nixos-config/hosts/media-server/configuration.nix

{ config, lib, nix-config, inputs, pkgs, ... }:

{
  imports = with nix-config.nixosModules; [
      ./hardware-configuration.nix
      filesystems-filez
    ];

  nixpkgs = {
    config = {
      allowUnfree = true;
    };

    overlays = builtins.attrValues nix-config.overlays ++ [
      inputs.nh.overlays.default
    ];
  };

  nix = {
    settings = {
      experimental-features = [
        "nix-command"
        "flakes"
      ];
      substituters = [
        "https://nix-community.cachix.org"
        "https://cache.garnix.io"
      ];
      trusted-public-keys = [
        "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
        "cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g="
      ];
    };

    channel.enable = false; # remove nix-channel related tools & configs, we use flakes instead.
  };

  # Use the systemd-boot EFI boot loader.
  boot = {
    loader = {
      systemd-boot = {
        enable = true;
        configurationLimit = 4;
      };
      efi.canTouchEfiVariables = true;
    };
    kernelPackages = pkgs.linuxPackages_latest;
    kernelModules = [
      "i2c-dev"
      "amd_3d_vcache"
      "uinput"
    ];

    supportedFilesystems = [ "nfs" ];
  };

  networking.hostName = "media-server";
  networking.networkmanager.enable = true;
  networking.firewall.allowedTCPPorts = [ 80 443 2049 ];

  # Set your time zone.
  time.timeZone = "America/Toronto";

  security.sudo = {
    enable = true;
    wheelNeedsPassword = false;
  };

  users.users.media = {
    isNormalUser = true;
    extraGroups = [ "wheel" "input" "audio" "video" "network" "networkmanager" ];
  };

  environment.systemPackages = with pkgs; [
    wget
    curl
    cifs-utils
    caddy
  ];

  fonts = {
    enableDefaultPackages = true;
    fontDir.enable = true;
    fontconfig = {
      enable = true;
      useEmbeddedBitmaps = true;
    };
  };


  hardware = {
    amdgpu.initrd.enable = true;
    enableAllFirmware = true;
    uinput.enable = true;
  };

  services.power-profiles-daemon = {
    enable = true;
    package = pkgs.power-profiles-daemon;
  };

  services.getty.autologinUser = "media";

  # enable the OpenSSH daemon.
  services.openssh.enable = true;
  programs.ssh.startAgent = true;
    
  services.resolved = {
    enable = true;
    extraConfig = ''
      LLMNR=no
      ReadEtcHosts=no
      DNSSEC=no
    '';
  };
  services.avahi = {
    enable = true;
    publish.enable = true;
    publish.userServices = true;
    openFirewall = true;
    nssmdns4 = true;
  };

  services.rpcbind.enable = true;

  services.nfs = {
    server = {
      enable = true;
      exports = ''
/export/import *(rw,fsid=0,no_subtree_check,nohide,insecure,crossmnt)
'';
    };
  };

  programs.nix-ld.enable = true;

  programs.nh = {
    enable = true;
    clean = {
      enable = true;
      dates = "daily";
      extraArgs = "--keep 4";
    };
    flake = "/home/media-server/nixos-config";
    package = pkgs.nh;
  };

  # enable fish and launch it from bash for interactive shells
  programs.fish.enable = true;
  environment.pathsToLink = [ "/share/fish" ];
  programs.bash = {
    interactiveShellInit = ''
      if [[ $(${pkgs.procps}/bin/ps --no-header --pid=$PPID --format=comm) != "fish" && -z ''${BASH_EXECUTION_STRING} ]]
       then
         shopt -q login_shell && LOGIN_OPTION='--login' || LOGIN_OPTION=""
         exec ${pkgs.fish}/bin/fish $LOGIN_OPTION
       fi
    '';
  };

  programs.git = {
    enable = true;
  };

  services.tailscale.enable = true;
  systemd.services.tailscaled.after = [ "NetworkManager-wait-online.service" ];

  nixarr = {
    enable = true;

    # mediaDir = "/mnt/filez/media";
    stateDir = "/data/media/.state/nixarr";

    mediaUsers = [
      "media"
      "plex"
      "sonarr"
      "radarr"
      "lidarr"
      "bazarr"
      "prowlarr"
    ];

    transmission = {
      enable = true;
      flood.enable = true;
      openFirewall = true;
      extraSettings = {
        incomplete-dir = "/mnt/filez/media/downloads/torrents/incomplete";
        download-dir = "/mnt/filez/media/downloads/torrents";
      };
    };

    sabnzbd = {
      enable = true;
      openFirewall = true;
      whitelistHostnames = [ "media-server" ];
    };

    bazarr.enable = true;
    lidarr.enable = true;
    prowlarr.enable = true;
    radarr.enable = true;
    readarr.enable = true;
    sonarr.enable = true;
    jellyseerr.enable = true;
  };

  services.plex = {
    enable = true;
    openFirewall = true;
  };

  systemd.targets.sleep.enable = false;
  systemd.targets.suspend.enable = false;
  systemd.targets.hibernate.enable = false;
  systemd.targets.hybrid-sleep.enable = false;

  systemd.sleep.extraConfig = ''
AllowSuspend=no
AllowHibernation=no
AllowSuspendThenHibernate=no
AllowHybridSleep=no
'';

  # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
  system.stateVersion = "25.05"; # Did you read the comment?

}