diff --git a/secrets.nix b/secrets.nix
index 98563b7..8a4e5b2 100644
--- a/secrets.nix
+++ b/secrets.nix
@@ -10,6 +10,7 @@ let
   nginx = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKX2wkS9bpMy1+ITPtQclRkthOwksWBZOLa3bT9oLAe1 root@nixos-nginx";
   jellyfin = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBiJb+U6LQ3KglTJqdUzwCVkKWqYoBuJXZ8BXXgCMqN5 root@jellyfin";
   docker = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB2n8jioazInEa0vfXY5gGcntOH4+yBV9VkdxvwEKCqA root@docker";
+  nixarr = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICbGn92P4OxaGWiQDrAbE8NhFp8UCtkfSzX2fkEv+ckk root@arr-box";
 
   systems = [grafana onlyoffice postgresql forgejo nginx jellyfin];
 in {
@@ -44,4 +45,6 @@ in {
   "services/docker/secrets/docker-gluetun-env.age".publicKeys = [tbarnouin docker];
   "services/docker/secrets/docker-qbittorrent-env.age".publicKeys = [tbarnouin docker];
   "secrets/docker-lapi-key.age".publicKeys = [tbarnouin docker];
+
+  "secrets/nixarr-lapi-key.age".publicKeys = [tbarnouin nixarr];
 }
diff --git a/secrets/nixarr-lapi-key.age b/secrets/nixarr-lapi-key.age
new file mode 100644
index 0000000..e1b4e86
--- /dev/null
+++ b/secrets/nixarr-lapi-key.age
@@ -0,0 +1,12 @@
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE9Xa1ZYdyBCMnB6
+YVNiWHFaaWFXMlhSSUlrMStCZmUyazFNNisrallhTlBRd3kvUXdrCnhlNCtFWVU5
+d0JlWlBJUFZUb1phdElRNDQ4QS9PNndWSWExMk8xUm5BRzQKLT4gc3NoLWVkMjU1
+MTkgSEdqU05RIHpyRXgwUUxCRGwzTlVkRk5TLzQ0dndRNCtSVW91aS9URlRBeFFL
+TXpqM0kKRmZZTUp4Z1gwQzVhY1duRUxvTmRIZzdqRlRwN2xWNGFRRGhxd29ZNXg3
+SQotPiAhXklgVS1ncmVhc2Ugd25FT2NfClNvZ003N2NGWUEKLS0tICtORy9PWUY1
+ZUh3ZE4xdk9KMVFkTldBWCtSM3Y1Zmc1WkJaRjFFUGJjSnMKvBaVF+5fNa7toODJ
+NJHSHmngabxlK00J5KSCF6v7xLrBSAhjfL2vKBq3F+mpIsIxcbYFsEECubuCDbuR
+LKsQpA8ySDbSfjd6Ihwk6VxWKkA/JHwLP2bY2oqcYDlFI6QJhlTLM+dXvaob5YDu
+LRYnynBuYCH2OHlJJJB5C0KckBU9xffwpWYdR1EHQVfNFvLd6Eru5PvKjTk=
+-----END AGE ENCRYPTED FILE-----
diff --git a/services/jellyfin-nvidia/default.nix b/services/jellyfin-nvidia/default.nix
new file mode 100644
index 0000000..9acce30
--- /dev/null
+++ b/services/jellyfin-nvidia/default.nix
@@ -0,0 +1,57 @@
+{
+  lib,
+  config,
+  pkgs,
+  ...
+}: let
+  cfg = config.services.vm_jellyfin_nvidia;
+in {
+  options.services.vm_jellyfin_nvidia = {
+    enable = lib.mkEnableOption "Enable minimal config";
+  };
+  config = lib.mkIf cfg.enable {
+    environment = {
+      systemPackages = with pkgs; [
+        nvtopPackages.nvidia
+      ];
+    };
+    # Nvidia Hardware Acceleration config
+    services.xserver.videoDrivers = [ "nvidia" ];
+    hardware = {
+      graphics = {
+        enable = true;
+        extraPackages = with pkgs; [ cudaPackages.cudatoolkit ];
+      };
+      nvidia = {
+        package = config.boot.kernelPackages.nvidiaPackages.latest;
+        nvidiaSettings = true;
+        modesetting.enable = true;
+        # Nvidia power management. Experimental, and can cause sleep/suspend to fail.
+        # Enable this if you have graphical corruption issues or application crashes after waking
+        # up from sleep. This fixes it by saving the entire VRAM memory to /tmp/ instead
+        # of just the bare essentials.
+        powerManagement.enable = false;
+        powerManagement.finegrained = false;
+  
+        # Use the NVidia open source kernel module
+        # Recommended by Nvidia for 20+ series GPU
+        open = true;
+      };
+    };
+    services = {
+      jellyfin = {
+        enable = true;
+        user = "tbarnouin";
+        openFirewall = true;
+      };
+    };
+    fileSystems."/mnt/media" = {
+      device = "192.168.1.125:/BIGDATA";
+      fsType = "nfs";
+      options = [
+        "x-systemd.automount"
+        "noauto"
+      ];
+    };
+  };
+}
diff --git a/services/nixarr/default.nix b/services/nixarr/default.nix
new file mode 100644
index 0000000..e9b25e3
--- /dev/null
+++ b/services/nixarr/default.nix
@@ -0,0 +1,60 @@
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}: let
+  cfg = config.services.vm_nixarr;
+in {
+  options.services.vm_nixarr = {
+    enable = lib.mkEnableOption "Enable minimal config";
+  };
+  config = lib.mkIf cfg.enable {
+    age.secrets = {
+      nixarr-lapi-key = {
+        file = ../../secrets/nixarr-lapi-key.age;
+        owner = "crowdsec";
+      };
+    };
+    services = {
+      crowdsec = {
+        hub.collections = [
+          "LePresidente/gitea"
+        ];
+        settings.lapi.credentialsFile = "${config.age.secrets.nixarr-lapi-key.path}";
+        localConfig = {
+          acquisitions = [
+            {
+              source = "journalctl";
+              journalctl_filter = [ "_SYSTEMD_UNIT=radarr.service" ];
+              labels = {
+                type = "syslog";
+              };
+            }
+          ];
+        };
+      };
+      prowlarr = {
+        enable = true;
+        openFirewall = true;
+      };
+      bazarr = {
+        enable = true;
+        openFirewall = true;
+      };
+      sonarr = {
+        enable = true;
+        openFirewall = true;
+      };
+      radarr = {
+        enable = true;
+        openFirewall = true;
+      };
+      jellyseer = {
+        enable = true;
+        openFirewall = true;
+      };
+    };
+    networking.firewall.allowedTCPPorts = [3000];
+  };
+}