diff --git a/README.md b/README.md
index f1521ce..c58d847 100644
--- a/README.md
+++ b/README.md
@@ -69,5 +69,10 @@ nix multi user, multi system, configuration with `sops` secret management, `home
 - ISO target that contains authorized keys for nixos-anywhere https://github.com/diegofariasm/yggdrasil/blob/4acc43ebc7bcbf2e41376d14268e382007e94d78/hosts/bootstrap/default.nix
 - panoramax instance
 - mastodon instance
+- update proxy.nix files to contain the subdomain configs
+- rework the reverse_proxy.nix file so that it is a normally named service. Then also change it so that we can hook into it with both a base domain and a subdomain to make migrating to vpn accessible services easier
 - move searx, home-assistant, actual, jellyfin, paperless, and immich to only be accessible via vpn
+- make radarr, sonarr, and bazarr accessible over vpn
+- create some sort of service that allows uploading files to jellyfin
+	- auto sort files into where they should go with some combination of filebot cli and picard cli
 - graphana accessible though tailscale
\ No newline at end of file
diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix
index 830af16..2cde0b1 100644
--- a/configurations/nixos/defiant/configuration.nix
+++ b/configurations/nixos/defiant/configuration.nix
@@ -287,21 +287,6 @@
       subdomain = "budget";
     };
 
-    sonarr = {
-      enable = true;
-      openFirewall = true;
-    };
-
-    radarr = {
-      enable = true;
-      openFirewall = true;
-    };
-
-    bazarr = {
-      enable = true;
-      openFirewall = true;
-    };
-
     home-assistant = {
       enable = true;
       subdomain = "home";
@@ -332,6 +317,11 @@
       openFirewall = true;
       webuiPort = 8084;
     };
+
+    filebot-cleanup = {
+      enable = true;
+      licenseFile = "/srv/jellyfin/filebot_license.psm";
+    };
   };
 
   # disable computer sleeping
diff --git a/configurations/nixos/defiant/default.nix b/configurations/nixos/defiant/default.nix
index 3013946..05975a1 100644
--- a/configurations/nixos/defiant/default.nix
+++ b/configurations/nixos/defiant/default.nix
@@ -4,5 +4,6 @@
     ./hardware-configuration.nix
     ./configuration.nix
     ./packages.nix
+    ./filebot.nix
   ];
 }
diff --git a/configurations/nixos/defiant/filebot.nix b/configurations/nixos/defiant/filebot.nix
new file mode 100644
index 0000000..77d81bd
--- /dev/null
+++ b/configurations/nixos/defiant/filebot.nix
@@ -0,0 +1,82 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+with lib; let
+  cfg = config.services.filebot-cleanup;
+in {
+  options.services.filebot-cleanup = {
+    enable = mkEnableOption "Filebot cleanup service";
+
+    licenseFile = mkOption {
+      type = types.nullOr types.path;
+      default = null;
+      description = "Path to the Filebot license file";
+    };
+
+    cleanupDirectory = mkOption {
+      type = types.str;
+      default = "/srv/jellyfin/filebot_cleanup";
+      description = "Directory where cleaned up media files are stored";
+    };
+  };
+
+  config = mkIf cfg.enable {
+    users.groups.filebot_cleanup = {};
+    users.users.filebot_cleanup = {
+      isSystemUser = true;
+      group = "filebot_cleanup";
+      extraGroups = ["jellyfin_media"];
+      home = cfg.cleanupDirectory;
+      createHome = true;
+    };
+
+    nixpkgs.config.allowUnfreePredicate = pkg:
+      builtins.elem (lib.getName pkg) [
+        "filebot"
+      ];
+
+    environment.systemPackages = with pkgs; [
+      filebot
+    ];
+
+    systemd.services.filebot-cleanup = {
+      description = "Filebot media cleanup service";
+      serviceConfig = {
+        Type = "simple";
+        User = "filebot_cleanup";
+        Group = "filebot_cleanup";
+        ExecStart = pkgs.writeShellScript "filebot-cleanup" ''
+          ${optionalString (cfg.licenseFile != null) ''
+            ${pkgs.filebot}/bin/filebot --license "${cfg.licenseFile}"
+          ''}
+          ${pkgs.filebot}/bin/filebot -rename -r "/srv/jellyfin/media/Movies/" --output "${cfg.cleanupDirectory}/" --format "{jellyfin}" -non-strict --action move
+          ${pkgs.filebot}/bin/filebot -rename -r "/srv/jellyfin/media/Shows/" --output "${cfg.cleanupDirectory}/" --format "{jellyfin}" -non-strict --action move
+        '';
+        StandardOutput = "journal";
+        StandardError = "journal";
+      };
+      wantedBy = ["multi-user.target"];
+    };
+
+    environment.persistence = lib.mkIf config.host.impermanence.enable {
+      "/persist/system/filebot_cleanup" = {
+        enable = true;
+        hideMounts = true;
+        files = [
+          cfg.licenseFile
+        ];
+        directories = [
+          {
+            directory = cfg.cleanupDirectory;
+            user = "filebot_cleanup";
+            group = "filebot_cleanup";
+            mode = "1770";
+          }
+        ];
+      };
+    };
+  };
+}
diff --git a/configurations/nixos/defiant/packages.nix b/configurations/nixos/defiant/packages.nix
index f9cce58..45780b0 100644
--- a/configurations/nixos/defiant/packages.nix
+++ b/configurations/nixos/defiant/packages.nix
@@ -1,19 +1,9 @@
-{
-  pkgs,
-  lib,
-  ...
-}: {
-  nixpkgs.config.allowUnfreePredicate = pkg:
-    builtins.elem (lib.getName pkg) [
-      "filebot"
-    ];
-
+{pkgs, ...}: {
   environment.systemPackages = with pkgs; [
     ffsubsync
     sox
     yt-dlp
     ffmpeg
     imagemagick
-    filebot
   ];
 }
diff --git a/modules/nixos-modules/users.nix b/modules/nixos-modules/users.nix
index ea8d877..db7d4ab 100644
--- a/modules/nixos-modules/users.nix
+++ b/modules/nixos-modules/users.nix
@@ -25,9 +25,9 @@
     qbittorrent = 2011;
     paperless = 2012;
     actual = 2013;
-    radarr = 275;
-    sonarr = 274;
-    bazarr = 985;
+    radarr = 2014;
+    sonarr = 2015;
+    bazarr = 2016;
   };
 
   gids = {
@@ -45,9 +45,9 @@
     qbittorrent = 2011;
     paperless = 2012;
     actual = 2013;
-    radarr = 275;
-    sonarr = 274;
-    bazarr = 981;
+    radarr = 2014;
+    sonarr = 2015;
+    bazarr = 2016;
   };
 
   users = config.users.users;