diff --git a/builders/shiro.nix b/builders/shiro.nix
index 1585e788..0a32fe35 100644
--- a/builders/shiro.nix
+++ b/builders/shiro.nix
@@ -1,6 +1,6 @@
 {
   hostName = "shiro";
-  sshUser = "remotebuilder";
+  sshUser = "servius";
   system = "aarch64-darwin";
   protocol = "ssh-ng";
   supportedFeatures = ["benchmark" "big-parallel" "kvm"];
diff --git a/darwin/shiro/services/default.nix b/darwin/shiro/services/default.nix
index b99c8d34..67de3470 100644
--- a/darwin/shiro/services/default.nix
+++ b/darwin/shiro/services/default.nix
@@ -3,5 +3,6 @@
     ./yabai.nix
     ./skhd.nix
     ./tailscale.nix
+    ./jellyfin.nix
   ];
 }
diff --git a/darwin/shiro/services/jellyfin.nix b/darwin/shiro/services/jellyfin.nix
new file mode 100644
index 00000000..eec00e5d
--- /dev/null
+++ b/darwin/shiro/services/jellyfin.nix
@@ -0,0 +1,14 @@
+{...}: {
+  imports = [../../../modules/jellyfin.nix];
+  services = {
+    jellyfin = {
+      enable = false;
+      # openFirewall = true;
+    };
+    # caddy = {
+    #   virtualHosts."media.darksailor.dev".extraConfig = ''
+    #     reverse_proxy localhost:8096
+    #   '';
+    # };
+  };
+}
diff --git a/modules/jellyfin.nix b/modules/jellyfin.nix
new file mode 100644
index 00000000..a04ab85d
--- /dev/null
+++ b/modules/jellyfin.nix
@@ -0,0 +1,74 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+  cfg = config.services.jellyfin;
+in
+{
+  options.services.jellyfin = {
+    enable = mkEnableOption "Jellyfin Media Server";
+
+    package = mkOption {
+      type = types.package;
+      default = pkgs.jellyfin;
+      defaultText = literalExpression "pkgs.jellyfin";
+      description = "The package to use for Jellyfin";
+    };
+
+    user = mkOption {
+      type = types.str;
+      default = "jellyfin";
+      description = "User account under which Jellyfin runs.";
+    };
+
+    group = mkOption {
+      type = types.str;
+      default = "jellyfin";
+      description = "Group under which Jellyfin runs.";
+    };
+
+    dataDir = mkOption {
+      type = types.path;
+      default = "/var/lib/jellyfin";
+      description = "Directory where Jellyfin stores its data files";
+    };
+  };
+
+  config = mkIf cfg.enable {
+    environment.systemPackages = [ cfg.package ];
+
+    launchd.daemons.jellyfin = {
+      command = "${lib.getExe cfg.package} --datadir '${cfg.dataDir}'";
+      serviceConfig = {
+        Label = "org.jellyfin.server";
+        RunAtLoad = true;
+        KeepAlive = true;
+        UserName = cfg.user;
+        GroupName = cfg.group;
+        WorkingDirectory = cfg.dataDir;
+        StandardOutPath = "/var/log/jellyfin.log";
+        StandardErrorPath = "/var/log/jellyfin.error.log";
+      };
+    };
+
+    users.users = mkIf (cfg.user == "jellyfin") {
+      jellyfin = {
+        isSystemUser = true;
+        group = cfg.group;
+        home = cfg.dataDir;
+        createHome = true;
+      };
+    };
+
+    users.groups = mkIf (cfg.group == "jellyfin") {
+      jellyfin = {};
+    };
+
+    # Create necessary directories and set permissions
+    system.activationScripts.preActivation.text = ''
+      mkdir -p ${cfg.dataDir}
+      chown ${cfg.user}:${cfg.group} ${cfg.dataDir}
+    '';
+  };
+}