40 current 2025-10-06 14:01:16 25.05.20251001.5b5be50 6.12.49 *

hosts/snowbelle/configuration.nix

@@ -81,7 +81,6 @@
 
   # Open ports in the firewall.
   networking.firewall.allowedTCPPorts = [
-    22      # ssh
     80      # http
     111     # portmapper for nfs
     139     # smb

modules/homelab/services/jellyfin/default.nix

@@ -19,6 +19,7 @@ in
     
     # declare jellyfin group
     users.groups.jellyfin = { gid = 701; };
+
     # declare jellyfin user
     users.users.jellyfin = {
       description = "jellyfin media server user";
@@ -30,6 +31,7 @@ in
       extraGroups = [ "media" "video" "render" ];
     };
 
+    # enable the jellyfin service
     services.jellyfin = {
       enable = true;
       openFirewall = true;        # Opens 8096/8920 automatically
@@ -37,8 +39,14 @@ in
       group = "jellyfin";         # Default: jellyfin
       dataDir = "/var/lib/jellyfin"; # Config + metadata storage
     };
-    systemd.services.jellyfin.serviceConfig = {
+
-      UMask = lib.mkForce "0007";
+    # override umask to make permissions work out
-    };
+    systemd.services.jellyfin.serviceConfig = { UMask = lib.mkForce "0007"; };
+
+    # open firewall
+    #networking.firewall.allowedTCPPorts = [ 8096 ];
+
+    # reverse proxy entryo
+
   };
 }

modules/system/ssh.nix

@@ -18,5 +18,7 @@ in
         X11Forwarding = false;
       };
     };
+    # open firewall
+    networking.firewall.allowedTCPPorts = [ 22 ];
   };
 }