desktop-dotfiles/jellyfin/docker-compose.yml

services:
  tailscale:
    hostname: media
    image: tailscale/tailscale:latest
    restart: unless-stopped
    healthcheck:
      test: ["CMD-SHELL", "tailscale status"]
      interval: 1s
      timeout: 5s
      retries: 60
    volumes:
      - /srv/docker/jellyfin/tailscale:/var/lib
      - /lib/modules:/lib/modules:ro
    devices:
      - /dev/net/tun:/dev/net/tun
    cap_add:
      - net_admin
      - sys_module
      - net_raw
    command: tailscaled
    networks:
      - internal
    logging:
      driver: "json-file"
      options:
        mode: "non-blocking"
        max-size: "10m"
        max-file: "3"

  reverse_proxy:
    image: caddybuilds/caddy-namecheap:2-alpine
    restart: unless-stopped
    network_mode: service:tailscale
    volumes:
      - ./Caddyfile:/etc/caddy/Caddyfile:ro
      - /srv/docker/jellyfin/caddy/config/:/config/caddy:rw
      - /srv/docker/jellyfin/caddy/data/:/data/caddy:rw
      - /srv/docker/jellyfin/caddy/share/:/usr/share/caddy:rw
    env_file:
      - caddy.env
    healthcheck:
      test: ["CMD", "wget", "--spider", "-q", "https://media.lan.poldebra.me"]
      interval: 10s
      timeout: 30s
      retries: 5
      start_period: 90s
    depends_on:
      app:
        condition: service_started
      tailscale:
        condition: service_healthy
    logging:
      driver: "json-file"
      options:
        mode: "non-blocking"
        max-size: "10m"
        max-file: "3"

  lan_reverse_proxy:
    image: caddy/caddy
    restart: unless-stopped
    ports:
      - "443:443"
    volumes:
      - ./Caddyfile.local:/etc/caddy/Caddyfile:ro
      - /srv/docker/jellyfin/caddy/data/certificates/acme-v02.api.letsencrypt.org-directory/wildcard_.lan.poldebra.me/wildcard_.lan.poldebra.me.crt:/cert.crt:ro
      - /srv/docker/jellyfin/caddy/data/certificates/acme-v02.api.letsencrypt.org-directory/wildcard_.lan.poldebra.me/wildcard_.lan.poldebra.me.key:/cert.key:ro
    networks:
      - internal
    depends_on:
      app:
        condition: service_started
    logging:
      driver: "json-file"
      options:
        mode: "non-blocking"
        max-size: "10m"
        max-file: "3"

  app:
    image: jellyfin/jellyfin
    restart: unless-stopped
    hostname: app
    container_name: jellyfin
    user: 1000:1000
    # network_mode: "host" # temporarily disabled, see https://github.com/jwilder/nginx-proxy/issues/1059
    volumes:
      - /srv/docker/jellyfin/config:/config
      - /opt/bak/davide/backup_poldebra_nas/Film/SerieTV/:/tv
      - /opt/bak/davide/backup_poldebra_nas/Film/Videoteca/:/movies
      - /opt/bak/davide/backup_poldebra_nas/Musica/:/music:ro
    networks:
      internal:
        ipv4_address: 172.21.0.5
    logging:
      driver: "json-file"
      options:
        mode: "non-blocking"
        max-size: "10m"
        max-file: "3"

networks:
  internal:
    ipam:
      config:
        - subnet: 172.21.0.0/24