From b931eb8ebb345a6f12abc963a96a1f0ce5e2258a Mon Sep 17 00:00:00 2001
From: rasmus-kirk <mail@rasmuskirk.com>
Date: Sat, 18 Jan 2025 12:24:59 +0100
Subject: [PATCH 1/3] removed todo

updated changelog
---
 CHANGELOG.md                          | 9 +++++++++
 docs/wiki/examples/example-2/index.md | 7 ++++---
 nixarr/jellyfin/default.nix           | 1 -
 3 files changed, 13 insertions(+), 4 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index d3dc21f..b8b1b8c 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,14 @@
 # Changelog
 
+## 2025-01-18
+
+Added:
+- Jellyseer service
+- Sonarr default package, pinned to older working sonarr package
+
+Removed:
+- Jellyfin expose VPN options
+
 ## 2024-09-19
 
 Added:
diff --git a/docs/wiki/examples/example-2/index.md b/docs/wiki/examples/example-2/index.md
index f02c44d..c258eb3 100644
--- a/docs/wiki/examples/example-2/index.md
+++ b/docs/wiki/examples/example-2/index.md
@@ -52,7 +52,7 @@ example does the following:
   };
   # Adds your public keys as trusted devices
   users.extraUsers.username.openssh.authorizedKeys.keyFiles = [
-    ./path/to/public/key/machine.pub}
+    ./path/to/public/key/machine.pub
   ];
 ```
 
@@ -72,8 +72,9 @@ can use SSH tunneling. Simply run:
     -L 6004:localhost:7878 \
     -L 6005:localhost:8686 \
     -L 6006:localhost:8787 \
-    -L 6007:localhost:6767
+    -L 6007:localhost:6767 \
+    -L 6008:localhost:8096
 ```
 
 Replace `user` with your user and `ip` with the VPN ip. This lets you access
-the services on `localhost:6001` through `localhost:6007`.
+the services on `localhost:6001` through `localhost:6008`.
diff --git a/nixarr/jellyfin/default.nix b/nixarr/jellyfin/default.nix
index 429e926..1400027 100644
--- a/nixarr/jellyfin/default.nix
+++ b/nixarr/jellyfin/default.nix
@@ -240,7 +240,6 @@ in
         };
 
         # Port mappings
-        # TODO: openports if expose.vpn
         vpnNamespaces.wg = mkIf cfg.vpn.enable {
           portMappings = [
             {

From fe53d3a05653f3aa3ac4fa6b0b16e21bec52ad47 Mon Sep 17 00:00:00 2001
From: rasmus-kirk <mail@rasmuskirk.com>
Date: Sat, 18 Jan 2025 12:33:42 +0100
Subject: [PATCH 2/3] formatted and removed old option

---
 flake.lock                  | 17 +++++++++++++++++
 nixarr/jellyfin/default.nix |  5 +----
 2 files changed, 18 insertions(+), 4 deletions(-)

diff --git a/flake.lock b/flake.lock
index 9aa3f0e..af23c44 100644
--- a/flake.lock
+++ b/flake.lock
@@ -16,9 +16,26 @@
         "type": "github"
       }
     },
+    "nixpkgs-sonarr": {
+      "locked": {
+        "lastModified": 1732219096,
+        "narHash": "sha256-gbvtOPW7K7v4EFo7Feo5s+SI7FMVrCOA5CgnuMhWO/Y=",
+        "owner": "nixos",
+        "repo": "nixpkgs",
+        "rev": "328abff1f7a707dc8da8e802f724f025521793ea",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nixos",
+        "repo": "nixpkgs",
+        "rev": "328abff1f7a707dc8da8e802f724f025521793ea",
+        "type": "github"
+      }
+    },
     "root": {
       "inputs": {
         "nixpkgs": "nixpkgs",
+        "nixpkgs-sonarr": "nixpkgs-sonarr",
         "vpnconfinement": "vpnconfinement"
       }
     },
diff --git a/nixarr/jellyfin/default.nix b/nixarr/jellyfin/default.nix
index 1400027..804d93c 100644
--- a/nixarr/jellyfin/default.nix
+++ b/nixarr/jellyfin/default.nix
@@ -219,10 +219,7 @@ in
               locations."/" = {
                 recommendedProxySettings = true;
                 proxyWebsockets = true;
-                proxyPass = if cfg.expose.vpn.enable then
-                  "http://192.168.15.1:${builtins.toString cfg.expose.vpn.port}"
-                else
-                  "http://192.168.15.1:${builtins.toString defaultPort}";
+                proxyPass = "http://192.168.15.1:${builtins.toString defaultPort}";
               };
             };
           })

From bacae801995e1d86fe677122fb0e16ee23210281 Mon Sep 17 00:00:00 2001
From: rasmus-kirk <mail@rasmuskirk.com>
Date: Sat, 18 Jan 2025 12:36:35 +0100
Subject: [PATCH 3/3] Added todos

---
 nixarr/jellyseerr/jellyseerr-module/default.nix | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/nixarr/jellyseerr/jellyseerr-module/default.nix b/nixarr/jellyseerr/jellyseerr-module/default.nix
index fc6b77c..8b4d4a4 100644
--- a/nixarr/jellyseerr/jellyseerr-module/default.nix
+++ b/nixarr/jellyseerr/jellyseerr-module/default.nix
@@ -1,3 +1,4 @@
+# TODO: Add expose options for this module
 {
   config,
   pkgs,
@@ -67,6 +68,22 @@ in {
         Group = cfg.group;
         ExecStart = lib.getExe cfg.package;
         Restart = "on-failure";
+        # TODO: These are from nixpkgs, add them back if we add expose options
+        # ProtectHome = true;
+        # ProtectSystem = "strict";
+        # PrivateTmp = true;
+        # PrivateDevices = true;
+        # ProtectHostname = true;
+        # ProtectClock = true;
+        # ProtectKernelTunables = true;
+        # ProtectKernelModules = true;
+        # ProtectKernelLogs = true;
+        # ProtectControlGroups = true;
+        # NoNewPrivileges = true;
+        # RestrictRealtime = true;
+        # RestrictSUIDSGID = true;
+        # RemoveIPC = true;
+        # PrivateMounts = true;
       };
     };