feat(infra): add Jellyfin media server configuration and logging support

Add Jellyfin service to ansible inventory with hardware transcoding and Casdoor SSO configuration. Configure Alloy syslog listener to capture Jellyfin logs to Loki. Update documentation with new service mapping and S3 bucket credential retrieval instructions.
2026-05-04 15:33:25 -04:00
parent b9ce14ff77
commit f818b7917d
7 changed files with 392 additions and 6 deletions
--- a/ansible/inventory/host_vars/rosalind.incus.yml
+++ b/ansible/inventory/host_vars/rosalind.incus.yml
@@ -7,6 +7,7 @@ services:
  - anythingllm
  - docker
  - gitea
+  - jellyfin
  - lobechat
  - memcached
  - nextcloud
@@ -236,4 +237,31 @@ searxng_oauth2_redirect_url: "https://searxng.ouranos.helu.ca/oauth2/callback"
 # OAuth2 Credentials (from vault)
 searxng_oauth2_client_id: "{{ vault_searxng_oauth_client_id }}"
 searxng_oauth2_client_secret: "{{ vault_searxng_oauth_client_secret }}"
-searxng_oauth2_cookie_secret: "{{ vault_searxng_oauth_cookie_secret }}"
+searxng_oauth2_cookie_secret: "{{ vault_searxng_oauth_cookie_secret }}"
+
+# Jellyfin Configuration
+jellyfin_user: jellyfin
+jellyfin_group: jellyfin
+jellyfin_uid: 521
+jellyfin_gid: 521
+jellyfin_directory: /srv/jellyfin
+jellyfin_port: 22086
+jellyfin_syslog_port: 51426
+
+# Storage paths
+jellyfin_config_dir: /srv/jellyfin/config
+jellyfin_cache_dir: /srv/jellyfin/cache
+jellyfin_media_dir: /mnt/media
+
+# Hardware transcoding (NVIDIA GPU passthrough)
+jellyfin_enable_hwtranscode: true
+
+# External access URL
+jellyfin_published_server_url: "https://jellyfin.ouranos.helu.ca"
+
+# SSO / OIDC Configuration (Casdoor)
+jellyfin_sso_enabled: true
+jellyfin_casdoor_client_id: "{{ vault_jellyfin_casdoor_client_id }}"
+jellyfin_casdoor_client_secret: "{{ vault_jellyfin_casdoor_client_secret }}"
+jellyfin_casdoor_issuer: "https://id.ouranos.helu.ca"
+jellyfin_casdoor_redirect_uri: "https://jellyfin.ouranos.helu.ca/api/plugin/sso/callback"