{ pkgs, config, ... }: let syncJobs = [ { name = "movies"; source = "/data/media/movies/"; destination = "/volume1/media/movies/"; } { name = "videos"; source = "/data/media/videos/"; destination = "/volume1/media/videos/"; } ]; remoteHost = "192.168.1.68"; remoteUser = "nas"; in { environment.systemPackages = with pkgs; [ ffmpeg imagemagick makemkv mkvtoolnix-cli ]; services.samba = { enable = true; openFirewall = true; settings = { global = { security = "user"; workgroup = "WORKGROUP"; "server string" = config.networking.hostName; "netbios name" = config.networking.hostName; "hosts allow" = "192.168.1.0/24 10.100.0.0/24 localhost"; "guest account" = "nobody"; "map to guest" = "bad user"; "use sendfile" = true; "load printers" = false; "vfs objects" = "fruit streams_xattr"; "fruit:metadata" = "stream"; "mangled names" = false; }; media = { path = "/data/media"; browseable = "yes"; "read only" = "yes"; "guest ok" = "yes"; }; }; }; services.avahi = { enable = true; nssmdns4 = true; openFirewall = true; }; systemd.timers = pkgs.lib.listToAttrs ( map (job: { name = "rsync-backup-${job.name}"; value = { wantedBy = [ "timers.target" ]; timerConfig = { OnCalendar = "daily"; Persistent = true; RandomizedDelaySec = "1h"; }; }; }) syncJobs ); systemd.services = pkgs.lib.listToAttrs ( map (job: { name = "rsync-backup-${job.name}"; value = { description = "Rsync backup for ${job.name}"; serviceConfig = { Type = "oneshot"; DynamicUser = true; LoadCredential = "ssh-key:${config.age.secrets.rsync-ssh-key.path}"; PrivateTmp = true; NoNewPrivileges = true; ProtectSystem = "strict"; ProtectHome = true; ExecStart = pkgs.writeShellScript "rsync-backup-${job.name}" '' ${pkgs.rsync}/bin/rsync \ -avz \ -e "${pkgs.openssh}/bin/ssh -i ''${CREDENTIALS_DIRECTORY}/ssh-key -o StrictHostKeyChecking=accept-new" \ ${job.source} \ ${remoteUser}@${remoteHost}:${job.destination} ''; }; }; }) syncJobs ); }