Jellyfin

https://jellyfin.org/

Repository Layout

This is a Kubernetes deployment repo managed by ArgoCD. Edit kustomization.yaml, values.yaml, resources/, or patches/ directly. ArgoCD syncs from the repository root.

To render manifests locally (uses the same image as CI and ArgoCD):

./kustomize-build.sh

About Jellyfin

Jellyfin is a Free Software Media System that puts you in control of managing and streaming your media. It is an alternative to the proprietary Emby and Plex, to provide media from a dedicated server to end-user devices via multiple apps.

Configuration

The deployment includes:

• Jellyfin server with web interface on port 8096
• Persistent storage for configuration, cache, and media
• Ingress configured for video.xarif.de with automatic TLS
• Resource limits set to 2 CPU cores and 4GB RAM max
• Discovery service for local client auto-discovery
• K8up backup integration for automated backups

Storage Requirements

• Config: 1GB for Jellyfin configuration and metadata
• Cache: 10GB for transcoding cache and thumbnails
• Media: 500GB for media files (adjust as needed)

The media volume is mounted read-only by default for security.

Access

• Web interface: https://video.xarif.de
• Local discovery: Available on port 7359/UDP

Initial Setup

After deployment, access the web interface to complete the initial setup wizard:

1. Create admin account
2. Configure media libraries
3. Set up metadata providers
4. Configure transcoding settings (if hardware acceleration is available)

Single Sign-On (SSO) with Authelia

Jellyfin is configured with OpenID Connect (OIDC) integration using Authelia for centralized authentication.

SSO Plugin Installation

The deployment automatically configures the Jellyfin SSO Plugin:

• Plugin Repository: https://raw.githubusercontent.com/9p4/jellyfin-plugin-sso/manifest-release/manifest.json
• Plugin Name: SSO Authentication
• Configuration: Pre-configured via ConfigMap

OIDC Configuration

Provider Settings:

• Authelia URL: https://auth.xarif.de
• Client Name: authelia
• Discovery Endpoint: https://auth.xarif.de/.well-known/openid-configuration
• Scopes: openid profile groups

User Authorization:

• Admin Roles: jellyfin-admins (full administrative access)
• User Roles: jellyfin-users, jellyfin-admins (media access)
• Role Claim: groups (from Authelia user database)

Accessing Jellyfin with SSO

1. Direct SSO Login: Visit https://video.xarif.de/sso/OID/start/authelia
2. Standard Login: Use the regular login page and click the Authelia login button
3. User Management: Users must be configured in Authelia user database with appropriate groups

User Group Configuration

Users must be added to appropriate groups in Authelia:

# In Authelia user database
users:
  username:
    displayname: "User Name"
    email: user@domain.com
    groups:
      - jellyfin-users      # Basic media access
      - jellyfin-admins     # Admin access (optional)

Troubleshooting SSO

Common Issues:

1. Plugin Not Available: Check if SSO plugin installed via Admin Dashboard → Plugins
2. OIDC Errors: Verify Authelia service is accessible at https://auth.xarif.de
3. Authorization Failed: Ensure user has jellyfin-users or jellyfin-admins group
4. Configuration Issues: Check ConfigMap jellyfin-sso-config in jellyfin namespace

Testing OIDC Flow:

1. Visit https://video.xarif.de/sso/OID/start/authelia
2. Should redirect to Authelia login
3. After authentication, redirected back to Jellyfin with user session
4. User should have access based on group membership

Plugin Management:

• Plugin settings: Admin Dashboard → Plugins → SSO-Auth
• Plugin logs: Admin Dashboard → Logs → Plugin logs
• Manual plugin install: Admin Dashboard → Plugins → Catalog → Authentication → SSO Authentication