Initial commit

5 files changed, 420 insertions, 0 deletions

diff --git a/bin/process-music.sh b/bin/process-music.sh
new file mode 100755
index 0000000..bcf36fe
--- /dev/null
+++ b/bin/process-music.sh
@@ -0,0 +1,14 @@
+#!/usr/bin/env bash
+
+cd /mnt/pool/media
+
+# Remove interlacing from album art for iPods
+find ./downloads/deemix -iname "cover.jpg" -o -iname "cover.gif" -o -iname "cover.png" | while read file
+    do convert "$file" -interlace none "$file"
+done
+
+
+# Copy it over
+cp -R ./downloads/deemix/* ./libraries/music
+# Clear the download cache folder
+rm -rf ./downloads/deemix/*
diff --git a/bin/sync-family-azure.sh b/bin/sync-family-azure.sh
new file mode 100755
index 0000000..970e1e8
--- /dev/null
+++ b/bin/sync-family-azure.sh
@@ -0,0 +1 @@
+rclone sync -P --exclude=".DS_Store" /mnt/pool/home/family nvandoorn:family/
diff --git a/bin/sync-photos-azure.sh b/bin/sync-photos-azure.sh
new file mode 100755
index 0000000..56b5f3c
--- /dev/null
+++ b/bin/sync-photos-azure.sh
@@ -0,0 +1 @@
+rclone sync -P --exclude=".DS_Store" /mnt/pool/home/nick/photos nvandoorn:photos/
diff --git a/configuration.nix b/configuration.nix
new file mode 100644
index 0000000..4559e3e
--- /dev/null
+++ b/configuration.nix
@@ -0,0 +1,378 @@
+# Edit this configuration file to define what should be installed on
+# your system.  Help is available in the configuration.nix(5) man page
+# and in the NixOS manual (accessible by running ‘nixos-help’).
+
+{ config, pkgs, ... }:
+
+{
+  imports = [
+    # Include the results of the hardware scan.
+    ./hardware-configuration.nix
+  ];
+
+  # Use the systemd-boot EFI boot loader.
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+  nixpkgs.config.packageOverrides = pkgs: {
+    zfsStable = pkgs.zfsStable.override { enableMail = true; };
+  };
+  boot.supportedFilesystems = [ "zfs" ];
+  boot.zfs.forceImportRoot = false;
+  boot.zfs.extraPools = [ "pool" ];
+  services.zfs.autoScrub.enable = true;
+
+  networking.hostName = "vandoorn-server"; # Define your hostname.
+  networking.hostId = "0f647db6";
+  # networking.wireless.enable = true;  # Enables wireless support via wpa_supplicant.
+
+  # Set your time zone.
+  time.timeZone = "America/Vancouver";
+
+  # The global useDHCP flag is deprecated, therefore explicitly set to false here.
+  # Per-interface useDHCP will be mandatory in the future, so this generated config
+  # replicates the default behaviour.
+  # networking.useDHCP = false;
+  # networking.interfaces.enp3s0.useDHCP = true;
+
+  # Configure network proxy if necessary
+  # networking.proxy.default = "http://user:password@proxy:port/";
+  # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
+
+  # Select internationalisation properties.
+  # i18n.defaultLocale = "en_US.UTF-8";
+  # console = {
+  #   font = "Lat2-Terminus16";
+  #   keyMap = "us";
+  # };
+
+  # Enable the X11 windowing system.
+  # services.xserver.enable = true;
+
+  # Configure keymap in X11
+  # services.xserver.layout = "us";
+  # services.xserver.xkbOptions = "eurosign:e";
+
+  # Enable CUPS to print documents.
+  # services.printing.enable = true;
+
+  # Enable sound.
+  # sound.enable = true;
+  # hardware.pulseaudio.enable = true;
+
+  # Enable touchpad support (enabled default in most desktopManager).
+  # services.xserver.libinput.enable = true;
+
+  # Define a user account. Don't forget to set a password with ‘passwd’.
+  users.users.nick = {
+    isNormalUser = true;
+    group = "nick";
+    extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user.
+  };
+
+  users.users.casey = {
+    isNormalUser = true;
+  };
+
+  # List packages installed in system profile. To search, run:
+  # $ nix search wget
+  environment.systemPackages = with pkgs; [
+    pkgs.nixfmt-rfc-style
+    dos2unix
+    tailscale
+    python3
+    wget
+    inetutils
+    vim
+    fast-cli
+    lm_sensors
+    lshw
+    iotop
+    dstat
+    bottom
+    duf
+    ripgrep
+    fzy
+    ngrok
+    flac
+    lame
+    imagemagick
+    neofetch
+    ffmpeg
+    htop
+    parted
+    tree
+    smartmontools
+    config.services.samba.package
+    git
+    unzip
+    nodejs-18_x
+    libstdcxx5
+    cgit
+    rclone
+    p7zip
+  ];
+
+  # Some programs need SUID wrappers, can be configured further or are
+  # started in user sessions.
+  # programs.mtr.enable = true;
+  # programs.gnupg.agent = {
+  #   enable = true;
+  #   enableSSHSupport = true;
+  # };
+
+  # List services that you want to enable:
+
+  # Enable the OpenSSH daemon.
+  services.openssh.enable = true;
+  services.openssh.settings.PermitRootLogin = "no";
+  services.openssh.settings.PasswordAuthentication = false;
+
+  networking.firewall.enable = true;
+  networking.firewall.checkReversePath = "loose";
+  networking.firewall.allowedTCPPorts = [
+    6789 # nzbget
+    6595 # deemix
+    548 # AFP
+    80 # nginx
+    631 # printing
+  ];
+  networking.firewall.allowPing = true;
+
+  services = {
+    netatalk = {
+      enable = true;
+
+      settings = {
+        "home" = {
+          path = "/mnt/pool/home";
+          "valid users" = "nick guest";
+        };
+        "media-libraries" = {
+          path = "/mnt/pool/media/libraries";
+          "valid users" = "nick guest";
+        };
+      };
+    };
+
+    avahi = {
+      openFirewall = true;
+      enable = true;
+      nssmdns4 = true;
+
+      publish = {
+        enable = true;
+        userServices = true;
+      };
+    };
+  };
+  services.printing = {
+    enable = true;
+    listenAddresses = [ "*:631" ];
+    allowFrom = [ "all" ];
+    browsing = true;
+    defaultShared = true;
+    drivers = [ pkgs.hplip ];
+  };
+
+  services.printing.extraConf = ''
+    DefaultEncryption Never
+  '';
+
+  services.samba = {
+    enable = true;
+    openFirewall = true;
+    settings = {
+      global = {
+        "server role" = "standalone server";
+        "workgroup" = "WORKGROUP";
+        "server string" = "vandoorn-server";
+        "netbios name" = "vandoorn-server";
+        "security" = "user";
+        "guest account" = "nobody";
+        "map to guest" = "bad user";
+        "wide links" = "yes";
+        "unix extensions" = "no";
+        "follow symlinks" = "yes";
+      };
+      media-libraries = {
+        path = "/mnt/pool/media/libraries";
+        browseable = "yes";
+        "valid users" = [
+          "nick"
+          "casey"
+          "guest"
+        ];
+        "read only" = "no";
+        "guest ok" = "no";
+        "create mask" = "0644";
+        "directory mask" = "0755";
+      };
+      home = {
+        path = "/mnt/pool/home";
+        browseable = "yes";
+        "valid users" = [
+          "nick"
+          "casey"
+        ];
+        "read only" = "no";
+        "guest ok" = "no";
+        "create mask" = "0644";
+        "directory mask" = "0755";
+      };
+      local = {
+        path = "/home";
+        browseable = "yes";
+        "valid users" = [ "nick" ];
+        "read only" = "no";
+        "guest ok" = "no";
+        "create mask" = "0644";
+        "directory mask" = "0755";
+      };
+      downloads = {
+        path = "/mnt/pool/media/downloads";
+        browseable = "yes";
+        "valid users" = [
+          "nick"
+          "guest"
+        ];
+        "read only" = "no";
+        "guest ok" = "no";
+        "create mask" = "0644";
+        "directory mask" = "0755";
+      };
+    };
+  };
+
+  services.tailscale.enable = true;
+
+  programs.msmtp = {
+    enable = true;
+    setSendmail = true;
+    defaults = {
+      aliases = "/etc/aliases";
+      port = 465;
+      tls_trust_file = "/etc/ssl/certs/ca-certificates.crt";
+      tls = "on";
+      auth = "login";
+      tls_starttls = "off";
+    };
+    accounts = {
+      default = {
+        auth = true;
+        tls = true;
+        # try setting `tls_starttls` to `false` if sendmail hangs
+        tls_starttls = false;
+        from = "homeserver@nvandoorn.com";
+        host = "smtp.fastmail.com";
+        user = "nick@nv.delivery";
+        passwordeval = "cat /home/nick/secrets/smtp_password.txt";
+      };
+    };
+  };
+
+  services.smartd = {
+    enable = true;
+    autodetect = true;
+    notifications = {
+      mail = {
+        enable = true;
+        sender = "homeserver@nvandoorn.com";
+      };
+      test = true;
+    };
+  };
+  services.zfs.zed.enableMail = true;
+  services.zfs.zed.settings = {
+    ZED_EMAIL_ADDR = [ "root" ];
+    ZED_NOTIFY_VERBOSE = true;
+    ZED_EMAIL_PROG = "${pkgs.msmtp}/bin/msmtp";
+  };
+
+  users.groups.git.members = [
+    "git"
+    "nick"
+  ];
+  users.groups.nick.members = [
+    "nick"
+  ];
+  users.groups.casey.members = [
+    "casey"
+  ];
+  users.groups.media.members = [
+    "deluge"
+    "sonarr"
+    "radarr"
+    "nzbget"
+    "deemix"
+  ];
+  users.groups.family.members = [
+    "nick"
+  ];
+
+  services.nzbget.enable = true;
+  services.nzbget.group = "media";
+
+  services.deluge.enable = true;
+  services.deluge.group = "media";
+  services.deluge.web.enable = true;
+  services.deluge.web.openFirewall = true;
+
+  services.radarr.enable = true;
+  services.radarr.group = "media";
+  services.radarr.openFirewall = true;
+
+  services.sonarr.enable = true;
+  services.sonarr.group = "media";
+  services.sonarr.openFirewall = true;
+
+  services.plex =
+    let
+      master = import (builtins.fetchTarball "https://github.com/nixos/nixpkgs/tarball/master") {
+        config = config.nixpkgs.config;
+      };
+    in
+    {
+      enable = true;
+      openFirewall = true;
+      package = master.plex;
+    };
+
+  users.users.deemix = {
+    isSystemUser = true;
+    group = "media";
+    home = "/var/lib/deemix";
+  };
+
+  users.users.git = {
+    isSystemUser = true;
+    group = "git";
+  };
+
+  systemd.services.deemix = {
+    description = "Deemix";
+    after = [ "network.target" ];
+    wantedBy = [ "multi-user.target" ];
+
+    serviceConfig = {
+      Type = "simple";
+      User = "deemix";
+      Group = "media";
+      ExecStart = "${pkgs.nodejs-18_x}/bin/node ${
+        pkgs.callPackage ./deemix.nix { }
+      }/server/dist/app.js --host 0.0.0.0";
+      Environment = "DEEMIX_DATA_DIR=/var/lib/deemix/";
+      Restart = "on-failure";
+      UMask = "0002";
+    };
+  };
+
+  nixpkgs.config.allowUnfree = true;
+
+  # This value determines the NixOS release from which the default
+  # settings for stateful data, like file locations and database versions
+  # on your system were taken. It‘s perfectly fine and recommended to leave
+  # this value at the release version of the first install of this system.
+  # Before changing this value read the documentation for this option
+  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+  system.stateVersion = "22.11"; # Did you read the comment?
+}
diff --git a/deemix.nix b/deemix.nix
new file mode 100644
index 0000000..d6e932d
--- /dev/null
+++ b/deemix.nix
@@ -0,0 +1,26 @@
+{ stdenv, pkgs }:
+
+stdenv.mkDerivation rec {
+  name = "deemix";
+  version = "1.0";
+
+  nativeBuildInputs = [ ];
+  buildInputs = [ ];
+
+  src = pkgs.fetchurl {
+    url = "https://nvandoorn.com/public/deemix.tar.gz";
+    sha256 = "sha256-eq/IQjlie8cB+YjvPVht09SkhKz3b1YaZ6UTnvkasxA=";
+  };
+
+  installPhase = ''
+    runHook preInstall
+    mkdir -p $out
+    cp -R ./ $out/
+    runHook postInstall
+  '';
+
+  meta = {
+      description = "Deezer downloader";
+      homepage = "https://deemix.app/";
+  };
+}