{ config, lib, nix-config, inputs, pkgs, ... }: { imports = with nix-config.nixosModules; [ ./hardware-configuration.nix sops-config filesystems ]; nixpkgs = { config = { allowUnfree = true; }; overlays = builtins.attrValues nix-config.overlays ++ [ inputs.nh.overlays.default ]; }; nix = { settings = { experimental-features = [ "nix-command" "flakes" ]; substituters = [ "https://nix-community.cachix.org" "https://cache.garnix.io" ]; trusted-public-keys = [ "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" "cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g=" ]; }; registry = { emenel-templates.flake = inputs.emenel-templates; }; channel.enable = false; # remove nix-channel related tools & configs, we use flakes instead. }; # Use the systemd-boot EFI boot loader. boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; boot.supportedFilesystems = [ "nfs" ]; networking.hostName = "media-server"; # Define your hostname. # Pick only one of the below networking options. # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. networking.networkmanager.enable = true; # Easiest to use and most distros use this by default. # Set your time zone. time.timeZone = "America/Toronto"; sops-config = { key-file = "/home/media/.config/sops/age/keys.txt"; }; # Define a user account. Don't forget to set a password with ‘passwd’. users.users.media = { isNormalUser = true; extraGroups = [ "wheel" "input" "audio" "video" "network" "networkmanager" ]; # Enable ‘sudo’ for the user. }; environment.systemPackages = with pkgs; [ wget curl ]; fonts = { enableDefaultPackages = true; fontDir.enable = true; fontconfig = { enable = true; useEmbeddedBitmaps = true; }; }; powerManagement = { enable = true; }; hardware = { amdgpu.initrd.enable = true; enableAllFirmware = true; uinput.enable = true; }; services.power-profiles-daemon = { enable = true; package = pkgs.power-profiles-daemon; }; # enable the OpenSSH daemon. services.openssh.enable = true; programs.ssh.startAgent = true; services.resolved = { enable = true; extraConfig = '' LLMNR=no ReadEtcHosts=no DNSSEC=no ''; }; services.avahi = { enable = true; publish.enable = true; publish.userServices = true; openFirewall = true; nssmdns4 = true; }; services.samba = { enable = true; package = pkgs.sambaFull; openFirewall = true; }; services.samba-wsdd = { enable = true; openFirewall = true; }; programs.nh = { enable = true; clean = { enable = true; dates = "daily"; extraArgs = "--keep 4"; }; flake = "/home/media-server/nixos-config"; package = pkgs.nh; }; # enable fish and launch it from bash for interactive shells programs.fish.enable = true; environment.pathsToLink = [ "/share/fish" ]; programs.bash = { interactiveShellInit = '' if [[ $(${pkgs.procps}/bin/ps --no-header --pid=$PPID --format=comm) != "fish" && -z ''${BASH_EXECUTION_STRING} ]] then shopt -q login_shell && LOGIN_OPTION='--login' || LOGIN_OPTION="" exec ${pkgs.fish}/bin/fish $LOGIN_OPTION fi ''; }; programs.git = { enable = true; }; services.tailscale.enable = true; systemd.services.tailscaled.after = [ "NetworkManager-wait-online.service" ]; nixarr = { enable = true; # mediaDir = "/mnt/filez/media"; stateDir = "/data/media/.state/nixarr"; mediaUsers = [ "media" "plex" ]; transmission = { enable = true; }; bazarr.enable = true; lidarr.enable = true; prowlarr.enable = true; radarr.enable = true; readarr.enable = true; sonarr.enable = true; jellyseerr.enable = true; }; services.plex = { enable = true; openFirewall = true; }; # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion . system.stateVersion = "25.05"; # Did you read the comment? }