Erich Blume
07fb48626d
## Summary - Add Authentik OIDC provider + application for Jellyfin via blueprint (all authenticated users allowed, no policy binding) - Wire `jellyfin-client-secret` through ExternalSecret and Authentik worker deployment - Install [jellyfin-plugin-sso](https://github.com/9p4/jellyfin-plugin-sso) v4.0.0.3 via Ansible, with OIDC config template - Authentik `admins` group maps to Jellyfin administrator role - Local login left enabled; SSO is additive ## Deployment and Testing - [ ] Sync ArgoCD `authentik` app on branch — verify provider + application appear in Authentik admin - [ ] `mise run provision-indri -- --tags jellyfin --check --diff` (dry run) - [ ] `mise run provision-indri -- --tags jellyfin` (deploy plugin + config) - [ ] Test SSO flow: `https://jellyfin.ops.eblu.me/sso/OID/start/authentik` - [ ] Verify `eblume` account auto-links via `preferred_username` match - [ ] Verify admins group → Jellyfin admin - [ ] Reset ArgoCD app revision to main after merge 🤖 Generated with [Claude Code](https://claude.com/claude-code) Reviewed-on: https://forge.ops.eblu.me/eblume/blumeops/pulls/239
30 lines
934 B
YAML
30 lines
934 B
YAML
---
|
|
# Jellyfin media server configuration
|
|
|
|
# Port Jellyfin listens on
|
|
jellyfin_port: 8096
|
|
|
|
# Data directory (standard macOS location)
|
|
jellyfin_data_dir: "{{ ansible_env.HOME }}/Library/Application Support/jellyfin"
|
|
|
|
# Media path (NFS mount from sifaka)
|
|
jellyfin_media_path: /Volumes/allisonflix
|
|
|
|
# Homebrew cask application path
|
|
jellyfin_cask_app_path: /Applications/Jellyfin.app
|
|
|
|
# Binary path inside the cask app
|
|
jellyfin_binary: "{{ jellyfin_cask_app_path }}/Contents/MacOS/jellyfin"
|
|
|
|
# Web client path (different from binary location in Homebrew cask)
|
|
jellyfin_webdir: "{{ jellyfin_cask_app_path }}/Contents/Resources/jellyfin-web"
|
|
|
|
# Log directory
|
|
jellyfin_log_dir: "{{ ansible_env.HOME }}/Library/Logs"
|
|
|
|
# SSO plugin configuration
|
|
jellyfin_sso_plugin_version: "4.0.0.3"
|
|
jellyfin_sso_client_id: jellyfin
|
|
jellyfin_sso_client_secret: ""
|
|
jellyfin_sso_provider_name: authentik
|
|
jellyfin_plugins_dir: "{{ jellyfin_data_dir }}/plugins"
|