diff --git a/hosts/nixos/hs/containers.nix b/hosts/nixos/hs/containers.nix
index 3279950..6e3a8c8 100644
--- a/hosts/nixos/hs/containers.nix
+++ b/hosts/nixos/hs/containers.nix
@@ -98,43 +98,6 @@ in
       autoStart = true;
     };
 
-    # Jellyfin media server
-    jellyfin = {
-      image = "docker.io/linuxserver/jellyfin:latest";
-      
-      volumes = [
-        "/var/lib/containers/config/jellyfin:/config"
-        "/mnt/storage/Media:/data"
-      ];
-
-      labels = {
-        "traefik.enable" = "true";
-        "traefik.http.routers.jellyfin.rule" = "Host(`jellyfin.${config.networking.hostName}.yanlincs.com`)";
-        "traefik.http.routers.jellyfin.entrypoints" = "websecure";
-        "traefik.http.routers.jellyfin.tls" = "true";
-        "traefik.http.routers.jellyfin.tls.certresolver" = "cloudflare";
-        "traefik.http.routers.jellyfin.tls.domains[0].main" = "*.${config.networking.hostName}.yanlincs.com";
-        "traefik.http.services.jellyfin.loadbalancer.server.port" = "8096";
-      };
-      
-      environment = {
-        PUID = commonUID;
-        PGID = commonGID;
-        TZ = systemTZ;
-      };
-      
-      ports = [
-        "5002:8096"
-      ];
-      
-      extraOptions = [
-        "--network=podman"
-        "--device=/dev/dri:/dev/dri"  # Hardware acceleration
-      ];
-      
-      autoStart = true;
-    };
-
     # qBittorrent torrent client
     qbittorrent = {
       image = "docker.io/linuxserver/qbittorrent:4.6.7";
@@ -183,57 +146,5 @@ in
       autoStart = true;
     };
 
-    # Sonarr TV show management
-    sonarr = {
-      image = "docker.io/linuxserver/sonarr:latest";
-
-      volumes = [
-        "/var/lib/containers/config/sonarr:/config"
-        "/mnt/storage/Media:/data"
-      ];
-
-      environment = {
-        PUID = commonUID;
-        PGID = commonGID;
-        TZ = systemTZ;
-      };
-
-      ports = [
-        "5003:8989"
-      ];
-
-      extraOptions = [
-        "--network=podman"
-      ];
-
-      autoStart = true;
-    };
-
-    # Radarr movie management
-    radarr = {
-      image = "docker.io/linuxserver/radarr:latest";
-
-      volumes = [
-        "/var/lib/containers/config/radarr:/config"
-        "/mnt/storage/Media:/data"
-      ];
-
-      environment = {
-        PUID = commonUID;
-        PGID = commonGID;
-        TZ = systemTZ;
-      };
-
-      ports = [
-        "5004:7878"
-      ];
-
-      extraOptions = [
-        "--network=podman"
-      ];
-
-      autoStart = true;
-    };
-
   };
 }
diff --git a/hosts/nixos/hs/proxy.nix b/hosts/nixos/hs/proxy.nix
index 846616b..4bbcb94 100644
--- a/hosts/nixos/hs/proxy.nix
+++ b/hosts/nixos/hs/proxy.nix
@@ -16,6 +16,17 @@
           };
         };
 
+        jellyfin = {
+          rule = "Host(`jellyfin.${config.networking.hostName}.yanlincs.com`)";
+          service = "jellyfin";
+          tls = {
+            certResolver = "cloudflare";
+            domains = [{
+              main = "*.${config.networking.hostName}.yanlincs.com";
+            }];
+          };
+        };
+
       };
 
       services = {
@@ -27,6 +38,14 @@
           };
         };
 
+        jellyfin = {
+          loadBalancer = {
+            servers = [{
+              url = "http://127.0.0.1:8096";
+            }];
+          };
+        };
+
       };
     };
   };
diff --git a/hosts/nixos/hs/system.nix b/hosts/nixos/hs/system.nix
index 8b79cb4..5bccf06 100644
--- a/hosts/nixos/hs/system.nix
+++ b/hosts/nixos/hs/system.nix
@@ -10,6 +10,7 @@
     ../../../modules/borg/client.nix
     ../../../modules/login-display.nix
     ../../../modules/samba.nix
+    ../../../modules/media-server.nix
   ];
 
   # Automatic container updates
@@ -274,4 +275,13 @@
     user = "yanlin";
   };
 
+  # Media server services
+  services.media-server = {
+    user = "yanlin";
+    sonarr.enable = true;
+    radarr.enable = true;
+    jellyfin.enable = true;
+    deluge.enable = true;
+  };
+
 }
diff --git a/modules/media-server.nix b/modules/media-server.nix
new file mode 100644
index 0000000..13c978e
--- /dev/null
+++ b/modules/media-server.nix
@@ -0,0 +1,57 @@
+{ config, pkgs, lib, ... }:
+
+let
+  cfg = config.services.media-server;
+in
+{
+  options.services.media-server = {
+    user = lib.mkOption {
+      type = lib.types.str;
+      default = "media";
+      description = "User to run media services";
+    };
+
+    group = lib.mkOption {
+      type = lib.types.str;
+      default = "users";
+      description = "Group for media services";
+    };
+
+    sonarr.enable = lib.mkEnableOption "Sonarr TV show management"; # port 8989
+    radarr.enable = lib.mkEnableOption "Radarr movie management"; # port 7878
+    jellyfin.enable = lib.mkEnableOption "Jellyfin media server"; # port 8096
+    deluge.enable = lib.mkEnableOption "Deluge torrent client"; # web port 8112
+  };
+
+  config = {
+    services.sonarr = lib.mkIf cfg.sonarr.enable {
+      enable = true;
+      user = cfg.user;
+      group = cfg.group;
+      openFirewall = false;
+    };
+
+    services.radarr = lib.mkIf cfg.radarr.enable {
+      enable = true;
+      user = cfg.user;
+      group = cfg.group;
+      openFirewall = false;
+    };
+
+    services.jellyfin = lib.mkIf cfg.jellyfin.enable {
+      enable = true;
+      user = cfg.user;
+      group = cfg.group;
+      openFirewall = false;
+    };
+
+    services.deluge = lib.mkIf cfg.deluge.enable {
+      enable = true;
+      user = cfg.user;
+      group = cfg.group;
+      openFirewall = false;
+      web.enable = true;
+      web.openFirewall = false;
+    };
+  };
+}