diff --git a/modules/config/instances/config/jellyfin.nix b/modules/config/instances/config/jellyfin.nix
index 80d53ba..a079ded 100755
--- a/modules/config/instances/config/jellyfin.nix
+++ b/modules/config/instances/config/jellyfin.nix
@@ -43,7 +43,7 @@ in
     macUser = "03:00:00:00:00:04";
     ip = "192.168.50.152";
     gate = "192.168.50.1";
-    ssh = 2202;
+    ssh = 2203;
   };
   ssl = {
     path = ssl;
diff --git a/modules/nixos/services/jellyfin/default.nix b/modules/nixos/services/jellyfin/default.nix
index c909736..52d5269 100755
--- a/modules/nixos/services/jellyfin/default.nix
+++ b/modules/nixos/services/jellyfin/default.nix
@@ -13,7 +13,7 @@ let
   dns0Path = "dns/${dns0}";
 in
 {
-  microvm.vms.jellyin = {
+  microvm.vms.jellyfin = {
     autostart = true;
     restartIfChanged = true;
     config = {
@@ -46,12 +46,10 @@ in
         enable = true;
         networks."20-lan" = {
           matchConfig.Name = "enp0s5";
-          addresses = [
-            { Address = "${serviceCfg.interface.ip}/24"; }
-          ];
+          addresses = [ { Address = "${serviceCfg.interface.ip}/24"; } ];
           routes = [
             {
-              Destination = "${hostCfg.localhost.address1}/0";
+              Destination = "0.0.0.0/0";
               Gateway = serviceCfg.interface.gate;
             }
           ];
@@ -68,6 +66,7 @@ in
         vcpu = 4;
         mem = 4096;
         hypervisor = "qemu";
+
         interfaces = [
           {
             type = "tap";
@@ -110,6 +109,17 @@ in
           }
         ];
       };
+
+      # Increase tmpfs size for /tmp to satisfy Jellyfin's 2GB requirement
+      # By default, tmpfs is limited to 50% of RAM, but we need more space
+      fileSystems."/tmp" = {
+        device = "tmpfs";
+        fsType = "tmpfs";
+        options = [
+          "size=3G"
+          "mode=1777"
+        ];
+      };
     };
   };
 
@@ -128,9 +138,6 @@ in
               header_up X-Real-IP {remote_host}
             }
 
-            redir /.well-known/carddav /remote.php/dav/ 301
-            redir /.well-known/caldav /remote.php/dav/ 301
-
             tls ${serviceCfg.ssl.cert} ${serviceCfg.ssl.key}
             encode zstd gzip
           '';
@@ -142,8 +149,10 @@ in
   users.users.caddy.extraGroups = [ "acme" ];
 
   systemd.tmpfiles.rules = [
-    "d ${serviceCfg.mntPaths.path0} 0755 root root -"
-    "d ${serviceCfg.mntPaths.path0}/cache 0755 root root -"
+    # Create directories with 777 permissions so the jellyfin user (UID 999) inside the VM can write
+    # VirtioFS preserves host permissions, and we can't easily match UIDs between host and guest
+    "d ${serviceCfg.mntPaths.path0} 0777 root root -"
+    "d ${serviceCfg.mntPaths.path0}/cache 0777 root root -"
   ];
 
 }