From 6c0a704e0e613fb50846aefa151e88c954b60f9f Mon Sep 17 00:00:00 2001
From: David McFarland <corngood@gmail.com>
Date: Tue, 29 Dec 2020 16:46:54 -0400
Subject: jellyfin: add openFirewall option

---
 nixos/modules/services/misc/jellyfin.nix | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

(limited to 'nixos/modules/services/misc/jellyfin.nix')

diff --git a/nixos/modules/services/misc/jellyfin.nix b/nixos/modules/services/misc/jellyfin.nix
index 6a47dc3628f4a..64b774a220b66 100644
--- a/nixos/modules/services/misc/jellyfin.nix
+++ b/nixos/modules/services/misc/jellyfin.nix
@@ -29,6 +29,16 @@ in
         default = "jellyfin";
         description = "Group under which jellyfin runs.";
       };
+
+      openFirewall = mkOption {
+        type = types.bool;
+        default = false;
+        description = ''
+          Open the default ports in the firewall for the media server. The
+          HTTP/HTTPS ports can be changed in the Web UI, so this option should
+          only be used if they are unchanged.
+        '';
+      };
     };
   };
 
@@ -104,6 +114,12 @@ in
       jellyfin = {};
     };
 
+    networking.firewall = mkIf cfg.openFirewall {
+      # from https://jellyfin.org/docs/general/networking/index.html
+      allowedTCPPorts = [ 8096 8920 ];
+      allowedUDPPorts = [ 1900 7359 ];
+    };
+
   };
 
   meta.maintainers = with lib.maintainers; [ minijackson ];
-- 
cgit 1.4.1