Migrated jellyfin role to new format

roles/any.software.jellyfin/files/jellyfin-defaults

@@ -0,0 +1,53 @@
+# Jellyfin default configuration options
+# This is a POSIX shell fragment
+
+# Use this file to override the default configurations; add additional
+# options with JELLYFIN_ADD_OPTS.
+
+# Under systemd, use
+#  /etc/systemd/system/jellyfin.service.d/jellyfin.service.conf
+# to override the user or this config file's location.
+
+#
+# General options
+#
+
+# Program directories
+JELLYFIN_DATA_DIR="/mnt/data1/jellyfin/data"
+JELLYFIN_CONFIG_DIR="/mnt/data1/jellyfin/config"
+JELLYFIN_LOG_DIR="/mnt/data1/jellyfin/log"
+JELLYFIN_CACHE_DIR="/mnt/data1/jellyfin/cache"
+
+# web client path, installed by the jellyfin-web package
+JELLYFIN_WEB_OPT="--webdir=/usr/share/jellyfin/web"
+
+# Restart script for in-app server control
+JELLYFIN_RESTART_OPT="--restartpath=/usr/lib/jellyfin/restart.sh"
+
+# ffmpeg binary paths, overriding the system values
+JELLYFIN_FFMPEG_OPT="--ffmpeg=/usr/lib/jellyfin-ffmpeg/ffmpeg"
+
+# [OPTIONAL] run Jellyfin as a headless service
+#JELLYFIN_SERVICE_OPT="--service"
+
+# [OPTIONAL] run Jellyfin without the web app
+#JELLYFIN_NOWEBAPP_OPT="--nowebclient"
+
+# Space to add additional command line options to jellyfin (for help see ~$ jellyfin --help)
+JELLYFIN_ADDITIONAL_OPTS=""
+
+# [OPTIONAL] run Jellyfin with ASP.NET Server Garbage Collection (uses more RAM and less CPU than Workstation GC)
+# 0 = Workstation
+# 1 = Server
+#COMPlus_gcServer=1
+
+#
+# SysV init/Upstart options
+#
+# Note: These options are ignored by systemd; use /etc/systemd/system/jellyfin.d overrides instead.
+#
+
+# Application username
+JELLYFIN_USER="jellyfin"
+# Full application command
+JELLYFIN_ARGS="$JELLYFIN_WEB_OPT $JELLYFIN_RESTART_OPT $JELLYFIN_FFMPEG_OPT $JELLYFIN_SERVICE_OPT $JELLYFIN_NOWEBAPP_OPT $JELLFIN_ADDITIONAL_OPTS"

roles/any.software.jellyfin/files/jellyfin.Caddyfile

@@ -0,0 +1,3 @@
+media.roosens.me {
+	reverse_proxy localhost:8096
+}

roles/any.software.jellyfin/files/jellyfin.service.conf

@@ -0,0 +1,60 @@
+# Jellyfin systemd configuration options
+
+# Use this file to override the user or environment file location.
+
+[Service]
+# Alter the user that Jellyfin runs as
+User = jellyfin
+
+# Alter where environment variables are sourced from
+EnvironmentFile = /etc/default/jellyfin
+
+# These *should* prevent Jellyfin from fully consuming my Pi's resources
+CPUQuota=300%
+MemoryHigh=60%
+MemoryMax=75%
+
+# Service hardening options
+# These were added in PR #6953 to solve issue #6952, but some combination of
+# them causes "restart.sh" functionality to break with the following error:
+#   sudo: effective uid is not 0, is /usr/bin/sudo on a file system with the
+#   'nosuid' option set or an NFS file system without root privileges?
+# See issue #7503 for details on the troubleshooting that went into this.
+# Since these were added for NixOS specifically and are above and beyond
+# what 99% of systemd units do, they have been moved here as optional
+# additional flags to set for maximum system security and can be enabled at
+# the administrator's or package maintainer's discretion.
+# Uncomment these only if you know what you're doing, and doing so may cause
+# bugs with in-server Restart and potentially other functionality as well.
+#NoNewPrivileges=true
+#SystemCallArchitectures=native
+#RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_NETLINK
+#RestrictNamespaces=false
+#RestrictRealtime=true
+#RestrictSUIDSGID=true
+#ProtectControlGroups=false
+#ProtectHostname=true
+#ProtectKernelLogs=false
+#ProtectKernelModules=false
+#ProtectKernelTunables=false
+#LockPersonality=true
+#PrivateTmp=false
+#PrivateDevices=false
+#PrivateUsers=true
+#RemoveIPC=true
+#SystemCallFilter=~@clock
+#SystemCallFilter=~@aio
+#SystemCallFilter=~@chown
+#SystemCallFilter=~@cpu-emulation
+#SystemCallFilter=~@debug
+#SystemCallFilter=~@keyring
+#SystemCallFilter=~@memlock
+#SystemCallFilter=~@module
+#SystemCallFilter=~@mount
+#SystemCallFilter=~@obsolete
+#SystemCallFilter=~@privileged
+#SystemCallFilter=~@raw-io
+#SystemCallFilter=~@reboot
+#SystemCallFilter=~@setuid
+#SystemCallFilter=~@swap
+#SystemCallErrorNumber=EPERM

roles/any.software.jellyfin/handlers/main.yml

@@ -0,0 +1,9 @@
+---
+- name: daemon-reload
+  systemd:
+    daemon_reload: true
+
+- name: restart jellyfin
+  service:
+    name: jellyfin
+    state: restarted

roles/any.software.jellyfin/meta/main.yml

@@ -0,0 +1,3 @@
+---
+dependencies:
+  - role: any.tools.caddy

roles/any.software.jellyfin/tasks/main.yml

@@ -0,0 +1,59 @@
+- name: Add Jellyfin repository and key
+  ansible.builtin.deb822_repository:
+    name: 'jellyfin'
+    types: 
+      - deb
+    uris: 'https://repo.jellyfin.org/debian'
+    suites: 'trixie'
+    components: 'main'
+    signed_by: 'https://repo.jellyfin.org/debian/jellyfin_team.gpg.key'
+
+- name: Install Jellyfin
+  apt:
+    name: jellyfin
+    state: present
+
+- name: Create Jellyfin user
+  user:
+    name: jellyfin
+    # groups:
+    #   - data
+    append: true
+    create_home: no
+    shell: /bin/nologin
+    update_password: on_create
+
+- name: Copy over service file
+  copy:
+    src: jellyfin.service.conf
+    dest: '/etc/systemd/system/jellyfin.service.d/jellyfin.service.conf'
+    owner: root
+    group: root
+    mode: '644'
+  notify: 
+    - daemon-reload
+    - restart jellyfin
+
+- name: Copy over Environment file
+  copy:
+    src: jellyfin-defaults
+    dest: '/etc/default/jellyfin'
+    owner: root
+    group: root
+    mode: '644'
+  notify: restart jellyfin
+
+- name: Ensure Jellyfin service is running & enabled
+  service:
+    name: jellyfin
+    state: started
+    enabled: true
+
+- name: Ensure Jellyfin Caddyfile is present
+  copy:
+    src: 'jellyfin.Caddyfile'
+    dest: '/etc/caddy/jellyfin.Caddyfile'
+    owner: root
+    group: root
+    mode: '0644'
+  notify: reload caddy