Merge remote-tracking branch 'upstream/staging-next' into down-integrate-staging

author: Luke Granger-Brown <git@lukegb.com> 2021-04-12 18:26:33 +0000
committer: Luke Granger-Brown <git@lukegb.com> 2021-04-12 18:49:01 +0000
commit: 08b22e605bc7d7560ef6ce567caa43f57178715f (patch)
tree: eed46af25264ec81b18ba7a216beec55a84f6683 /nixos/modules/services/misc/jellyfin.nix
parent: 82ca81cd62c785b81bf530837c05babcb9cde8a5 (diff)
parent: 60daed57149403acbb622e48a003422eacea4c16 (diff)
1 files changed, 16 insertions, 0 deletions
diff --git a/nixos/modules/services/misc/jellyfin.nix b/nixos/modules/services/misc/jellyfin.nix
index 6a47dc3628f4a..64b774a220b66 100644
--- a/nixos/modules/services/misc/jellyfin.nix
+++ b/nixos/modules/services/misc/jellyfin.nix
@@ -29,6 +29,16 @@ in
         default = "jellyfin";
         description = "Group under which jellyfin runs.";
       };
+
+      openFirewall = mkOption {
+        type = types.bool;
+        default = false;
+        description = ''
+          Open the default ports in the firewall for the media server. The
+          HTTP/HTTPS ports can be changed in the Web UI, so this option should
+          only be used if they are unchanged.
+        '';
+      };
     };
   };
 
@@ -104,6 +114,12 @@ in
       jellyfin = {};
     };
 
+    networking.firewall = mkIf cfg.openFirewall {
+      # from https://jellyfin.org/docs/general/networking/index.html
+      allowedTCPPorts = [ 8096 8920 ];
+      allowedUDPPorts = [ 1900 7359 ];
+    };
+
   };
 
   meta.maintainers = with lib.maintainers; [ minijackson ];
author	Luke Granger-Brown <git@lukegb.com>	2021-04-12 18:26:33 +0000
committer	Luke Granger-Brown <git@lukegb.com>	2021-04-12 18:49:01 +0000
commit	08b22e605bc7d7560ef6ce567caa43f57178715f (patch)
tree	eed46af25264ec81b18ba7a216beec55a84f6683 /nixos/modules/services/misc/jellyfin.nix
parent	82ca81cd62c785b81bf530837c05babcb9cde8a5 (diff)
parent	60daed57149403acbb622e48a003422eacea4c16 (diff)