nix/modules/homelab/default.nix

{ pkgs, config, lib, ... }:


let
  cfg = config.homelab;
in
{
  options.homelab = {
    enable = lib.mkEnableOption "enable homelab services and configuration";
    media_user = lib.mkOption {
      default = "media";
      type = lib.types.str;
      description = "user for media file permissions";
    };
    media_group = lib.mkOption {
      default = "media";
      type = lib.types.str;
      description = "group for media file permissions";
    };
    tz = lib.mkOption {
      default = "America/Chicago";
      type = lib.types.str;
      description = "set timezone";
    };
    base_domain = lib.mkOption {
      default = "snowbelle.lan";
      type = lib.types.str;
      description = "base domain used for reverse proxy";
    };
    public_domain = lib.mkOption {
      default = "blakedheld.xyz";
      type = lib.types.str;
      description = "base domain used for reverse proxy";
    };
    host_ip = lib.mkOption {
      default = "10.10.0.10";
      type = lib.types.str;
      description = "base domain used for reverse proxy";
    };
    backup_repo = lib.mkOption {
      type = lib.types.path;
      default = "/holocron/archives/homelab";
    };
  };

  # the order determines the order in glance :3
  imports = [
    ./motd
    ./glance
    ./caddy
    ./home/zigbee2mqtt
    ./vaultwarden
    ./gitea
    ./home/homeassistant
    ./immich
    ./arr/bazarr
    ./arr/prowlarr
    ./arr/radarr
    ./qbittorrent
    ./arr/sonarr
    ./yacreader
    ./audiobookshelf
    ./jellyfin
    ./arr/flaresolverr
    ./home/mosquitto
    ./uptime-kuma
  ];

  config = lib.mkIf cfg.enable {
    users = {
      groups.${cfg.media_group} = {
        gid = 700;
      };
      users.${cfg.media_user} = {
        uid = 700;
        isSystemUser = true;
        group = cfg.media_group;
      };
    };

    # backups with borg
    services.borgbackup.jobs.homelab = {
      archiveBaseName = "homelab";
      repo = cfg.backup_repo;
      paths = lib.flatten (lib.attrsets.mapAttrsToList (_: arg: arg.paths) config.system.backups.baks);
      compression = "auto,zstd";
      startAt = "daily";
      encryption.mode = "repokey";
      encryption.passCommand = "cat ${config.sops.secrets."borg_passwd".path}";
    };

    sops.secrets = {
      "borg_passwd" = {
        owner = "root";
        group = "root";
      };
    };
  };
}