diff --git a/dev/host_vars/mediaserver.yml b/dev/host_vars/mediaserver.yml
new file mode 100644
index 0000000..1ca35af
--- /dev/null
+++ b/dev/host_vars/mediaserver.yml
@@ -0,0 +1,26 @@
+base_domain: vm.krislamo.org
+
+# base
+allow_reboot: false
+manage_network: false
+
+# proxy
+proxy:
+  #production: true
+  dns_cloudflare:
+    opts: --test-cert
+    #email: realemail@example.com
+    #api_token: CLOUDFLARE_DNS01_API_TOKEN
+    wildcard_domains:
+      - "{{ base_domain }}"
+  servers:
+    - domain: "{{ jellyfin_domain }}"
+      proxy_pass: "http://127.0.0.1:8080"
+
+# docker
+docker_users:
+  - vagrant
+
+# jellyfin
+jellyfin_domain: "jellyfin.{{ base_domain }}"
+jellyfin_version: latest
diff --git a/dev/mediaserver.yml b/dev/mediaserver.yml
new file mode 100644
index 0000000..4e66476
--- /dev/null
+++ b/dev/mediaserver.yml
@@ -0,0 +1,10 @@
+- name: Install Media Server
+  hosts: all
+  become: true
+  vars_files:
+    - host_vars/mediaserver.yml
+  roles:
+    - base
+    - proxy
+    - docker
+    - jellyfin
diff --git a/mediaserver.yml b/mediaserver.yml
new file mode 100644
index 0000000..a1378eb
--- /dev/null
+++ b/mediaserver.yml
@@ -0,0 +1,7 @@
+- name: Install Media Server
+  hosts: mediaservers
+  become: true
+  roles:
+    - base
+    - docker
+    - jellyfin
diff --git a/roles/.gitignore b/roles/.gitignore
index bb43362..6c7b69a 100644
--- a/roles/.gitignore
+++ b/roles/.gitignore
@@ -1,20 +1 @@
-/*
-!.gitignore
-!requirements.yml
-!base*/
-!bitwarden*/
-!docker*/
-!gitea*/
-!jenkins*/
-!libvirt*/
-!mariadb*/
-!minecraft*/
-!nextcloud*/
-!nginx*/
-!postgresql*/
-!prometheus*/
-!proxy*/
-!rsnapshot*/
-!traefik*/
-!unifi*/
-!wordpress*/
+.gitignore
diff --git a/roles/base/handlers/main.yml b/roles/base/handlers/main.yml
index 3372219..59f85df 100644
--- a/roles/base/handlers/main.yml
+++ b/roles/base/handlers/main.yml
@@ -1,18 +1,24 @@
 - name: Reboot host
-  reboot:
+  ansible.builtin.reboot:
     msg: "Reboot initiated by Ansible"
     connect_timeout: 5
   listen: reboot_host
   when: allow_reboot
 
 - name: Restart WireGuard
-  service:
+  ansible.builtin.service:
     name: wg-quick@wg0
     state: restarted
   listen: restart_wireguard
 
 - name: Restart Fail2ban
-  service:
+  ansible.builtin.service:
     name: fail2ban
     state: restarted
   listen: restart_fail2ban
+
+- name: Restart ddclient
+  ansible.builtin.service:
+    name: ddclient
+    state: restarted
+  listen: restart_ddclient
diff --git a/roles/base/tasks/ansible.yml b/roles/base/tasks/ansible.yml
index c130855..7b2c06b 100644
--- a/roles/base/tasks/ansible.yml
+++ b/roles/base/tasks/ansible.yml
@@ -1,11 +1,11 @@
 - name: 'Install Ansible dependency: python3-apt'
-  shell: 'apt-get update && apt-get install python3-apt -y'
+  ansible.builtin.shell: 'apt-get update && apt-get install python3-apt -y'
   args:
     creates: /usr/lib/python3/dist-packages/apt
     warn: false
 
 - name: Install additional Ansible dependencies
-  apt:
+  ansible.builtin.apt:
     name: "{{ item }}"
     state: present
     force_apt_get: true
@@ -17,7 +17,7 @@
     - python3-psycopg2
 
 - name: Create Ansible's temporary remote directory
-  file:
+  ansible.builtin.file:
     path: "~/.ansible/tmp"
     state: directory
     mode: 0700
diff --git a/roles/base/tasks/ddclient.yml b/roles/base/tasks/ddclient.yml
index f1e1121..7643c83 100644
--- a/roles/base/tasks/ddclient.yml
+++ b/roles/base/tasks/ddclient.yml
@@ -1,22 +1,17 @@
 - name: Install ddclient
-  apt:
+  ansible.builtin.apt:
     name: ddclient
     state: present
 
 - name: Install ddclient settings
-  template:
+  ansible.builtin.template:
     src: ddclient.conf.j2
     dest: /etc/ddclient.conf
+    mode: 0600
   register: ddclient_settings
 
 - name: Start ddclient and enable on boot
-  service:
+  ansible.builtin.service:
     name: ddclient
     state: started
     enabled: true
-
-- name: Restart ddclient
-  service:
-    name: ddclient
-    state: restarted
-  when: ddclient_settings.changed
diff --git a/roles/jellyfin/defaults/main.yml b/roles/jellyfin/defaults/main.yml
new file mode 100644
index 0000000..16f4f23
--- /dev/null
+++ b/roles/jellyfin/defaults/main.yml
@@ -0,0 +1,4 @@
+jellyfin_name: jellyfin
+jellyfin_volume: "{{ jellyfin_name }}"
+jellyfin_rooturl: "https://{{ jellyfin_domain }}"
+jellyfin_root: "{{ docker_compose_root }}/{{ jellyfin_name }}"
diff --git a/roles/jellyfin/handlers/main.yml b/roles/jellyfin/handlers/main.yml
new file mode 100644
index 0000000..0dfcafa
--- /dev/null
+++ b/roles/jellyfin/handlers/main.yml
@@ -0,0 +1,6 @@
+- name: Restart Jellyfin
+  service:
+    name: "{{ docker_compose_service }}@{{ jellyfin_name }}"
+    state: restarted
+  listen: restart_jellyfin
+  
\ No newline at end of file
diff --git a/roles/jellyfin/tasks/main.yml b/roles/jellyfin/tasks/main.yml
new file mode 100644
index 0000000..f2c97e1
--- /dev/null
+++ b/roles/jellyfin/tasks/main.yml
@@ -0,0 +1,37 @@
+- name: Create Jellyfin directory
+  ansible.builtin.file:
+    path: "{{ jellyfin_root }}"
+    state: directory
+
+- name: Create jellyfin user
+  user:
+    name: jellyfin
+    state: present
+
+- name: jellyfin user uid
+  getent:
+    database: passwd
+    key: jellyfin
+
+- name: jellyfin user gid
+  getent:
+    database: group
+    key: jellyfin
+
+- name: Install Jellyfin's docker-compose file
+  template:
+    src: docker-compose.yml.j2
+    dest: "{{ jellyfin_root }}/docker-compose.yml"
+  notify: restart_jellyfin
+
+- name: Install Jellyfin's docker-compose variables
+  template:
+    src: compose-env.j2
+    dest: "{{ jellyfin_root }}/.env"
+  notify: restart_jellyfin
+
+- name: Start and enable Jellyfin service
+  service:
+    name: "{{ docker_compose_service }}@{{ jellyfin_name }}"
+    state: started
+    enabled: true
diff --git a/roles/jellyfin/templates/compose-env.j2 b/roles/jellyfin/templates/compose-env.j2
new file mode 100644
index 0000000..9edc54c
--- /dev/null
+++ b/roles/jellyfin/templates/compose-env.j2
@@ -0,0 +1,5 @@
+# {{ ansible_managed }}
+jellyfin_version={{ jellyfin_version }}
+jellyfin_name={{ jellyfin_name }}
+jellyfin_domain={{ jellyfin_domain }}
+jellyfin_rooturl={{ jellyfin_rooturl }}
diff --git a/roles/jellyfin/templates/docker-compose.yml.j2 b/roles/jellyfin/templates/docker-compose.yml.j2
new file mode 100644
index 0000000..bc038ba
--- /dev/null
+++ b/roles/jellyfin/templates/docker-compose.yml.j2
@@ -0,0 +1,13 @@
+version: '3.7'
+
+services:
+  jellyfin:
+    image: "jellyfin/jellyfin:${jellyfin_version}"
+    container_name: "${jellyfin_name}"
+    volumes:
+      - ./config:/config
+      - ./cache:/cache
+      - {{ jellyfin_volume }}:/media
+
+volumes:
+  {{ jellyfin_volume }}: