polpetta/desktop-dotfiles
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: add Jellyfin service

Browse Source 
- tailscale + local deployment
- automatic TLS
This commit is contained in:
Davide Polonio 2026-01-23 19:26:00 +01:00
parent 64cc8b181d
commit 4548e56eef
3 changed files with 149 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
jellyfin/Caddyfile Normal file
View File

@ -0,0 +1,28 @@
{
email {env.LETSENCRYPT_EMAIL}
}
*.lan.poldebra.me {
tls {
dns namecheap {
api_key {env.NAMECHEAP_API_KEY}
user {env.NAMECHEAP_API_USER}
api_endpoint https://api.namecheap.com/xml.response
}
resolvers 1.1.1.1 8.8.8.8
}
@media host media.lan.poldebra.me
handle @media {
header {
X-Real-IP {remote_host}
X-Forwarded-For {remote_host}
X-Forwarded-Proto {scheme}
X-Forwarded-Host {host}
X-Forwarded-Port {server_port}
}
reverse_proxy 172.21.0.5:8096 {
header_up X-Forwarded-Proto {scheme}
}
}
}

15
jellyfin/Caddyfile.local Normal file
View File

@ -0,0 +1,15 @@
media.lan.poldebra.me {
tls /cert.crt /cert.key
header {
X-Real-IP {remote_host}
X-Forwarded-For {remote_host}
X-Forwarded-Proto {scheme}
X-Forwarded-Host {host}
X-Forwarded-Port {server_port}
}
reverse_proxy 172.21.0.5:8096 {
header_up X-Forwarded-Proto {scheme}
}
}

106
jellyfin/docker-compose.yml Normal file
View File

@ -0,0 +1,106 @@
services:
tailscale:
hostname: media
image: tailscale/tailscale:latest
restart: unless-stopped
healthcheck:
test: ["CMD-SHELL", "tailscale status"]
interval: 1s
timeout: 5s
retries: 60
volumes:
- /srv/docker/jellyfin/tailscale:/var/lib
- /lib/modules:/lib/modules:ro
devices:
- /dev/net/tun:/dev/net/tun
cap_add:
- net_admin
- sys_module
- net_raw
command: tailscaled
networks:
- internal
logging:
driver: "json-file"
options:
mode: "non-blocking"
max-size: "10m"
max-file: "3"
reverse_proxy:
image: caddybuilds/caddy-namecheap:2-alpine
restart: unless-stopped
network_mode: service:tailscale
volumes:
- ./Caddyfile:/etc/caddy/Caddyfile:ro
- /srv/docker/jellyfin/caddy/config/:/config/caddy:rw
- /srv/docker/jellyfin/caddy/data/:/data/caddy:rw
- /srv/docker/jellyfin/caddy/share/:/usr/share/caddy:rw
env_file:
- caddy.env
healthcheck:
test: ["CMD", "wget", "--spider", "-q", "https://media.lan.poldebra.me"]
interval: 10s
timeout: 30s
retries: 5
start_period: 90s
depends_on:
app:
condition: service_started
tailscale:
condition: service_healthy
logging:
driver: "json-file"
options:
mode: "non-blocking"
max-size: "10m"
max-file: "3"
lan_reverse_proxy:
image: caddy/caddy
restart: unless-stopped
ports:
- "443:443"
volumes:
- ./Caddyfile.local:/etc/caddy/Caddyfile:ro
- /srv/docker/jellyfin/caddy/data/certificates/acme-v02.api.letsencrypt.org-directory/wildcard_.lan.poldebra.me/wildcard_.lan.poldebra.me.crt:/cert.crt:ro
- /srv/docker/jellyfin/caddy/data/certificates/acme-v02.api.letsencrypt.org-directory/wildcard_.lan.poldebra.me/wildcard_.lan.poldebra.me.key:/cert.key:ro
networks:
- internal
depends_on:
app:
condition: service_started
logging:
driver: "json-file"
options:
mode: "non-blocking"
max-size: "10m"
max-file: "3"
app:
image: jellyfin/jellyfin
restart: unless-stopped
hostname: app
container_name: jellyfin
user: 1000:1000
# network_mode: "host" # temporarily disabled, see https://github.com/jwilder/nginx-proxy/issues/1059
volumes:
- /srv/docker/jellyfin/config:/config
- /opt/bak/davide/backup_poldebra_nas/Film/SerieTV/:/tv
- /opt/bak/davide/backup_poldebra_nas/Film/Videoteca/:/movies
- /opt/bak/davide/backup_poldebra_nas/Musica/:/music:ro
networks:
internal:
ipv4_address: 172.21.0.5
logging:
driver: "json-file"
options:
mode: "non-blocking"
max-size: "10m"
max-file: "3"
networks:
internal:
ipam:
config:
- subnet: 172.21.0.0/24