switch to cap based home configs

2026-01-20 16:57:10 +01:00 · 2026-01-20 16:57:10 +01:00 · 49b6f5bde0
commit 49b6f5bde0
parent 50ee9aac83
64 changed files with 2064 additions and 1779 deletions
--- a/hosts/fili/services/media/autobrr.nix
+++ b/hosts/fili/services/media/autobrr.nix
@ -0,0 +1,54 @@
+{ config, secrets, ... }:
+{
+  sops.secrets.autobrr = {
+    sopsFile = "${secrets}/autobrr.yaml";
+    key = "key";
+    format = "yaml";
+  };
+
+  services.nginx = {
+    virtualHosts."autobrr.donsz.nl" = {
+      forceSSL = true;
+      http2 = true;
+      enableACME = true;
+
+      locations."/" = {
+        proxyPass = "http://${config.services.autobrr.settings.host}:${toString config.services.autobrr.settings.port}";
+      };
+    };
+  };
+
+  # oauth access to the service
+  services.oauth2-proxy.nginx.virtualHosts."autobrr.donsz.nl" = {
+    allowed_groups = [ "torrent" ];
+  };
+
+  # vpnNamespaces.mullvad.portMappings = [
+  #   {
+  #     from = config.services.autobrr.settings.port;
+  #     to = config.services.autobrr.settings.port;
+  #   }
+  # ];
+  # vpnNamespaces.mullvad.openVPNPorts = [
+  #   {
+  #     # irc port
+  #     port = 7021;
+  #     protocol = "both";
+  #   }
+  # ];
+  # systemd.services.autobrr.vpnConfinement = {
+  #   enable = true;
+  #   vpnNamespace = "mullvad";
+  # };
+
+  services.autobrr = {
+    enable = true;
+    settings = {
+      logLevel = "DEBUG";
+      checkForUpdates = false;
+      host = "localhost";
+      port = 11012;
+    };
+    secretFile = config.sops.secrets.autobrr.path;
+  };
+}