1{
  2  libx,
  3  globals,
  4  ...
  5}:
  6let
  7  # Aix's local IP for DNS resolution
  8  aixLocalIP = "192.168.1.75";
  9
 10  # Common rsync configuration for aion sync
 11  aionSyncDefaults = {
 12    source = {
 13      host = "aion.sbr.pm";
 14      user = "vincent";
 15    };
 16    destination = "/data";
 17    delete = true; # Mirror mode: delete files in destination that don't exist in source
 18    user = "vincent";
 19    group = "users";
 20    rsyncArgs = [
 21      "--exclude=.Trash-*"
 22      "--exclude=lost+found"
 23      "--exclude=.stfolder"
 24    ];
 25    sshArgs = [
 26      "-o StrictHostKeyChecking=accept-new"
 27    ];
 28  };
 29in
 30{
 31  imports = [
 32    ../common/services/samba.nix
 33    ../common/services/prometheus-exporters-node.nix
 34  ];
 35
 36  networking.firewall.enable = false;
 37
 38  # TODO make it an option ? (otherwise I'll add it for all)
 39  users.users.vincent.linger = true;
 40
 41  services = {
 42    # Rsync data from aion to aix for local network access
 43    rsync-replica = {
 44      enable = true;
 45      jobs = {
 46        # Sync all data daily
 47        aion-daily = aionSyncDefaults // {
 48          source = aionSyncDefaults.source // {
 49            paths = [
 50              "/neo/music"
 51              "/neo/pictures"
 52              "/neo/ebooks"
 53              "/neo/audiobooks"
 54            ];
 55          };
 56          schedule = "daily";
 57        };
 58      };
 59    };
 60
 61    samba.settings = {
 62      global."server string" = "Aix";
 63      vincent =
 64        (libx.mkSambaShare {
 65          name = "vincent";
 66          path = "/data/share";
 67        })
 68        // {
 69          "guest ok" = "no";
 70          public = "no";
 71        };
 72      music =
 73        (libx.mkSambaShare {
 74          name = "music";
 75          path = "/data/music";
 76          readOnly = true;
 77        })
 78        // {
 79          "guest ok" = "no";
 80          public = "no";
 81        };
 82      ebooks =
 83        (libx.mkSambaShare {
 84          name = "ebooks";
 85          path = "/data/ebooks";
 86          readOnly = true;
 87        })
 88        // {
 89          "guest ok" = "no";
 90          public = "no";
 91        };
 92      audiobooks =
 93        (libx.mkSambaShare {
 94          name = "audiobooks";
 95          path = "/data/audiobooks";
 96          readOnly = true;
 97        })
 98        // {
 99          "guest ok" = "no";
100          public = "no";
101        };
102    };
103
104    wireguard = {
105      enable = true;
106      ips = libx.wg-ips globals.machines.aix.net.vpn.ips;
107      endpoint = "${globals.net.vpn.endpoint}";
108      endpointPublicKey = "${globals.machines.kerkouane.net.vpn.pubkey}";
109    };
110
111    # DNS resolver for local network - resolve specific sbr.pm domains to Aix
112    dnsmasq = {
113      enable = true;
114      settings = {
115        # Listen on local network interface
116        interface = "end0";
117        bind-dynamic = true;
118
119        # DNS settings
120        domain-needed = true;
121        bogus-priv = true;
122
123        # Resolve specific media service domains to Aix (which will reverse proxy)
124        address = [
125          "/music.sbr.pm/${aixLocalIP}"
126          "/navidrome.sbr.pm/${aixLocalIP}"
127          "/jellyfin.sbr.pm/${aixLocalIP}"
128          "/podcasts.sbr.pm/${aixLocalIP}"
129          "/audiobookshelf.sbr.pm/${aixLocalIP}"
130          "/immich.sbr.pm/${aixLocalIP}"
131          "/transmission.sbr.pm/${aixLocalIP}"
132          "/transmission-music.sbr.pm/${aixLocalIP}"
133          "/t.sbr.pm/${aixLocalIP}"
134          "/tm.sbr.pm/${aixLocalIP}"
135        ];
136
137        # Use upstream DNS for other queries
138        server = [
139          "1.1.1.1"
140          "8.8.8.8"
141        ];
142
143        # Cache settings
144        cache-size = 1000;
145      };
146    };
147
148  };
149}