diff --git a/agenix/hosts/mediaserver/aria2/config.age b/agenix/hosts/mediaserver/aria2/config.age
new file mode 100644
index 0000000..f8f2249
Binary files /dev/null and b/agenix/hosts/mediaserver/aria2/config.age differ
diff --git a/agenix/hosts/mediaserver/config.nix b/agenix/hosts/mediaserver/config.nix
index 5196bcf..8c841d4 100644
--- a/agenix/hosts/mediaserver/config.nix
+++ b/agenix/hosts/mediaserver/config.nix
@@ -25,5 +25,11 @@
     tubearchivist-environment-es = {
       file = ./tubearchivist/environmentES.age;
     };
+
+    aria2-config = {
+      file = ./aria2/config.age;
+      owner = "media_user";
+      group = "media_group";
+    };
   };
 }
diff --git a/home/programs/nvim/plugins.nix b/home/programs/nvim/plugins.nix
index 081d2f9..42c0177 100644
--- a/home/programs/nvim/plugins.nix
+++ b/home/programs/nvim/plugins.nix
@@ -107,12 +107,12 @@ in
   };
   nvim-treesitter = buildVimPluginFrom2Nix {
     pname = "nvim-treesitter";
-    version = "2023-04-25";
+    version = "2023-04-26";
     src = fetchFromGitHub {
       owner = "nvim-treesitter";
       repo = "nvim-treesitter";
-      rev = "82bcd8483e0b802bd5f639046c88aecfddbab508";
-      sha256 = "12phddjhxir1b9b8731b2d28zfa9lxvk85pi6i126s84rnr76nv2";
+      rev = "0d7da3bd7d59ffacc2fac6a52a1ba16d820f882c";
+      sha256 = "0dd125zxggjxkdv8lpshm9w0fm0m1w7k2r1i5ar1rhgzbb4v0b3y";
       fetchSubmodules = false;
     };
   };
@@ -140,12 +140,12 @@ in
   };
   telescope-nvim = buildVimPluginFrom2Nix {
     pname = "telescope.nvim";
-    version = "2023-04-23";
+    version = "2023-04-26";
     src = fetchFromGitHub {
       owner = "nvim-telescope";
       repo = "telescope.nvim";
-      rev = "f2645c13205abb9ee3dbcee68416645c69b863c8";
-      sha256 = "0kayab5maqjw9dq1dvila2si6j79rrbimfmj7az718msz20fp35z";
+      rev = "713d26b98583b160b50fb827adb751f768238ed3";
+      sha256 = "0g9ac5wp9vnj2qmwc4v6ix0pjsaqg0q5vk42wbyjjnkxa17f2y1b";
       fetchSubmodules = false;
     };
   };
@@ -308,12 +308,12 @@ in
   };
   friendly-snippets = buildVimPluginFrom2Nix {
     pname = "friendly-snippets";
-    version = "2023-04-24";
+    version = "2023-04-26";
     src = fetchFromGitHub {
       owner = "rafamadriz";
       repo = "friendly-snippets";
-      rev = "9590ff90759488674cf97fe5d5754a0733ab37bb";
-      sha256 = "1x89ffp5ih2xsjzczfv1nma8jvr0sbwyss7mw4pkxfivhz10ai5c";
+      rev = "631f79e346b0b3203d2ce3eae619ca8d612e5463";
+      sha256 = "0ly8dpp2g6ls5cxwhwb2pwihn9ivhc0amb9h33lfchs5m6ps2a7b";
       fetchSubmodules = false;
     };
   };
diff --git a/secrets.nix b/secrets.nix
index 3d5ef6b..b29a3a6 100644
--- a/secrets.nix
+++ b/secrets.nix
@@ -67,4 +67,6 @@ in
   "agenix/hosts/mediaserver/tubearchivist/environmentTA.age".publicKeys = mediaserver;
 
   "agenix/hosts/mediaserver/tubearchivist/environmentES.age".publicKeys = mediaserver;
+
+  "agenix/hosts/mediaserver/aria2/config.age".publicKeys = mediaserver;
 }
diff --git a/system/hosts/mediaserver.nix b/system/hosts/mediaserver.nix
index 6585971..865fbd2 100644
--- a/system/hosts/mediaserver.nix
+++ b/system/hosts/mediaserver.nix
@@ -26,6 +26,7 @@ in
     ../nixos/sonarr.nix
     ../nixos/radarr.nix
     ../nixos/jellyfin.nix
+    ../nixos/aria2.nix
 
     ../nixos/container.nix
     ../../container/tubearchivist
diff --git a/system/nixos/aria2.nix b/system/nixos/aria2.nix
new file mode 100644
index 0000000..c556212
--- /dev/null
+++ b/system/nixos/aria2.nix
@@ -0,0 +1,64 @@
+{ pkgs, lib, config, ... }:
+
+let
+  ariaDir = "/mnt/downloads/Aria2";
+  settingsDir = "${ariaDir}/conf";
+  sessionFile = "${settingsDir}/aria2.session";
+in
+{
+  # The nix-provided options force a aria2-user to a certain degree
+  systemd.tmpfiles.rules = [
+    "d ${ariaDir} 0755 media_user media_group"
+    "d ${settingsDir} 0755 media_user media_group"
+    "d ${ariaDir}/dl 0755 media_user media_group"
+  ];
+
+  systemd.services.aria2 = {
+    description = "aria2 Service";
+    bindsTo = [ "wg.service" ];
+    after = [ "wg.service" ];
+    wantedBy = [ "multi-user.target" ];
+
+    preStart = ''
+      if [[ ! -e "${sessionFile}" ]]
+      then
+        touch "${sessionFile}"
+      fi
+      cp -f "${config.age.secrets.aria2-config.path}" "${settingsDir}/aria2.conf"
+    '';
+
+    serviceConfig = {
+      Restart = "on-abort";
+      ExecStart = "${pkgs.aria2}/bin/aria2c --enable-rpc --conf-path=${settingsDir}/aria2.conf --save-session=${sessionFile}";
+      ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
+      User = "media_user";
+      Group = "media_group";
+      NetworkNamespacePath = "/var/run/netns/wg";
+      BindReadOnlyPaths = [
+        "/etc/netns/wg/resolv.conf:/etc/resolv.conf:norbind"
+        "/etc/netns/wg/nsswitch.conf:/etc/nsswitch.conf:norbind"
+      ];
+    };
+  };
+
+  services.nginx.virtualHosts."aria.internal.kempkens.network" = {
+    quic = true;
+    http3 = true;
+    kTLS = true;
+
+    root = "${pkgs.ariang}/share/ariang";
+    onlySSL = true;
+    useACMEHost = "internal.kempkens.network";
+
+    locations."/jsonrpc" = {
+      recommendedProxySettings = true;
+      proxyPass = "http://192.168.42.2:6800";
+      proxyWebsockets = true;
+    };
+
+    locations."/rpc" = {
+      recommendedProxySettings = true;
+      proxyPass = "http://192.168.42.2:6800";
+    };
+  };
+}