jana/server
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

site update and some vpn shit
Some checks failed
/ lint (push) Failing after 43s
Details

Browse source
This commit is contained in:
Jana Dönszelmann 2026-01-06 02:28:43 +01:00
parent b0158e96c8
commit 8ebf4b74e6
No known key found for this signature in database
7 changed files with 73 additions and 74 deletions
Download patch file Download diff file Expand all files Collapse all files

21
fili/services/media/autobrr.nix
View file

@ -18,16 +18,35 @@
}; };
}; };
# oauth access to the service
services.oauth2-proxy.nginx.virtualHosts."autobrr.donsz.nl" = { services.oauth2-proxy.nginx.virtualHosts."autobrr.donsz.nl" = {
allowed_groups = [ "torrent" ]; allowed_groups = [ "torrent" ];
}; };
# vpnNamespaces.mullvad.portMappings = [
# {
# from = config.services.autobrr.settings.port;
# to = config.services.autobrr.settings.port;
# }
# ];
# vpnNamespaces.mullvad.openVPNPorts = [
# {
# # irc port
# port = 7021;
# protocol = "both";
# }
# ];
# systemd.services.autobrr.vpnConfinement = {
# enable = true;
# vpnNamespace = "mullvad";
# };
services.autobrr = { services.autobrr = {
enable = true; enable = true;
settings = { settings = {
logLevel = "DEBUG"; logLevel = "DEBUG";
checkForUpdates = false; checkForUpdates = false;
host = "[::1]"; host = "localhost";
port = 11012; port = 11012;
}; };
secretFile = config.sops.secrets.autobrr.path; secretFile = config.sops.secrets.autobrr.path;

1
fili/services/media/default.nix
View file

@ -7,5 +7,6 @@ _: {
./jackett.nix ./jackett.nix
./jellyfin.nix ./jellyfin.nix
./autobrr.nix ./autobrr.nix
./vpn.nix
]; ];
} }

17
fili/services/media/jackett.nix
View file

@ -1,4 +1,5 @@
_: { { config, ... }:
{
services.nginx = { services.nginx = {
virtualHosts."jackett.donsz.nl" = { virtualHosts."jackett.donsz.nl" = {
forceSSL = true; forceSSL = true;
@ -6,11 +7,22 @@ _: {
enableACME = true; enableACME = true;
locations."/" = { locations."/" = {
proxyPass = "http://[::1]:9117"; proxyPass = "http://localhost:${toString config.services.jackett.port}";
}; };
}; };
}; };
# vpnNamespaces.mullvad.portMappings = [
# {
# from = config.services.jackett.port;
# to = config.services.jackett.port;
# }
# ];
# systemd.services.autobrr.vpnConfinement = {
# enable = true;
# vpnNamespace = "mullvad";
# };
services.oauth2-proxy.nginx.virtualHosts."jackett.donsz.nl" = { services.oauth2-proxy.nginx.virtualHosts."jackett.donsz.nl" = {
allowed_groups = [ "torrent" ]; allowed_groups = [ "torrent" ];
}; };
@ -19,5 +31,6 @@ _: {
enable = true; enable = true;
group = "jellyfin"; group = "jellyfin";
user = "jellyfin"; user = "jellyfin";
port = 11013;
}; };
} }

56
fili/services/media/torrent.nix
View file

@ -1,23 +1,6 @@
{ pkgs, ... }:
{ {
config, vpnNamespaces.mullvad.portMappings = [
pkgs,
secrets,
...
}:
{
sops.secrets.mullvad = {
sopsFile = "${secrets}/mullvad.yaml";
owner = "root";
format = "yaml";
};
vpnNamespaces.mullvad = {
enable = true;
wireguardConfigFile = config.sops.secrets.mullvad.path;
accessibleFrom = [
"192.168.0.0/16"
];
portMappings = [
{ {
from = 9091; from = 9091;
to = 9091; to = 9091;
@ -27,45 +10,12 @@
to = 5432; to = 5432;
} # DB Port. } # DB Port.
]; ];
openVPNPorts = [ vpnNamespaces.mullvad.openVPNPorts = [
{
port = 50901;
protocol = "both";
}
{
port = 50902;
protocol = "both";
}
{
port = 50903;
protocol = "both";
}
{
port = 50904;
protocol = "both";
}
{
port = 50905;
protocol = "both";
}
{
port = 50906;
protocol = "both";
}
{
port = 50907;
protocol = "both";
}
{
port = 50908;
protocol = "both";
}
{ {
port = 50909; port = 50909;
protocol = "both"; protocol = "both";
} }
]; ];
};
services.nginx = { services.nginx = {
virtualHosts."dl.donsz.nl" = { virtualHosts."dl.donsz.nl" = {

16
fili/services/media/vpn.nix Normal file
View file

@ -0,0 +1,16 @@
{ config, secrets, ... }:
{
sops.secrets.mullvad = {
sopsFile = "${secrets}/mullvad.yaml";
owner = "root";
format = "yaml";
};
vpnNamespaces.mullvad = {
enable = true;
wireguardConfigFile = config.sops.secrets.mullvad.path;
accessibleFrom = [
"192.168.0.0/16"
];
};
}

2
fili/services/websites/money-is-fckn-gay.nix
View file

@ -62,7 +62,7 @@ in
staging.nginx staging.nginx
]; ];
systemd.services.money = real.service; systemd.services.money = real.service;
systemd.services.money-s1212lskjadfasljdftaging = lib.mkMerge [ systemd.services.money-staging = lib.mkMerge [
staging.service staging.service
{ {
serviceConfig.ExecStartPre = "${(pkgs.writeShellScriptBin "setup-staging" '' serviceConfig.ExecStartPre = "${(pkgs.writeShellScriptBin "setup-staging" ''

6
flake.lock generated
View file

@ -268,11 +268,11 @@
"nixpkgs": "nixpkgs_4" "nixpkgs": "nixpkgs_4"
}, },
"locked": { "locked": {
"lastModified": 1767006760, "lastModified": 1767710337,
"narHash": "sha256-OeaRlOEEWWGhoXyQlPFgdGsIIRazVi8/Y1B/vB45Xcs=", "narHash": "sha256-IjtTEr5ZTIvlE/ceC68144dxe38cv7RM0bhIUKeehT0=",
"owner": "jdonszelmann", "owner": "jdonszelmann",
"repo": "homepage", "repo": "homepage",
"rev": "f0af54274128437879400d4e353bb09c14d64921", "rev": "479a5d6f064ea52d942bc85e2b3f19e4c79d2805",
"type": "github" "type": "github"
}, },
"original": { "original": {