nixos-configs/machine/backyard/default.nix

{ pkgs, ... }:

{
  imports = [
    ./hardware-configuration.nix
    ./fileserver.nix
    ./jellyfin.nix
    ./samba.nix
  ];

  # Use the systemd-boot EFI boot loader.
  boot.loader.systemd-boot.enable = true;
  boot.loader.efi.canTouchEfiVariables = true;

  # ZFS support
  boot.supportedFilesystems = [ "zfs" ];
  networking.hostId = "64cc144d";
  # https://old.reddit.com/r/zfs/comments/1826lgs/psa_its_not_block_cloning_its_a_data_corruption/
  boot.kernelParams = [ "zfs.zfs_dmu_offset_next_sync=0" ];
  boot.zfs.extraPools = [ "pool" ];

  beatific.hostName = "backyard";

  nix.channel.enable = false;

  # Enable networking
  networking.networkmanager.enable = true;

  networking.firewall = {
    enable = true;
    allowedTCPPorts = [
      7474  # mirror revproxy
      7475  # http serve tvb pool
      7476  # tvb catacomb host server
    ];
  };

  services.nginx = {
    enable = true;
    virtualHosts = {
      default = {
        default = true;
        rejectSSL = true;
        locations."/".return = "444";
      };
      "pool.backyard.home" = {
        listen = [
          { addr = "10.22.20.8"; }
          # Alternative port to ensure the right vhost connects
          { addr = "10.22.20.8"; port = 7475; }
        ];
        root = "/pool/tvb";
        locations."/".extraConfig = ''
          autoindex on;
          autoindex_exact_size off;
        '';
      };
      "mirror.backyard.home" = {
        listen = [
          { addr = "10.22.20.8"; }
          # Alternative port to ensure the right vhost connects
          { addr = "10.22.20.8"; port = 7474; }
        ];
        root = "/pool/tvb/doc/website/mirror";
      };
      "files.backyard.home" = {
        listen = [
          { addr = "10.22.20.8"; port = 7476; }
        ];
        locations."/" = {
          root = "/pool/tvb";
          tryFiles = "\$uri @indexer";
        };
        locations."@indexer".proxyPass = "http://localhost:5000";
      };
    };
  };

  environment.systemPackages = with pkgs; [
    pv			# zfs send progress meter
    smartmontools	# provides smartctl drive inspector
  ];
  programs.screen.enable = true;

  services.zfs = {
    autoScrub = {
      enable = true;
      pools = [ "pool" ];
      interval = "monthly";
    };
  };

  services.cron.enable = true;

  users.users = {
    tvb = {
      extraGroups = [ "networkmanager" ];
      packages = [
        (pkgs.writeShellScriptBin "yt-dlp" ''exec $HOME/.yt-dlp/bin/yt-dlp "$@"'')
      ];
    };
    katydid = {
      uid = 1102;
      isNormalUser = true;
      group = "katydid";
      initialPassword = "katydid";
    };
  };

  users.groups = {
    katydid.gid = 1102;
    tvbpoolro = {
      gid = 1201;
      members = [ "tvb" "jellyfin" "nginx" ];
    };
  };

  # This value governs how some stateful data, like databases, are handled
  # across different versions of NixOS. This should not be changed to a new
  # release unless the sysadmin has determined that no services would be
  # adversely affected by changing this.
  system.stateVersion = "23.05";

}