jellyfin: Deploy Jellyfin media server

Jellyfin is a multimedia library manager. Clients can browse and stream music, movies, and TV shows from the server and play them locally (including in the browser).
2023-09-12 13:38:35 -05:00
parent 226a6bef46
commit a2b3f9b5b9
11 changed files with 216 additions and 0 deletions
--- a/roles/jellyfin/templates/jellyfin.container.j2
+++ b/roles/jellyfin/templates/jellyfin.container.j2
@@ -0,0 +1,39 @@
+[Unit]
+Description=Jellyfin Media Server
+Wants=network.target
+After=network.target
+
+[Container]
+Image={{ jellyfin_container_image }}:{{ jellyfin_version }}
+#UserNS=keep-id
+User=201
+Group=201
+EnvironmentFile=/etc/sysconfig/jellyfin
+Volume=/var/lib/jellyfin:/config:rw,z
+Volume=/var/cache/jellyfin:/cache:rw,z
+{% for path in jellyfin_media_dirs %}
+Volume={{ path }}:/media/{{ path | basename }}:ro
+{% endfor %}
+Network=host
+NoNewPrivileges=yes
+
+[Service]
+#MemoryDenyWriteExecute=yes
+PrivateTmp=yes
+ProtectClock=yes
+ProtectHome=yes
+ProtectKernelLogs=yes
+ProtectKernelModules=yes
+ProtectKernelTunables=yes
+ProtectProc=invisible
+ProtectSystem=strict
+ReadWritePaths=/var/lib/jellyfin
+ReadWritePaths=/var/lib/containers/storage
+ReadWritePaths=/var/cache/jellyfin
+RestrictRealtime=yes
+RestrictSUIDSGID=yes
+SuccessExitStatus=0 143
+UMask=0077
+
+[Install]
+WantedBy=multi-user.target
--- a/roles/jellyfin/templates/jellyfin.env.j2
+++ b/roles/jellyfin/templates/jellyfin.env.j2
@@ -0,0 +1 @@
+JELLYFIN_PublishedServerUrl={{ jellyfin_server_url }}
--- a/roles/jellyfin/templates/jellyfin.httpd.conf.j2
+++ b/roles/jellyfin/templates/jellyfin.httpd.conf.j2
@@ -0,0 +1,27 @@
+<VirtualHost _default_:80>
+    ServerName {{ jellyfin_server_name }}
+
+    RewriteEngine On
+    RewriteCond %{HTTPS} !on
+    RewriteRule /.* https://%{SERVER_NAME}$0 [R=301,L]
+</VirtualHost>
+
+<VirtualHost _default_:443>
+    ServerName {{ jellyfin_server_name }}
+
+    SSLCertificateFile {{ jellyfin_ssl_certificate }}
+    SSLCertificateKeyFile {{ jellyfin_ssl_certificate_key }}
+    SSLCertificateChainFile {{ jellyfin_ssl_certificate }}
+
+    ProxyPreserveHost On
+    ProxyRequests Off
+
+    RewriteEngine On
+    RewriteCond %{HTTP:Upgrade} =websocket [NC]
+    RewriteRule /(.*)  ws://localhost:8096/$1 [P,L]
+    RewriteRule /(.*)  http://localhost:8096/$1 [P,L]
+    ProxyPassReverse / http://localhost:8096/
+
+    Header always set \
+        Strict-Transport-Security "max-age=63072000; includeSubDomains"
+</VirtualHost>
				`@@ -0,0 +1 @@`
				`JELLYFIN_PublishedServerUrl={{ jellyfin_server_url }}`