diff --git a/hosts/iron/configuration.nix b/hosts/iron/configuration.nix
index cdf307b..57a422a 100644
--- a/hosts/iron/configuration.nix
+++ b/hosts/iron/configuration.nix
@@ -218,7 +218,15 @@ with lib; {
       };
     };
 
-    hardware.enableRedistributableFirmware = true;
+    hardware = {
+      enableRedistributableFirmware = true;
+      graphics = {
+        enable = true;
+        extraPackages = [
+          pkgs.intel-vaapi-driver
+        ];
+      };
+    };
 
     virtualisation.containers.storage.settings = {
       storage = {
diff --git a/hosts/iron/services/jellyfin/default.nix b/hosts/iron/services/jellyfin/default.nix
index f5c31ab..eb4e918 100644
--- a/hosts/iron/services/jellyfin/default.nix
+++ b/hosts/iron/services/jellyfin/default.nix
@@ -24,10 +24,12 @@ in
   services.jellyfin = {
     enable = true;
   };
+
   systemd.services.jellyfin = {
     serviceConfig = {
       ###MemoryDenyWriteExecute = true;
       BindPaths = [
+        "/dev/dri/renderD128"
         "/var/cache/jellyfin"
         "/var/lib/jellyfin"
       ];
@@ -38,13 +40,15 @@ in
         "/filebitch/pub/Filme"
         "/filebitch/pub/Serien"
         "/nix/store"
+        "/run/opengl-driver"
         "/var/lib/qBittorrent/downloads"
       ];
       CapabilityBoundingSet = "";
+      DeviceAllow = "/dev/dri/renderD128 rw";
       #IPAddressAllow = "localhost";
       #IPAddressDeny = "any";
       LockPersonality = true;
-      PrivateDevices = lib.mkForce true;
+      PrivateDevices = false;
       PrivateUsers = true;
       ProtectClock = true;
       ProtectControlGroups = true;