Last active
February 18, 2026 17:23
-
-
Save Strykar/b96bd9582821046551656e0b381c0c19 to your computer and use it in GitHub Desktop.
Private Jellyfin Podman pod using a Tailscale sidecar
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #/etc/containers/systemd/jellyfin-app.container | |
| [Container] | |
| Image=docker.io/jellyfin/jellyfin:latest | |
| Environment=TS_ACCEPT_DNS=true | |
| Environment=TS_USE_RESOLV_CONF=1 | |
| # Or enable IPv6 forwarding and: | |
| # nft add rule ip6 filter forward ct state established,related accept | |
| # nft add rule ip6 filter forward ip6 saddr fc00::/7 accept | |
| Environment=TS_DISABLE_IPV6=true | |
| # https://jellyfin.org/docs/general/post-install/transcoding/hardware-acceleration | |
| Environment=JELLYFIN_FFMPEG__VAAPI_DEVICE=/dev/dri/renderD129 # Use D128 for GPU0 | |
| # https://jellyfin.org/docs/general/installation/container/?method=podman | |
| Pod=jellyfin.pod # The .pod extension is not optional, ask me how | |
| PodmanArgs=--group-add=985 --group-add=989 # Host's render and video GIDs | |
| PodmanArgs=--dns=1.1.1.1 --dns=100.100.100.100 | |
| #PodmanArgs=--log-driver=journald | |
| Mount=type=bind,source=/dev/dri,target=/dev/dri # GPU passthrough | |
| Volume=jellyfin-cache:/cache:Z # Bind mount a volume for this instead | |
| Volume=jellyfin-config:/config:Z | |
| Volume=/mnt/8TB_WD/Media:/media:ro,z | |
| AutoUpdate=registry |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #/etc/containers/systemd/ts-jellyfin.container | |
| [Container] | |
| Image=docker.io/tailscale/tailscale:latest | |
| AddCapability=NET_ADMIN | |
| AddCapability=SYS_MODULE | |
| Pod=jellyfin.pod | |
| PodmanArgs=--dns=1.1.1.1 --dns=100.100.100.100 | |
| #PodmanArgs=--log-driver=journald | |
| Environment=TS_STATE_DIR=/var/lib/tailscale | |
| Environment=TS_EXTRA_ARGS=--advertise-tags=tag:container | |
| # Use a Tailscale OAuth key (https://login.tailscale.com/admin/settings/trust-credentials) | |
| Environment=TS_AUTHKEY=tskey-client-XXXXX-XXXXX?ephemeral=false | |
| Environment=TS_ACCEPT_DNS=true | |
| Environment=TS_DISABLE_IPV6=true | |
| Environment=TS_USE_RESOLV_CONF=1 | |
| Mount=type=bind,source=/dev/net/tun,target=/dev/net/tun | |
| Volume=/var/lib/tailscale/ts-jellyfin:/var/lib/tailscale # Separate all container dirs from host | |
| AutoUpdate=registry |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment