Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/leoverto/jellyfin-hcloud

Automatically set up Jellyfin on Hetzner Cloud using Terraform, Ansible and Docker Compose
https://github.com/leoverto/jellyfin-hcloud

ansible ansible-playbook docker docker-compose hcloud hetzner hetzner-cloud jellyfin terraform traefik traefik-v2

Last synced: 27 days ago
JSON representation

Automatically set up Jellyfin on Hetzner Cloud using Terraform, Ansible and Docker Compose

Host: GitHub
URL: https://github.com/leoverto/jellyfin-hcloud
Owner: LeoVerto
License: mit
Created: 2021-03-02T03:54:22.000Z (over 3 years ago)
Default Branch: main
Last Pushed: 2022-12-23T15:01:46.000Z (almost 2 years ago)
Last Synced: 2023-03-25T19:42:01.449Z (over 1 year ago)
Topics: ansible, ansible-playbook, docker, docker-compose, hcloud, hetzner, hetzner-cloud, jellyfin, terraform, traefik, traefik-v2
Language: Jinja
Homepage:
Size: 49.8 KB
Stars: 5
Watchers: 2
Forks: 1
Open Issues: 2
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

# Set up Jellyfin on Hetzner Cloud using Terraform and Ansible
This reposistory provides both an Ansible playbook to automatically
install Jellyfin on a Debian server as well as
a Terraform configuration to provision a server at Hetzer Cloud,
run the playbook, and set up DNS records.

Jellyfin is set up using the official Docker image with
Traefik as a reverse proxy for TLS termination.

The playbook handles some basic hardening of the server using
roles from [dev-sec/ansible-collection-hardening](https://github.com/dev-sec/ansible-collection-hardening/).
The SSH server is configured to a standard similar to the
[Mozilla Modern OpenSSH guideline](https://infosec.mozilla.org/guidelines/openssh).
The TLS configuration is rated as "A+" by [Qualys SSL Labs](https://ssllabs.com/).

As of the time of writing, the playbook is really only intended
to work with an existing Jellyfin config directory, see below for details and how to correctly use it.

## Requirements
You need to have ansible, terraform and python-hcloud installed.

If the latter isn't available as a package on your distribution, install it using `pip --user install python-hcloud`.

## Configuration
Enter the terraform directory and create a file `terraform.tfvars` defining all the required variables
from `variables.tf`.

If your media files can be directly played by all clients, a `cx11` instance should work fine,
but as soon as clients require transcoding, you will need a bigger one.

Ideally you should use an instance with dedicated CPU resources.
The `ccx31` type should be sufficient for transcoding at least five different streams at the same time.

This playbook is intended to be used with an existing Jellyfin configuration.
Copy your Jellyfin `config` directory to `ansible/jellyfin-config`.

### **DANGER**

If you do not do this, the Jellyfin install wizard will be accessible
on the web and accessible by absolutely ***anyone***; who could then
create an admin account and use the server to serve potentially
illegal content. You have been warned.

As a workaround you may change the Traefik config in `ansible/roles/jellyfin/templates`
to only allow local local connections until the wizard has been
completed.

If you figure out a better way to handle this, feel free to make a pull request.
I'd be happy to accept it!

## Running
Again in the `terraform` directory run `terraform apply`, enter "yes", and sit back and watch
as your server is being provisioned, hardened, and Jellyfin is set up.

Once this is done you can connect to the server using the user name
`deploy` and upload media to `/srv/jellyfin/jellyfin/media`.