site update and some vpn shit

setup autobrr
update mifg
2026-01-06 15:43:40 +01:00 · 2026-01-06 02:21:31 +01:00 · 2026-01-06 00:05:34 +01:00
6 changed files with 119 additions and 84 deletions
--- a/fili/services/media/autobrr.nix
+++ b/fili/services/media/autobrr.nix
@ -0,0 +1,54 @@
+{ config, secrets, ... }:
+{
+  sops.secrets.autobrr = {
+    sopsFile = "${secrets}/autobrr.yaml";
+    key = "key";
+    format = "yaml";
+  };
+
+  services.nginx = {
+    virtualHosts."autobrr.donsz.nl" = {
+      forceSSL = true;
+      http2 = true;
+      enableACME = true;
+
+      locations."/" = {
+        proxyPass = "http://${config.services.autobrr.settings.host}:${toString config.services.autobrr.settings.port}";
+      };
+    };
+  };
+
+  # oauth access to the service
+  services.oauth2-proxy.nginx.virtualHosts."autobrr.donsz.nl" = {
+    allowed_groups = [ "torrent" ];
+  };
+
+  # vpnNamespaces.mullvad.portMappings = [
+  #   {
+  #     from = config.services.autobrr.settings.port;
+  #     to = config.services.autobrr.settings.port;
+  #   }
+  # ];
+  # vpnNamespaces.mullvad.openVPNPorts = [
+  #   {
+  #     # irc port
+  #     port = 7021;
+  #     protocol = "both";
+  #   }
+  # ];
+  # systemd.services.autobrr.vpnConfinement = {
+  #   enable = true;
+  #   vpnNamespace = "mullvad";
+  # };
+
+  services.autobrr = {
+    enable = true;
+    settings = {
+      logLevel = "DEBUG";
+      checkForUpdates = false;
+      host = "localhost";
+      port = 11012;
+    };
+    secretFile = config.sops.secrets.autobrr.path;
+  };
+}
--- a/fili/services/media/default.nix
+++ b/fili/services/media/default.nix
@ -6,5 +6,7 @@ _: {
    ./torrent.nix
    ./jackett.nix
    ./jellyfin.nix
+    ./autobrr.nix
+    ./vpn.nix
  ];
 }
--- a/fili/services/media/jackett.nix
+++ b/fili/services/media/jackett.nix
@ -1,4 +1,5 @@
-_: {
+{ config, ... }:
+{
  services.nginx = {
    virtualHosts."jackett.donsz.nl" = {
      forceSSL = true;
@ -6,11 +7,22 @@ _: {
      enableACME = true;

      locations."/" = {
-        proxyPass = "http://[::1]:9117";
+        proxyPass = "http://localhost:${toString config.services.jackett.port}";
      };
    };
  };

+  # vpnNamespaces.mullvad.portMappings = [
+  #   {
+  #     from = config.services.jackett.port;
+  #     to = config.services.jackett.port;
+  #   }
+  # ];
+  # systemd.services.autobrr.vpnConfinement = {
+  #   enable = true;
+  #   vpnNamespace = "mullvad";
+  # };
+
  services.oauth2-proxy.nginx.virtualHosts."jackett.donsz.nl" = {
    allowed_groups = [ "torrent" ];
  };
@ -19,5 +31,6 @@ _: {
    enable = true;
    group = "jellyfin";
    user = "jellyfin";
+    port = 11013;
  };
 }
--- a/fili/services/media/torrent.nix
+++ b/fili/services/media/torrent.nix
@ -1,23 +1,6 @@
+{ pkgs, ... }:
 {
-  config,
-  pkgs,
-  secrets,
-  ...
-}:
-{
-  sops.secrets.mullvad = {
-    sopsFile = "${secrets}/mullvad.yaml";
-    owner = "root";
-    format = "yaml";
-  };
-
-  vpnNamespaces.mullvad = {
-    enable = true;
-    wireguardConfigFile = config.sops.secrets.mullvad.path;
-    accessibleFrom = [
-      "192.168.0.0/16"
-    ];
-    portMappings = [
+  vpnNamespaces.mullvad.portMappings = [
    {
      from = 9091;
      to = 9091;
@ -27,45 +10,12 @@
      to = 5432;
    } # DB Port.
  ];
-    openVPNPorts = [
-      {
-        port = 50901;
-        protocol = "both";
-      }
-      {
-        port = 50902;
-        protocol = "both";
-      }
-      {
-        port = 50903;
-        protocol = "both";
-      }
-      {
-        port = 50904;
-        protocol = "both";
-      }
-      {
-        port = 50905;
-        protocol = "both";
-      }
-      {
-        port = 50906;
-        protocol = "both";
-      }
-      {
-        port = 50907;
-        protocol = "both";
-      }
-      {
-        port = 50908;
-        protocol = "both";
-      }
+  vpnNamespaces.mullvad.openVPNPorts = [
    {
      port = 50909;
      protocol = "both";
    }
  ];
-  };

  services.nginx = {
    virtualHosts."dl.donsz.nl" = {
@ -107,7 +57,7 @@
    settings = {
      download-dir = "/storage/storage/torrents";
      incomplete-dir-enabled = false;
-      # incomplete-dir = "/storage/storage/torrents";
+      incomplete-dir = "/storage/storage/torrents";

      rpc-bind-address = "192.168.15.1";
      rpc-host-whitelist-enabled = false;
--- a/fili/services/media/vpn.nix
+++ b/fili/services/media/vpn.nix
@ -0,0 +1,16 @@
+{ config, secrets, ... }:
+{
+  sops.secrets.mullvad = {
+    sopsFile = "${secrets}/mullvad.yaml";
+    owner = "root";
+    format = "yaml";
+  };
+
+  vpnNamespaces.mullvad = {
+    enable = true;
+    wireguardConfigFile = config.sops.secrets.mullvad.path;
+    accessibleFrom = [
+      "192.168.0.0/16"
+    ];
+  };
+}
--- a/flake.lock
+++ b/flake.lock
@ -268,11 +268,11 @@
        "nixpkgs": "nixpkgs_4"
      },
      "locked": {
-        "lastModified": 1767006760,
-        "narHash": "sha256-OeaRlOEEWWGhoXyQlPFgdGsIIRazVi8/Y1B/vB45Xcs=",
+        "lastModified": 1767710337,
+        "narHash": "sha256-IjtTEr5ZTIvlE/ceC68144dxe38cv7RM0bhIUKeehT0=",
        "owner": "jdonszelmann",
        "repo": "homepage",
-        "rev": "f0af54274128437879400d4e353bb09c14d64921",
+        "rev": "479a5d6f064ea52d942bc85e2b3f19e4c79d2805",
        "type": "github"
      },
      "original": {
@ -308,11 +308,11 @@
        "nixpkgs-mozilla": "nixpkgs-mozilla"
      },
      "locked": {
-        "lastModified": 1767285863,
-        "narHash": "sha256-IZcAGuoAVgbke0Xtc6yQE+AItfFhyxjONlE9H0brHaE=",
+        "lastModified": 1767464600,
+        "narHash": "sha256-Bk4ZNrh3EYTTxioO3MhR6k8g7yBvnGX7/VZKndB6Wz4=",
        "ref": "refs/heads/main",
-        "rev": "179aca580debf2434028172c9f939884d82a2b4d",
-        "revCount": 55,
+        "rev": "05c3d7e4564696dd7d6ea5d9e4737872190d9268",
+        "revCount": 67,
        "type": "git",
        "url": "ssh://forgejo@git.donsz.nl/jana/money.is.fckn.gay.git"
      },
@ -444,11 +444,11 @@
    },
    "nixpkgs_11": {
      "locked": {
-        "lastModified": 1767439050,
-        "narHash": "sha256-UHXvixX4PjyzuTtyEU0GAe4W7sIVFBBntCNPHkZTRrA=",
+        "lastModified": 1767653099,
+        "narHash": "sha256-1lZvN3Lg7NjuXVHXdKgKSnVPnOH6KugGFTTGKLKLu/4=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "7fe910442588191a2a22848196daebc9f7cc48b7",
+        "rev": "6f34e6c7a48c7aac4a26a388430f8a9f480a6d0e",
        "type": "github"
      },
      "original": {
@ -696,11 +696,11 @@
        "nixpkgs": "nixpkgs_11"
      },
      "locked": {
-        "lastModified": 1767440370,
-        "narHash": "sha256-3jSo/IeyV2/ZsSx2+w/VAFVbIaNudXTALTUR2z6rbwo=",
+        "lastModified": 1767655057,
+        "narHash": "sha256-gvDWxuDucrGsBxDF0iZeFcTqVbADMcWwK2nne6LKlLs=",
        "ref": "refs/heads/main",
-        "rev": "0484a0ef06c4be3c647efc3ee0071349494bec49",
-        "revCount": 5,
+        "rev": "ea9c28258665f76042781a2b7b84ddf6d99a6e62",
+        "revCount": 6,
        "type": "git",
        "url": "ssh://forgejo@git.donsz.nl/jana/server-secrets.git"
      },
Author	SHA1	Message	Date
Jana Dönszelmann	8ebf4b74e6	site update and some vpn shit Some checks failed / lint (push) Failing after 43s Details	2026-01-06 15:43:40 +01:00
Jana Dönszelmann	b0158e96c8	setup autobrr	2026-01-06 02:21:31 +01:00
Jana Dönszelmann	bfab24fbe4	update mifg	2026-01-06 00:05:34 +01:00