Add immich module

2024-09-27 17:09:23 +01:00
9 changed files with 106 additions and 56 deletions
--- a/flake.lock
+++ b/flake.lock
@@ -87,11 +87,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1728330715,
-        "narHash": "sha256-xRJ2nPOXb//u1jaBnDP56M7v5ldavjbtR6lfGqSvcKg=",
+        "lastModified": 1722113426,
+        "narHash": "sha256-Yo/3loq572A8Su6aY5GP56knpuKYRvM2a1meP9oJZCw=",
        "owner": "numtide",
        "repo": "devshell",
-        "rev": "dd6b80932022cea34a019e2bb32f6fa9e494dfef",
+        "rev": "67cce7359e4cd3c45296fb4aaf6a19e2a9c757ae",
        "type": "github"
      },
      "original": {
@@ -107,11 +107,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1732109232,
-        "narHash": "sha256-iYh6h8yueU8IyOfNclbiBG2+fBFcjjUfXm90ZBzk0c0=",
+        "lastModified": 1727359191,
+        "narHash": "sha256-5PltTychnExFwzpEnY3WhOywaMV/M6NxYI/y3oXuUtw=",
        "owner": "nix-community",
        "repo": "disko",
-        "rev": "a0c384e0a3b8bcaed30a6bcf3783f8a7c8b35be4",
+        "rev": "67dc29be3036cc888f0b9d4f0a788ee0f6768700",
        "type": "github"
      },
      "original": {
@@ -123,11 +123,11 @@
    "firefox-gnome-theme": {
      "flake": false,
      "locked": {
-        "lastModified": 1730674701,
-        "narHash": "sha256-lf9MQs8+NUvQd8b5t+7c4kLqUQixGO9WwWcLa1XYuiQ=",
+        "lastModified": 1723137499,
+        "narHash": "sha256-MOE9NeU2i6Ws1GhGmppMnjOHkNLl2MQMJmGhaMzdoJM=",
        "owner": "rafaelmardojai",
        "repo": "firefox-gnome-theme",
-        "rev": "823756d8ddd21cfd3a24a87dad402e490e0eb5ee",
+        "rev": "fb5b578a4f49ae8705e5fea0419242ed1b8dba70",
        "type": "github"
      },
      "original": {
@@ -206,11 +206,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1730504689,
-        "narHash": "sha256-hgmguH29K2fvs9szpq2r3pz2/8cJd2LPS+b4tfNFCwE=",
+        "lastModified": 1725234343,
+        "narHash": "sha256-+ebgonl3NbiKD2UD0x4BszCZQ6sTfL4xioaM49o5B3Y=",
        "owner": "hercules-ci",
        "repo": "flake-parts",
-        "rev": "506278e768c2a08bec68eb62932193e341f55c90",
+        "rev": "567b938d64d4b4112ee253b9274472dc3a346eb6",
        "type": "github"
      },
      "original": {
@@ -233,11 +233,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1730302582,
-        "narHash": "sha256-W1MIJpADXQCgosJZT8qBYLRuZls2KSiKdpnTVdKBuvU=",
+        "lastModified": 1724857454,
+        "narHash": "sha256-Qyl9Q4QMTLZnnBb/8OuQ9LSkzWjBU1T5l5zIzTxkkhk=",
        "owner": "cachix",
        "repo": "git-hooks.nix",
-        "rev": "af8a16fe5c264f5e9e18bcee2859b40a656876cf",
+        "rev": "4509ca64f1084e73bc7a721b20c669a8d4c5ebe6",
        "type": "github"
      },
      "original": {
@@ -335,11 +335,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1726989464,
-        "narHash": "sha256-Vl+WVTJwutXkimwGprnEtXc/s/s8sMuXzqXaspIGlwM=",
+        "lastModified": 1720042825,
+        "narHash": "sha256-A0vrUB6x82/jvf17qPCpxaM+ulJnD8YZwH9Ci0BsAzE=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "2f23fa308a7c067e52dfcc30a0758f47043ec176",
+        "rev": "e1391fb22e18a36f57e6999c7a9f966dc80ac073",
        "type": "github"
      },
      "original": {
@@ -373,11 +373,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1730448474,
-        "narHash": "sha256-qE/cYKBhzxHMtKtLK3hlSR3uzO1pWPGLrBuQK7r0CHc=",
+        "lastModified": 1725189302,
+        "narHash": "sha256-IhXok/kwQqtusPsoguQLCHA+h6gKvgdCrkhIaN+kByA=",
        "owner": "lnl7",
        "repo": "nix-darwin",
-        "rev": "683d0c4cd1102dcccfa3f835565378c7f3cbe05e",
+        "rev": "7c4b53a7d9f3a3df902b3fddf2ae245ef20ebcda",
        "type": "github"
      },
      "original": {
@@ -388,11 +388,11 @@
    },
    "nixos-hardware": {
      "locked": {
-        "lastModified": 1731797098,
-        "narHash": "sha256-UhWmEZhwJZmVZ1jfHZFzCg+ZLO9Tb/v3Y6LC0UNyeTo=",
+        "lastModified": 1727437159,
+        "narHash": "sha256-v4qLwEw5OmprgQZTT7KZMNU7JjXJzRypw8+Cw6++fWk=",
        "owner": "NixOS",
        "repo": "nixos-hardware",
-        "rev": "672ac2ac86f7dff2f6f3406405bddecf960e0db6",
+        "rev": "d830ad47cc992b4a46b342bbc79694cbd0e980b2",
        "type": "github"
      },
      "original": {
@@ -459,11 +459,11 @@
    },
    "nixpkgs-unstable": {
      "locked": {
-        "lastModified": 1732014248,
-        "narHash": "sha256-y/MEyuJ5oBWrWAic/14LaIr/u5E0wRVzyYsouYY3W6w=",
+        "lastModified": 1727122398,
+        "narHash": "sha256-o8VBeCWHBxGd4kVMceIayf5GApqTavJbTa44Xcg5Rrk=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "23e89b7da85c3640bbc2173fe04f4bd114342367",
+        "rev": "30439d93eb8b19861ccbe3e581abf97bdc91b093",
        "type": "github"
      },
      "original": {
@@ -490,11 +490,11 @@
    },
    "nixpkgs_3": {
      "locked": {
-        "lastModified": 1731797254,
-        "narHash": "sha256-df3dJApLPhd11AlueuoN0Q4fHo/hagP75LlM5K1sz9g=",
+        "lastModified": 1727264057,
+        "narHash": "sha256-KQPI8CTTnB9CrJ7LrmLC4VWbKZfljEPBXOFGZFRpxao=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "e8c38b73aeb218e27163376a2d617e61a2ad9b59",
+        "rev": "759537f06e6999e141588ff1c9be7f3a5c060106",
        "type": "github"
      },
      "original": {
@@ -517,11 +517,11 @@
        "treefmt-nix": "treefmt-nix"
      },
      "locked": {
-        "lastModified": 1731959181,
-        "narHash": "sha256-RryrMTaCvmXzhl0lYm/jAG8bAxsAhEcNq1JRtkCL4wI=",
+        "lastModified": 1725350106,
+        "narHash": "sha256-TaMMlI2KPJ3wCyxJk6AShOLhNuTeabHCnvYRkLBlEFs=",
        "owner": "nix-community",
        "repo": "nixvim",
-        "rev": "8d29728abfcc2e4207afb3fd8606feff17c15cec",
+        "rev": "0f2c31e6a57a83ed4e6fa3adc76749620231055d",
        "type": "github"
      },
      "original": {
@@ -541,11 +541,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1731193165,
-        "narHash": "sha256-pGF8L5g9QpkQtJP9JmNIRNZfcyhJHf7uT+d8tqI1h6Y=",
+        "lastModified": 1727210241,
+        "narHash": "sha256-lufS6uzSbSrggNCSgubymMQWnQMh7PvQ+lRZ8qH9Uoc=",
        "owner": "nix-community",
        "repo": "plasma-manager",
-        "rev": "f33173b9d22e554a6f869626bc01808d35995257",
+        "rev": "a02fef2ece8084aff0b41700bb57d24d73574cd1",
        "type": "github"
      },
      "original": {
@@ -576,11 +576,11 @@
    "secrets": {
      "flake": false,
      "locked": {
-        "lastModified": 1730732927,
-        "narHash": "sha256-t3MTEgi6O7DMxMjdi3xcTAztLDQmEtqQ+oU+ZbWz2AI=",
+        "lastModified": 1724093899,
+        "narHash": "sha256-VohYwTIBq7NEssFibuu+HMXXwuCoLmMOmEwQf7sESSI=",
        "ref": "refs/heads/master",
-        "rev": "4ae2ac777c38f60a29384b70c456f41847cdf1b5",
-        "revCount": 28,
+        "rev": "7f5901bb5d6eeaa94d7e1f18f66093be9df014e4",
+        "revCount": 27,
        "type": "git",
        "url": "ssh://git@git.vimium.com/jordan/nix-secrets.git"
      },
@@ -658,11 +658,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1730321837,
-        "narHash": "sha256-vK+a09qq19QNu2MlLcvN4qcRctJbqWkX7ahgPZ/+maI=",
+        "lastModified": 1724833132,
+        "narHash": "sha256-F4djBvyNRAXGusJiNYInqR6zIMI3rvlp6WiKwsRISos=",
        "owner": "numtide",
        "repo": "treefmt-nix",
-        "rev": "746901bb8dba96d154b66492a29f5db0693dbfcc",
+        "rev": "3ffd842a5f50f435d3e603312eefa4790db46af5",
        "type": "github"
      },
      "original": {
--- a/hosts/desktop.nix
+++ b/hosts/desktop.nix
@@ -9,7 +9,7 @@
    (import ../overlays/gnome.nix)
  ];

-  services.printing.enable = false;
+  services.printing.enable = true;
  services.openssh.startWhenNeeded = true;

  sound.enable = true;
--- a/hosts/library/default.nix
+++ b/hosts/library/default.nix
@@ -166,7 +166,6 @@
  users.users.jellyfin.extraGroups = [ "video" "render" ];
  services.jellyfin = {
    enable = true;
-    package = pkgs.unstable.jellyfin;
    cacheDir = "/var/cache/jellyfin";
    dataDir = "/var/lib/jellyfin";
  };
--- a/hosts/vps1/default.nix
+++ b/hosts/vps1/default.nix
@@ -104,7 +104,6 @@
          whatsapp = true;
        };
        usePostgresql = databases.postgresql.enable;
-        slidingSync.enable = true;
      };
      nginx.enable = true;
      photoprism.enable = true;
--- a/modules/default.nix
+++ b/modules/default.nix
@@ -43,6 +43,7 @@
    ./services/gitea
    ./services/gitea-runner
    ./services/headscale
+    ./services/immich
    ./services/mail
    ./services/matrix
    ./services/nginx
--- a/modules/desktop/apps/qbittorrent.nix
+++ b/modules/desktop/apps/qbittorrent.nix
@@ -10,11 +10,6 @@ in {
  };

  config = lib.mkIf cfg.enable {
-    /* Potential Remote Code Execution https://www.openwall.com/lists/oss-security/2024/10/30/4 */
-    nixpkgs.config.permittedInsecurePackages = [
-      "qbittorrent-4.6.4"
-    ];
-
    user.packages = with pkgs; [
      qbittorrent
    ];
--- a/modules/desktop/gnome.nix
+++ b/modules/desktop/gnome.nix
@@ -77,6 +77,7 @@ in {
          "appindicatorsupport@rgcjonas.gmail.com"
          # "arcmenu@arcmenu.com"
          "blur-my-shell@aunetx"
+          # "browser-tabs@com.github.harshadgavali"
          "burn-my-windows@schneegans.github.com"
          "clipboard-indicator@tudmotu.com"
          "CoverflowAltTab@palatis.blogspot.com"
@@ -88,13 +89,14 @@ in {
          # "forge@jmmaranan.com"
          "gsconnect@andyholmes.github.io"
          # "gSnap@micahosborne"
-          "hidetopbar@mathieu.bidon.ca"
+          # "hidetopbar@mathieu.bidon.ca"
          "just-perfection-desktop@just-perfection"
          # "mediacontrols@cliffniff.github.com"
          # "mousefollowsfocus@matthes.biz"
          # "pano@elhan.io"
          # "paperwm@hedning:matrix.org"
          "pip-on-top@rafostar.github.com"
+          # "rounded-window-corners@yilozt"
          # "search-light@icedman.github.com"
          # "smart-auto-move@khimaros.com"
          "space-bar@luchrioh"
@@ -248,6 +250,7 @@ in {
      gnomeExtensions.appindicator
      gnomeExtensions.arcmenu
      gnomeExtensions.blur-my-shell
+      gnomeExtensions.browser-tabs
      gnomeExtensions.burn-my-windows
      gnomeExtensions.clipboard-indicator
      gnomeExtensions.coverflow-alt-tab
@@ -266,6 +269,7 @@ in {
      gnomeExtensions.pano
      gnomeExtensions.paperwm
      gnomeExtensions.pip-on-top
+      gnomeExtensions.rounded-window-corners
      gnomeExtensions.search-light
      gnomeExtensions.smart-auto-move
      gnomeExtensions.space-bar
--- a/modules/services/immich/default.nix
+++ b/modules/services/immich/default.nix
@@ -0,0 +1,54 @@
+{ config, lib, self, ... }:
+
+with lib;
+
+let cfg = config.modules.services.immich;
+in {
+  options.modules.services.immich = {
+    enable = mkOption {
+      default = false;
+      example = true;
+    };
+  };
+
+  config = mkIf cfg.enable {
+    services.nginx = {
+      virtualHosts = {
+        "gallery.vimium.com" = {
+          forceSSL = true;
+          enableACME = true;
+          locations."/" = {
+            proxyPass = "http://localhost:${toString config.services.immich.port}";
+            extraConfig = ''
+              client_max_body_size 50000M;
+
+              proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+              proxy_set_header X-Forwarded-Proto $scheme;
+              proxy_set_header X-Real-IP $remote_addr;
+              proxy_set_header Host $host;
+
+              proxy_buffering off;
+              proxy_redirect off;
+              proxy_http_version 1.1;
+              proxy_set_header Upgrade $http_upgrade;
+              proxy_set_header Connection "upgrade";
+
+              proxy_read_timeout 600s;
+              proxy_send_timeout 600s;
+              send_timeout 600s;
+            '';
+          };
+        };
+      };
+    };
+
+    age.secrets."files/services/immich/envfile" = {
+      file = "${self.inputs.secrets}/files/services/immich/envfile.age";
+    };
+
+    services.immich = {
+      enable = true;
+      secretsFile = config.age.secrets."files/services/immich/envfile".path;
+    };
+  };
+}
--- a/modules/services/matrix/default.nix
+++ b/modules/services/matrix/default.nix
@@ -42,9 +42,7 @@ in {
        base_url = "https://${matrixSubdomain}";
        server_name = cfg.serverName;
      };
-      "m.identity_server" = {
-        "base_url" = "https://vector.im";
-      };
+      "m.identity_server" = {};
      "org.matrix.msc3575.proxy" = if cfg.slidingSync.enable then {
        "url" = "https://${matrixSubdomain}";
      } else { };
@@ -138,7 +136,7 @@ in {
          "/_synapse/client".proxyPass = "http://localhost:8008";
          "~ ^/(client/|_matrix/client/unstable/org.matrix.msc3575/sync)" = lib.mkIf cfg.slidingSync.enable {
            priority = 100;
-            proxyPass = "http://${config.services.matrix-sliding-sync.settings.SYNCV3_BINDADDR}";
+            proxyPass = "http://localhost:8009";
            extraConfig = ''
              proxy_set_header X-Forwarded-For $remote_addr;
            '';