• 1 Post
  • 161 Comments
Joined 2 years ago
cake
Cake day: June 13th, 2023

help-circle



  • It’s not for that though, more like the notification light on old phones so if you’re just next to your phone for a while you can set different patterns for different notifications or people to pay attention to. then can set a persistent light up top for priority notifications so if you’re working or at the beach or something can just glance and see you have ‘priority’ information waiting and dont have to be staring at your phone











  • I have been trying to use jellyfin locally but subtitles have issues some times depending on the show or format. Also recently my wife watched 2 episodes more than me so we needed to go back 2 episodes and only way to do that from the Up Next or Resume screens was to start a new search of the show and click into the season and then find the episode. In Plex that takes 2extra clicks to get to the season and find the episode. I get supporting open source but for my jellyfin only has 70% of the features I use weekly on Plex. Definitely supporting it and trying to use it but it’s not feature parity for me





  • I’ve been testing out jellyfin for the last couple months but it doesn’t really fill the void of this specific feature that’s being locked behind a pay wall. If anyone has good recommendations for securely and reliably hosting jellyfin behind SSL and auth with email password resets where I don’t have to worry about it as much as Plex.

    I use jellyfin locally but for a handful of remote clients I have I may well block off their access they’re not going to be able to figure out my hand spun services and wall of text.


  • keyez@lemmy.worldtoSelfhosted@lemmy.worldSelf-hosted SSO
    link
    fedilink
    English
    arrow-up
    1
    ·
    4 months ago

    Heres what I’m running:

    authentication_backend:
      file:
        path: '/config/users_database.yml'
        watch: false
        search:
          email: false
          case_insensitive: false
        password:
          algorithm: 'sha2crypt'
    
    access_control:
      ## Default policy can either be 'bypass', 'one_factor', 'two_factor' or 'deny'. It is the policy applied to any
      ## resource if there is no policy to be applied to the user.
      default_policy: 'deny'
    
      networks:
        - name: 'internal'
          networks:
            # - '10.10.0.0/16'
            - '192.168.1.0/24'
        - name: 'VPN'
          networks: '10.0.1.0/24'
    
      rules:
        ## Rules applied to everyone
        - domain: '*.mydomain.com'
          policy: 'one_factor'
    
    session:
      ## The secret to encrypt the session data. This is only used with Redis / Redis Sentinel.
      ## Secret can also be set using a secret: https://www.authelia.com/c/secrets
      secret: 'insecure_session_secret'
    
      ## Cookies configures the list of allowed cookie domains for sessions to be created on.
      ## Undefined values will default to the values below.
      cookies:
      #   -
          ## The name of the session cookie.
        - name: 'authelia_session'
    
          ## The domain to protect.
          ## Note: the Authelia portal must also be in that domain.
          domain: 'mydomain.com'
    
          ## Required. The fully qualified URI of the portal to redirect users to on proxies that support redirections.
          ## Rules:
          ##   - MUST use the secure scheme 'https://'
          ##   - The above 'domain' option MUST either:
          ##      - Match the host portion of this URI.
          ##      - Match the suffix of the host portion when prefixed with '.'.
          authelia_url: 'https://auth.mydomain.com/'
    storage:
      postgres:
        ....
    
    identity_providers:
      oidc:
        ## Cross-Origin Resource Sharing (CORS) settings.
        cors:
          ## List of endpoints in addition to the metadata endpoints to permit cross-origin requests on.
          endpoints:
             - 'authorization'
             - 'token'
             - 'revocation'
             - 'introspection'
            #  - 'pushed-authorization-request'
            #  - 'userinfo'
    
          ## List of allowed origins.
          ## Any origin with https is permitted unless this option is configured or the
          ## allowed_origins_from_client_redirect_uris option is enabled.
          allowed_origins:
            - 'https://mydomain.com/'
            - 'https://grafana.mydomain.com/'
            - 'https://wiki.mydomain.com/'
            - 'https://foodz.mydomain.com/'
    
          ## Automatically adds the origin portion of all redirect URI's on all clients to the list of allowed_origins,
          ## provided they have the scheme http or https and do not have the hostname of localhost.
          allowed_origins_from_client_redirect_uris: true
        ## Clients is a list of known clients and their configuration.
        clients:
          - client_id: 'grafana'
            client_name: 'Grafana'
            client_secret: 'XXXXXX'
            public: false
            consent_mode: 'pre-configured'
            authorization_policy: 'one_factor'
            require_pkce: true
            pkce_challenge_method: 'S256'
            redirect_uris:
              - 'https://grafana.mydomain.com/login/generic_oauth'
            scopes:
              - 'openid'
              - 'profile'
              - 'groups'
              - 'email'
            userinfo_signed_response_alg: 'none'
            token_endpoint_auth_method: 'client_secret_basic'
          - client_id: 'wiki'
            client_name: 'Wiki'
            client_secret: 'XXXX'
            consent_mode: 'pre-configured'
            public: false
            authorization_policy: 'one_factor'
            require_pkce: true
            pkce_challenge_method: 'S256'
            redirect_uris:
              - 'https://wiki.mydomain.com/oidc/callback'
            scopes:
              - 'openid'
              - 'profile'
              - 'groups'
              - 'email'
            userinfo_signed_response_alg: 'none'
            token_endpoint_auth_method: 'client_secret_basic'
          ....
    
    

    Then my users_database.yml looks like:

    users:
      authelia:
        disabled: false
        displayname: "Test User"
        password: ""
        email: authelia@authelia.com
        groups:
          - admins
          - dev
      user001:
        disabled: false
        displayname: 'User 001'
        password: "$6$rounds=50000$XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
        email: test@gmail.com
        groups:
          - admins
          - users