diff --git a/options/services.nix b/options/services.nix
index a3020e4..885e65f 100644
--- a/options/services.nix
+++ b/options/services.nix
@@ -13,5 +13,6 @@ in
     syncthing.enable = mkEnableOption "syncthing";
     openvpn.enable = mkEnableOption "openvpn";
     stubby.enable = mkEnableOption "stubby";
+    jellyfin.enable = mkEnableOption "jellyfin";
   };
 }
diff --git a/profiles/homeserver.nix b/profiles/homeserver.nix
index 0bb1deb..13663cc 100644
--- a/profiles/homeserver.nix
+++ b/profiles/homeserver.nix
@@ -44,6 +44,7 @@
       syncthing.enable = true;
       openvpn.enable = true;
       stubby.enable = true;
+      jellyfin.enable = true;
     };
   };
 }
diff --git a/system/podman/pihole.nix b/system/podman/pihole.nix
index 81b85b0..ac29181 100644
--- a/system/podman/pihole.nix
+++ b/system/podman/pihole.nix
@@ -3,7 +3,7 @@ let
   name = "pihole";
   podman = config.profile.podman;
   pihole = podman.pihole;
-  inherit (lib) mkIf lists;
+  inherit (lib) mkIf strings attrsets;
   gateway = "10.1.1.1";
   subnet = "10.1.1.0/30";
   ip = "10.1.1.2";
@@ -36,8 +36,11 @@ in
     };
 
     # We have refresh the custom.list dns list when caddy virtual hosts changes,
-    # the easiest way to do so is to restart the pihole container
-    systemd.services."podman-${name}".partOf = lists.optional (config.services.caddy.enable) "caddy.service";
+    # the easiest way to do so is to restart the pihole container.
+    #
+    # This works by collecting all the virtual hosts defined in caddy
+    # and check if the length of the list changes, if it does, we restart the pihole container.
+    systemd.services."podman-${name}".restartTriggers = attrsets.mapAttrsToList (name: _: name) config.services.caddy.virtualHosts;
     environment.etc."pihole/custom.list" = {
       # Copy file instead of symlink
       mode = "0444";
diff --git a/system/podman/ytptube.nix b/system/podman/ytptube.nix
index 715ca0d..3da75b5 100644
--- a/system/podman/ytptube.nix
+++ b/system/podman/ytptube.nix
@@ -32,7 +32,7 @@ in
 
     system.activationScripts."podman-${name}" = ''
       mkdir -p ${volume}
-      chown -R ${uid}:${gid} /nas/mediaserver
+      chown -R ${uid}:${gid} ${volume}
     '';
 
     environment.etc."podman/${name}/ytdlp.json" = {
diff --git a/system/services/default.nix b/system/services/default.nix
index ba1bb0a..6cf0c39 100644
--- a/system/services/default.nix
+++ b/system/services/default.nix
@@ -10,5 +10,6 @@
     ./kavita.nix
     ./openvpn.nix
     ./stubby.nix
+    ./jellyfin.nix
   ];
 }
diff --git a/system/services/jellyfin.nix b/system/services/jellyfin.nix
new file mode 100644
index 0000000..5856a9a
--- /dev/null
+++ b/system/services/jellyfin.nix
@@ -0,0 +1,25 @@
+{ config, lib, ... }:
+let
+  cfg = config.profile.services.jellyfin;
+  dataDir = "/nas/mediaserver/jellyfin";
+  domain = "jellyfin.tigor.web.id";
+  inherit (lib) mkIf;
+  username = config.profile.user.name;
+in
+{
+  config = mkIf cfg.enable {
+    users.users.${username}.extraGroups = [ "jellyfin" ];
+    users.users.jellyfin.extraGroups = [ username ];
+    system.activationScripts.jellyfin-prepare = ''
+      mkdir -p ${dataDir}
+      chmod -R 0777 /nas/mediaserver
+    '';
+    services.caddy.virtualHosts.${domain}.extraConfig = ''
+      reverse_proxy 0.0.0.0:8096
+    '';
+    services.jellyfin = {
+      enable = true;
+      inherit dataDir;
+    };
+  };
+}