ARRFLIX/snapshots/2026-05-08-pre-elegantfin/docker-compose.yml

# Jellyfin — self-hosted media server (LAN-only)
# Deploy path on nullstone: /opt/docker/jellyfin/
# Domain: arrflix.s8n.ru (LAN-only via Pi-hole local DNS + no-guest middleware)
#
# Notes:
# - GTX 1660 Ti present but nvidia-smi failing on host. CPU transcode only
#   until driver is fixed; revisit hwaccel after fix.
# - Media mounted read-only into container; write only to /config + /cache.
# - userns: host matches nullstone Docker convention (host UID 1000 owns volumes).
# - Cert via existing letsencrypt resolver (Gandi DNS-01) — works without
#   public A record.

services:
  jellyfin:
    image: jellyfin/jellyfin:10.10.3
    container_name: jellyfin
    restart: unless-stopped
    user: "1000:1000"
    userns_mode: "host"
    environment:
      - TZ=Europe/London
      - JELLYFIN_PublishedServerUrl=https://arrflix.s8n.ru
    volumes:
      - /home/docker/jellyfin/config:/config
      - /home/docker/jellyfin/cache:/cache
      - /home/user/media:/media:ro
      - /opt/docker/jellyfin/web-overrides/index.html:/jellyfin/jellyfin-web/index.html:ro
    networks:
      - proxy
    labels:
      - "traefik.enable=true"
      - "traefik.docker.network=proxy"
      - "traefik.http.routers.jellyfin.rule=Host(`arrflix.s8n.ru`)"
      - "traefik.http.routers.jellyfin.entrypoints=websecure"
      - "traefik.http.routers.jellyfin.tls=true"
      - "traefik.http.routers.jellyfin.tls.certresolver=letsencrypt"
      - "traefik.http.routers.jellyfin.middlewares=security-headers@file"
      - "traefik.http.services.jellyfin.loadbalancer.server.port=8096"

networks:
  proxy:
    external: true
snapshot: pre-ElegantFin migration baseline Captures the full Cineplex-themed deploy state for rollback before swapping the active CSS theme to ElegantFin with ARRFLIX recolor. - branding.json: full /System/Configuration/branding payload (CustomCss + LoginDisclaimer + SplashscreenEnabled) - index.html: bind-mounted Jellyfin web shim from nullstone - docker-compose.yml: jellyfin compose file from nullstone - users.json + libraries.json: reference state (not for direct restore) - displayprefs-<userid>.json x5: per-user DisplayPreferences - RESTORE.md: three concrete rollback commands 2026-05-08 03:59:19 +01:00			`# Jellyfin — self-hosted media server (LAN-only)`
			`# Deploy path on nullstone: /opt/docker/jellyfin/`
			`# Domain: arrflix.s8n.ru (LAN-only via Pi-hole local DNS + no-guest middleware)`
			`#`
			`# Notes:`
			`# - GTX 1660 Ti present but nvidia-smi failing on host. CPU transcode only`
			`# until driver is fixed; revisit hwaccel after fix.`
			`# - Media mounted read-only into container; write only to /config + /cache.`
			`# - userns: host matches nullstone Docker convention (host UID 1000 owns volumes).`
			`# - Cert via existing letsencrypt resolver (Gandi DNS-01) — works without`
			`# public A record.`

			`services:`
			`jellyfin:`
			`image: jellyfin/jellyfin:10.10.3`
			`container_name: jellyfin`
			`restart: unless-stopped`
			`user: "1000:1000"`
			`userns_mode: "host"`
			`environment:`
			`- TZ=Europe/London`
			`- JELLYFIN_PublishedServerUrl=https://arrflix.s8n.ru`
			`volumes:`
			`- /home/docker/jellyfin/config:/config`
			`- /home/docker/jellyfin/cache:/cache`
			`- /home/user/media:/media:ro`
			`- /opt/docker/jellyfin/web-overrides/index.html:/jellyfin/jellyfin-web/index.html:ro`
			`networks:`
			`- proxy`
			`labels:`
			`- "traefik.enable=true"`
			`- "traefik.docker.network=proxy"`
			- "traefik.http.routers.jellyfin.rule=Host(`arrflix.s8n.ru`)"
			`- "traefik.http.routers.jellyfin.entrypoints=websecure"`
			`- "traefik.http.routers.jellyfin.tls=true"`
			`- "traefik.http.routers.jellyfin.tls.certresolver=letsencrypt"`
			`- "traefik.http.routers.jellyfin.middlewares=security-headers@file"`
			`- "traefik.http.services.jellyfin.loadbalancer.server.port=8096"`

			`networks:`
			`proxy:`
			`external: true`