diff --git a/flake.nix b/flake.nix
index 28e3853..a176f3e 100644
--- a/flake.nix
+++ b/flake.nix
@@ -506,6 +506,7 @@
               ./nixos/forgejo.nix # Git hosting (Forgejo/Gitea fork)
               ./nixos/garage.nix # Object storage service
               ./nixos/ollama.nix # AI/LLM service
+              ./nixos/jellyfin.nix # Jellyfin media server
 
               # Cloud storage and secrets
               self.nixosModules.bertof-rclone
diff --git a/nixos/jellyfin.nix b/nixos/jellyfin.nix
new file mode 100644
index 0000000..6702985
--- /dev/null
+++ b/nixos/jellyfin.nix
@@ -0,0 +1,33 @@
+{ pkgs, config, ... }: {
+  age.secrets.rclone_jellyfin = {
+    file = ../secrets/rclone_jellyfin.age;
+    owner = "jellyfin";
+  };
+
+  services.jellyfin = {
+    enable = true;
+    openFirewall = true;
+    group = "users";
+  };
+
+  environment.systemPackages = [ pkgs.rclone ];
+
+  fileSystems."/var/lib/jellyfin/media" = {
+    device = "garage:/";
+    fsType = "rclone";
+    options = [
+      "nodev"
+      "nofail"
+      "_netdev"
+      "allow_other"
+      "uid=jellyfin"
+      "gid=users"
+      "X-mount.mkdir"
+      "args2env"
+      "vfs_cache_mode=writes"
+      "s3_upload_concurrency=32"
+      "s3_chunk_size=128000"
+      "config=${config.age.secrets.rclone_jellyfin.path}"
+    ];
+  };
+}
diff --git a/secrets/rclone_jellyfin.age b/secrets/rclone_jellyfin.age
new file mode 100644
index 0000000..5cd323f
--- /dev/null
+++ b/secrets/rclone_jellyfin.age
@@ -0,0 +1,23 @@
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDRiZWhGQSBpdmxQ
+QU9MRlV3L00reFo0REZ2alZiRUN6ZGNlQXRCVk96S1J4cWNSRUIwCitBYUxPbjZM
+N2NLejBjeWRZemZLVmVWWmVLdnNsdUwxaU55TmpvWXhnZ0kKLT4gc3NoLWVkMjU1
+MTkgZXZMbEl3IGNHSW9VWHZnZFU5K1dYbFl0UUk0amttVngvdlJSNjBkRTJYZ3Jj
+NjZtWE0KUXhZYU9IYXlKTElYRmxyMkNaZkdia2QyWnVERW5udXVjY2t0WWpGcGJZ
+WQotPiBzc2gtZWQyNTUxOSBqdjNlancgNEowelpNNExyajNJeDZMekU0V1dtbXFJ
+d3dObkJhVXZVclVJU0ppcTlndwo5TzdvczFjYVRBR1dlRkpaSks0VEFTeGpUNmZz
+WjB1TXN0MkRobDJpdXJNCi0+IHNzaC1lZDI1NTE5IHlpWW9YZyBEcFFHNzF3UEJx
+MFRESFNyRkRZVFUvaFEwOU5kbG1jTGtEbjlGZUdmd2hVCmE2dzFyVG1Gais4enFn
+T2VGVVA0Qmd4aWV4S1RmVzJBdytwT0NmWDE1MTQKLT4gZHFKLWdyZWFzZQp0bFhB
+Vlp4M0tTNDRvYXhNWkJoQmhjOU1RUDFQcDJOSUs0RnJ1ODdJejk3enRHZ1ZhSjZC
+NnlYRFhDUU9pMzBlCmh3MXE0ZGFKRjdRNWtsL0xKeG9TUHFmUDQ4VzJFWC9hSWhL
+WUM5bk5KMDNNaGRVeVVwVnhENEovQUEKLS0tIEtkZXVxd08zYXF5S1lsSzJiUGVv
+enZybjdGUzQ0RTZUQlNSRVR6RmZHUHcKwx8Zu0Gnq8p7uOvawnZdkdFHaTmFDq9+
+BfP9osczw1/mMTAXyVjrPHZltlqXJXoxcdWD1CwEO0kJ5JsAjjPmX/v8DTZIoty5
+EU5Wd6LgykD1AeLHo1XZESmys6ljyASwO7shNOlNscAujaiqmD9NXenr1811duj3
+pfkCGK0CzDcLFjMIflCBtCviBOgZEUctjJfA9FT4Cgh3M0jYdDgLboH7e416Vnxa
+08845ZpjDqIywCmtSap9jPL4gcYzLLapU6ccAmlLqAGvMRCnmcpiEZNEJiwHJBzZ
+rVelOLVxjYgu7rPTY19BJZuSp7E4HV5pvpZqqhKlLlu6U43I1gci04jeIbJO3tmV
+slfNsIP/m+bUj3LfPfTqCtKEkft2nR+300xxe1Xk6EkUINyYuy/vV8oWctScASBU
+lr+mUH5CYInNcR9xwWpsZeI11FQZ1ldt9x9Q5fM=
+-----END AGE ENCRYPTED FILE-----
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 41b4b1d..a861879 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -46,6 +46,7 @@ in
   "thor_wg_priv.age".publicKeys = devUsers ++ [ thor ];
   "wg_psk.age".publicKeys = devUsers ++ systems;
   "rclone_bertof.age".publicKeys = devUsers ++ [ baldur heimdall odin sif thor ];
+  "rclone_jellyfin.age".publicKeys = devUsers ++ [ baldur heimdall ];
   "rclone_tiziano.age".publicKeys = devUsers ++ [ odin ];
   "ollama.age".publicKeys = devUsers ++ [ thor ];
   "heimdall-gitlab-runner-nix.age".publicKeys = devUsers ++ [ heimdall ];