jellyfin: add docs

3 files changed, 55 insertions, 2 deletions

diff --git a/roles/jellyfin/README.md b/roles/jellyfin/README.md
new file mode 100644
index 0000000..ca6d85e
--- /dev/null
+++ b/roles/jellyfin/README.md
@@ -0,0 +1,53 @@
+Jellyfin
+========
+
+Description
+-----------
+
+The `jellyfin` role installs the [Jellyfin](https://jellyfin.org/) media browser.
+This role will generate the config file for the Jellyfin [LDAP authentication plugin](https://github.com/jellyfin/jellyfin-plugin-ldapauth),
+but you'll have to install the plugin yourself through the admin panel.
+
+This role configures the application only; it does not configure a reverse
+proxy.
+
+
+Variables
+---------
+
+This role **accepts** the following variables:
+
+Variable                       | Default                               | Description
+-------------------------------|---------------------------------------|------------
+`jellyfin_version`             | see [default vars](defaults/main.yml) | Jellyfin version to install
+`jellyfin_port`                | 8096                                  | Local listening port
+`jellyfin_user`                | `s-jellyfin`                          | FreeIPA account for Jellyfin process (will be created)
+`jellyfin_sysaccount_username` | `jellyfin`                            | [System account](../freeipa_system_account) username for LDAP binds
+`jellyfin_sysaccount_password` |                                  | [System account](../freeipa_system_account) password for LDAP binds
+`jellyfin_media_access_group`  | `role-media-access`                   | FreeIPA group used for Jellyfin user to access media files (will be created)
+`jellyfin_access_group`        | `role-media-access`                   | FreeIPA group of users allowed to access Jellyfin (will be created)
+`jellyfin_admin_group`         | `role-media-admin`                    | FreeIPA group of Jellyfin administrators (will be created)
+`jellyfin_ldap_servers`        | `{{ freeipa_hosts }}`                 | Hostnames of FreeIPA LDAP servers
+
+
+This role **exports** the following variables:
+
+Variable                  | Description
+--------------------------|------------
+`jellyfin_apache_config`  | Apache config block for reverse proxy
+
+Usage
+-----
+
+Example playbook:
+
+````yaml
+- hosts: invidious_servers
+  roles:
+    - role: jellyfin
+
+    - role: apache_vhost
+      vars:
+        apache_server_name: jellyfin.ipa.example.com
+        apache_config: '{{ jellyfin_apache_config }}'
+````
diff --git a/roles/jellyfin/defaults/main.yml b/roles/jellyfin/defaults/main.yml
index 2c3fadb..486c7ba 100644
--- a/roles/jellyfin/defaults/main.yml
+++ b/roles/jellyfin/defaults/main.yml
@@ -8,4 +8,4 @@ jellyfin_media_access_group: role-media-access
 jellyfin_access_group: role-media-access
 jellyfin_admin_group: role-media-admin
 
-jellyfin_ldap_server: '{{ freeipa_hosts[0] }}'
+jellyfin_ldap_servers: '{{ freeipa_hosts }}'
diff --git a/roles/jellyfin/templates/var/lib/jellyfin/plugins/configurations/LDAP-Auth.xml.j2 b/roles/jellyfin/templates/var/lib/jellyfin/plugins/configurations/LDAP-Auth.xml.j2
index 5326ff2..8255cd4 100644
--- a/roles/jellyfin/templates/var/lib/jellyfin/plugins/configurations/LDAP-Auth.xml.j2
+++ b/roles/jellyfin/templates/var/lib/jellyfin/plugins/configurations/LDAP-Auth.xml.j2
@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="utf-8"?>
 <PluginConfiguration xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
-  <LdapServer>{{ jellyfin_ldap_server }}</LdapServer>
+  <LdapServer>{{ jellyfin_ldap_servers | join(' ') }}</LdapServer>
   <LdapPort>636</LdapPort>
   <UseSsl>true</UseSsl>
   <UseStartTls>false</UseStartTls>