From 43322818de918bc9ca1daba1fe8fd4caade3a78e Mon Sep 17 00:00:00 2001 From: Lander Van den Bulcke Date: Fri, 31 Oct 2025 19:19:39 +0100 Subject: [PATCH 1/6] feat: install jellyfin Signed-off-by: Lander Van den Bulcke --- flake.lock | 72 +++++++++++++++++++++++++++++++---- flake.nix | 7 ++++ hosts/servers/hosting-02.nix | 42 ++++++++++++++++++++ hosts/servers/hosting-02.yaml | 7 ++-- 4 files changed, 118 insertions(+), 10 deletions(-) diff --git a/flake.lock b/flake.lock index b8e0716..d1cb89f 100644 --- a/flake.lock +++ b/flake.lock @@ -63,6 +63,28 @@ "type": "github" } }, + "declarative-jellyfin": { + "inputs": { + "nixpkgs": [ + "nixpkgs-unstable" + ], + "systems": "systems", + "treefmt-nix": "treefmt-nix" + }, + "locked": { + "lastModified": 1761143269, + "narHash": "sha256-pebbh3IEl8crA9g0fbHeUvNyawAvhO2kNq8klpUWyk0=", + "ref": "refs/heads/main", + "rev": "740743deba3de6bc227d9769adb94d4a14a3f25c", + "revCount": 237, + "type": "git", + "url": "https://git.spoodythe.one/spoody/declarative-jellyfin.git" + }, + "original": { + "type": "git", + "url": "https://git.spoodythe.one/spoody/declarative-jellyfin.git" + } + }, "devshell": { "inputs": { "nixpkgs": [ @@ -225,7 +247,7 @@ }, "flake-utils_2": { "inputs": { - "systems": "systems" + "systems": "systems_2" }, "locked": { "lastModified": 1731533236, @@ -243,7 +265,7 @@ }, "flake-utils_3": { "inputs": { - "systems": "systems_2" + "systems": "systems_3" }, "locked": { "lastModified": 1731533236, @@ -568,7 +590,7 @@ ], "nixpkgs-stable": "nixpkgs-stable", "nixvim": "nixvim_2", - "systems": "systems_4" + "systems": "systems_5" }, "locked": { "lastModified": 1761481308, @@ -589,7 +611,7 @@ "flake-parts": "flake-parts_2", "nixpkgs": "nixpkgs_2", "nuschtosSearch": "nuschtosSearch", - "systems": "systems_3" + "systems": "systems_4" }, "locked": { "lastModified": 1761261534, @@ -633,6 +655,7 @@ "inputs": { "catppuccin": "catppuccin", "colmena": "colmena", + "declarative-jellyfin": "declarative-jellyfin", "disko": "disko", "headplane": "headplane", "home-manager": "home-manager", @@ -691,9 +714,8 @@ "type": "github" }, "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" + "id": "systems", + "type": "indirect" } }, "systems_2": { @@ -741,6 +763,21 @@ "type": "github" } }, + "systems_5": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, "tidal-src": { "flake": false, "locked": { @@ -783,6 +820,27 @@ "type": "github" } }, + "treefmt-nix": { + "inputs": { + "nixpkgs": [ + "declarative-jellyfin", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1749194973, + "narHash": "sha256-eEy8cuS0mZ2j/r/FE0/LYBSBcIs/MKOIVakwHVuqTfk=", + "owner": "numtide", + "repo": "treefmt-nix", + "rev": "a05be418a1af1198ca0f63facb13c985db4cb3c5", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "treefmt-nix", + "type": "github" + } + }, "vim-tidal-src": { "flake": false, "locked": { diff --git a/flake.nix b/flake.nix index 896f859..c8a3963 100644 --- a/flake.nix +++ b/flake.nix @@ -68,6 +68,12 @@ url = "github:mitchmindtree/tidalcycles.nix"; inputs.nixpkgs.follows = "nixpkgs-unstable"; }; + + # jellyfin + declarative-jellyfin = { + url = "git+https://git.spoodythe.one/spoody/declarative-jellyfin.git"; + inputs.nixpkgs.follows = "nixpkgs-unstable"; + }; }; outputs = @@ -162,6 +168,7 @@ in { imports = [ + inputs.declarative-jellyfin.nixosModules.default inputs.disko.nixosModules.disko inputs.headplane.nixosModules.headplane inputs.nixos-mailserver.nixosModules.mailserver diff --git a/hosts/servers/hosting-02.nix b/hosts/servers/hosting-02.nix index 99496e8..d4c7ca6 100644 --- a/hosts/servers/hosting-02.nix +++ b/hosts/servers/hosting-02.nix @@ -136,6 +136,44 @@ cookiesFile = config.sops.secrets.bandcampcdCookieFile.path; }; + services.declarative-jellyfin = { + enable = true; + serverId = "71c25c254161412ebf8e7e7fc599d7f8"; + + libraries = { + Movies = { + enabled = true; + contentType = "movies"; + pathInfos = [ "/data/movies" ]; + + typeOptions.Movies = { + metadataFetchers = [ + "The Open Movie Database" + "TheMovieDb" + ]; + imageFetchers = [ + "The Open Movie Database" + "TheMovieDb" + ]; + }; + }; + + Shows = { + enabled = true; + contentType = "tvshows"; + pathInfos = [ "/data/shows" ]; + }; + }; + + users = { + Lander = { + mutable = false; + permissions.isAdministrator = true; + hashedPasswordFile = config.sops.secrets.jellyfin-lander-password.path; + }; + }; + }; + sops = { defaultSopsFile = ./hosting-02.yaml; secrets = { @@ -157,6 +195,10 @@ bandcampcdCookieFile = { owner = "bandcampcd"; }; + jellyfin-lander-password = { + owner = config.services.jellyfin.user; + group = config.services.jellyfin.group; + }; }; }; diff --git a/hosts/servers/hosting-02.yaml b/hosts/servers/hosting-02.yaml index db8d623..ef5c503 100644 --- a/hosts/servers/hosting-02.yaml +++ b/hosts/servers/hosting-02.yaml @@ -4,6 +4,7 @@ storageboxCryptKey: ENC[AES256_GCM,data:ryYOzFvdPaVkOHmypYbqw+KU6aB2OQutLw==,iv: slskdEnvFile: ENC[AES256_GCM,data:K1S1PXQMiBoEdbuM/NTBUYRrUSnAC/KBhm/PFzoCJATiLLPsstzgqzbe9vG8tnULb2driAH4Ytd03cmROp30V+9vW6J9eyCofWySWZNEYriRfY1y7y5AR8W13zQL0FGZOewUy/1T7YRvN8FjZFh4n7S3c0GREX3FSSNrmaHwOqgueDs=,iv:VziNMRpC2clhFyOMG8LRReMGUxhYqjUaZeA8gh599aM=,tag:H1tQBZ8nSgATSJB6nFSdlA==,type:str] bandcampcdCookieFile: ENC[AES256_GCM,data:vHw7utB2mAUiys+zBNpGDW9URdSMkWbvv0bZyNUgbDwHkg0ZkbxHBbnspbU4gM5AmUc0OPKjgoqaLEfy+mrylfyXxdKyVlLWGVDwH/9SjsgLjNWBnZOfS0/JN0h8nD9DDfQ9+KVKwfnndIBDwc3Qr+/uQe88JOWeN27ZZoqMXAA7y92aHAn/cdjV9opJL3zq2Gk9ZSjW6pX0W382/+P2d+n5pvnJCGaVcz6NqYj36V7eu+jqtCdpN0ugb7bEQLBEPxN6vDkB1EaWiuI+JXUqPyAlyRqH/9D9IKFu+HWVjryz6WILkJ8rpAEKUtgr4DUDgW/ukTp8/gCe/w126YljuGYj283WYZOTJQHnNdqZFur1qmIosSRLzw4atnD1CAEpZzHFXGz19wMk5+U3OkPQkC/PxmzhqQlyKw7JQ8rNu+WTcHmF3YqYZjtPj1aayXxLqQ9IbZOwXwa0BLRZX7FOFJz/znQa7kR2VE5/Q8vbYA3sz0gBQiIcl8VSzGtQlVM7K+TtkiUSA4DwKH+deSlUnjauIsLldENlbOWwDdm+ckdIRUUuIXiHRq9VM+1UPJdxLGScsPUgsIMZckIkdcEXDyBo3HPdwvQ0lX2msqTIyJxgBMyvSC37Frb0l7hiE6j5HndLv0nfT8krik12WpfR9PKjJqy6kIl3fwSwTqNHA7yPeQKHR8QizGXmkwxEBtsYufKE0Oi1u7VUwwyJe9IU2Gkr0TQYiHo7Glg0lNtkrpPIM+hOjxJJE2MVRe+S117RluvvfEjAmEhyb9cjW+TAw3kQttwO2vMk+RHV3mFF5G2/0tmRbvpbou68eFDDOBQ8ILrUo35GuR8ziPXJeJ+5EuCgePGavEP4qX4FX/GpnMEo85b6m5Vow5EOu8dakHX4fcFTPQeCZ0FoLTGYzGxqUsMG4E8upsPZMw4xBxeVjQO35l4FVhwNyrsIaep1mZWf5vBgAN4q2FYyfJ7jnClJkSrNxg0zW8sEgqEZXIZcFfhPYC1DWZZRMII5n8zJXoeGHDLEIuT4zeIpoXRN3+S4X3AFL4I/gm6mAbFQv3IJ8+g/EOThTZh0PRl70v0Imd3EDetjy4rKphPDpeb6QJWPQkWnIcIeE7Nkg19VoOcWmL8UDxUpsD0NIL1QSZ5ElBuoFVsKuOlkBD5UucLOGZgF01n4BXQjZ9DIW1xBm3lWDDxzuwh4F1rf2MvgesZCEGVn/Y3VF3YMGgdhxLht4IHo4w6z7Rzuh53acf6TH+uZ+iOmFaBETlxA17n6YyaCVzjCuyBNxAxTvX0y+49saYctF9PExYwoKtKL2X9u8NR2OoZJi+TPVfLwBxSrrr9et7Kxhlqu2zxqzWRt7xQXUxWL28HqZljBZxpOxdhy9XLCr3Aj2aZa1mH7zFX5hincsT/RiHEMdOXNUtJoQvBFe/HZ+uquM42Q90qf0alO+VT7kpa5anHLMfzwRKub6W7eFbTe5CD9SybwRDnB503WyreTUmDgIJNwoqePC+WYrW1RnBhI8ebdGl+34ou5CuJldqa1UTEzJNeNqCWLzrP/ThAcJRqmZJ945na6mmQqxhRp2edGu5+tIP3FzoHK2hUOlPyv5CgWGwXLCE0E1kP9Acpex53Wz/NxEa5eTB3ZlwsXNeI2fx4rwyAgtTVMQbzvuf3bVgIAN73I5mRfHRdTeKyQqgShtbEIoz2Q5TGvFNl2ALJ4bJzOVRo2LkUYTGHHH2x623o29fN8Ij35DRabVJyt1y5QGwVNWco=,iv:dgV9d8sRSwyNlW3lWZ6ldWw9+Fxs0Wmn1jhRxg5Pkfs=,tag:ZY3frrrk5/bBgx5lRMYvGg==,type:str] navidromeSecrets: ENC[AES256_GCM,data:kWk8+jh766yXzDHM5ZnZC+L9Qe1FrcaEjmTyidQ8n0QhcciYFEuV6XCwzYHQUICajv9q1+fggmDJqjcFiMvACFUvUrKrNlV4hKsIdoOBKn4a6P5V5Fw1UudcZRw3zJ6yX9n7yQ==,iv:nrSe5cPIq7PJRtxe6s5icyFKRRBlgTb9keXou8JT2dE=,tag:cMf8cinvsV94MV7YKm3AvQ==,type:str] +jellyfin-lander-password: ENC[AES256_GCM,data:3aQQwRF3kw8eJ+FFokB8zcmbIlgjNjvOlznBXdXO5kayotWAxleVSdU/ps+SLYpvlUlb3pSXPUkYME04ZJdfHtiYf3uBhv/lMMq2GBCpRTOdEJXEXmMm2RmLYhOobN9sM3zBfGbQ7a0VeYrKie4BQou3J5XxO8BuA8o6i6e1shuXJB9o8k8lmpoD7s4ToHIbQAo0oTkdZUYhZf43I/ZJCzLvT24eP6RGxMsmlpT/n77RuogX3yu1VfGh9DKmrrthyDg=,iv:dDfSBWbDsIZKr90VNdhz0oZIuTt2U/EeDPpWXf+3O+8=,tag:edyjpZIwG30uAR+BTYrSqQ==,type:str] sops: age: - recipient: age1hvrssz7k9akz66evj4kja53zvdtrss8k2ljxsh5myh2mru62sggqznlzrt @@ -15,8 +16,8 @@ sops: b1ZqUzZLUkFwNHJyVlhmK0FOZ1JFYUEKDU4NmBCHRY+ZK+RFK/LioGzjJTaOE1ky MC6jxt7Y5RkCk0BBqeoEVLaNXNViPjwakbvyfH0w0P6l0KDJ4mNlYQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-10-07T20:36:27Z" - mac: ENC[AES256_GCM,data:EPHs7DbN5TXkbxXuvTEiksVXdR4W/eQLAqdaTmbRblUkbpDi/gDwqNqKq9PTq3bZblPsVYAum0MV2AOOzE0mTLchIpm1MbRPvMoDBDNRtvuc8+mDeg+XV9PjxvIqY7JAL0VrDjdWkiJuNh92/rl/vPIe7TN8P13wOBqGJCQhDBQ=,iv:kfCruCub09KiCMvl25z9UK0dx7U6uWq/Oo3d+1hWetI=,tag:+eJSv3O2m+Z2ENym4tX1Ow==,type:str] + lastmodified: "2025-10-31T18:13:13Z" + mac: ENC[AES256_GCM,data:z5NMlGxfZtGZsh4RGrHb8tczyuWtluxYyYjTcr2RsvOJ15Pv/oYCcFSrpchODVmKkcaO6rX9C/tLJuizSrjhdtLaO0VlDibdoyLX8JbVwsqHYgq6BY+C96++u5jG9Bztsf2WUVk7yru0SAF/dbZsT6iyLypJcmNK9QZe78B31Vg=,iv:uWAROokF/DT33MYbPFWoOY0dCDrJMKfmqUhKUJ0HZVg=,tag:AcyZkdhip1F08baZsOQEUA==,type:str] pgp: - created_at: "2025-09-18T21:32:42Z" enc: |- @@ -30,4 +31,4 @@ sops: -----END PGP MESSAGE----- fp: 4BE1257015580BAB9F4B9D5FCA5B1C34E649BF92 unencrypted_suffix: _unencrypted - version: 3.10.2 + version: 3.11.0 From 36c996a5c074139a9a5b4722c54637f798abeba2 Mon Sep 17 00:00:00 2001 From: Lander Van den Bulcke Date: Fri, 31 Oct 2025 19:30:35 +0100 Subject: [PATCH 2/6] feat: add media revproxy Signed-off-by: Lander Van den Bulcke --- hosts/servers/hosting-02.nix | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/hosts/servers/hosting-02.nix b/hosts/servers/hosting-02.nix index d4c7ca6..d6427b0 100644 --- a/hosts/servers/hosting-02.nix +++ b/hosts/servers/hosting-02.nix @@ -174,6 +174,15 @@ }; }; + services.nginx.virtualHosts."media.escapeangle.com" = { + forceSSL = true; + enableACME = true; + locations."/" = { + proxyPass = "http://localhost:8096"; + proxyWebsockets = true; + }; + }; + sops = { defaultSopsFile = ./hosting-02.yaml; secrets = { From 4d32142c7246acabf4771cdf5fb82d4d96e289f4 Mon Sep 17 00:00:00 2001 From: Lander Van den Bulcke Date: Fri, 31 Oct 2025 19:39:59 +0100 Subject: [PATCH 3/6] fix: update password Signed-off-by: Lander Van den Bulcke --- hosts/servers/hosting-02.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/hosts/servers/hosting-02.yaml b/hosts/servers/hosting-02.yaml index ef5c503..016c907 100644 --- a/hosts/servers/hosting-02.yaml +++ b/hosts/servers/hosting-02.yaml @@ -4,7 +4,7 @@ storageboxCryptKey: ENC[AES256_GCM,data:ryYOzFvdPaVkOHmypYbqw+KU6aB2OQutLw==,iv: slskdEnvFile: ENC[AES256_GCM,data:K1S1PXQMiBoEdbuM/NTBUYRrUSnAC/KBhm/PFzoCJATiLLPsstzgqzbe9vG8tnULb2driAH4Ytd03cmROp30V+9vW6J9eyCofWySWZNEYriRfY1y7y5AR8W13zQL0FGZOewUy/1T7YRvN8FjZFh4n7S3c0GREX3FSSNrmaHwOqgueDs=,iv:VziNMRpC2clhFyOMG8LRReMGUxhYqjUaZeA8gh599aM=,tag:H1tQBZ8nSgATSJB6nFSdlA==,type:str] bandcampcdCookieFile: ENC[AES256_GCM,data:vHw7utB2mAUiys+zBNpGDW9URdSMkWbvv0bZyNUgbDwHkg0ZkbxHBbnspbU4gM5AmUc0OPKjgoqaLEfy+mrylfyXxdKyVlLWGVDwH/9SjsgLjNWBnZOfS0/JN0h8nD9DDfQ9+KVKwfnndIBDwc3Qr+/uQe88JOWeN27ZZoqMXAA7y92aHAn/cdjV9opJL3zq2Gk9ZSjW6pX0W382/+P2d+n5pvnJCGaVcz6NqYj36V7eu+jqtCdpN0ugb7bEQLBEPxN6vDkB1EaWiuI+JXUqPyAlyRqH/9D9IKFu+HWVjryz6WILkJ8rpAEKUtgr4DUDgW/ukTp8/gCe/w126YljuGYj283WYZOTJQHnNdqZFur1qmIosSRLzw4atnD1CAEpZzHFXGz19wMk5+U3OkPQkC/PxmzhqQlyKw7JQ8rNu+WTcHmF3YqYZjtPj1aayXxLqQ9IbZOwXwa0BLRZX7FOFJz/znQa7kR2VE5/Q8vbYA3sz0gBQiIcl8VSzGtQlVM7K+TtkiUSA4DwKH+deSlUnjauIsLldENlbOWwDdm+ckdIRUUuIXiHRq9VM+1UPJdxLGScsPUgsIMZckIkdcEXDyBo3HPdwvQ0lX2msqTIyJxgBMyvSC37Frb0l7hiE6j5HndLv0nfT8krik12WpfR9PKjJqy6kIl3fwSwTqNHA7yPeQKHR8QizGXmkwxEBtsYufKE0Oi1u7VUwwyJe9IU2Gkr0TQYiHo7Glg0lNtkrpPIM+hOjxJJE2MVRe+S117RluvvfEjAmEhyb9cjW+TAw3kQttwO2vMk+RHV3mFF5G2/0tmRbvpbou68eFDDOBQ8ILrUo35GuR8ziPXJeJ+5EuCgePGavEP4qX4FX/GpnMEo85b6m5Vow5EOu8dakHX4fcFTPQeCZ0FoLTGYzGxqUsMG4E8upsPZMw4xBxeVjQO35l4FVhwNyrsIaep1mZWf5vBgAN4q2FYyfJ7jnClJkSrNxg0zW8sEgqEZXIZcFfhPYC1DWZZRMII5n8zJXoeGHDLEIuT4zeIpoXRN3+S4X3AFL4I/gm6mAbFQv3IJ8+g/EOThTZh0PRl70v0Imd3EDetjy4rKphPDpeb6QJWPQkWnIcIeE7Nkg19VoOcWmL8UDxUpsD0NIL1QSZ5ElBuoFVsKuOlkBD5UucLOGZgF01n4BXQjZ9DIW1xBm3lWDDxzuwh4F1rf2MvgesZCEGVn/Y3VF3YMGgdhxLht4IHo4w6z7Rzuh53acf6TH+uZ+iOmFaBETlxA17n6YyaCVzjCuyBNxAxTvX0y+49saYctF9PExYwoKtKL2X9u8NR2OoZJi+TPVfLwBxSrrr9et7Kxhlqu2zxqzWRt7xQXUxWL28HqZljBZxpOxdhy9XLCr3Aj2aZa1mH7zFX5hincsT/RiHEMdOXNUtJoQvBFe/HZ+uquM42Q90qf0alO+VT7kpa5anHLMfzwRKub6W7eFbTe5CD9SybwRDnB503WyreTUmDgIJNwoqePC+WYrW1RnBhI8ebdGl+34ou5CuJldqa1UTEzJNeNqCWLzrP/ThAcJRqmZJ945na6mmQqxhRp2edGu5+tIP3FzoHK2hUOlPyv5CgWGwXLCE0E1kP9Acpex53Wz/NxEa5eTB3ZlwsXNeI2fx4rwyAgtTVMQbzvuf3bVgIAN73I5mRfHRdTeKyQqgShtbEIoz2Q5TGvFNl2ALJ4bJzOVRo2LkUYTGHHH2x623o29fN8Ij35DRabVJyt1y5QGwVNWco=,iv:dgV9d8sRSwyNlW3lWZ6ldWw9+Fxs0Wmn1jhRxg5Pkfs=,tag:ZY3frrrk5/bBgx5lRMYvGg==,type:str] navidromeSecrets: ENC[AES256_GCM,data:kWk8+jh766yXzDHM5ZnZC+L9Qe1FrcaEjmTyidQ8n0QhcciYFEuV6XCwzYHQUICajv9q1+fggmDJqjcFiMvACFUvUrKrNlV4hKsIdoOBKn4a6P5V5Fw1UudcZRw3zJ6yX9n7yQ==,iv:nrSe5cPIq7PJRtxe6s5icyFKRRBlgTb9keXou8JT2dE=,tag:cMf8cinvsV94MV7YKm3AvQ==,type:str] -jellyfin-lander-password: ENC[AES256_GCM,data:3aQQwRF3kw8eJ+FFokB8zcmbIlgjNjvOlznBXdXO5kayotWAxleVSdU/ps+SLYpvlUlb3pSXPUkYME04ZJdfHtiYf3uBhv/lMMq2GBCpRTOdEJXEXmMm2RmLYhOobN9sM3zBfGbQ7a0VeYrKie4BQou3J5XxO8BuA8o6i6e1shuXJB9o8k8lmpoD7s4ToHIbQAo0oTkdZUYhZf43I/ZJCzLvT24eP6RGxMsmlpT/n77RuogX3yu1VfGh9DKmrrthyDg=,iv:dDfSBWbDsIZKr90VNdhz0oZIuTt2U/EeDPpWXf+3O+8=,tag:edyjpZIwG30uAR+BTYrSqQ==,type:str] +jellyfin-lander-password: ENC[AES256_GCM,data:yQ/SHl77cEVpTQHY/woAa7ibtSKARLGEcrmmgOCfvCuP1QCp7Mji/IovpLLgaS4RU99LtvE7cDh92ZyzpRGB4Js8ghHPCVeQsXjcGFdHcCX767fY7Un1p2dn5q5XWq+4xUrZcpNH2A2dYLxPtCf++MLu6VVaT7YjMH9BJlLLBCA/i29RvYp1HBsv+NkooR+r3ztqAkPAEHM1mwBsUhRecrNVRUsh/8kJgzOs0xJzl3sSmN/3TKSGQPcZaKNpY9KqNGI=,iv:aoQY2h2t60CRIezVVPKH5Y5ImMwoc9t7D+vB27nVHqA=,tag:zLKWWStnafg8+Yt6Mni/Tg==,type:str] sops: age: - recipient: age1hvrssz7k9akz66evj4kja53zvdtrss8k2ljxsh5myh2mru62sggqznlzrt @@ -16,8 +16,8 @@ sops: b1ZqUzZLUkFwNHJyVlhmK0FOZ1JFYUEKDU4NmBCHRY+ZK+RFK/LioGzjJTaOE1ky MC6jxt7Y5RkCk0BBqeoEVLaNXNViPjwakbvyfH0w0P6l0KDJ4mNlYQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-10-31T18:13:13Z" - mac: ENC[AES256_GCM,data:z5NMlGxfZtGZsh4RGrHb8tczyuWtluxYyYjTcr2RsvOJ15Pv/oYCcFSrpchODVmKkcaO6rX9C/tLJuizSrjhdtLaO0VlDibdoyLX8JbVwsqHYgq6BY+C96++u5jG9Bztsf2WUVk7yru0SAF/dbZsT6iyLypJcmNK9QZe78B31Vg=,iv:uWAROokF/DT33MYbPFWoOY0dCDrJMKfmqUhKUJ0HZVg=,tag:AcyZkdhip1F08baZsOQEUA==,type:str] + lastmodified: "2025-10-31T18:42:20Z" + mac: ENC[AES256_GCM,data:Bf/0/BAoSS63BjkWnjdwYturgJPOvreEGHT68UyXKzVGD7PyYYo3NkEFXf7/GVy3J/j+ypIHDE2hgN8XaGympwMUtPCQb8SrB4Dptl/ePM2wrz26Cp78pBetuHwmJAWMrq3WLatYGhuaywzGZjUAumtEdvmdP6/wGTybLdBoiuE=,iv:xCUjSRA0gNsk5txcZ3w/oxDOnDAGxtaScDApPHpImFQ=,tag:N3gQAxY/4tA3p85YtvAboA==,type:str] pgp: - created_at: "2025-09-18T21:32:42Z" enc: |- From b2d64c5ae13a4363531ed518fe7901a344b40707 Mon Sep 17 00:00:00 2001 From: Lander Van den Bulcke Date: Fri, 31 Oct 2025 20:00:01 +0100 Subject: [PATCH 4/6] feat: add sabnzbd Signed-off-by: Lander Van den Bulcke --- hosts/servers/hosting-02.nix | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/hosts/servers/hosting-02.nix b/hosts/servers/hosting-02.nix index d6427b0..a3a13af 100644 --- a/hosts/servers/hosting-02.nix +++ b/hosts/servers/hosting-02.nix @@ -183,6 +183,14 @@ }; }; + services.sabnzbd = { + enable = true; + }; + + systemd.services.sabnzbd.serviceConfig = { + NetworkNamespacePath = "/run/netns/vpn"; + }; + sops = { defaultSopsFile = ./hosting-02.yaml; secrets = { From 7e668d4d48dd07b4b7660bce4b915d81dcb495a2 Mon Sep 17 00:00:00 2001 From: Lander Van den Bulcke Date: Fri, 31 Oct 2025 20:02:38 +0100 Subject: [PATCH 5/6] feat: allow unfree packages in colmena hive Signed-off-by: Lander Van den Bulcke --- flake.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/flake.nix b/flake.nix index c8a3963..cbf2b4c 100644 --- a/flake.nix +++ b/flake.nix @@ -202,6 +202,7 @@ meta = { nixpkgs = import nixpkgs { system = "aarch64-linux"; + config.allowUnfree = true; overlays = [ overlays.unstable-packages inputs.headplane.overlays.default From b8897b74683388b4908f116438dd829e77e1bce9 Mon Sep 17 00:00:00 2001 From: Lander Van den Bulcke Date: Fri, 31 Oct 2025 20:11:33 +0100 Subject: [PATCH 6/6] feat: add nzb revproxy Signed-off-by: Lander Van den Bulcke --- hosts/servers/hosting-02.nix | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/hosts/servers/hosting-02.nix b/hosts/servers/hosting-02.nix index a3a13af..a7b3ff1 100644 --- a/hosts/servers/hosting-02.nix +++ b/hosts/servers/hosting-02.nix @@ -191,6 +191,15 @@ NetworkNamespacePath = "/run/netns/vpn"; }; + services.nginx.virtualHosts."nzb.escapeangle.com" = { + forceSSL = true; + enableACME = true; + locations."/" = { + proxyPass = "http://10.10.10.2:8080"; + proxyWebsockets = true; + }; + }; + sops = { defaultSopsFile = ./hosting-02.yaml; secrets = {