From e437629e129c5870942a8c1a6e6ff1e47951ba89 Mon Sep 17 00:00:00 2001 From: Ben Vincent Date: Sun, 30 Jun 2024 00:01:38 +1000 Subject: [PATCH 1/3] feat: add jellyfin module --- modules/jellyfin/manifests/init.pp | 11 +++++++++++ modules/jellyfin/manifests/install.pp | 14 ++++++++++++++ modules/jellyfin/manifests/params.pp | 13 +++++++++++++ modules/jellyfin/manifests/service.pp | 10 ++++++++++ 4 files changed, 48 insertions(+) create mode 100644 modules/jellyfin/manifests/init.pp create mode 100644 modules/jellyfin/manifests/install.pp create mode 100644 modules/jellyfin/manifests/params.pp create mode 100644 modules/jellyfin/manifests/service.pp diff --git a/modules/jellyfin/manifests/init.pp b/modules/jellyfin/manifests/init.pp new file mode 100644 index 0000000..6d57b15 --- /dev/null +++ b/modules/jellyfin/manifests/init.pp @@ -0,0 +1,11 @@ +# manage jellyfin +class jellyfin ( + $packages = $jellyfin::params::packages, + $service_enable = $jellyfin::params::service_enable, +) inherits jellyfin::params { + + include jellyfin::install + include jellyfin::service + + Class['jellyfin::install'] -> Class['jellyfin::service'] +} diff --git a/modules/jellyfin/manifests/install.pp b/modules/jellyfin/manifests/install.pp new file mode 100644 index 0000000..69ee1ab --- /dev/null +++ b/modules/jellyfin/manifests/install.pp @@ -0,0 +1,14 @@ +# install jellyfin +class jellyfin::install ( + $packages = $jellyfin::packages, +) { + + $_packages = $packages ? { + Array => true, + default => false, + } + + if $_packages { + ensure_packages($packages, {ensure => 'installed'}) + } +} diff --git a/modules/jellyfin/manifests/params.pp b/modules/jellyfin/manifests/params.pp new file mode 100644 index 0000000..d74a3a4 --- /dev/null +++ b/modules/jellyfin/manifests/params.pp @@ -0,0 +1,13 @@ +# jellyfin params +class jellyfin::params ( + Array[String] $packages = [ + 'jellyfin', + 'jellyfin-web', + 'jellyfin-server', + 'SDL2', + 'ffmpeg', + 'ffmpeg-devel', + ], + String $service_name = 'jellyfin', + Boolean $service_enable = true, +) { } diff --git a/modules/jellyfin/manifests/service.pp b/modules/jellyfin/manifests/service.pp new file mode 100644 index 0000000..ce9755f --- /dev/null +++ b/modules/jellyfin/manifests/service.pp @@ -0,0 +1,10 @@ +# manage jellyfin service +class jellyfin::service ( + $service_enable = $jellyfin::service_enable, + $service_name = $jellyfin::service_name, +) { + service{$service_name: + ensure => $service_enable, + enable => $service_enable, + } +} -- 2.47.3 From f81b5753fffb9bb464d61a2d030eb78dd0dc2d46 Mon Sep 17 00:00:00 2001 From: Ben Vincent Date: Sun, 30 Jun 2024 00:02:16 +1000 Subject: [PATCH 2/3] feat: add jellyfin role/profile classes --- hieradata/roles/apps/media/jellyfin.yaml | 48 +++++++++++++++++++++ site/profiles/manifests/media/jellyfin.pp | 31 +++++++++++++ site/roles/manifests/apps/media/jellyfin.pp | 11 +++++ 3 files changed, 90 insertions(+) create mode 100644 hieradata/roles/apps/media/jellyfin.yaml create mode 100644 site/profiles/manifests/media/jellyfin.pp create mode 100644 site/roles/manifests/apps/media/jellyfin.pp diff --git a/hieradata/roles/apps/media/jellyfin.yaml b/hieradata/roles/apps/media/jellyfin.yaml new file mode 100644 index 0000000..8a761bd --- /dev/null +++ b/hieradata/roles/apps/media/jellyfin.yaml @@ -0,0 +1,48 @@ +--- +hiera_include: + - jellyfin + - profiles::nginx::simpleproxy + +# manage jellyfin +jellyfin::params::service_enable: true + +# additional altnames +profiles::pki::vault::alt_names: + - jellyfin.main.unkin.net + - jellyfin.service.consul + - jellyfin.query.consul + - "jellyfin.service.%{facts.country}-%{facts.region}.consul" + +# manage a simple nginx reverse proxy +profiles::nginx::simpleproxy::nginx_vhost: 'jellyfin.query.consul' +profiles::nginx::simpleproxy::nginx_aliases: + - jellyfin.main.unkin.net + - jellyfin.service.consul + - jellyfin.query.consul + - "jellyfin.service.%{facts.country}-%{facts.region}.consul" +profiles::nginx::simpleproxy::proxy_port: 8096 +profiles::nginx::simpleproxy::proxy_host: 127.0.0.1 +profiles::nginx::simpleproxy::proxy_path: '/' + +# configure consul service +nginx::client_max_body_size: 10M +consul::services: + jellyfin: + service_name: 'jellyfin' + tags: + - 'media' + - 'jellyfin' + address: "%{facts.networking.ip}" + port: 443 + checks: + - id: 'jellyfin_http_check' + name: 'jellyfin HTTP Check' + http: "https://%{facts.networking.fqdn}:443" + method: 'GET' + tls_skip_verify: true + interval: '10s' + timeout: '1s' +profiles::consul::client::node_rules: + - resource: service + segment: jellyfin + disposition: write diff --git a/site/profiles/manifests/media/jellyfin.pp b/site/profiles/manifests/media/jellyfin.pp new file mode 100644 index 0000000..9502e0d --- /dev/null +++ b/site/profiles/manifests/media/jellyfin.pp @@ -0,0 +1,31 @@ +# profiles::media::jellyfin +class profiles::media::jellyfin ( + Stdlib::Absolutepath $media_root = '/shared/media', +) { + + include profiles::ceph::client + + # manage the sharedvol + profiles::storage::cephfsvol {"${::facts['networking']['fqdn']}_media": + mount => $media_root, + keyring => '/etc/ceph/ceph.client.media.keyring', + cephfs_name => 'media', + cephfs_fs => 'mediafs', + require => Profiles::Ceph::Keyring['media'], + } + + # export haproxy balancemember + profiles::haproxy::balancemember { "${facts['networking']['fqdn']}_443": + service => 'be_jellyfin', + ports => [443], + options => [ + "cookie ${facts['networking']['hostname']}", + 'ssl', + 'verify none', + 'check', + 'inter 2s', + 'rise 3', + 'fall 2', + ] + } +} diff --git a/site/roles/manifests/apps/media/jellyfin.pp b/site/roles/manifests/apps/media/jellyfin.pp new file mode 100644 index 0000000..0a40853 --- /dev/null +++ b/site/roles/manifests/apps/media/jellyfin.pp @@ -0,0 +1,11 @@ +# jellyfin server profile +class roles::apps::media::jellyfin { + if $facts['firstrun'] { + include profiles::defaults + include profiles::firstrun::init + }else{ + include profiles::defaults + include profiles::base + include profiles::media::jellyfin + } +} -- 2.47.3 From 2199e4e3c084bb66c5db6990c6e9e0bf56e8e46a Mon Sep 17 00:00:00 2001 From: Ben Vincent Date: Sun, 30 Jun 2024 00:02:44 +1000 Subject: [PATCH 3/3] feat: add jellyfin to haproxy --- .../au/region/syd1/infra/halb/haproxy.yaml | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/hieradata/country/au/region/syd1/infra/halb/haproxy.yaml b/hieradata/country/au/region/syd1/infra/halb/haproxy.yaml index 2bf808a..525c371 100644 --- a/hieradata/country/au/region/syd1/infra/halb/haproxy.yaml +++ b/hieradata/country/au/region/syd1/infra/halb/haproxy.yaml @@ -11,6 +11,7 @@ profiles::haproxy::mappings: - 'lidarr.main.unkin.net be_lidarr' - 'readarr.main.unkin.net be_readarr' - 'prowlarr.main.unkin.net be_prowlarr' + - 'jellyfin.main.unkin.net be_jellyfin' fe_https: ensure: present mappings: @@ -21,6 +22,7 @@ profiles::haproxy::mappings: - 'lidarr.main.unkin.net be_lidarr' - 'readarr.main.unkin.net be_readarr' - 'prowlarr.main.unkin.net be_prowlarr' + - 'jellyfin.main.unkin.net be_jellyfin' profiles::haproxy::frontends: fe_http: @@ -153,6 +155,22 @@ profiles::haproxy::backends: - set-header X-Forwarded-Port %[dst_port] - add-header X-Forwarded-Proto https if { dst_port 443 } redirect: 'scheme https if !{ ssl_fc }' + be_jellyfin: + description: Backend for au-syd1 jellyfin + collect_exported: false # handled in custom function + options: + balance: roundrobin + option: + - httpchk GET / + - forwardfor + - http-keep-alive + - prefer-last-server + cookie: SRVNAME insert indirect nocache + http-reuse: always + http-request: + - set-header X-Forwarded-Port %[dst_port] + - add-header X-Forwarded-Proto https if { dst_port 443 } + redirect: 'scheme https if !{ ssl_fc }' profiles::haproxy::certlist::enabled: true profiles::haproxy::certlist::certificates: @@ -167,6 +185,7 @@ profiles::pki::vault::alt_names: - lidarr.main.unkin.net - readarr.main.unkin.net - prowlarr.main.unkin.net + - jellyfin.main.unkin.net # additional cnames profiles::haproxy::dns::cnames: -- 2.47.3