Jellyfin in an Unprivileged Container
This will allow a Jellyfin instance to run in an unprivilidged LXC Container. Either as an install or in a Docker image.
On the Proxmox Host System
Find Device Numbers
ls -l /dev/dri
Find Group Numbers
cat /etc/group
Add Group Numbers Values to subgid
Change values to map the to above ^^
nano /etc/subgid
Paste at the bottom, for example:
root:44:1
root:104:1
Create CT Container
Using Wizard. Edit .conf In /etc/pve/lxc
Edit your device IDs and renderD*** Ensure you match the idmap values
arch: amd64
cores: 2
cpulimit: 2
features: nesting=1
hostname: test-gpu-04
memory: 3000
mp2: /mnt/barracuda/videos,mp=mnt/media,ro=1 #This is the mount point for the jellyfin media files
net0: name=eth0,bridge=vmbr0,firewall=1,hwaddr=BC:24:11:06:18:78,ip=dhcp,type=veth
ostype: debian
rootfs: local-lvm:vm-104-disk-0,size=20G
swap: 512
unprivileged: 1
lxc.cgroup2.devices.allow: c 226:0 rwm
lxc.cgroup2.devices.allow: c 226:128 rwm
lxc.mount.entry: /dev/dri/renderD128 dev/dri/renderD128 none bind,optional,create=file
lxc.idmap: u 0 100000 65536
lxc.idmap: g 0 100000 44
lxc.idmap: g 44 44 1
lxc.idmap: g 45 100045 62
lxc.idmap: g 107 104 1
lxc.idmap: g 108 100108 65428
Add Root to Groups
Do this on your Proxmox Host
usermod -aG render,video root
WhateverPreliminary CT Container Work
After logging in as the root user to the newly created LXC container, make sure the system is up to dated
apt update && apt upgrade -y
If you are going to have a super user sudo should be installed
apt install sudo
You may wish to add a superuser and perhaps a docker user to the Container.
adduser <username>
You will also want to add the group that is mapped from the host to access the passed in mount point(s)
groupadd -g 10000 lxc_shares
Add the super user to this group for easy naviagaion. If you are going to run Jellyin in a Docker Container the user that will run Jellyfin will require access to this group.
usermod -aG lxc_shares <username>
If you are installing Jellyfin directly to the Container, the jellyfin user will require inclusion in this group after it is created by the install process.
Installing Jellyfin
We will cover two methods of installing Jellyfin in this unpriviledged container. Install Jelllyfin Directly and via Docker.
Installing Jellyfin directly as an application inside the container
To do this you will need to install the extrepo, enable the repo, then update the sources and install Jellyfin as below.
apt install extrepo
extrepo enable jellyfin
apt update && apt install jellyfin -y
Note: The jellyfin user will require inclusion in the lxc_shares group as described above to access the media mount point.
Installing Jellyfin via Docker
Prerequisite;
- Install Docker as per usual
- Install Docer Compose as per usual
Create a folder for the Docker Compose file(s) for Jellyfin. In this folder create a docker_compose.yaml files and include the following, modifying as needed for your system.
version: "2"
services:
jellyfin:
image: jellyfin/jellyfin
container_name: jellyfin
group_add:
- '107' # This needs to be the group id of your GPU, e.g., `stat -c '%g' /dev/dri/renderD128` on the docker host for iGPU
environment:
- TZ=America/Toronto
- PUID=1005 # User created to run docker containers
- PGID=10000 # Group created to access the LXC_SHARES
volumes:
- /srv/containers/jellyfin/config:/config
- /srv/containers/jellyfin/cache:/cache
- /mnt/media/video:/media/video:ro # Mount point for the Jellyfin Media files mapped in from the LXC config file
# - /home/ubuntu/YOUR_NAS/Films:/Films:ro
# - /home/ubuntu/YOUR_NAS/TVShows:/TVShows:ro
# - /home/ubuntu/YOUR_NAS/Audiobooks:/Audiobooks:ro
# - /home/ubuntu/YOUR_NAS/Music:/Music:ro
ports: # You Want.will need to uncomment if you aren't running through a proxy
- 8096:8096
#- 8920:8920 #optional
#- 7359:7359/udp #optional
#- 1900:1900/udp #optional
devices: # uncomment these and amend if you require GPU accelerated transcoding
- /dev/dri/renderD128:/dev/dri/renderD128
restart: unless-stopped
Run Docker Comose in the folder where the ..yaml files it to up the jellyfin Docker Image
docker compose up -d
After the Jellyfin Install is complete
InstallWhen Docker,Jellyfin runis apps,installed even changewith your LXCchosen formethod, asetup LinuxJellyfin Desktop!!!as you would and configure access as required.
http://<YOUR CONTAINER IP>:8096