diff --git a/ansible/roles/jellyfin/files/docker-compose.yml b/ansible/roles/jellyfin/files/docker-compose.yml
new file mode 100644
index 0000000..0e03489
--- /dev/null
+++ b/ansible/roles/jellyfin/files/docker-compose.yml
@@ -0,0 +1,36 @@
+---
+version: '3.7'
+
+services:
+  jellyfin:
+    container_name: jellyfin
+    image: linuxserver/jellyfin:latest
+    restart: unless-stopped
+    volumes:
+      - /media/jellyfin:/config
+      - /media/Movies:/media/Movies
+      - /media/Series:/media/Series
+      - /media/Videos:/media/Videos
+      - /media/Concerts:/media/Concerts
+    environment:
+      - PUID=9090
+      - PGID=9090
+      - TZ=Europe/Sofia
+    ports:
+      - 8096:8096
+    labels:
+      - traefik.enable=true
+      - traefik.http.routers.jellyfin.rule=Host('jf.chuchelo.net')
+      - traefik.http.routers.jellyfin.entrypoints=https
+      - traefik.http.routers.jellyfin.tls=true
+      - traefik.http.routers.jellyfin.tls.certresolver=letsencrypt
+      - traefik.http.routers.jellyfin.middlewares=jellyfin-mw
+      - traefik.http.middlewares.jellyfin-mw.headers.customResponseHeaders.X-Robots-Tag=noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex
+      - traefik.http.middlewares.jellyfin-mw.headers.STSSeconds=315360000
+      - traefik.http.middlewares.jellyfin-mw.headers.STSIncludeSubdomains=true
+      - traefik.http.middlewares.jellyfin-mw.headers.STSPreload=true
+      - traefik.http.middlewares.jellyfin-mw.headers.forceSTSHeader=true
+      - traefik.http.middlewares.jellyfin-mw.headers.frameDeny=true
+      - traefik.http.middlewares.jellyfin-mw.headers.contentTypeNosniff=true
+      - traefik.http.middlewares.jellyfin-mw.headers.browserXSSFilter=true
+      - traefik.http.middlewares.jellyfin-mw.headers.customFrameOptionsValue='allow-from https://jf.chuchelo.net'
diff --git a/ansible/roles/jellyfin/handlers/main.yml b/ansible/roles/jellyfin/handlers/main.yml
new file mode 100644
index 0000000..996a675
--- /dev/null
+++ b/ansible/roles/jellyfin/handlers/main.yml
@@ -0,0 +1,4 @@
+- name: restart jellyfin
+  shell:
+    chdir: /opt/jellyfin
+    cmd: "{{ docker_update_command }}"
diff --git a/ansible/roles/jellyfin/tasks/main.yml b/ansible/roles/jellyfin/tasks/main.yml
index 0fdf7c5..8cdc7d5 100644
--- a/ansible/roles/jellyfin/tasks/main.yml
+++ b/ansible/roles/jellyfin/tasks/main.yml
@@ -1,24 +1,17 @@
-- name: Add Jellyfin apt key
-  ansible.builtin.apt_key:
-    url: https://repo.jellyfin.org/jellyfin_team.gpg.key
-    state: present
+- name: Create install directory
+  file:
+    path: /opt/jellyfin
+    state: directory
+    owner: "{{ docker_user.name }}"
+    mode: "{{ docker_compose_directory_mask }}"
   become: true
 
-- name: Add Jellyfin repository
-  apt_repository:
-    repo: deb [arch=amd64] https://repo.jellyfin.org/debian {{ ansible_distribution_release }} main
-    filename: jellyfin
-    state: present
-  become: true
-
-- name: Install jellyfin
-  package:
-    name: jellyfin
-  become: true
-
-- name: Set media dir permissions
-  cron:
-    name: Set media permissions
-    special_time: daily
-    job: chown -R jellyfin:jellyfin /mnt/media
+- name: Install compose file
+  template:
+    src: files/docker-compose.yml
+    dest: /opt/jellyfin/docker-compose.yml
+    mode: "{{ docker_compose_file_mask }}"
+    owner: "{{ docker_user.name }}"
+    validate: docker-compose -f %s config
+  notify: restart jellyfin
   become: true