titaniumtown/server-config
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

jellyfin-qbittorrent-monitor: fix jellyfin api key file perms

Browse Source
This commit is contained in:
Simon Gardling 2025-11-13 02:43:42 -05:00
parent 097b89a14a
commit ba6f47dde9
Signed by: titaniumtown
GPG Key ID: 9AB28AC10ECE533D
2 changed files with 5 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
age-secrets.nix
View File

@ -39,10 +39,9 @@
group = "caddy"; group = "caddy";
}; };
# TODO! fix permissions
jellyfin-api-key = { jellyfin-api-key = {
file = ./secrets/jellyfin-api-key.age; file = ./secrets/jellyfin-api-key.age;
mode = "0444"; mode = "0400";
owner = "root"; owner = "root";
group = "root"; group = "root";
}; };

5
services/jellyfin-qbittorrent-monitor.nix
View File

@ -17,7 +17,7 @@
serviceConfig = { serviceConfig = {
Type = "simple"; Type = "simple";
ExecStart = pkgs.writeShellScript "jellyfin-monitor-start" '' ExecStart = pkgs.writeShellScript "jellyfin-monitor-start" ''
export JELLYFIN_API_KEY=$(cat ${config.age.secrets.jellyfin-api-key.path}) export JELLYFIN_API_KEY=$(cat $CREDENTIALS_DIRECTORY/jellyfin-api-key)
exec ${ exec ${
pkgs.python3.withPackages (ps: with ps; [ requests ]) pkgs.python3.withPackages (ps: with ps; [ requests ])
}/bin/python ${./jellyfin-qbittorrent-monitor.py} }/bin/python ${./jellyfin-qbittorrent-monitor.py}
@ -37,6 +37,9 @@
RestrictRealtime = true; RestrictRealtime = true;
RestrictSUIDSGID = true; RestrictSUIDSGID = true;
RemoveIPC = true; RemoveIPC = true;
# Load credentials from agenix secrets
LoadCredential = "jellyfin-api-key:${config.age.secrets.jellyfin-api-key.path}";
}; };
environment = { environment = {