From ccfe2ff0b0dcd5568c58340c01ac46e3c53c8ec3 Mon Sep 17 00:00:00 2001
From: Franziska Kunsmann <hi@kunsmann.eu>
Date: Mon, 15 Jan 2024 21:52:48 +0100
Subject: [PATCH] home.nas: allow TV to access jellyfin without https

for some reason, connecting to the hostname fails, and connecting to the
ip using https leads to certificate errors
---
 bundles/jellyfin/metadata.py | 12 ++++++++++++
 nodes/home/nas.py            |  5 +++++
 2 files changed, 17 insertions(+)

diff --git a/bundles/jellyfin/metadata.py b/bundles/jellyfin/metadata.py
index 5728913..d3d6003 100644
--- a/bundles/jellyfin/metadata.py
+++ b/bundles/jellyfin/metadata.py
@@ -55,3 +55,15 @@ def nginx(metadata):
             },
         },
     }
+
+@metadata_reactor.provides(
+    'firewall/port_rules',
+)
+def firewall(metadata):
+    return {
+        'firewall': {
+            'port_rules': {
+                '8096/tcp': atomic(metadata.get('jellyfin/restrict-to', {'*'})),
+            },
+        },
+    }
diff --git a/nodes/home/nas.py b/nodes/home/nas.py
index 7befeb9..e7121ab 100644
--- a/nodes/home/nas.py
+++ b/nodes/home/nas.py
@@ -95,6 +95,11 @@ nodes['home.nas'] = {
                 },
             },
         },
+        'jellyfin': {
+            'restrict-to': {
+                'home.lgtv-wohnzimmer',
+            },
+        },
         'mosquitto': {
             'bridges': {
                 'c3voc': {