diff --git a/nomad/ansible_hosts.yml b/nomad/ansible_hosts.yml
index 3935b21..b66b790 100644
--- a/nomad/ansible_hosts.yml
+++ b/nomad/ansible_hosts.yml
@@ -6,9 +6,27 @@ all:
         nomad0.thefij:
           # consul_node_role: bootstrap
           nomad_node_role: both
-          nomad_host_volumes:
+          nomad_unique_host_volumes:
             - name: mysql-data
-              path: /srv/volumes/mysql-data
+              path: /srv/volumes/mysql
+              owner: "root"
+              group: "bin"
+              mode: "0755"
+              read_only: false
+            - name: nextcloud-data
+              path: /srv/volumes/nextcloud
+              owner: "root"
+              group: "bin"
+              mode: "0755"
+              read_only: false
+            - name: gitea-data
+              path: /srv/volumes/gitea
+              owner: "root"
+              group: "bin"
+              mode: "0755"
+              read_only: false
+            - name: authentik-data
+              path: /srv/volumes/gitea
               owner: "root"
               group: "bin"
               mode: "0755"
diff --git a/nomad/media/caddy.nomad b/nomad/media/caddy.nomad
new file mode 100644
index 0000000..48c0b15
--- /dev/null
+++ b/nomad/media/caddy.nomad
@@ -0,0 +1,74 @@
+job "multimedia" {
+  datacenters = ["dc1"]
+  type = "service"
+
+  group "multimedia" {
+    count = 1
+
+    network {
+      mode = "bridge"
+      port "web" {
+        host_network = "loopback"
+        to = 80
+      }
+    }
+
+    volume "media-read" {
+      type = "host"
+      read_only = true
+      source = "media-read"
+    }
+
+    service {
+      name = "library"
+      port = "web"
+
+      connect {
+        sidecar_service {
+          proxy {
+            local_service_port = 80
+          }
+        }
+
+        sidecar_task {
+          resources {
+            cpu    = 50
+            memory = 50
+          }
+        }
+      }
+
+      tags = [
+        "traefik.enable=true",
+        "traefik.http.routers.library.entryPoints=websecure",
+      ]
+    }
+    
+    task "main" {
+      driver = "docker"
+
+      volume_mount {
+        volume = "media-read"
+        destination = "/mnt/media"
+        read_only = true
+      }
+      
+      config {
+        image = "caddy"
+        args = [
+          "caddy",
+          "file-server",
+          "--root",
+          "/mnt/media",
+          "--browse",
+        ]
+        ports = ["web"]
+      }
+
+      resources {
+        cpu = 50
+        memory = 250
+      }
+    }
+  }
+}
diff --git a/nomad/media/media.tf b/nomad/media/media.tf
new file mode 100644
index 0000000..7accf24
--- /dev/null
+++ b/nomad/media/media.tf
@@ -0,0 +1,7 @@
+resource "nomad_job" "caddy" {
+  hcl2 {
+    enabled = true
+  }
+
+  jobspec = file("${path.module}/caddy.nomad")
+}
diff --git a/nomad/nextcloud/nextcloud.nomad b/nomad/nextcloud/nextcloud.nomad
index c976a38..a5b85a8 100644
--- a/nomad/nextcloud/nextcloud.nomad
+++ b/nomad/nextcloud/nextcloud.nomad
@@ -28,6 +28,12 @@ job "nextcloud" {
       }
     }
 
+    volume "nextcloud-data" {
+      type = "host"
+      read_only = false
+      source = "nextcloud-data"
+    }
+
     service {
       name = "nextcloud"
       port = "web"
@@ -100,6 +106,12 @@ job "nextcloud" {
 
     task "main" {
       driver = "docker"
+
+      volume_mount {
+        volume = "nextcloud-data"
+        destination = "/var/www/html"
+        read_only = false
+      }
       
       config {
         image = "nextcloud"
diff --git a/nomad/services.tf b/nomad/services.tf
index 83b29b9..1e932a9 100644
--- a/nomad/services.tf
+++ b/nomad/services.tf
@@ -32,6 +32,10 @@ module "nextcloud" {
   depends_on = [module.mysql-server]
 }
 
+module "media" {
+  source = "./media"
+}
+
 resource "nomad_job" "whoami" {
   hcl2 {
     enabled = true
diff --git a/nomad/setup-cluster.yml b/nomad/setup-cluster.yml
index d741b12..ad50e58 100644
--- a/nomad/setup-cluster.yml
+++ b/nomad/setup-cluster.yml
@@ -97,11 +97,52 @@
 #         name: podman
 #         state: present
 
+- name: Create NFS mounts
+  hosts: nomad_instances
+  become: true
+
+  tasks:
+    - name: Install nfs
+      package:
+        name: nfs-common
+        state: present
+
+    - name: Create Motioneye NFS mount
+      ansible.posix.mount:
+        src: 192.168.2.10:/Recordings/Motioneye
+        path: /srv/volumes/motioneye-recordings
+        opts: proto=tcp,port=2049,rw
+        state: mounted
+        fstype: nfs4
+
+    - name: Create Media Library RO NFS mount
+      ansible.posix.mount:
+        src: 192.168.2.10:/Multimedia
+        path: /srv/volumes/media-read
+        opts: proto=tcp,port=2049,ro
+        state: mounted
+        fstype: nfs4
+
 - name: Build Nomad cluster
   hosts: nomad_instances
   any_errors_fatal: true
   become: true
 
+  vars:
+    shared_host_volumes:
+      - name: motioneye-recordings
+        path: /srv/volumes/motioneye-recordings
+        owner: "root"
+        group: "bin"
+        mode: "0755"
+        read_only: false
+      - name: media-read
+        path: /srv/volumes/media-read
+        owner: "root"
+        group: "root"
+        mode: "0777"
+        read_only: true
+
   roles:
     - name: ansible-nomad
       vars:
@@ -137,6 +178,8 @@
         nomad_docker_dmsetup: false
         # nomad_podman_enable: true
 
+        nomad_host_volumes: "{{ shared_host_volumes + (nomad_unique_host_volumes | default([])) }}"
+
         # Customize docker plugin
         nomad_plugins:
           docker: