Compare commits
20 Commits
a685860680
...
immich
| Author | SHA1 | Date | |
|---|---|---|---|
7c3ce71006
|
|||
|
517cb6b040
|
|||
|
0f5d6947d2
|
|||
|
da501ec2ef
|
|||
|
9c961593a9
|
|||
|
117ed99bd2
|
|||
|
48c3d713f0
|
|||
|
697e1c8d43
|
|||
|
928e0c55e4
|
|||
|
94c58ca9dc
|
|||
|
4b44ba69d5
|
|||
|
1444cb7058
|
|||
|
ecf1bab2b0
|
|||
|
8ff1b4d05d
|
|||
|
6cecf2519e
|
|||
|
cd616653f3
|
|||
|
f91c0a33e2
|
|||
|
e5685cb361
|
|||
|
1f911b0bcb
|
|||
|
3338ebf695
|
72
flake.lock
generated
72
flake.lock
generated
@@ -66,11 +66,11 @@
|
|||||||
"utils": "utils"
|
"utils": "utils"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1718194053,
|
"lastModified": 1727447169,
|
||||||
"narHash": "sha256-FaGrf7qwZ99ehPJCAwgvNY5sLCqQ3GDiE/6uLhxxwSY=",
|
"narHash": "sha256-3KyjMPUKHkiWhwR91J1YchF6zb6gvckCAY1jOE+ne0U=",
|
||||||
"owner": "serokell",
|
"owner": "serokell",
|
||||||
"repo": "deploy-rs",
|
"repo": "deploy-rs",
|
||||||
"rev": "3867348fa92bc892eba5d9ddb2d7a97b9e127a8a",
|
"rev": "aa07eb05537d4cd025e2310397a6adcedfe72c76",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
@@ -107,11 +107,11 @@
|
|||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1724349583,
|
"lastModified": 1727359191,
|
||||||
"narHash": "sha256-zgB1Cfk46irIsto8666yLdKjqKdBrjR48Dd3lhQ0CnQ=",
|
"narHash": "sha256-5PltTychnExFwzpEnY3WhOywaMV/M6NxYI/y3oXuUtw=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "disko",
|
"repo": "disko",
|
||||||
"rev": "435737144be0259559ca3b43f7d72252b1fdcc1b",
|
"rev": "67dc29be3036cc888f0b9d4f0a788ee0f6768700",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
@@ -206,11 +206,11 @@
|
|||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1722555600,
|
"lastModified": 1725234343,
|
||||||
"narHash": "sha256-XOQkdLafnb/p9ij77byFQjDf5m5QYl9b2REiVClC+x4=",
|
"narHash": "sha256-+ebgonl3NbiKD2UD0x4BszCZQ6sTfL4xioaM49o5B3Y=",
|
||||||
"owner": "hercules-ci",
|
"owner": "hercules-ci",
|
||||||
"repo": "flake-parts",
|
"repo": "flake-parts",
|
||||||
"rev": "8471fe90ad337a8074e957b69ca4d0089218391d",
|
"rev": "567b938d64d4b4112ee253b9274472dc3a346eb6",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
@@ -233,11 +233,11 @@
|
|||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1724227338,
|
"lastModified": 1724857454,
|
||||||
"narHash": "sha256-TuSaYdhOxeaaE9885mFO1lZHHax33GD5A9dczJrGUjw=",
|
"narHash": "sha256-Qyl9Q4QMTLZnnBb/8OuQ9LSkzWjBU1T5l5zIzTxkkhk=",
|
||||||
"owner": "cachix",
|
"owner": "cachix",
|
||||||
"repo": "git-hooks.nix",
|
"repo": "git-hooks.nix",
|
||||||
"rev": "6cedaa7c1b4f82a266e5d30f212273e60d62cb0d",
|
"rev": "4509ca64f1084e73bc7a721b20c669a8d4c5ebe6",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
@@ -313,11 +313,11 @@
|
|||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1720042825,
|
"lastModified": 1726989464,
|
||||||
"narHash": "sha256-A0vrUB6x82/jvf17qPCpxaM+ulJnD8YZwH9Ci0BsAzE=",
|
"narHash": "sha256-Vl+WVTJwutXkimwGprnEtXc/s/s8sMuXzqXaspIGlwM=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "home-manager",
|
"repo": "home-manager",
|
||||||
"rev": "e1391fb22e18a36f57e6999c7a9f966dc80ac073",
|
"rev": "2f23fa308a7c067e52dfcc30a0758f47043ec176",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
@@ -373,11 +373,11 @@
|
|||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1724299755,
|
"lastModified": 1725189302,
|
||||||
"narHash": "sha256-P5zMA17kD9tqiqMuNXwupkM7buM3gMNtoZ1VuJTRDE4=",
|
"narHash": "sha256-IhXok/kwQqtusPsoguQLCHA+h6gKvgdCrkhIaN+kByA=",
|
||||||
"owner": "lnl7",
|
"owner": "lnl7",
|
||||||
"repo": "nix-darwin",
|
"repo": "nix-darwin",
|
||||||
"rev": "a8968d88e5a537b0491f68ce910749cd870bdbef",
|
"rev": "7c4b53a7d9f3a3df902b3fddf2ae245ef20ebcda",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
@@ -388,11 +388,11 @@
|
|||||||
},
|
},
|
||||||
"nixos-hardware": {
|
"nixos-hardware": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1724067415,
|
"lastModified": 1727437159,
|
||||||
"narHash": "sha256-WJBAEFXAtA41RMpK8mvw0cQ62CJkNMBtzcEeNIJV7b0=",
|
"narHash": "sha256-v4qLwEw5OmprgQZTT7KZMNU7JjXJzRypw8+Cw6++fWk=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixos-hardware",
|
"repo": "nixos-hardware",
|
||||||
"rev": "b09c46430ffcf18d575acf5c339b38ac4e1db5d2",
|
"rev": "d830ad47cc992b4a46b342bbc79694cbd0e980b2",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
@@ -459,11 +459,11 @@
|
|||||||
},
|
},
|
||||||
"nixpkgs-unstable": {
|
"nixpkgs-unstable": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1724224976,
|
"lastModified": 1727122398,
|
||||||
"narHash": "sha256-Z/ELQhrSd7bMzTO8r7NZgi9g5emh+aRKoCdaAv5fiO0=",
|
"narHash": "sha256-o8VBeCWHBxGd4kVMceIayf5GApqTavJbTa44Xcg5Rrk=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "c374d94f1536013ca8e92341b540eba4c22f9c62",
|
"rev": "30439d93eb8b19861ccbe3e581abf97bdc91b093",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
@@ -490,11 +490,11 @@
|
|||||||
},
|
},
|
||||||
"nixpkgs_3": {
|
"nixpkgs_3": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1724242322,
|
"lastModified": 1727264057,
|
||||||
"narHash": "sha256-HMpK7hNjhEk4z5SFg5UtxEio9OWFocHdaQzCfW1pE7w=",
|
"narHash": "sha256-KQPI8CTTnB9CrJ7LrmLC4VWbKZfljEPBXOFGZFRpxao=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "224042e9a3039291f22f4f2ded12af95a616cca0",
|
"rev": "759537f06e6999e141588ff1c9be7f3a5c060106",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
@@ -517,11 +517,11 @@
|
|||||||
"treefmt-nix": "treefmt-nix"
|
"treefmt-nix": "treefmt-nix"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1724313764,
|
"lastModified": 1725350106,
|
||||||
"narHash": "sha256-IvCUBm3Gkrxg/No1OMYEI2rds6WAtq7+c0eF0GRLx3Y=",
|
"narHash": "sha256-TaMMlI2KPJ3wCyxJk6AShOLhNuTeabHCnvYRkLBlEFs=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "nixvim",
|
"repo": "nixvim",
|
||||||
"rev": "9b5bb1a7695fa1ab041982347b2444d87bb53c32",
|
"rev": "0f2c31e6a57a83ed4e6fa3adc76749620231055d",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
@@ -541,11 +541,11 @@
|
|||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1724364293,
|
"lastModified": 1727210241,
|
||||||
"narHash": "sha256-R/Jsd29RtrPoxr+NivHWIi+Zm63+G/1R539KtSQSycw=",
|
"narHash": "sha256-lufS6uzSbSrggNCSgubymMQWnQMh7PvQ+lRZ8qH9Uoc=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "plasma-manager",
|
"repo": "plasma-manager",
|
||||||
"rev": "0b7f9b5eed2d221db4b6ed4dade0b4e9f50dfd6f",
|
"rev": "a02fef2ece8084aff0b41700bb57d24d73574cd1",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
@@ -658,11 +658,11 @@
|
|||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1723808491,
|
"lastModified": 1724833132,
|
||||||
"narHash": "sha256-rhis3qNuGmJmYC/okT7Dkc4M8CeUuRCSvW6kC2f3hBc=",
|
"narHash": "sha256-F4djBvyNRAXGusJiNYInqR6zIMI3rvlp6WiKwsRISos=",
|
||||||
"owner": "numtide",
|
"owner": "numtide",
|
||||||
"repo": "treefmt-nix",
|
"repo": "treefmt-nix",
|
||||||
"rev": "1d07739554fdc4f8481068f1b11d6ab4c1a4167a",
|
"rev": "3ffd842a5f50f435d3e603312eefa4790db46af5",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
|||||||
@@ -7,11 +7,12 @@
|
|||||||
|
|
||||||
boot = {
|
boot = {
|
||||||
initrd.availableKernelModules = [ "ehci_pci" "ahci" "usb_storage" "sd_mod" "sdhci_pci" ];
|
initrd.availableKernelModules = [ "ehci_pci" "ahci" "usb_storage" "sd_mod" "sdhci_pci" ];
|
||||||
initrd.kernelModules = [ ];
|
|
||||||
initrd.supportedFilesystems = [ "zfs" ];
|
initrd.supportedFilesystems = [ "zfs" ];
|
||||||
kernelModules = [ ];
|
kernel.sysctl = {
|
||||||
|
"kernel.nmi_watchdog" = 0;
|
||||||
|
"vm.laptop_mode" = 5;
|
||||||
|
};
|
||||||
kernelParams = [ "elevator=none" ];
|
kernelParams = [ "elevator=none" ];
|
||||||
extraModulePackages = [ ];
|
|
||||||
supportedFilesystems = [ "zfs" ];
|
supportedFilesystems = [ "zfs" ];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|||||||
@@ -7,6 +7,10 @@
|
|||||||
|
|
||||||
boot = {
|
boot = {
|
||||||
initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
|
initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
|
||||||
|
kernel.sysctl = {
|
||||||
|
"kernel.nmi_watchdog" = 0;
|
||||||
|
"vm.laptop_mode" = 5;
|
||||||
|
};
|
||||||
kernelModules = [ "applesmc" "kvm-intel" "wl" ];
|
kernelModules = [ "applesmc" "kvm-intel" "wl" ];
|
||||||
extraModulePackages = [
|
extraModulePackages = [
|
||||||
config.boot.kernelPackages.broadcom_sta
|
config.boot.kernelPackages.broadcom_sta
|
||||||
|
|||||||
@@ -80,10 +80,6 @@
|
|||||||
|
|
||||||
modules = rec {
|
modules = rec {
|
||||||
databases.postgresql.enable = true;
|
databases.postgresql.enable = true;
|
||||||
networking = {
|
|
||||||
netbird.enable = true;
|
|
||||||
tailscale.enable = lib.mkForce false;
|
|
||||||
};
|
|
||||||
services = {
|
services = {
|
||||||
borgmatic = {
|
borgmatic = {
|
||||||
enable = true;
|
enable = true;
|
||||||
@@ -100,7 +96,7 @@
|
|||||||
matrixIntegration = true;
|
matrixIntegration = true;
|
||||||
};
|
};
|
||||||
gitea.enable = true;
|
gitea.enable = true;
|
||||||
headscale.enable = false;
|
headscale.enable = true;
|
||||||
matrix = {
|
matrix = {
|
||||||
enable = true;
|
enable = true;
|
||||||
bridges = {
|
bridges = {
|
||||||
|
|||||||
@@ -43,6 +43,7 @@
|
|||||||
./services/gitea
|
./services/gitea
|
||||||
./services/gitea-runner
|
./services/gitea-runner
|
||||||
./services/headscale
|
./services/headscale
|
||||||
|
./services/immich
|
||||||
./services/mail
|
./services/mail
|
||||||
./services/matrix
|
./services/matrix
|
||||||
./services/nginx
|
./services/nginx
|
||||||
|
|||||||
@@ -31,7 +31,6 @@ in {
|
|||||||
enableNginx = true;
|
enableNginx = true;
|
||||||
dashboard.settings = {
|
dashboard.settings = {
|
||||||
AUTH_AUTHORITY = "https://auth.vimium.com/oauth2/openid/netbird";
|
AUTH_AUTHORITY = "https://auth.vimium.com/oauth2/openid/netbird";
|
||||||
NETBIRD_TOKEN_SOURCE = "accessToken";
|
|
||||||
};
|
};
|
||||||
management = rec {
|
management = rec {
|
||||||
disableAnonymousMetrics = true;
|
disableAnonymousMetrics = true;
|
||||||
@@ -60,6 +59,9 @@ in {
|
|||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
systemd.services.netbird-signal.serviceConfig.RestartSec = "60";
|
||||||
|
systemd.services.netbird-management.serviceConfig.RestartSec = "60";
|
||||||
|
|
||||||
services.nginx.virtualHosts."netbird.vimium.net" = {
|
services.nginx.virtualHosts."netbird.vimium.net" = {
|
||||||
enableACME = true;
|
enableACME = true;
|
||||||
forceSSL = true;
|
forceSSL = true;
|
||||||
|
|||||||
@@ -1,19 +1,17 @@
|
|||||||
{ config, lib, pkgs, ... }:
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
with lib;
|
|
||||||
|
|
||||||
let
|
let
|
||||||
cfg = config.modules.services.headscale;
|
cfg = config.modules.services.headscale;
|
||||||
fqdn = "headscale.vimium.net";
|
fqdn = "headscale.vimium.net";
|
||||||
in {
|
in {
|
||||||
options.modules.services.headscale = {
|
options.modules.services.headscale = {
|
||||||
enable = mkOption {
|
enable = lib.mkOption {
|
||||||
default = false;
|
default = false;
|
||||||
example = true;
|
example = true;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
config = mkIf cfg.enable {
|
config = lib.mkIf cfg.enable {
|
||||||
environment.systemPackages = [ pkgs.headscale ];
|
environment.systemPackages = [ pkgs.headscale ];
|
||||||
|
|
||||||
services.headscale = {
|
services.headscale = {
|
||||||
@@ -22,10 +20,16 @@ in {
|
|||||||
port = 8080;
|
port = 8080;
|
||||||
|
|
||||||
settings = {
|
settings = {
|
||||||
|
acl_policy_path = null;
|
||||||
ip_prefixes = [
|
ip_prefixes = [
|
||||||
"100.64.0.0/10"
|
"100.64.0.0/10"
|
||||||
];
|
];
|
||||||
server_url = "https://${fqdn}";
|
server_url = "https://${fqdn}";
|
||||||
|
derp = {
|
||||||
|
auto_update_enable = false;
|
||||||
|
update_frequency = "24h";
|
||||||
|
urls = [];
|
||||||
|
};
|
||||||
dns_config = {
|
dns_config = {
|
||||||
base_domain = "vimium.net";
|
base_domain = "vimium.net";
|
||||||
extra_records = [
|
extra_records = [
|
||||||
@@ -40,6 +44,10 @@ in {
|
|||||||
value = "100.64.0.7";
|
value = "100.64.0.7";
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
|
magic_dns = true;
|
||||||
|
nameservers = [
|
||||||
|
"9.9.9.9"
|
||||||
|
];
|
||||||
};
|
};
|
||||||
logtail.enabled = false;
|
logtail.enabled = false;
|
||||||
};
|
};
|
||||||
|
|||||||
54
modules/services/immich/default.nix
Normal file
54
modules/services/immich/default.nix
Normal file
@@ -0,0 +1,54 @@
|
|||||||
|
{ config, lib, self, ... }:
|
||||||
|
|
||||||
|
with lib;
|
||||||
|
|
||||||
|
let cfg = config.modules.services.immich;
|
||||||
|
in {
|
||||||
|
options.modules.services.immich = {
|
||||||
|
enable = mkOption {
|
||||||
|
default = false;
|
||||||
|
example = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
config = mkIf cfg.enable {
|
||||||
|
services.nginx = {
|
||||||
|
virtualHosts = {
|
||||||
|
"gallery.vimium.com" = {
|
||||||
|
forceSSL = true;
|
||||||
|
enableACME = true;
|
||||||
|
locations."/" = {
|
||||||
|
proxyPass = "http://localhost:${toString config.services.immich.port}";
|
||||||
|
extraConfig = ''
|
||||||
|
client_max_body_size 50000M;
|
||||||
|
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
|
||||||
|
proxy_buffering off;
|
||||||
|
proxy_redirect off;
|
||||||
|
proxy_http_version 1.1;
|
||||||
|
proxy_set_header Upgrade $http_upgrade;
|
||||||
|
proxy_set_header Connection "upgrade";
|
||||||
|
|
||||||
|
proxy_read_timeout 600s;
|
||||||
|
proxy_send_timeout 600s;
|
||||||
|
send_timeout 600s;
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
age.secrets."files/services/immich/envfile" = {
|
||||||
|
file = "${self.inputs.secrets}/files/services/immich/envfile.age";
|
||||||
|
};
|
||||||
|
|
||||||
|
services.immich = {
|
||||||
|
enable = true;
|
||||||
|
secretsFile = config.age.secrets."files/services/immich/envfile".path;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
||||||
@@ -173,6 +173,7 @@ in {
|
|||||||
|
|
||||||
nixpkgs.config.permittedInsecurePackages = [
|
nixpkgs.config.permittedInsecurePackages = [
|
||||||
"jitsi-meet-1.0.8043"
|
"jitsi-meet-1.0.8043"
|
||||||
|
"olm-3.2.16"
|
||||||
];
|
];
|
||||||
|
|
||||||
services.matrix-synapse = {
|
services.matrix-synapse = {
|
||||||
|
|||||||
Reference in New Issue
Block a user