diff --git a/fili/services/media/autobrr.nix b/fili/services/media/autobrr.nix
index 9326bfb..16379d8 100644
--- a/fili/services/media/autobrr.nix
+++ b/fili/services/media/autobrr.nix
@@ -18,16 +18,35 @@
     };
   };
 
+  # oauth access to the service
   services.oauth2-proxy.nginx.virtualHosts."autobrr.donsz.nl" = {
     allowed_groups = [ "torrent" ];
   };
 
+  # vpnNamespaces.mullvad.portMappings = [
+  #   {
+  #     from = config.services.autobrr.settings.port;
+  #     to = config.services.autobrr.settings.port;
+  #   }
+  # ];
+  # vpnNamespaces.mullvad.openVPNPorts = [
+  #   {
+  #     # irc port
+  #     port = 7021;
+  #     protocol = "both";
+  #   }
+  # ];
+  # systemd.services.autobrr.vpnConfinement = {
+  #   enable = true;
+  #   vpnNamespace = "mullvad";
+  # };
+
   services.autobrr = {
     enable = true;
     settings = {
       logLevel = "DEBUG";
       checkForUpdates = false;
-      host = "[::1]";
+      host = "localhost";
       port = 11012;
     };
     secretFile = config.sops.secrets.autobrr.path;
diff --git a/fili/services/media/default.nix b/fili/services/media/default.nix
index ceeb1d3..3ad1eb9 100644
--- a/fili/services/media/default.nix
+++ b/fili/services/media/default.nix
@@ -7,5 +7,6 @@ _: {
     ./jackett.nix
     ./jellyfin.nix
     ./autobrr.nix
+    ./vpn.nix
   ];
 }
diff --git a/fili/services/media/jackett.nix b/fili/services/media/jackett.nix
index 49103c8..cec59f3 100644
--- a/fili/services/media/jackett.nix
+++ b/fili/services/media/jackett.nix
@@ -1,4 +1,5 @@
-_: {
+{ config, ... }:
+{
   services.nginx = {
     virtualHosts."jackett.donsz.nl" = {
       forceSSL = true;
@@ -6,11 +7,22 @@ _: {
       enableACME = true;
 
       locations."/" = {
-        proxyPass = "http://[::1]:9117";
+        proxyPass = "http://localhost:${toString config.services.jackett.port}";
       };
     };
   };
 
+  # vpnNamespaces.mullvad.portMappings = [
+  #   {
+  #     from = config.services.jackett.port;
+  #     to = config.services.jackett.port;
+  #   }
+  # ];
+  # systemd.services.autobrr.vpnConfinement = {
+  #   enable = true;
+  #   vpnNamespace = "mullvad";
+  # };
+
   services.oauth2-proxy.nginx.virtualHosts."jackett.donsz.nl" = {
     allowed_groups = [ "torrent" ];
   };
@@ -19,5 +31,6 @@ _: {
     enable = true;
     group = "jellyfin";
     user = "jellyfin";
+    port = 11013;
   };
 }
diff --git a/fili/services/media/torrent.nix b/fili/services/media/torrent.nix
index 4f7b192..c615145 100644
--- a/fili/services/media/torrent.nix
+++ b/fili/services/media/torrent.nix
@@ -1,71 +1,21 @@
+{ pkgs, ... }:
 {
-  config,
-  pkgs,
-  secrets,
-  ...
-}:
-{
-  sops.secrets.mullvad = {
-    sopsFile = "${secrets}/mullvad.yaml";
-    owner = "root";
-    format = "yaml";
-  };
-
-  vpnNamespaces.mullvad = {
-    enable = true;
-    wireguardConfigFile = config.sops.secrets.mullvad.path;
-    accessibleFrom = [
-      "192.168.0.0/16"
-    ];
-    portMappings = [
-      {
-        from = 9091;
-        to = 9091;
-      } # UI Port.
-      {
-        from = 5432;
-        to = 5432;
-      } # DB Port.
-    ];
-    openVPNPorts = [
-      {
-        port = 50901;
-        protocol = "both";
-      }
-      {
-        port = 50902;
-        protocol = "both";
-      }
-      {
-        port = 50903;
-        protocol = "both";
-      }
-      {
-        port = 50904;
-        protocol = "both";
-      }
-      {
-        port = 50905;
-        protocol = "both";
-      }
-      {
-        port = 50906;
-        protocol = "both";
-      }
-      {
-        port = 50907;
-        protocol = "both";
-      }
-      {
-        port = 50908;
-        protocol = "both";
-      }
-      {
-        port = 50909;
-        protocol = "both";
-      }
-    ];
-  };
+  vpnNamespaces.mullvad.portMappings = [
+    {
+      from = 9091;
+      to = 9091;
+    } # UI Port.
+    {
+      from = 5432;
+      to = 5432;
+    } # DB Port.
+  ];
+  vpnNamespaces.mullvad.openVPNPorts = [
+    {
+      port = 50909;
+      protocol = "both";
+    }
+  ];
 
   services.nginx = {
     virtualHosts."dl.donsz.nl" = {
diff --git a/fili/services/media/vpn.nix b/fili/services/media/vpn.nix
new file mode 100644
index 0000000..a958334
--- /dev/null
+++ b/fili/services/media/vpn.nix
@@ -0,0 +1,16 @@
+{ config, secrets, ... }:
+{
+  sops.secrets.mullvad = {
+    sopsFile = "${secrets}/mullvad.yaml";
+    owner = "root";
+    format = "yaml";
+  };
+
+  vpnNamespaces.mullvad = {
+    enable = true;
+    wireguardConfigFile = config.sops.secrets.mullvad.path;
+    accessibleFrom = [
+      "192.168.0.0/16"
+    ];
+  };
+}
diff --git a/fili/services/websites/money-is-fckn-gay.nix b/fili/services/websites/money-is-fckn-gay.nix
index d1864bd..6a16f65 100644
--- a/fili/services/websites/money-is-fckn-gay.nix
+++ b/fili/services/websites/money-is-fckn-gay.nix
@@ -62,7 +62,7 @@ in
     staging.nginx
   ];
   systemd.services.money = real.service;
-  systemd.services.money-s1212lskjadfasljdftaging = lib.mkMerge [
+  systemd.services.money-staging = lib.mkMerge [
     staging.service
     {
       serviceConfig.ExecStartPre = "${(pkgs.writeShellScriptBin "setup-staging" ''
diff --git a/flake.lock b/flake.lock
index a621f5b..117ac98 100644
--- a/flake.lock
+++ b/flake.lock
@@ -268,11 +268,11 @@
         "nixpkgs": "nixpkgs_4"
       },
       "locked": {
-        "lastModified": 1767006760,
-        "narHash": "sha256-OeaRlOEEWWGhoXyQlPFgdGsIIRazVi8/Y1B/vB45Xcs=",
+        "lastModified": 1767710337,
+        "narHash": "sha256-IjtTEr5ZTIvlE/ceC68144dxe38cv7RM0bhIUKeehT0=",
         "owner": "jdonszelmann",
         "repo": "homepage",
-        "rev": "f0af54274128437879400d4e353bb09c14d64921",
+        "rev": "479a5d6f064ea52d942bc85e2b3f19e4c79d2805",
         "type": "github"
       },
       "original": {