From bfab24fbe48d24541462f6ae12a69b8b608502a6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jana=20D=C3=B6nszelmann?= Date: Sat, 3 Jan 2026 19:24:29 +0100 Subject: [PATCH 1/3] update mifg --- fili/services/websites/money-is-fckn-gay.nix | 2 +- flake.lock | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/fili/services/websites/money-is-fckn-gay.nix b/fili/services/websites/money-is-fckn-gay.nix index 6a16f65..d1864bd 100644 --- a/fili/services/websites/money-is-fckn-gay.nix +++ b/fili/services/websites/money-is-fckn-gay.nix @@ -62,7 +62,7 @@ in staging.nginx ]; systemd.services.money = real.service; - systemd.services.money-staging = lib.mkMerge [ + systemd.services.money-s1212lskjadfasljdftaging = lib.mkMerge [ staging.service { serviceConfig.ExecStartPre = "${(pkgs.writeShellScriptBin "setup-staging" '' diff --git a/flake.lock b/flake.lock index 287c14b..10ec36e 100644 --- a/flake.lock +++ b/flake.lock @@ -308,11 +308,11 @@ "nixpkgs-mozilla": "nixpkgs-mozilla" }, "locked": { - "lastModified": 1767285863, - "narHash": "sha256-IZcAGuoAVgbke0Xtc6yQE+AItfFhyxjONlE9H0brHaE=", + "lastModified": 1767464600, + "narHash": "sha256-Bk4ZNrh3EYTTxioO3MhR6k8g7yBvnGX7/VZKndB6Wz4=", "ref": "refs/heads/main", - "rev": "179aca580debf2434028172c9f939884d82a2b4d", - "revCount": 55, + "rev": "05c3d7e4564696dd7d6ea5d9e4737872190d9268", + "revCount": 67, "type": "git", "url": "ssh://forgejo@git.donsz.nl/jana/money.is.fckn.gay.git" }, From b0158e96c800a130869cb8c96253c7527bb49f0f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jana=20D=C3=B6nszelmann?= Date: Tue, 6 Jan 2026 00:18:18 +0100 Subject: [PATCH 2/3] setup autobrr --- fili/services/media/autobrr.nix | 35 +++++++++++++++++++++++++++++++++ fili/services/media/default.nix | 1 + fili/services/media/torrent.nix | 2 +- flake.lock | 14 ++++++------- 4 files changed, 44 insertions(+), 8 deletions(-) create mode 100644 fili/services/media/autobrr.nix diff --git a/fili/services/media/autobrr.nix b/fili/services/media/autobrr.nix new file mode 100644 index 0000000..9326bfb --- /dev/null +++ b/fili/services/media/autobrr.nix @@ -0,0 +1,35 @@ +{ config, secrets, ... }: +{ + sops.secrets.autobrr = { + sopsFile = "${secrets}/autobrr.yaml"; + key = "key"; + format = "yaml"; + }; + + services.nginx = { + virtualHosts."autobrr.donsz.nl" = { + forceSSL = true; + http2 = true; + enableACME = true; + + locations."/" = { + proxyPass = "http://${config.services.autobrr.settings.host}:${toString config.services.autobrr.settings.port}"; + }; + }; + }; + + services.oauth2-proxy.nginx.virtualHosts."autobrr.donsz.nl" = { + allowed_groups = [ "torrent" ]; + }; + + services.autobrr = { + enable = true; + settings = { + logLevel = "DEBUG"; + checkForUpdates = false; + host = "[::1]"; + port = 11012; + }; + secretFile = config.sops.secrets.autobrr.path; + }; +} diff --git a/fili/services/media/default.nix b/fili/services/media/default.nix index 35620cb..ceeb1d3 100644 --- a/fili/services/media/default.nix +++ b/fili/services/media/default.nix @@ -6,5 +6,6 @@ _: { ./torrent.nix ./jackett.nix ./jellyfin.nix + ./autobrr.nix ]; } diff --git a/fili/services/media/torrent.nix b/fili/services/media/torrent.nix index 8286aae..4f7b192 100644 --- a/fili/services/media/torrent.nix +++ b/fili/services/media/torrent.nix @@ -107,7 +107,7 @@ settings = { download-dir = "/storage/storage/torrents"; incomplete-dir-enabled = false; - # incomplete-dir = "/storage/storage/torrents"; + incomplete-dir = "/storage/storage/torrents"; rpc-bind-address = "192.168.15.1"; rpc-host-whitelist-enabled = false; diff --git a/flake.lock b/flake.lock index 10ec36e..a621f5b 100644 --- a/flake.lock +++ b/flake.lock @@ -444,11 +444,11 @@ }, "nixpkgs_11": { "locked": { - "lastModified": 1767439050, - "narHash": "sha256-UHXvixX4PjyzuTtyEU0GAe4W7sIVFBBntCNPHkZTRrA=", + "lastModified": 1767653099, + "narHash": "sha256-1lZvN3Lg7NjuXVHXdKgKSnVPnOH6KugGFTTGKLKLu/4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "7fe910442588191a2a22848196daebc9f7cc48b7", + "rev": "6f34e6c7a48c7aac4a26a388430f8a9f480a6d0e", "type": "github" }, "original": { @@ -696,11 +696,11 @@ "nixpkgs": "nixpkgs_11" }, "locked": { - "lastModified": 1767440370, - "narHash": "sha256-3jSo/IeyV2/ZsSx2+w/VAFVbIaNudXTALTUR2z6rbwo=", + "lastModified": 1767655057, + "narHash": "sha256-gvDWxuDucrGsBxDF0iZeFcTqVbADMcWwK2nne6LKlLs=", "ref": "refs/heads/main", - "rev": "0484a0ef06c4be3c647efc3ee0071349494bec49", - "revCount": 5, + "rev": "ea9c28258665f76042781a2b7b84ddf6d99a6e62", + "revCount": 6, "type": "git", "url": "ssh://forgejo@git.donsz.nl/jana/server-secrets.git" }, From 8ebf4b74e6f2d12f42a26cfe075c3c9f0038f9cb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jana=20D=C3=B6nszelmann?= Date: Tue, 6 Jan 2026 02:28:43 +0100 Subject: [PATCH 3/3] site update and some vpn shit --- fili/services/media/autobrr.nix | 21 ++++- fili/services/media/default.nix | 1 + fili/services/media/jackett.nix | 17 +++- fili/services/media/torrent.nix | 84 ++++---------------- fili/services/media/vpn.nix | 16 ++++ fili/services/websites/money-is-fckn-gay.nix | 2 +- flake.lock | 6 +- 7 files changed, 73 insertions(+), 74 deletions(-) create mode 100644 fili/services/media/vpn.nix diff --git a/fili/services/media/autobrr.nix b/fili/services/media/autobrr.nix index 9326bfb..16379d8 100644 --- a/fili/services/media/autobrr.nix +++ b/fili/services/media/autobrr.nix @@ -18,16 +18,35 @@ }; }; + # oauth access to the service services.oauth2-proxy.nginx.virtualHosts."autobrr.donsz.nl" = { allowed_groups = [ "torrent" ]; }; + # vpnNamespaces.mullvad.portMappings = [ + # { + # from = config.services.autobrr.settings.port; + # to = config.services.autobrr.settings.port; + # } + # ]; + # vpnNamespaces.mullvad.openVPNPorts = [ + # { + # # irc port + # port = 7021; + # protocol = "both"; + # } + # ]; + # systemd.services.autobrr.vpnConfinement = { + # enable = true; + # vpnNamespace = "mullvad"; + # }; + services.autobrr = { enable = true; settings = { logLevel = "DEBUG"; checkForUpdates = false; - host = "[::1]"; + host = "localhost"; port = 11012; }; secretFile = config.sops.secrets.autobrr.path; diff --git a/fili/services/media/default.nix b/fili/services/media/default.nix index ceeb1d3..3ad1eb9 100644 --- a/fili/services/media/default.nix +++ b/fili/services/media/default.nix @@ -7,5 +7,6 @@ _: { ./jackett.nix ./jellyfin.nix ./autobrr.nix + ./vpn.nix ]; } diff --git a/fili/services/media/jackett.nix b/fili/services/media/jackett.nix index 49103c8..cec59f3 100644 --- a/fili/services/media/jackett.nix +++ b/fili/services/media/jackett.nix @@ -1,4 +1,5 @@ -_: { +{ config, ... }: +{ services.nginx = { virtualHosts."jackett.donsz.nl" = { forceSSL = true; @@ -6,11 +7,22 @@ _: { enableACME = true; locations."/" = { - proxyPass = "http://[::1]:9117"; + proxyPass = "http://localhost:${toString config.services.jackett.port}"; }; }; }; + # vpnNamespaces.mullvad.portMappings = [ + # { + # from = config.services.jackett.port; + # to = config.services.jackett.port; + # } + # ]; + # systemd.services.autobrr.vpnConfinement = { + # enable = true; + # vpnNamespace = "mullvad"; + # }; + services.oauth2-proxy.nginx.virtualHosts."jackett.donsz.nl" = { allowed_groups = [ "torrent" ]; }; @@ -19,5 +31,6 @@ _: { enable = true; group = "jellyfin"; user = "jellyfin"; + port = 11013; }; } diff --git a/fili/services/media/torrent.nix b/fili/services/media/torrent.nix index 4f7b192..c615145 100644 --- a/fili/services/media/torrent.nix +++ b/fili/services/media/torrent.nix @@ -1,71 +1,21 @@ +{ pkgs, ... }: { - config, - pkgs, - secrets, - ... -}: -{ - sops.secrets.mullvad = { - sopsFile = "${secrets}/mullvad.yaml"; - owner = "root"; - format = "yaml"; - }; - - vpnNamespaces.mullvad = { - enable = true; - wireguardConfigFile = config.sops.secrets.mullvad.path; - accessibleFrom = [ - "192.168.0.0/16" - ]; - portMappings = [ - { - from = 9091; - to = 9091; - } # UI Port. - { - from = 5432; - to = 5432; - } # DB Port. - ]; - openVPNPorts = [ - { - port = 50901; - protocol = "both"; - } - { - port = 50902; - protocol = "both"; - } - { - port = 50903; - protocol = "both"; - } - { - port = 50904; - protocol = "both"; - } - { - port = 50905; - protocol = "both"; - } - { - port = 50906; - protocol = "both"; - } - { - port = 50907; - protocol = "both"; - } - { - port = 50908; - protocol = "both"; - } - { - port = 50909; - protocol = "both"; - } - ]; - }; + vpnNamespaces.mullvad.portMappings = [ + { + from = 9091; + to = 9091; + } # UI Port. + { + from = 5432; + to = 5432; + } # DB Port. + ]; + vpnNamespaces.mullvad.openVPNPorts = [ + { + port = 50909; + protocol = "both"; + } + ]; services.nginx = { virtualHosts."dl.donsz.nl" = { diff --git a/fili/services/media/vpn.nix b/fili/services/media/vpn.nix new file mode 100644 index 0000000..a958334 --- /dev/null +++ b/fili/services/media/vpn.nix @@ -0,0 +1,16 @@ +{ config, secrets, ... }: +{ + sops.secrets.mullvad = { + sopsFile = "${secrets}/mullvad.yaml"; + owner = "root"; + format = "yaml"; + }; + + vpnNamespaces.mullvad = { + enable = true; + wireguardConfigFile = config.sops.secrets.mullvad.path; + accessibleFrom = [ + "192.168.0.0/16" + ]; + }; +} diff --git a/fili/services/websites/money-is-fckn-gay.nix b/fili/services/websites/money-is-fckn-gay.nix index d1864bd..6a16f65 100644 --- a/fili/services/websites/money-is-fckn-gay.nix +++ b/fili/services/websites/money-is-fckn-gay.nix @@ -62,7 +62,7 @@ in staging.nginx ]; systemd.services.money = real.service; - systemd.services.money-s1212lskjadfasljdftaging = lib.mkMerge [ + systemd.services.money-staging = lib.mkMerge [ staging.service { serviceConfig.ExecStartPre = "${(pkgs.writeShellScriptBin "setup-staging" '' diff --git a/flake.lock b/flake.lock index a621f5b..117ac98 100644 --- a/flake.lock +++ b/flake.lock @@ -268,11 +268,11 @@ "nixpkgs": "nixpkgs_4" }, "locked": { - "lastModified": 1767006760, - "narHash": "sha256-OeaRlOEEWWGhoXyQlPFgdGsIIRazVi8/Y1B/vB45Xcs=", + "lastModified": 1767710337, + "narHash": "sha256-IjtTEr5ZTIvlE/ceC68144dxe38cv7RM0bhIUKeehT0=", "owner": "jdonszelmann", "repo": "homepage", - "rev": "f0af54274128437879400d4e353bb09c14d64921", + "rev": "479a5d6f064ea52d942bc85e2b3f19e4c79d2805", "type": "github" }, "original": {