diff --git a/nixos/systems/blowhole/filesystems.nix b/nixos/systems/blowhole/filesystems.nix index 880293d..b3503d4 100644 --- a/nixos/systems/blowhole/filesystems.nix +++ b/nixos/systems/blowhole/filesystems.nix @@ -1,13 +1,22 @@ { pkgs, lib, secret, ... }: let inherit (lib) - singleton; + singleton + concatStringsSep; in { environment.systemPackages = with pkgs; [ sshfs ]; + services.hashicorp.vault-agent = { + settings.template = singleton { + source = pkgs.writeText "kodi-samba.cred.vtmpl" + ''{{ with secret "kv/data/homelab-1/blowhole/kodi_samba.cred" }}{{ .Data.data.cred }}{{ end }}''; + destination = "/run/secrets/kodi_samba.cred"; + }; + }; + fileSystems = { "/boot" = { diff --git a/nixos/systems/blowhole/nomad.nix b/nixos/systems/blowhole/nomad.nix index 9308647..38a9538 100644 --- a/nixos/systems/blowhole/nomad.nix +++ b/nixos/systems/blowhole/nomad.nix @@ -108,7 +108,7 @@ in network_interface = "enp4s0"; - host_volume."jellyfin-mount".path = "/mnt/jellyfin-mount"; + host_volume."jellyfin-media".path = "/mnt/kyle/infrastructure/jellyfin/media"; host_volume."cctv" = { path = "/mnt/cctv"; read_only = false; diff --git a/terranix/blowhole.nix b/terranix/blowhole.nix index 2cfd327..e3f6334 100644 --- a/terranix/blowhole.nix +++ b/terranix/blowhole.nix @@ -59,6 +59,10 @@ in capabilities = ["read"] } + path "${vaultKvMount}/data/homelab-1/blowhole/kodi_samba.cred" { + capabilities = ["read"] + } + path "${vaultKvMount}/data/homelab-1/blowhole/hostapd/wpa_psk" { capabilities = ["read"] } diff --git a/terranix/containers/jellyfin/job.hcl b/terranix/containers/jellyfin/job.hcl index f79fe14..4cea86c 100644 --- a/terranix/containers/jellyfin/job.hcl +++ b/terranix/containers/jellyfin/job.hcl @@ -29,18 +29,9 @@ job "jellyfin" { } volume "jellyfin-media" { - type = "csi" - source = "jellyfin-media" - read_only = false - - attachment_mode = "file-system" - access_mode = "single-node-writer" - } - - volume "jellyfin-mount" { type = "host" read_only = true - source = "jellyfin-mount" + source = "jellyfin-media" } network { @@ -81,7 +72,7 @@ job "jellyfin" { driver = "docker" config { - image = "jellyfin/jellyfin@sha256:73501b70b0e884e5815d8f03d22973513ae7cadbcd8dba95da60e1d7c82dac7b" + image = "jellyfin/jellyfin@sha256:08900f012d66d2cfed7cfa2343ea5a05ba8e8c487ef565738e96eb4acb3082ac" # devices = [ # { @@ -116,7 +107,7 @@ job "jellyfin" { volume_mount { volume = "jellyfin-media" destination = "/media" - read_only = false + read_only = true } } }