nix-config/configurations/nixos/defiant/configuration.nix

# server nas
{
  inputs,
  config,
  pkgs,
  ...
}: {
  sops.secrets = {
    "vpn-keys/tailscale-authkey/defiant" = {
      sopsFile = "${inputs.secrets}/vpn-keys.yaml";
    };
    "services/zfs_smtp_token" = {
      sopsFile = "${inputs.secrets}/defiant-services.yaml";
    };
  };

  host = {
    users = {
      leyla = {
        isDesktopUser = true;
        isTerminalUser = true;
        isPrincipleUser = true;
      };
    };
    impermanence.enable = true;
    storage = {
      enable = true;
      encryption = true;
      notifications = {
        enable = true;
        host = "smtp.protonmail.ch";
        port = 587;
        to = "leyla@jan-leila.com";
        user = "leyla@jan-leila.com";
        tokenFile = config.sops.secrets."services/zfs_smtp_token".path;
      };
      pool = {
        drives = [
          "ata-ST18000NE000-3G6101_ZVTCXVEB"
          "ata-ST18000NE000-3G6101_ZVTCXWSC"
          "ata-ST18000NE000-3G6101_ZVTD10EH"
          "ata-ST18000NT001-3NF101_ZVTE0S3Q"
          "ata-ST18000NT001-3NF101_ZVTEF27J"
          "ata-ST18000NT001-3NF101_ZVTEZACV"
        ];
        cache = [
          "nvme-Samsung_SSD_990_PRO_4TB_S7KGNU0X907881F"
        ];
      };
    };
    network_storage = {
      enable = true;
      directories = [
        {
          folder = "leyla_documents";
          user = "leyla";
          group = "leyla";
          bind = "/home/leyla/documents";
        }
        {
          folder = "eve_documents";
          user = "eve";
          group = "eve";
        }
        {
          folder = "users_documents";
          user = "root";
          group = "users";
        }
        {
          folder = "media";
          user = "jellyfin";
          group = "jellyfin_media";
          bind = config.services.jellyfin.media_directory;
        }
      ];
      nfs = {
        enable = true;
        directories = ["leyla_documents" "eve_documents" "users_documents" "media"];
      };
    };
    reverse_proxy = {
      enable = true;
      enableACME = true;
      hostname = "jan-leila.com";
    };
    postgres = {
      extraUsers = {
        leyla = {
          isAdmin = true;
        };
      };
    };
    # home-assistant = {
    #   enable = false;
    #   subdomain = "home";
    # };
    adguardhome = {
      enable = false;
    };
  };
  networking = {
    hostId = "c51763d6";
  };

  services = {
    # TODO: move zfs scrubbing into module
    zfs = {
      autoScrub.enable = true;
      autoSnapshot.enable = true;
    };

    # temp enable desktop enviroment for setup
    # Enable the X11 windowing system.
    xserver = {
      enable = true;

      # Enable the GNOME Desktop Environment.
      displayManager = {
        gdm.enable = true;
      };
      desktopManager = {
        gnome.enable = true;
        xterm.enable = false;
      };

      # Get rid of xTerm
      excludePackages = [pkgs.xterm];
    };

    ollama = {
      enable = false;

      loadModels = [
        "deepseek-coder:6.7b"
        "deepseek-r1:8b"
        "deepseek-r1:32b"
        "deepseek-r1:70b"
      ];
    };
    tailscale = {
      enable = true;
      authKeyFile = config.sops.secrets."vpn-keys/tailscale-authkey/defiant".path;
      useRoutingFeatures = "server";
      extraUpFlags = [
        "--advertise-exit-node"
        "--advertise-routes=192.168.0.0/24"
        "--accept-dns=false"
      ];
      extraSetFlags = [
        "--advertise-exit-node"
        "--advertise-routes=192.168.0.0/24"
        "--accept-dns=false"
      ];
    };

    syncthing.enable = true;

    fail2ban.enable = true;

    jellyfin = {
      enable = true;
      subdomain = "media";
      extraSubdomains = ["jellyfin"];
    };

    immich = {
      enable = true;
      subdomain = "photos";
    };

    forgejo = {
      enable = true;
      subdomain = "git";
    };

    searx = {
      enable = true;
      subdomain = "search";
    };

    virt-home-assistant = {
      enable = false;
      networkBridge = "bond0";
      hostDevice = "0x10c4:0xea60";
    };
  };

  # disable computer sleeping
  systemd.targets = {
    sleep.enable = false;
    suspend.enable = false;
    hibernate.enable = false;
    hybrid-sleep.enable = false;
  };
  services.xserver.displayManager.gdm.autoSuspend = false;

  # This value determines the NixOS release from which the default
  # settings for stateful data, like file locations and database versions
  # on your system were taken. It's perfectly fine and recommended to leave
  # this value at the release version of the first install of this system.
  # Before changing this value read the documentation for this option
  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
  system.stateVersion = "23.05"; # Did you read the comment?
}