diff --git a/.github/workflows/eval.yaml b/.github/workflows/eval.yaml
index 1997213..494704f 100644
--- a/.github/workflows/eval.yaml
+++ b/.github/workflows/eval.yaml
@@ -1,10 +1,8 @@
 name: Eval NixOS Configurations
 
 on:
-  push:
-    branches:
-      - deploy
-  workflow_dispatch:
+  check_suite:
+    types: [completed]
 
 permissions:
   contents: write
diff --git a/machines/calcite/configuration.nix b/machines/calcite/configuration.nix
index c8e4e4a..a3c84c4 100644
--- a/machines/calcite/configuration.nix
+++ b/machines/calcite/configuration.nix
@@ -15,23 +15,12 @@ in
     ../sops.nix
   ];
 
-  services.comin = {
-    enable = true;
-    remotes = [
-      {
-        name = "origin";
-        url = "https://github.com/xinyangli/nixos-config.git";
-        branches.main.name = "deploy-comin-eval";
-      }
-    ];
-    hostname = config.networking.hostName;
-  };
-
   commonSettings = {
     # auth.enable = true;
     nix = {
       signing.enable = true;
     };
+    comin.enable = true;
   };
 
   # Bootloader.
diff --git a/machines/weilite/default.nix b/machines/weilite/default.nix
index 9d8cd04..bae1b92 100644
--- a/machines/weilite/default.nix
+++ b/machines/weilite/default.nix
@@ -19,6 +19,7 @@
       nix = {
         enable = true;
       };
+      comin.enable = true;
     };
 
     boot = {
@@ -38,7 +39,10 @@
 
     nixpkgs.config.allowUnfree = true;
 
-    environment.systemPackages = [ pkgs.virtiofsd ];
+    environment.systemPackages = [
+      pkgs.virtiofsd
+      pkgs.intel-gpu-tools
+    ];
 
     sops = {
       defaultSopsFile = ./secrets.yaml;
@@ -94,15 +98,32 @@
         options = "rw,nodev,nosuid";
         wantedBy = [ "restic-rest-server.service" ];
       }
+      # {
+      #   what = "ocis";
+      #   where = "/var/lib/ocis";
+      #   type = "virtiofs";
+      #   options = "rw,nodev,nosuid";
+      #   wantedBy = [ "ocis.service" ];
+      # }
       {
-        what = "ocis";
-        where = "/var/lib/ocis";
+        what = "media";
+        where = "/var/lib/jellyfin/media";
         type = "virtiofs";
         options = "rw,nodev,nosuid";
-        wantedBy = [ "ocis.service" ];
       }
     ];
 
+    hardware.graphics = {
+      enable = true;
+      extraPackages = with pkgs; [
+        intel-media-driver
+        intel-vaapi-driver
+        vaapiVdpau
+        intel-compute-runtime # OpenCL filter support (hardware tonemapping and subtitle burn-in)
+        intel-media-sdk # QSV up to 11th gen
+      ];
+    };
+
     services.openssh.ports = [
       22
       2222
diff --git a/machines/weilite/services/default.nix b/machines/weilite/services/default.nix
index 0a6e4ca..5a5cc25 100644
--- a/machines/weilite/services/default.nix
+++ b/machines/weilite/services/default.nix
@@ -4,5 +4,6 @@
     ./restic.nix
     ./media-download.nix
     ./immich.nix
+    ./jellyfin.nix
   ];
 }
diff --git a/machines/weilite/services/jellyfin.nix b/machines/weilite/services/jellyfin.nix
new file mode 100644
index 0000000..d321de5
--- /dev/null
+++ b/machines/weilite/services/jellyfin.nix
@@ -0,0 +1,15 @@
+{ config, pkgs, ... }:
+{
+  services.jellyfin.enable = true;
+
+  environment.systemPackages = with pkgs; [
+    jellyfin
+    jellyfin-web
+    jellyfin-ffmpeg
+  ];
+  services.caddy.virtualHosts."https://weilite.coho-tet.ts.net:8920".extraConfig = ''
+    reverse_proxy 127.0.0.1:8096
+  '';
+  networking.firewall.allowedTCPPorts = [ 8920 ]; # allow on lan
+  users.users.jellyfin.extraGroups = [ "render" ];
+}
diff --git a/modules/nixos/default.nix b/modules/nixos/default.nix
index d2f210d..33929ce 100644
--- a/modules/nixos/default.nix
+++ b/modules/nixos/default.nix
@@ -2,6 +2,7 @@
   imports = [
     ./common-settings/auth.nix
     ./common-settings/autoupgrade.nix
+    ./common-settings/comin.nix
     ./common-settings/nix-conf.nix
     ./common-settings/proxy-server.nix
     ./common-settings/mainland.nix