From 643df612ad0c734fcc36495e89cda08bffdd37b1 Mon Sep 17 00:00:00 2001
From: Simon Gardling <titaniumtown@proton.me>
Date: Wed, 4 Mar 2026 13:29:54 -0500
Subject: [PATCH] jellyfin: patch port 8096 being open

All jellyfin traffic should actually go through caddy.
This port being open caused a lot of confusion for me.
As I was getting traffic from typo'd domain names,
such as `jellfin.gardling.com`, which made NO SENSE!
But since it was going directly via port 8096, it
skipped caddy entirely so the traffic went through.
---
 services/jellyfin.nix       | 2 --
 tests/fail2ban-jellyfin.nix | 3 +++
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/services/jellyfin.nix b/services/jellyfin.nix
index 6761c1a..2ab9b12 100644
--- a/services/jellyfin.nix
+++ b/services/jellyfin.nix
@@ -19,8 +19,6 @@
 
   services.jellyfin = {
     enable = true;
-    # used for local streaming
-    openFirewall = true;
     package = pkgs.jellyfin.override { jellyfin-ffmpeg = (lib.optimizePackage pkgs.jellyfin-ffmpeg); };
 
     inherit (service_configs.jellyfin) dataDir cacheDir;
diff --git a/tests/fail2ban-jellyfin.nix b/tests/fail2ban-jellyfin.nix
index 165dcd0..195c5f7 100644
--- a/tests/fail2ban-jellyfin.nix
+++ b/tests/fail2ban-jellyfin.nix
@@ -55,6 +55,9 @@ pkgs.testers.runNixOSTest {
           jellyfinModule
         ];
 
+        # needed for testing
+        services.jellyfin.openFirewall = true;
+
         # Create the media group
         users.groups.media = { };