diff --git a/apps/jellyfin/cert.yaml b/apps/jellyfin/cert.yaml
new file mode 100644
index 0000000..ed7f0a2
--- /dev/null
+++ b/apps/jellyfin/cert.yaml
@@ -0,0 +1,20 @@
+# yaml-language-server: $schema=https://raw.githubusercontent.com/datreeio/CRDs-catalog/refs/heads/main/cert-manager.io/certificate_v1.json
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: jellyfin-swifthomelab-net
+  labels:
+    app.kubernetes.io/name: jellyfin
+    app.kubernetes.io/instance: jellyfin
+    app.kubernetes.io/component: media-server
+    app.kubernetes.io/part-of: jellyfin
+  namespace: cert-manager
+spec:
+  secretName: jellyfin-swifthomelab-net
+  issuerRef:
+    name: swifthomelab-net-issuer
+    kind: ClusterIssuer
+  commonName: jellyfin.swifthomelab.net
+  dnsNames:
+  - jellyfin.swifthomelab.net
+  - music.swifthomelab.net
diff --git a/apps/jellyfin/delegation.yaml b/apps/jellyfin/delegation.yaml
new file mode 100644
index 0000000..b1030d0
--- /dev/null
+++ b/apps/jellyfin/delegation.yaml
@@ -0,0 +1,16 @@
+# yaml-language-server: $schema=https://raw.githubusercontent.com/datreeio/CRDs-catalog/refs/heads/main/projectcontour.io/tlscertificatedelegation_v1.json
+apiVersion: projectcontour.io/v1
+kind: TLSCertificateDelegation
+metadata:
+  name: jellyfin-swifthomelab-net
+  labels:
+    app.kubernetes.io/name: jellyfin
+    app.kubernetes.io/instance: jellyfin
+    app.kubernetes.io/component: media-server
+    app.kubernetes.io/part-of: jellyfin
+  namespace: cert-manager
+spec:
+  delegations:
+  - secretName: jellyfin-swifthomelab-net
+    targetNamespaces:
+    - jellyfin
diff --git a/apps/jellyfin/httpproxy.yaml b/apps/jellyfin/httpproxy.yaml
new file mode 100644
index 0000000..9463bf6
--- /dev/null
+++ b/apps/jellyfin/httpproxy.yaml
@@ -0,0 +1,41 @@
+# yaml-language-server: $schema=https://raw.githubusercontent.com/datreeio/CRDs-catalog/refs/heads/main/projectcontour.io/httpproxy_v1.json
+apiVersion: projectcontour.io/v1
+kind: HTTPProxy
+metadata:
+  name: jellyfin-ingress
+  labels:
+    app.kubernetes.io/name: jellyfin
+    app.kubernetes.io/instance: jellyfin
+    app.kubernetes.io/component: media-server
+    app.kubernetes.io/part-of: jellyfin
+  namespace: jellyfin
+spec:
+  virtualhost:
+    fqdn: jellyfin.swifthomelab.net
+    tls:
+      secretName: cert-manager/jellyfin-swifthomelab-net
+  routes:
+  - services:
+    - name: jellyfin
+      port: 8096
+---
+# yaml-language-server: $schema=https://raw.githubusercontent.com/datreeio/CRDs-catalog/refs/heads/main/projectcontour.io/httpproxy_v1.json
+apiVersion: projectcontour.io/v1
+kind: HTTPProxy
+metadata:
+  name: music-ingress
+  labels:
+    app.kubernetes.io/name: jellyfin
+    app.kubernetes.io/instance: jellyfin
+    app.kubernetes.io/component: media-server
+    app.kubernetes.io/part-of: jellyfin
+  namespace: jellyfin
+spec:
+  virtualhost:
+    fqdn: music.swifthomelab.net
+    tls:
+      secretName: cert-manager/jellyfin-swifthomelab-net
+  routes:
+  - services:
+    - name: jellyfin
+      port: 8096
diff --git a/apps/jellyfin/service.yaml b/apps/jellyfin/service.yaml
new file mode 100644
index 0000000..32b1e9b
--- /dev/null
+++ b/apps/jellyfin/service.yaml
@@ -0,0 +1,21 @@
+# yaml-language-server: $schema=https://raw.githubusercontent.com/yannh/kubernetes-json-schema/refs/heads/master/master/service-v1.json
+apiVersion: v1
+kind: Service
+metadata:
+  name: jellyfin
+  labels:
+    app.kubernetes.io/name: jellyfin
+    app.kubernetes.io/instance: jellyfin
+    app.kubernetes.io/component: media-server
+    app.kubernetes.io/part-of: jellyfin
+  namespace: jellyfin
+spec:
+  type: ClusterIP
+  ports:
+  - port: 8096
+    targetPort: 8096
+    protocol: TCP
+    name: http
+  selector:
+    app.kubernetes.io/name: jellyfin
+    app.kubernetes.io/instance: jellyfin
diff --git a/apps/jellyfin/statefulset.yaml b/apps/jellyfin/statefulset.yaml
new file mode 100644
index 0000000..327981f
--- /dev/null
+++ b/apps/jellyfin/statefulset.yaml
@@ -0,0 +1,84 @@
+# yaml-language-server: $schema=https://raw.githubusercontent.com/yannh/kubernetes-json-schema/refs/heads/master/master/statefulset.json
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: jellyfin
+  labels:
+    app.kubernetes.io/name: jellyfin
+    app.kubernetes.io/instance: jellyfin
+    app.kubernetes.io/component: media-server
+    app.kubernetes.io/part-of: jellyfin
+  namespace: jellyfin
+spec:
+  serviceName: jellyfin
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: jellyfin
+      app.kubernetes.io/instance: jellyfin
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: jellyfin
+        app.kubernetes.io/instance: jellyfin
+        app.kubernetes.io/component: media-server
+        app.kubernetes.io/part-of: jellyfin
+    spec:
+      securityContext:
+        runAsUser: 65534
+        runAsGroup: 65534
+        fsGroup: 65534
+        fsGroupChangePolicy: OnRootMismatch
+      volumes:
+      - name: logs
+        emptyDir: {}
+      - name: tmp
+        emptyDir: {}
+      - name: music
+        nfs:
+          path: /mnt/artemis/data/media/music
+          server: nas1.private.swifthomelab.net
+      terminationGracePeriodSeconds: 90
+      containers:
+      - name: jellyfin
+        image: jellyfin/jellyfin:10.10.3@sha256:17c3a8d9dddb97789b5f37112840ebf96566442c14d4754193a6c2eb154bc221
+        ports:
+        - containerPort: 8096
+          name: http
+        env:
+        - name: JELLYFIN_PublishedServerUrl
+          value: https://music.swifthomelab.net
+        resources:
+          requests:
+            cpu: 1500m
+            memory: 1000Mi
+          limits:
+            cpu: 7000m
+            memory: 3500Mi
+        volumeMounts:
+        - name: config
+          mountPath: /config
+        - name: cache
+          mountPath: /cache
+        - name: music
+          mountPath: /music
+        - name: logs
+          mountPath: /var/logs
+        - name: tmp
+          mountPath: /tmp
+  volumeClaimTemplates:
+  - metadata:
+      name: config
+    spec:
+      accessModes: [ReadWriteOnce]
+      storageClassName: csi-rbd-sc
+      resources:
+        requests:
+          storage: 15Gi
+  - metadata:
+      name: cache
+    spec:
+      accessModes: [ReadWriteOnce]
+      storageClassName: csi-rbd-sc
+      resources:
+        requests:
+          storage: 20Gi
diff --git a/defs/jellyfin.yaml b/defs/jellyfin.yaml
new file mode 100644
index 0000000..e7a00ea
--- /dev/null
+++ b/defs/jellyfin.yaml
@@ -0,0 +1,22 @@
+# yaml-language-server: $schema=https://raw.githubusercontent.com/datreeio/CRDs-catalog/refs/heads/main/argoproj.io/application_v1alpha1.json
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: jellyfin
+  namespace: argocd
+  annotations:
+    argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
+  finalizers:
+  - resources-finalizer.argocd.argoproj.io
+spec:
+  destination:
+    namespace: jellyfin
+    server: https://kubernetes.default.svc
+  project: default
+  source:
+    path: apps/jellyfin
+    repoURL: https://github.com/JosBritton/cd.git
+    targetRevision: HEAD
+  syncPolicy:
+    syncOptions:
+    - CreateNamespace=true