml b/roles/jellyfin/tasks/freeipa.yml new file mode 100644 index 0000000..06cfd25 --- /dev/null +++ b/roles/jellyfin/tasks/freeipa.yml @@ -0,0 +1,67 @@ +- name: create user + ipauser: + ipaadmin_principal: '{{ ipa_user }}' + ipaadmin_password: '{{ ipa_pass }}' + name: '{{ jellyfin_user }}' + loginshell: /sbin/nologin + homedir: '{{ jellyfin_home }}' + givenname: Jellyfin + sn: Service Account + state: present + run_once: True + +- name: retrieve user keytab + include_role: + name: freeipa_keytab + vars: + keytab_principal: '{{ jellyfin_user }}' + keytab_path: '{{ jellyfin_keytab }}' + keytab_owner: '{{ jellyfin_user }}' + +- name: create media access group + ipagroup: + ipaadmin_principal: '{{ ipa_user }}' + ipaadmin_password: '{{ ipa_pass }}' + name: '{{ jellyfin_media_access_group }}' + nonposix: no + action: group + state: present + run_once: True + +- name: add user to media access group + ipagroup: + ipaadmin_principal: '{{ ipa_user }}' + ipaadmin_password: '{{ ipa_pass }}' + name: '{{ jellyfin_media_access_group }}' + user: '{{ jellyfin_user }}' + action: member + state: present + run_once: True + +- name: create access group + ipagroup: + ipaadmin_principal: '{{ ipa_user }}' + ipaadmin_password: '{{ ipa_pass }}' + name: '{{ jellyfin_access_group }}' + action: group + state: present + run_once: True + +- name: create admin group + ipagroup: + ipaadmin_principal: '{{ ipa_user }}' + ipaadmin_password: '{{ ipa_pass }}' + name: '{{ jellyfin_admin_group }}' + state: present + run_once: True + +- name: configure gssproxy for kerberized NFS + include_role: + name: gssproxy_client + vars: + gssproxy_name: jellyfin + gssproxy_section: service/jellyfin + gssproxy_keytab: /etc/krb5.keytab + gssproxy_client_keytab: '{{ jellyfin_keytab }}' + gssproxy_cred_usage: initiate + gssproxy_euid: '{{ jellyfin_user }}' diff --git a/roles/jellyfin/tasks/main.yml b/roles/jellyfin/tasks/main.yml new file mode 100644 index 0000000..0bb8b91 --- /dev/null +++ b/roles/jellyfin/tasks/main.yml @@ -0,0 +1,94 @@ +- name: install packages + dnf: + name: '{{ jellyfin_packages }}' + state: present + +- name: create installation directory + file: + path: '{{ jellyfin_install_dir }}' + state: directory + +- name: extract tarball + unarchive: + src: '{{ jellyfin_url }}' + remote_src: yes + dest: '{{ jellyfin_install_dir }}' + extra_opts: + - '--strip-components=2' + notify: restart jellyfin + +- name: generate systemd unit + template: + src: etc/systemd/system/jellyfin.service.j2 + dest: /etc/systemd/system/jellyfin.service + notify: restart jellyfin + register: jellyfin_unit + +- name: reload systemd units + systemd: + daemon_reload: yes + when: jellyfin_unit.changed + +- name: generate sysconfig file + template: + src: etc/sysconfig/jellyfin.j2 + dest: /etc/sysconfig/jellyfin + notify: restart jellyfin + +- name: create runtime directories + file: + path: '{{ item.path }}' + owner: '{{ jellyfin_user }}' + group: '{{ jellyfin_user }}' + mode: '{{ item.mode }}' + state: directory + loop: + - { path: '{{ jellyfin_home }}', mode: '0750' } + - { path: '{{ jellyfin_home }}/plugins', mode: '0750' } + - { path: '{{ jellyfin_home }}/plugins/configurations', mode: '0750' } + - { path: /var/cache/jellyfin, mode: '0750' } + - { path: /var/log/jellyfin, mode: '0755' } + - { path: '{{ jellyfin_conf_dir }}', mode: '0755' } + +- name: generate jellyfin network configuration + template: + src: '{{ jellyfin_conf_dir[1:] }}/network.xml.j2' + dest: '{{ jellyfin_conf_dir }}/network.xml' + owner: '{{ jellyfin_user }}' + group: '{{ jellyfin_user }}' + mode: 0644 + notify: restart jellyfin + +- name: generate jellyfin LDAP configuration + template: + src: '{{ jellyfin_home[1:] }}/plugins/configurations/LDAP-Auth.xml.j2' + dest: '{{ jellyfin_home }}/plugins/configurations/LDAP-Auth.xml' + owner: '{{ jellyfin_user }}' + group: '{{ jellyfin_user }}' + mode: 0640 + notify: restart jellyfin + +- import_tasks: freeipa.yml + +- name: enable jellyfin + systemd: + name: jellyfin + state: started + enabled: yes + +- name: allow apache to connect to jellyfin port + seport: + ports: '{{ jellyfin_port }}' + proto: tcp + setype: http_port_t + state: present + tags: selinux + +- name: open firewall ports + firewalld: + port: '{{ item }}' + permanent: yes + immediate: yes + state: enabled + loop: '{{ jellyfin_discovery_ports }}' + tags: firewalld |