Update nix-secrets and arrstack configuration

- Update `flake.lock` with new `nix-secrets` revision
- Modify `arrstack.nix`:
  - Change secret paths for OpenVPN credentials
  - Add new ports and capabilities for gluetun service
  - Add qbittorrent service with environment variables
  - Rename project from jellyfin to arrstack
- Update `jellyfin.nix` to set container name
- Include `jellyfin.nix` and `arrstack.nix` in `default.nix`
- Adjust GDK scaling variables in `default.nix` for better display
- Improve `justfile`:
  - Pull latest changes before editing SOPS file
  - Use timestamped commit messages for auto-commits

flake.lock

@@ -538,11 +538,11 @@
     },
     "nix-secrets": {
       "locked": {
-        "lastModified": 1736339437,
+        "lastModified": 1736453439,
-        "narHash": "sha256-Em8E6Ml2whMU1IoEB3OI3eKhjSu2J/xbXdlIt+8x61U=",
+        "narHash": "sha256-lDnZPKCNGjLzYwuYgW+bj6xaTFEiEvfKLAOSI6BQR6c=",
         "ref": "refs/heads/master",
-        "rev": "7c6042a975808186934e012ad32ae0e03ab60bff",
+        "rev": "d7aadcc3de64b66359386399d80ccc446181a758",
-        "revCount": 194,
+        "revCount": 196,
         "type": "git",
         "url": "ssh://git@git.bitlab21.com/sam/nix-secrets.git"
       },

hosts/common/optional/docker/arrstack.nix

@@ -1,6 +1,7 @@
-{config, pkgs, ...}: let
+{config, ...}: 
-  # openVpnPwd = config.sops.secrets."software/proton/openvpn/password".path;
+let
-  # openVpnUser = config.sops.secrets."software/proton/openvpn/username".path;
+  openVpnPwd = config.sops.secrets."software/proton/openvpn_password".path;
+  openVpnUser = config.sops.secrets."software/proton/openvpn_user".path;
 in {
   services.restic.backups = {
     daily = {
@@ -12,30 +13,56 @@ in {
     };
   };
 
+  sops.secrets = {
+    "software/proton/openvpn_password" = {};
+    "software/proton/openvpn_user" = {};
+  };
+
   virtualisation.arion = {
     backend = "podman-socket";
-    projects.jellyfin = {
+    projects.arrstack = {
       settings = {
         services.gluetun.service = {
           ports = [
-            "8076:8076"
+            "8076:8076" # qbittorrent webui port
+            "6887:6887" # qbittorrent torrenting port
+            "6887:6887/udp" # qbittorrent torrenting port
           ];
           image = "qmcgaw/gluetun";
+          capabilities = { NET_ADMIN = true; };
+          container_name = "glutun";
           restart = "always";
           volumes = [
             "/srv/media-server/arrstack/gluetun:/gluetun"
+            "${openVpnPwd}:/run/secrets/openvpn_password"
+            "${openVpnUser}:/run/secrets/openvpn_user"
           ];
           environment = {
-            VPN_SERVICE_PROVIDE = "protonvpn";
+            VPN_SERVICE_PROVIDER = "protonvpn";
             VPN_TYPE = "openvpn";
-
             SERVER_COUNTRIES = "Switzerland";
           };
           devices = ["/dev/net/tun:/dev/net/tun"];
-          command = [
-            "${pkgs.writeScript "entrypoint" "export TEST=test"}"
-          ];
         };
+
+        services.qbittorrent.service = {
+          image = "lscr.io/linuxserver/qbittorrent:latest";
+          container_name = "qbittorrent";
+          restart = "always";
+          volumes = [
+            "/srv/media-server/arrstack/qbittorrent:/config"
+            "/media/media:/media"
+          ];
+          environment = {
+            TZ="Europe/London";
+            WEBUI_PORT=8076;
+            TORRENTING_PORT=6887;
+            PUID=1000;
+            PGID=1000;
+          };
+          network_mode = "service:gluetun";
+        };
+
       };
     };
   };

hosts/common/optional/docker/jellyfin.nix

@@ -17,6 +17,7 @@
           ports = [
             "8096:8096"
           ];
+          container_name = "jellyfin";
           image = "lscr.io/linuxserver/jellyfin:latest";
           restart = "always";
           volumes = [

hosts/semita/default.nix

@@ -59,6 +59,8 @@ in {
 
     ../common/optional/restic-backup.nix
     ../common/optional/nixos-containers/backup-server.nix
+    ../common/optional/docker/jellyfin.nix
+    ../common/optional/docker/arrstack.nix
      
     # # Build nix derivations on remote machine
     # ../common/optional/distributed_builds/local-machine.nix
@@ -87,8 +89,8 @@ in {
   };
 
   environment.variables = {
-    GDK_SCALE = "2";
+    GDK_SCALE = "1";
-    GDK_DPI_SCALE = "0.6";
+    GDK_DPI_SCALE = "1";
     _JAVA_OPTIONS = "-Dsun.java2d.uiScale=1.8";
     QT_AUTO_SCREEN_SCALE_FACTOR = "1";
     XCURSOR_SIZE = "32";

justfile

@@ -27,8 +27,9 @@ update-flake:
 # edit sops file
 edit-sops:
   echo "Editing {{SOPS_FILE}}"
+  cd $(dirname {{SOPS_FILE}}) && git pull
   nix-shell -p sops --run "SOPS_AGE_KEY_FILE=~/.config/sops/age/keys.txt sops {{SOPS_FILE}}"
-  cd $(dirname {{SOPS_FILE}}) && git add . && git commit -m "autocommit" && git push
+  cd $(dirname {{SOPS_FILE}}) && git add . && git commit -m "autocommit-$(date +'%d-%m-%y@%H:%m:%S')" && git push
 
 # update keys in secrets.yaml and push to remote
 update-sops-secrets: