From 8e8e8c7a51932181af2807be154d82702838de2e Mon Sep 17 00:00:00 2001
From: Denis Nutiu <denis.nutiu@gmail.com>
Date: Mon, 10 Feb 2025 20:32:11 +0200
Subject: [PATCH] add playbook for jellyfin

---
 jellyfin/.gitignore                           | 164 ++++++++++++++++++
 jellyfin/.idea/.gitignore                     |   8 +
 .../inspectionProfiles/profiles_settings.xml  |   6 +
 jellyfin/.idea/jellyfin.iml                   |  10 ++
 jellyfin/.idea/misc.xml                       |   6 +
 jellyfin/.idea/modules.xml                    |   8 +
 jellyfin/.idea/vcs.xml                        |   6 +
 jellyfin/Makefile                             |   9 +
 jellyfin/inventory.ini                        |   5 +
 jellyfin/playbook.yaml                        |  83 +++++++++
 jellyfin/readme.md                            |  20 +++
 .../templates/container/jellyfin.container.j2 |  20 +++
 jellyfin/templates/firewall/jellyfin.xml      |   6 +
 jellyfin/variables.yaml                       |   7 +
 14 files changed, 358 insertions(+)
 create mode 100644 jellyfin/.gitignore
 create mode 100644 jellyfin/.idea/.gitignore
 create mode 100644 jellyfin/.idea/inspectionProfiles/profiles_settings.xml
 create mode 100644 jellyfin/.idea/jellyfin.iml
 create mode 100644 jellyfin/.idea/misc.xml
 create mode 100644 jellyfin/.idea/modules.xml
 create mode 100644 jellyfin/.idea/vcs.xml
 create mode 100644 jellyfin/Makefile
 create mode 100644 jellyfin/inventory.ini
 create mode 100644 jellyfin/playbook.yaml
 create mode 100644 jellyfin/readme.md
 create mode 100644 jellyfin/templates/container/jellyfin.container.j2
 create mode 100644 jellyfin/templates/firewall/jellyfin.xml
 create mode 100644 jellyfin/variables.yaml

diff --git a/jellyfin/.gitignore b/jellyfin/.gitignore
new file mode 100644
index 0000000..35f3568
--- /dev/null
+++ b/jellyfin/.gitignore
@@ -0,0 +1,164 @@
+
+# Created by https://www.gitignore.io/api/macos,python,ansible
+# Edit at https://www.gitignore.io/?templates=macos,python,ansible
+
+### Ansible ###
+*.retry
+
+### macOS ###
+# General
+.DS_Store
+.AppleDouble
+.LSOverride
+
+# Icon must end with two \r
+Icon
+
+# Thumbnails
+._*
+
+# Files that might appear in the root of a volume
+.DocumentRevisions-V100
+.fseventsd
+.Spotlight-V100
+.TemporaryItems
+.Trashes
+.VolumeIcon.icns
+.com.apple.timemachine.donotpresent
+
+# Directories potentially created on remote AFP share
+.AppleDB
+.AppleDesktop
+Network Trash Folder
+Temporary Items
+.apdisk
+
+### Python ###
+# Byte-compiled / optimized / DLL files
+__pycache__/
+*.py[cod]
+*$py.class
+
+# C extensions
+*.so
+
+# Distribution / packaging
+.Python
+build/
+develop-eggs/
+dist/
+downloads/
+eggs/
+.eggs/
+lib/
+lib64/
+parts/
+sdist/
+var/
+wheels/
+pip-wheel-metadata/
+share/python-wheels/
+*.egg-info/
+.installed.cfg
+*.egg
+MANIFEST
+
+# PyInstaller
+#  Usually these files are written by a python script from a template
+#  before PyInstaller builds the exe, so as to inject date/other infos into it.
+*.manifest
+*.spec
+
+# Installer logs
+pip-log.txt
+pip-delete-this-directory.txt
+
+# Unit test / coverage reports
+htmlcov/
+.tox/
+.nox/
+.coverage
+.coverage.*
+.cache
+nosetests.xml
+coverage.xml
+*.cover
+.hypothesis/
+.pytest_cache/
+
+# Translations
+*.mo
+*.pot
+
+# Django stuff:
+*.log
+local_settings.py
+db.sqlite3
+
+# Flask stuff:
+instance/
+.webassets-cache
+
+# Scrapy stuff:
+.scrapy
+
+# Sphinx documentation
+docs/_build/
+
+# PyBuilder
+target/
+
+# Jupyter Notebook
+.ipynb_checkpoints
+
+# IPython
+profile_default/
+ipython_config.py
+
+# pyenv
+.python-version
+
+# pipenv
+#   According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control.
+#   However, in case of collaboration, if having platform-specific dependencies or dependencies
+#   having no cross-platform support, pipenv may install dependencies that don’t work, or not
+#   install all needed dependencies.
+#Pipfile.lock
+
+# celery beat schedule file
+celerybeat-schedule
+
+# SageMath parsed files
+*.sage.py
+
+# Environments
+.env
+.venv
+env/
+venv/
+ENV/
+env.bak/
+venv.bak/
+
+# Spyder project settings
+.spyderproject
+.spyproject
+
+# Rope project settings
+.ropeproject
+
+# mkdocs documentation
+/site
+
+# mypy
+.mypy_cache/
+.dmypy.json
+dmypy.json
+
+# Pyre type checker
+.pyre/
+
+# Downloaded files
+root@*
+
+# End of https://www.gitignore.io/api/macos,python,ansible
\ No newline at end of file
diff --git a/jellyfin/.idea/.gitignore b/jellyfin/.idea/.gitignore
new file mode 100644
index 0000000..13566b8
--- /dev/null
+++ b/jellyfin/.idea/.gitignore
@@ -0,0 +1,8 @@
+# Default ignored files
+/shelf/
+/workspace.xml
+# Editor-based HTTP Client requests
+/httpRequests/
+# Datasource local storage ignored files
+/dataSources/
+/dataSources.local.xml
diff --git a/jellyfin/.idea/inspectionProfiles/profiles_settings.xml b/jellyfin/.idea/inspectionProfiles/profiles_settings.xml
new file mode 100644
index 0000000..105ce2d
--- /dev/null
+++ b/jellyfin/.idea/inspectionProfiles/profiles_settings.xml
@@ -0,0 +1,6 @@
+<component name="InspectionProjectProfileManager">
+  <settings>
+    <option name="USE_PROJECT_PROFILE" value="false" />
+    <version value="1.0" />
+  </settings>
+</component>
\ No newline at end of file
diff --git a/jellyfin/.idea/jellyfin.iml b/jellyfin/.idea/jellyfin.iml
new file mode 100644
index 0000000..7363ab4
--- /dev/null
+++ b/jellyfin/.idea/jellyfin.iml
@@ -0,0 +1,10 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<module type="PYTHON_MODULE" version="4">
+  <component name="NewModuleRootManager">
+    <content url="file://$MODULE_DIR$">
+      <excludeFolder url="file://$MODULE_DIR$/.venv" />
+    </content>
+    <orderEntry type="jdk" jdkName="Python 3.13 (jellyfin)" jdkType="Python SDK" />
+    <orderEntry type="sourceFolder" forTests="false" />
+  </component>
+</module>
\ No newline at end of file
diff --git a/jellyfin/.idea/misc.xml b/jellyfin/.idea/misc.xml
new file mode 100644
index 0000000..f0596b1
--- /dev/null
+++ b/jellyfin/.idea/misc.xml
@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project version="4">
+  <component name="Black">
+    <option name="sdkName" value="Python 3.13 (jellyfin)" />
+  </component>
+</project>
\ No newline at end of file
diff --git a/jellyfin/.idea/modules.xml b/jellyfin/.idea/modules.xml
new file mode 100644
index 0000000..5200d6d
--- /dev/null
+++ b/jellyfin/.idea/modules.xml
@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project version="4">
+  <component name="ProjectModuleManager">
+    <modules>
+      <module fileurl="file://$PROJECT_DIR$/.idea/jellyfin.iml" filepath="$PROJECT_DIR$/.idea/jellyfin.iml" />
+    </modules>
+  </component>
+</project>
\ No newline at end of file
diff --git a/jellyfin/.idea/vcs.xml b/jellyfin/.idea/vcs.xml
new file mode 100644
index 0000000..6c0b863
--- /dev/null
+++ b/jellyfin/.idea/vcs.xml
@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project version="4">
+  <component name="VcsDirectoryMappings">
+    <mapping directory="$PROJECT_DIR$/.." vcs="Git" />
+  </component>
+</project>
\ No newline at end of file
diff --git a/jellyfin/Makefile b/jellyfin/Makefile
new file mode 100644
index 0000000..0789436
--- /dev/null
+++ b/jellyfin/Makefile
@@ -0,0 +1,9 @@
+install:
+	sudo dnf install ansible
+	ansible-galaxy collection install community.general
+	ansible-galaxy collection install containers.podman
+	ansible-galaxy collection install ansible.posix
+list-hosts:
+	ansible-inventory -i inventory.ini --list
+run:
+	ansible-playbook -i inventory.ini playbook.yaml --ask-become-pass
diff --git a/jellyfin/inventory.ini b/jellyfin/inventory.ini
new file mode 100644
index 0000000..277374e
--- /dev/null
+++ b/jellyfin/inventory.ini
@@ -0,0 +1,5 @@
+[nuculabs]
+nuculabs.local ansible_user=local
+
+[local]
+localhost
\ No newline at end of file
diff --git a/jellyfin/playbook.yaml b/jellyfin/playbook.yaml
new file mode 100644
index 0000000..91bcf88
--- /dev/null
+++ b/jellyfin/playbook.yaml
@@ -0,0 +1,83 @@
+- name: Install Jellyfin
+  hosts: nuculabs
+  become: true
+  become_method: sudo
+  vars_files:
+    - variables.yaml
+  tasks:
+    - name: Enable hardware acceleration for containers
+      ansible.builtin.command:
+        cmd: setsebool -P container_use_dri_devices 1
+      when: enable_hardware_acceleration
+    # Create necessary directories.
+    - name: "Create directories"
+      block:
+        - name: Create data directory
+          ansible.builtin.file:
+            path: "{{ jellyfin.cache_directory }}"
+            state: directory
+            mode: "0755"
+          ignore_errors: true
+        - name: Create config directory
+          ansible.builtin.file:
+            path: "{{ jellyfin.config_directory }}"
+            state: directory
+            mode: "0754"
+          ignore_errors: true
+        - name: Create media directory
+          ansible.builtin.file:
+            path: "{{ jellyfin.media_directory }}"
+            state: directory
+            mode: "0754"
+          ignore_errors: true
+    - name: Setup Container
+      block:
+        - name: Ensure Podman is installed
+          ansible.builtin.package:
+            name: podman
+            state: present
+        - name: Ensure Udica is installed
+          ansible.builtin.package:
+            name: udica
+            state: present
+        - name: Ensure container-selinux is installed
+          ansible.builtin.package:
+            name: container-selinux
+            state: present
+        - name: Pull image
+          containers.podman.podman_image:
+            name: "{{ jellyfin.container_image }}"
+            state: present
+        - name: "Copy container"
+          ansible.builtin.template:
+            src: ./templates/container/jellyfin.container.j2
+            dest: /etc/containers/systemd/jellyfin.container
+            mode: "0644"
+        - name: Reload systemd
+          ansible.builtin.command:
+            cmd: systemctl daemon-reload
+        - name: Enable service
+          ansible.builtin.systemd_service:
+            name: jellyfin.service
+            state: started
+            enabled: true
+    - name: Setup firewall
+      block:
+        - name: Create firewalld service
+          ansible.builtin.copy:
+            src: ./templates/firewall/jellyfin.xml
+            dest: /etc/firewalld/services/jellyfin.xml
+            mode: "0644"
+        - name: Reload firewalld
+          ansible.builtin.command:
+            argv:
+              - firewall-cmd
+              - --reload
+        - name: Enable firewalld service
+          ansible.posix.firewalld:
+            service: jellyfin
+            state: enabled
+            permanent: true
+            immediate: true
+            offline: true
+      when: setup_firewall
diff --git a/jellyfin/readme.md b/jellyfin/readme.md
new file mode 100644
index 0000000..bd42517
--- /dev/null
+++ b/jellyfin/readme.md
@@ -0,0 +1,20 @@
+# Self Hosted PeerTube Server
+
+This playbook allows you to self-host a PeerTube sever.
+
+It was tested on Fedora 41.
+
+Note: The playbook assumes that you bring your own webserver. You will need to configure a webserver either
+on the machine you're installing PeerTube on or on another machine. 
+
+My setup is as follows:
+
+```mermaid
+flowchart TD
+    A[Internet] -->|Request| B(Reverse Proxy)
+    B --> C(PeerTube Server)
+```
+
+Blogs:
+- https://blog.nuculabs.dev/posts/2025/2025-01-25-self-hosting-peertube/
+- https://docs.joinpeertube.org/install/docker
\ No newline at end of file
diff --git a/jellyfin/templates/container/jellyfin.container.j2 b/jellyfin/templates/container/jellyfin.container.j2
new file mode 100644
index 0000000..f565999
--- /dev/null
+++ b/jellyfin/templates/container/jellyfin.container.j2
@@ -0,0 +1,20 @@
+[Unit]
+Description=jellyfin
+
+[Container]
+Image=docker.io/jellyfin/jellyfin:latest
+AutoUpdate=registry
+PublishPort=8096:8096/tcp
+UserNS=keep-id
+AddDevice=/dev/dri/:/dev/dri/
+Volume={{ jellyfin.config_directory }}:/config:Z
+Volume={{ jellyfin.cache_directory }}:/cache:Z
+Volume={{ jellyfin.media_directory }}:/media:Z
+
+[Service]
+# Inform systemd of additional exit status
+SuccessExitStatus=0 143
+
+[Install]
+# Start by default on boot
+WantedBy=default.target
\ No newline at end of file
diff --git a/jellyfin/templates/firewall/jellyfin.xml b/jellyfin/templates/firewall/jellyfin.xml
new file mode 100644
index 0000000..a7ad309
--- /dev/null
+++ b/jellyfin/templates/firewall/jellyfin.xml
@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="utf-8"?>
+<service>
+  <short>Jellyfin Service</short>
+  <description>Jellyfin is a Free Software Media System that puts you in control of managing and streaming your media.</description>
+  <port protocol="tcp" port="8096" />
+</service>
diff --git a/jellyfin/variables.yaml b/jellyfin/variables.yaml
new file mode 100644
index 0000000..48a4b5b
--- /dev/null
+++ b/jellyfin/variables.yaml
@@ -0,0 +1,7 @@
+enable_hardware_acceleration: true
+setup_firewall: true # exposes the firewall ports
+jellyfin:
+  container_image: "docker.io/jellyfin/jellyfin:latest"
+  media_directory: "/jellyfin/media"
+  cache_directory: "/jellyfin/cache"
+  config_directory: "/jellyfin/config"
\ No newline at end of file