Robert Helewka
e92ab80bbf
- Add Jellyfin backend to HAProxy configuration on titania.incus - Simplify deployment by using community.docker.docker_compose_v2 module - Consolidate handlers and remove redundant Docker commands - Update Jellyfin systemd service from oneshot to simple type - Remove PUID/PGID environment variables from docker-compose template
# Jellyfin Deployment for Ouranos
Jellyfin media server deployed on Rosalind Incus container.
## Overview
Jellyfin is an open-source media server for organizing, streaming, and managing media content. This deployment includes:
- Docker containerized deployment
- NVIDIA GPU passthrough for hardware-accelerated transcoding
- Prometheus metrics collection
- Syslog integration with Grafana Alloy
- Casdoor OIDC SSO support (via plugin)
## Deployment
### Prerequisites
1. Rosalind Incus container must be running with Docker installed
2.
/mnt/media must be accessible from the Incus host
3. NVIDIA GPU must be passed through to the Rosalind container
4. Casdoor application must be configured for Jellyfin OIDC
### Installation
bash # From ansible directory cd /home/robert/git/ouranos/ansible # Deploy Jellyfin to Rosalind ansible-playbook jellyfin/deploy.yml --limit rosalind.incus
### Updating
bash # Update Jellyfin container ansible-playbook jellyfin/deploy.yml --limit rosalind.incus
## Configuration
### Variables
| Variable | Description | Default |
|----------|-------------|---------|
| jellyfin_user | Service username | jellyfin |
| jellyfin_group | Service group name | jellyfin |
| jellyfin_uid | Service UID | 521 |
| jellyfin_gid | Service GID | 521 |
| jellyfin_directory | Base directory | /srv/jellyfin |
| jellyfin_port | HTTP port | 22086 |
| jellyfin_syslog_port | Syslog port | 51426 |
| jellyfin_config_dir | Config directory | /srv/jellyfin/config |
| jellyfin_cache_dir | Cache directory | /srv/jellyfin/cache |
| jellyfin_media_dir | Media bind mount | /mnt/media |
| jellyfin_published_server_url | External URL | https://jellyfin.ouranos.helu.ca |
### SSO Configuration
Jellyfin uses the jellyfin-plugin-sso community plugin for Casdoor OIDC authentication:
1. Create Casdoor Application:
- Application type: OIDC
- Callback URL: https://jellyfin.ouranos.helu.ca/api/plugin/sso/callback
- Enable PKCE
2. Plugin Configuration:
- Install manifest in /config/plugins
- Configure with Casdoor OIDC endpoints
3. Casdoor Endpoints:
- Authorization: https://id.ouranos.helu.ca/oauth2/authorize
- Token: https://id.ouranos.helu.ca/oauth2/token
- Userinfo: https://id.ouranos.helu.ca/oauth2/userinfo
## Monitoring
### Prometheus Metrics
Jellyfin exposes metrics at http://localhost:8096/metrics. These are collected by Prospero's Prometheus via:
- cAdvisor container metrics
- Process exporter
### Grafana Dashboard
Add a new data source in Grafana:
- Type: Prometheus
- URL: http://prospero.incus:9090
### Logs
View Jellyfin logs:
bash # Via Docker docker logs -f jellyfin # Via systemd journalctl -u jellyfin -f # Via Grafana Loki https://loki.ouranos.helu.ca/explore?orgId=1&left=%5B%22now-1h%22,%22now%22,%22jellyfin%22,%7B%22job%22%3A%22jellyfin%22%7D%5D
## Troubleshooting
### Container won't start
bash # Check Docker status docker ps -a | grep jellyfin # Check logs docker logs jellyfin # Verify GPU passthrough ls -la /dev/dri/
### Transcoding fails
1. Verify GPU is accessible: nvidia-smi
2. Check container has device access: docker inspect jellyfin | grep Devices
3. Review logs for transcoding errors
### SSO not working
1. Verify plugin is installed in /config/plugins
2. Check Casdoor application configuration
3. Verify redirect URLs match exactly
4. Browser console for OAuth errors
## Files
| Path | Description |
|------|-------------|
| /srv/jellyfin/docker-compose.yml | Generated Docker Compose config |
| /etc/systemd/system/jellyfin.service | Systemd wrapper service |
| /srv/jellyfin/config | Jellyfin configuration |
| /srv/jellyfin/cache | Transcode cache |
| /srv/jellyfin/logs | Application logs (via syslog) |
## References
- Jellyfin Official Docs
- Jellyfin Docker Image
- SSO Plugin GitHub