jana/server
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: jana:f14a6c88073fd57cd84c12b12ada231b86746906
Branches Tags
jana:main
jana:workflows
...
compare: jana:8ebf4b74e6f2d12f42a26cfe075c3c9f0038f9cb
Branches Tags
jana:main
jana:workflows

3 commits
f14a6c8807 ... 8ebf4b74e6

Author SHA1 Message Date
Jana Dönszelmann
8ebf4b74e6
site update and some vpn shit
Some checks failed
/ lint (push) Failing after 43s
Details
2026-01-06 15:43:40 +01:00
Jana Dönszelmann
b0158e96c8
setup autobrr 2026-01-06 02:21:31 +01:00
Jana Dönszelmann
bfab24fbe4
update mifg 2026-01-06 00:05:34 +01:00
6 changed files with 119 additions and 84 deletions
Download patch file Download diff file Expand all files Collapse all files

54
fili/services/media/autobrr.nix Normal file
View file

@ -0,0 +1,54 @@
{ config, secrets, ... }:
{
sops.secrets.autobrr = {
sopsFile = "${secrets}/autobrr.yaml";
key = "key";
format = "yaml";
};
services.nginx = {
virtualHosts."autobrr.donsz.nl" = {
forceSSL = true;
http2 = true;
enableACME = true;
locations."/" = {
proxyPass = "http://${config.services.autobrr.settings.host}:${toString config.services.autobrr.settings.port}";
};
};
};
# oauth access to the service
services.oauth2-proxy.nginx.virtualHosts."autobrr.donsz.nl" = {
allowed_groups = [ "torrent" ];
};
# vpnNamespaces.mullvad.portMappings = [
# {
# from = config.services.autobrr.settings.port;
# to = config.services.autobrr.settings.port;
# }
# ];
# vpnNamespaces.mullvad.openVPNPorts = [
# {
# # irc port
# port = 7021;
# protocol = "both";
# }
# ];
# systemd.services.autobrr.vpnConfinement = {
# enable = true;
# vpnNamespace = "mullvad";
# };
services.autobrr = {
enable = true;
settings = {
logLevel = "DEBUG";
checkForUpdates = false;
host = "localhost";
port = 11012;
};
secretFile = config.sops.secrets.autobrr.path;
};
}

2
fili/services/media/default.nix
View file

@ -6,5 +6,7 @@ _: {
./torrent.nix ./torrent.nix
./jackett.nix ./jackett.nix
./jellyfin.nix ./jellyfin.nix
./autobrr.nix
./vpn.nix
]; ];
} }

17
fili/services/media/jackett.nix
View file

@ -1,4 +1,5 @@
_: { { config, ... }:
{
services.nginx = { services.nginx = {
virtualHosts."jackett.donsz.nl" = { virtualHosts."jackett.donsz.nl" = {
forceSSL = true; forceSSL = true;
@ -6,11 +7,22 @@ _: {
enableACME = true; enableACME = true;
locations."/" = { locations."/" = {
proxyPass = "http://[::1]:9117"; proxyPass = "http://localhost:${toString config.services.jackett.port}";
}; };
}; };
}; };
# vpnNamespaces.mullvad.portMappings = [
# {
# from = config.services.jackett.port;
# to = config.services.jackett.port;
# }
# ];
# systemd.services.autobrr.vpnConfinement = {
# enable = true;
# vpnNamespace = "mullvad";
# };
services.oauth2-proxy.nginx.virtualHosts."jackett.donsz.nl" = { services.oauth2-proxy.nginx.virtualHosts."jackett.donsz.nl" = {
allowed_groups = [ "torrent" ]; allowed_groups = [ "torrent" ];
}; };
@ -19,5 +31,6 @@ _: {
enable = true; enable = true;
group = "jellyfin"; group = "jellyfin";
user = "jellyfin"; user = "jellyfin";
port = 11013;
}; };
} }

58
fili/services/media/torrent.nix
View file

@ -1,23 +1,6 @@
{ pkgs, ... }:
{ {
config, vpnNamespaces.mullvad.portMappings = [
pkgs,
secrets,
...
}:
{
sops.secrets.mullvad = {
sopsFile = "${secrets}/mullvad.yaml";
owner = "root";
format = "yaml";
};
vpnNamespaces.mullvad = {
enable = true;
wireguardConfigFile = config.sops.secrets.mullvad.path;
accessibleFrom = [
"192.168.0.0/16"
];
portMappings = [
{ {
from = 9091; from = 9091;
to = 9091; to = 9091;
@ -27,45 +10,12 @@
to = 5432; to = 5432;
} # DB Port. } # DB Port.
]; ];
openVPNPorts = [ vpnNamespaces.mullvad.openVPNPorts = [
{
port = 50901;
protocol = "both";
}
{
port = 50902;
protocol = "both";
}
{
port = 50903;
protocol = "both";
}
{
port = 50904;
protocol = "both";
}
{
port = 50905;
protocol = "both";
}
{
port = 50906;
protocol = "both";
}
{
port = 50907;
protocol = "both";
}
{
port = 50908;
protocol = "both";
}
{ {
port = 50909; port = 50909;
protocol = "both"; protocol = "both";
} }
]; ];
};
services.nginx = { services.nginx = {
virtualHosts."dl.donsz.nl" = { virtualHosts."dl.donsz.nl" = {
@ -107,7 +57,7 @@
settings = { settings = {
download-dir = "/storage/storage/torrents"; download-dir = "/storage/storage/torrents";
incomplete-dir-enabled = false; incomplete-dir-enabled = false;
# incomplete-dir = "/storage/storage/torrents"; incomplete-dir = "/storage/storage/torrents";
rpc-bind-address = "192.168.15.1"; rpc-bind-address = "192.168.15.1";
rpc-host-whitelist-enabled = false; rpc-host-whitelist-enabled = false;

16
fili/services/media/vpn.nix Normal file
View file

@ -0,0 +1,16 @@
{ config, secrets, ... }:
{
sops.secrets.mullvad = {
sopsFile = "${secrets}/mullvad.yaml";
owner = "root";
format = "yaml";
};
vpnNamespaces.mullvad = {
enable = true;
wireguardConfigFile = config.sops.secrets.mullvad.path;
accessibleFrom = [
"192.168.0.0/16"
];
};
}

28
flake.lock generated
View file

@ -268,11 +268,11 @@
"nixpkgs": "nixpkgs_4" "nixpkgs": "nixpkgs_4"
}, },
"locked": { "locked": {
"lastModified": 1767006760, "lastModified": 1767710337,
"narHash": "sha256-OeaRlOEEWWGhoXyQlPFgdGsIIRazVi8/Y1B/vB45Xcs=", "narHash": "sha256-IjtTEr5ZTIvlE/ceC68144dxe38cv7RM0bhIUKeehT0=",
"owner": "jdonszelmann", "owner": "jdonszelmann",
"repo": "homepage", "repo": "homepage",
"rev": "f0af54274128437879400d4e353bb09c14d64921", "rev": "479a5d6f064ea52d942bc85e2b3f19e4c79d2805",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -308,11 +308,11 @@
"nixpkgs-mozilla": "nixpkgs-mozilla" "nixpkgs-mozilla": "nixpkgs-mozilla"
}, },
"locked": { "locked": {
"lastModified": 1767285863, "lastModified": 1767464600,
"narHash": "sha256-IZcAGuoAVgbke0Xtc6yQE+AItfFhyxjONlE9H0brHaE=", "narHash": "sha256-Bk4ZNrh3EYTTxioO3MhR6k8g7yBvnGX7/VZKndB6Wz4=",
"ref": "refs/heads/main", "ref": "refs/heads/main",
"rev": "179aca580debf2434028172c9f939884d82a2b4d", "rev": "05c3d7e4564696dd7d6ea5d9e4737872190d9268",
"revCount": 55, "revCount": 67,
"type": "git", "type": "git",
"url": "ssh://forgejo@git.donsz.nl/jana/money.is.fckn.gay.git" "url": "ssh://forgejo@git.donsz.nl/jana/money.is.fckn.gay.git"
}, },
@ -444,11 +444,11 @@
}, },
"nixpkgs_11": { "nixpkgs_11": {
"locked": { "locked": {
"lastModified": 1767439050, "lastModified": 1767653099,
"narHash": "sha256-UHXvixX4PjyzuTtyEU0GAe4W7sIVFBBntCNPHkZTRrA=", "narHash": "sha256-1lZvN3Lg7NjuXVHXdKgKSnVPnOH6KugGFTTGKLKLu/4=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "7fe910442588191a2a22848196daebc9f7cc48b7", "rev": "6f34e6c7a48c7aac4a26a388430f8a9f480a6d0e",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -696,11 +696,11 @@
"nixpkgs": "nixpkgs_11" "nixpkgs": "nixpkgs_11"
}, },
"locked": { "locked": {
"lastModified": 1767440370, "lastModified": 1767655057,
"narHash": "sha256-3jSo/IeyV2/ZsSx2+w/VAFVbIaNudXTALTUR2z6rbwo=", "narHash": "sha256-gvDWxuDucrGsBxDF0iZeFcTqVbADMcWwK2nne6LKlLs=",
"ref": "refs/heads/main", "ref": "refs/heads/main",
"rev": "0484a0ef06c4be3c647efc3ee0071349494bec49", "rev": "ea9c28258665f76042781a2b7b84ddf6d99a6e62",
"revCount": 5, "revCount": 6,
"type": "git", "type": "git",
"url": "ssh://forgejo@git.donsz.nl/jana/server-secrets.git" "url": "ssh://forgejo@git.donsz.nl/jana/server-secrets.git"
}, },