---
# Jellyfin Deployment for Ouranos

Jellyfin media server deployed on Rosalind Incus container.

## Overview

Jellyfin is an open-source media server for organizing, streaming, and managing media content. This deployment includes:

- Docker containerized deployment
- NVIDIA GPU passthrough for hardware-accelerated transcoding
- Prometheus metrics collection
- Syslog integration with Grafana Alloy
- Casdoor OIDC SSO support (via plugin)

## Deployment

### Prerequisites

1. Rosalind Incus container must be running with Docker installed
2. `/mnt/media` must be accessible from the Incus host
3. NVIDIA GPU must be passed through to the Rosalind container
4. Casdoor application must be configured for Jellyfin OIDC

### Installation

```bash
# From ansible directory
cd /home/robert/git/ouranos/ansible

# Deploy Jellyfin to Rosalind
ansible-playbook jellyfin/deploy.yml --limit rosalind.incus
```

### Updating

```bash
# Update Jellyfin container
ansible-playbook jellyfin/deploy.yml --limit rosalind.incus
```

## Configuration

### Variables

| Variable | Description | Default |
|----------|-------------|---------|
| `jellyfin_user` | Service username | `jellyfin` |
| `jellyfin_group` | Service group name | `jellyfin` |
| `jellyfin_uid` | Service UID | `521` |
| `jellyfin_gid` | Service GID | `521` |
| `jellyfin_directory` | Base directory | `/srv/jellyfin` |
| `jellyfin_port` | HTTP port | `22086` |
| `jellyfin_syslog_port` | Syslog port | `51426` |
| `jellyfin_config_dir` | Config directory | `/srv/jellyfin/config` |
| `jellyfin_cache_dir` | Cache directory | `/srv/jellyfin/cache` |
| `jellyfin_media_dir` | Media bind mount | `/mnt/media` |
| `jellyfin_published_server_url` | External URL | `https://jellyfin.ouranos.helu.ca` |

### SSO Configuration

Jellyfin uses the `jellyfin-plugin-sso` community plugin for Casdoor OIDC authentication:

1. **Create Casdoor Application**:
   - Application type: OIDC
   - Callback URL: `https://jellyfin.ouranos.helu.ca/api/plugin/sso/callback`
   - Enable PKCE

2. **Plugin Configuration**:
   - Install manifest in `/config/plugins`
   - Configure with Casdoor OIDC endpoints

3. **Casdoor Endpoints**:
   - Authorization: `https://id.ouranos.helu.ca/oauth2/authorize`
   - Token: `https://id.ouranos.helu.ca/oauth2/token`
   - Userinfo: `https://id.ouranos.helu.ca/oauth2/userinfo`

## Monitoring

### Prometheus Metrics

Jellyfin exposes metrics at `http://localhost:8096/metrics`. These are collected by Prospero's Prometheus via:

- cAdvisor container metrics
- Process exporter

### Grafana Dashboard

Add a new data source in Grafana:
- Type: Prometheus
- URL: `http://prospero.incus:9090`

### Logs

View Jellyfin logs:
```bash
# Via Docker
docker logs -f jellyfin

# Via systemd
journalctl -u jellyfin -f

# Via Grafana Loki
https://loki.ouranos.helu.ca/explore?orgId=1&left=%5B%22now-1h%22,%22now%22,%22jellyfin%22,%7B%22job%22%3A%22jellyfin%22%7D%5D
```

## Troubleshooting

### Container won't start

```bash
# Check Docker status
docker ps -a | grep jellyfin

# Check logs
docker logs jellyfin

# Verify GPU passthrough
ls -la /dev/dri/
```

### Transcoding fails

1. Verify GPU is accessible: `nvidia-smi`
2. Check container has device access: `docker inspect jellyfin | grep Devices`
3. Review logs for transcoding errors

### SSO not working

1. Verify plugin is installed in `/config/plugins`
2. Check Casdoor application configuration
3. Verify redirect URLs match exactly
4. Browser console for OAuth errors

## Files

| Path | Description |
|------|-------------|
| `/srv/jellyfin/docker-compose.yml` | Generated Docker Compose config |
| `/etc/systemd/system/jellyfin.service` | Systemd wrapper service |
| `/srv/jellyfin/config` | Jellyfin configuration |
| `/srv/jellyfin/cache` | Transcode cache |
| `/srv/jellyfin/logs` | Application logs (via syslog) |

## References

- [Jellyfin Official Docs](https://jellyfin.org/docs/)
- [Jellyfin Docker Image](https://hub.docker.com/r/jellyfin/jellyfin)
- [SSO Plugin GitHub](https://github.com/9p4/jellyfin-plugin-sso)