From 56bbfd78f9142aeffa0484b26b8fb7e72d7a9715 Mon Sep 17 00:00:00 2001
From: rasmus-kirk <mail@rasmuskirk.com>
Date: Tue, 14 Jan 2025 15:49:31 +0100
Subject: [PATCH] jellyfin changes

---
 docs/wiki/examples/example-2/index.md | 23 ++------
 nixarr/jellyfin/default.nix           | 77 ++-------------------------
 2 files changed, 9 insertions(+), 91 deletions(-)

diff --git a/docs/wiki/examples/example-2/index.md b/docs/wiki/examples/example-2/index.md
index d1ebeba..f02c44d 100644
--- a/docs/wiki/examples/example-2/index.md
+++ b/docs/wiki/examples/example-2/index.md
@@ -6,13 +6,11 @@ An example where port forwarding is not an option. This is useful if,
 for example, you're living in a dorm that does not allow it. This
 example does the following:
 
-- Runs Jellyfin and exposes it to the internet on a set port
+- Runs Jellyfin
 - Starts openssh and runs it through the VPN so that it can be accessed
   outside your home network
 - Runs all the supported "*Arrs"
 
-> **Warning:** This is largely untested ATM!
-
 ```nix {.numberLines}
   nixarr = {
     enable = true;
@@ -22,17 +20,7 @@ example does the following:
       wgConf = "/data/.secret/wg.conf";
     };
 
-    jellyfin = {
-      enable = true;
-      vpn.enable = true;
-
-      # Access the Jellyfin web-ui from the internet.
-      # Get this port from your VPN provider
-      expose.vpn = {
-        enable = true;
-        port = 12345;
-      };
-    };
+    jellyfin.enable = true;
 
     # Setup SSH service that runs through VPN.
     # Lets you connect through ssh from the internet without having access to
@@ -60,7 +48,7 @@ example does the following:
     enable = true;
     settings.PasswordAuthentication = false;
     # Get this port from your VPN provider
-    ports = [ 54321 ]
+    ports = [ 34567 ]
   };
   # Adds your public keys as trusted devices
   users.extraUsers.username.openssh.authorizedKeys.keyFiles = [
@@ -87,6 +75,5 @@ can use SSH tunneling. Simply run:
     -L 6007:localhost:6767
 ```
 
-Replace `user` with your user and `ip` with the public ip, or domain if set
-up, of your server. This lets you access the services on `localhost:6001`
-through `localhost:6007`.
+Replace `user` with your user and `ip` with the VPN ip. This lets you access
+the services on `localhost:6001` through `localhost:6007`.
diff --git a/nixarr/jellyfin/default.nix b/nixarr/jellyfin/default.nix
index 5325437..429e926 100644
--- a/nixarr/jellyfin/default.nix
+++ b/nixarr/jellyfin/default.nix
@@ -64,46 +64,6 @@ in
       };
 
       expose = {
-        vpn = {
-          enable = mkOption {
-            type = types.bool;
-            default = false;
-            example = true;
-            description = ''
-              **Required options:**
-
-              - [`nixarr.jellyfin.vpn.enable`](#nixarr.jellyfin.vpn.enable)
-              - [`nixarr.jellyfin.expose.vpn.port`](#nixarr.jellyfin.expose.vpn.port)
-              - [`nixarr.jellyfin.expose.vpn.accessibleFrom`](#nixarr.jellyfin.expose.vpn.accessiblefrom)
-
-              Expose the Jellyfin web service to the internet, allowing anyone to
-              access it.
-
-              > **Warning:** Do _not_ enable this without setting up Jellyfin
-              > authentication through localhost first!
-            '';
-          };
-
-          port = mkOption {
-            type = with types; nullOr port;
-            default = null;
-            example = 12345;
-            description = ''
-              The port to access jellyfin on. Get this port from your VPN
-              provider.
-            '';
-          };
-
-          accessibleFrom = mkOption {
-            type = with types; nullOr str;
-            default = null;
-            example = "jellyfin.airvpn.org";
-            description = ''
-              The IP or domain that Jellyfin should be able to be accessed from.
-            '';
-          };
-        };
-
         https = {
           enable = mkOption {
             type = types.bool;
@@ -184,23 +144,6 @@ in
               - nixarr.jellyfin.expose.acmeMail
             '';
           }
-          {
-            assertion =
-              cfg.expose.vpn.enable
-              -> (
-                cfg.vpn.enable
-                && (cfg.expose.vpn.port != null)
-                && (cfg.expose.vpn.accessibleFrom != null)
-              );
-            message = ''
-              The nixarr.jellyfin.expose.vpn.enable option requires the
-              following options to be set, but one of them were not:
-
-              - nixarr.jellyfin.vpn.enable
-              - nixarr.jellyfin.expose.vpn.port
-              - nixarr.jellyfin.expose.vpn.accessibleFrom
-            '';
-          }
         ];
 
         users = {
@@ -276,18 +219,10 @@ in
               locations."/" = {
                 recommendedProxySettings = true;
                 proxyWebsockets = true;
-                proxyPass = "http://192.168.15.1:${builtins.toString defaultPort}";
-              };
-            };
-          })
-          (mkIf cfg.expose.vpn.enable {
-            virtualHosts."${builtins.toString cfg.expose.vpn.accessibleFrom}:${builtins.toString cfg.expose.vpn.port}" = {
-              enableACME = true;
-              forceSSL = true;
-              locations."/" = {
-                recommendedProxySettings = true;
-                proxyWebsockets = true;
-                proxyPass = "http://192.168.15.1:${builtins.toString defaultPort}";
+                proxyPass = if cfg.expose.vpn.enable then
+                  "http://192.168.15.1:${builtins.toString cfg.expose.vpn.port}"
+                else
+                  "http://192.168.15.1:${builtins.toString defaultPort}";
               };
             };
           })
@@ -313,10 +248,6 @@ in
               to = defaultPort;
             }
           ];
-          openVPNPorts = optional cfg.expose.vpn.enable {
-            port = cfg.expose.vpn.port;
-            protocol = "tcp";
-          };
         };
       };
   }