Dustin C. Hatch
2864a4185c
In order to enable authentication using LDAP over TLS in Jellyfin, we need to expose the CA certificate that issues the LDAP server certificates to the container.
89 lines
1.6 KiB
YAML
89 lines
1.6 KiB
YAML
- name: ensure jellyfin group exists
|
|
group:
|
|
name: jellyfin
|
|
gid: 201
|
|
system: true
|
|
state: present
|
|
tags:
|
|
- user
|
|
- group
|
|
- name: ensure jellyfin user exists
|
|
user:
|
|
name: jellyfin
|
|
uid: 201
|
|
group: jellyfin
|
|
system: true
|
|
home: /
|
|
createhome: false
|
|
state: present
|
|
tags:
|
|
- user
|
|
|
|
- name: ensure jellyfin cache directory exists
|
|
file:
|
|
path: /var/cache/jellyfin
|
|
owner: jellyfin
|
|
group: jellyfin
|
|
mode: u=rwx,go=
|
|
state: directory
|
|
tags:
|
|
- datadir
|
|
- name: ensure jellyfin data directory exists
|
|
file:
|
|
path: /var/lib/jellyfin
|
|
owner: jellyfin
|
|
group: jellyfin
|
|
mode: u=rwx,og=rx
|
|
state: directory
|
|
tags:
|
|
- datadir
|
|
|
|
- name: ensure jellyfin environment is configured
|
|
template:
|
|
src: jellyfin.env.j2
|
|
dest: /etc/sysconfig/jellyfin
|
|
owner: root
|
|
group: root
|
|
mode: u=rw,go=
|
|
tags:
|
|
- config
|
|
|
|
- name: ensure jellyfin.container systemd unit exists
|
|
template:
|
|
src: jellyfin.container.j2
|
|
dest: /etc/containers/systemd/jellyfin.container
|
|
owner: root
|
|
group: root
|
|
mode: u=rw,go=r
|
|
notify:
|
|
- reload systemd
|
|
- restart jellyfin
|
|
tags:
|
|
- systemd
|
|
- container
|
|
|
|
- name: ensure selinux allows containers to read certificate files
|
|
seboolean:
|
|
name: container_read_certs
|
|
persistent: true
|
|
state: true
|
|
when: jellyfin_ldap_ca_cert|d
|
|
tags:
|
|
- selinux
|
|
|
|
- name: flush handlers
|
|
meta: flush_handlers
|
|
|
|
- name: ensure jellyfin starts at boot
|
|
systemd:
|
|
name: jellyfin
|
|
enabled: true
|
|
tags:
|
|
- service
|
|
- name: ensure jellyfin is running
|
|
systemd:
|
|
name: jellyfin
|
|
state: started
|
|
tags:
|
|
- service
|