dots/modules/services/media/jellyfin.nix

{ config, ... }:

{
  # Streaming frontend
  services.jellyfin = {
    enable = true;
    openFirewall = false;
    group = "media";
  };

  users.users.jellyfin.extraGroups = [ "render" "video" ];

  services.caddy.virtualHosts."watch.${config.homelab.domain}" = {
#    useACMEHost = config.homelab.domain;
    extraConfig = ''
      reverse_proxy http://localhost:8096
      import block_non_private_ips
    '';
  };
}