From 44835429d2d288ae91aa4c336fa6f83dae6b2ae7 Mon Sep 17 00:00:00 2001
From: blake <me@blakedheld.xyz>
Date: Mon, 6 Oct 2025 14:15:51 -0500
Subject: [PATCH] 40 current  2025-10-06 14:01:16  25.05.20251001.5b5be50 
 6.12.49                          *

---
 hosts/snowbelle/configuration.nix             |  1 -
 modules/homelab/services/jellyfin/default.nix | 14 +++++++++++---
 modules/system/ssh.nix                        |  2 ++
 3 files changed, 13 insertions(+), 4 deletions(-)

diff --git a/hosts/snowbelle/configuration.nix b/hosts/snowbelle/configuration.nix
index 8f0dd96..23d57b6 100644
--- a/hosts/snowbelle/configuration.nix
+++ b/hosts/snowbelle/configuration.nix
@@ -81,7 +81,6 @@
 
   # Open ports in the firewall.
   networking.firewall.allowedTCPPorts = [
-    22      # ssh
     80      # http
     111     # portmapper for nfs
     139     # smb
diff --git a/modules/homelab/services/jellyfin/default.nix b/modules/homelab/services/jellyfin/default.nix
index 01e50ae..4ad5f5b 100644
--- a/modules/homelab/services/jellyfin/default.nix
+++ b/modules/homelab/services/jellyfin/default.nix
@@ -19,6 +19,7 @@ in
     
     # declare jellyfin group
     users.groups.jellyfin = { gid = 701; };
+
     # declare jellyfin user
     users.users.jellyfin = {
       description = "jellyfin media server user";
@@ -30,6 +31,7 @@ in
       extraGroups = [ "media" "video" "render" ];
     };
 
+    # enable the jellyfin service
     services.jellyfin = {
       enable = true;
       openFirewall = true;        # Opens 8096/8920 automatically
@@ -37,8 +39,14 @@ in
       group = "jellyfin";         # Default: jellyfin
       dataDir = "/var/lib/jellyfin"; # Config + metadata storage
     };
-    systemd.services.jellyfin.serviceConfig = {
-      UMask = lib.mkForce "0007";
-    };
+
+    # override umask to make permissions work out
+    systemd.services.jellyfin.serviceConfig = { UMask = lib.mkForce "0007"; };
+
+    # open firewall
+    #networking.firewall.allowedTCPPorts = [ 8096 ];
+
+    # reverse proxy entryo
+
   };
 }
diff --git a/modules/system/ssh.nix b/modules/system/ssh.nix
index c832fb4..a8cd395 100644
--- a/modules/system/ssh.nix
+++ b/modules/system/ssh.nix
@@ -18,5 +18,7 @@ in
         X11Forwarding = false;
       };
     };
+    # open firewall
+    networking.firewall.allowedTCPPorts = [ 22 ];
   };
 }