1 files changed, 78 insertions, 0 deletions

diff --git a/machines/rivendell.nix b/machines/rivendell.nix
new file mode 100644
index 0000000..4940ea3
--- /dev/null
+++ b/machines/rivendell.nix
@@ -0,0 +1,78 @@
+{ lib, config, ... }:
+{
+  imports = [
+    ../profiles/authelia.nix
+    ../profiles/cgroups.nix
+    ../profiles/defaults.nix
+    ../profiles/disk/btrfs-on-luks.nix
+    ../profiles/git-server.nix
+    ../profiles/hardware/framework-desktop.nix
+    ../profiles/home-manager.nix
+    ../profiles/makemkv.nix
+    ../profiles/miniflux.nix
+    ../profiles/remote-unlock.nix
+    ../profiles/restic-backup.nix
+    ../profiles/server.nix
+    ../profiles/users/builder.nix
+    ../profiles/users/fcuny.nix
+    ../profiles/wireguard.nix
+  ];
+
+  networking.hostName = "rivendell";
+  networking.networkmanager.enable = true;
+  networking.useDHCP = lib.mkDefault true;
+  systemd.network.wait-online.anyInterface = lib.mkDefault config.networking.useDHCP;
+
+  services.website = {
+    enable = true;
+    openFirewall = true;
+  };
+
+  services.restic.backups.local.paths = [ "/var/lib/gitolite/repositories" ];
+  services.restic.backups.synology.paths = [
+    "/data/archives"
+    "/data/media"
+    "/var/lib/gitolite/repositories"
+  ];
+
+  services.samba = {
+    enable = true;
+    openFirewall = true;
+    settings = {
+      global = {
+        security = "user";
+        workgroup = "WORKGROUP";
+        "server string" = config.networking.hostName;
+        "netbios name" = config.networking.hostName;
+        "hosts allow" = "192.168.1.0/24 10.100.0.0/24 localhost";
+        "guest account" = "nobody";
+        "map to guest" = "bad user";
+        "use sendfile" = "yes";
+        "load printers" = "no";
+        "vfs objects" = "catia fruit streams_xattr";
+        "fruit:metadata" = "stream";
+      };
+
+      media = {
+        path = "/data/media";
+        browseable = "yes";
+        "read only" = "yes";
+        "guest ok" = "yes";
+      };
+    };
+  };
+
+  services.avahi = {
+    enable = true;
+    nssmdns4 = true;
+    openFirewall = true;
+  };
+
+  system.stateVersion = "23.11"; # Did you read the comment?
+
+  home-manager.users.fcuny = {
+    imports = [
+      ../home/profiles/minimal.nix
+    ];
+  };
+}