From c4d4ddecbc4bc04c36d3d6108e579dafa6174a7a Mon Sep 17 00:00:00 2001
From: Joshua Bell <abc@joshuabell.xyz>
Date: Mon, 2 Feb 2026 11:10:59 -0600
Subject: [PATCH] Use localhost DB and enable VPN confinement for youtarr DB

---
 hosts/h001/mods/youtarr.nix | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/hosts/h001/mods/youtarr.nix b/hosts/h001/mods/youtarr.nix
index 2cd36361..efdef45a 100644
--- a/hosts/h001/mods/youtarr.nix
+++ b/hosts/h001/mods/youtarr.nix
@@ -27,7 +27,7 @@ in
         environment = {
           PUID = toString uid;
           PGID = toString gid;
-          DB_HOST = "192.168.15.1";
+          DB_HOST = "127.0.0.1";
           DB_PORT = toString dbPort;
           DB_USER = "root";
           DB_PASSWORD = "123qweasd";
@@ -72,21 +72,22 @@ in
       "d '${mediaDir}' 0775 ${name} ${name} - -"
     ];
 
-    # Use Nixarr vpn
+    # Both containers run in the VPN namespace so they share localhost
     systemd.services.podman-youtarr.vpnconfinement = {
       enable = true;
       vpnnamespace = "wg";
     };
 
+    systemd.services.podman-youtarr-db.vpnconfinement = {
+      enable = true;
+      vpnnamespace = "wg";
+    };
+
     vpnNamespaces.wg.portMappings = [
       {
         from = port;
         to = port;
       }
-      {
-        from = dbPort;
-        to = dbPort;
-      }
     ];
 
     services.nginx = {