diff --git a/nix/deployments/hive.nix b/nix/deployments/hive.nix index fcf64a6..ab1eb1d 100644 --- a/nix/deployments/hive.nix +++ b/nix/deployments/hive.nix @@ -59,8 +59,8 @@ in ../system/xps11/configuration.nix ../home/programs/nginx ../home/programs/jellyfin - ../home/programs/calibre-web ../home/programs/forgejo/webserver.nix + ../home/programs/immich ]; fileSystems."/storage" = { diff --git a/nix/home/programs/beets/default.nix b/nix/home/programs/beets/default.nix index 547bb1f..a3af9b9 100644 --- a/nix/home/programs/beets/default.nix +++ b/nix/home/programs/beets/default.nix @@ -1,6 +1,8 @@ { pkgs, ... }: { - environment.systemPackages = with pkgs; [ beets-unstable ]; + environment.systemPackages = with pkgs; [ + beets + ]; # If using home-manager, we could the beets settings in a more in-nix way. As # it is, here's the YAML that's currently on the NAS. If being serious, we diff --git a/nix/home/programs/immich/default.nix b/nix/home/programs/immich/default.nix new file mode 100644 index 0000000..c2c8ccc --- /dev/null +++ b/nix/home/programs/immich/default.nix @@ -0,0 +1,62 @@ +{ lib, config, ... }: + +let + immichDomain = lib.strings.fileContents ../../../../secrets/letsencrypt/mediaserver/immichdomain; +in +{ + services.immich = { + enable = true; + port = 2283; + mediaLocation = "/storage/organized/photos"; + + ## Enable hardware acceleration for video + # `null` will give access to all devices. +# You may want to restrict this by using something like `[ "/dev/dri/renderD128" ]` + accelerationDevices = null; + + settings.server.externalDomain = "https://${immichDomain}"; +}; + + hardware.graphics = { + enable = true; + # Maybe we need more here, hard to say... + }; + + users.users.immich.extraGroups = [ "video" "render" "multimedia" + # something strange here about remote file-system groups... + "jellyfin" ]; + + ## Expose immich to "the world" + networking.firewall = { + allowedTCPPorts = [ + #nginx + 80 + 443 + ]; + }; + + services.nginx = { + + recommendedProxySettings = true; + recommendedGzipSettings = true; + recommendedOptimisation = true; + recommendedTlsSettings = true; + + virtualHosts."${immichDomain}" = { + forceSSL = true; + enableACME = true; + extraConfig = '' + client_max_body_size 50000M; + proxy_read_timeout 600s; + proxy_send_timeout 600s; + send_timeout 600s; + ''; + + locations."/" = { + proxyPass = "http://[::1]:${toString config.services.immich.port}"; + proxyWebsockets = true; + }; + }; + }; +} + diff --git a/nix/home/programs/jellyfin/default.nix b/nix/home/programs/jellyfin/default.nix index 50fadbc..d0c09db 100644 --- a/nix/home/programs/jellyfin/default.nix +++ b/nix/home/programs/jellyfin/default.nix @@ -3,9 +3,6 @@ { networking.firewall = { allowedTCPPorts = [ - # jellyfin frontend - 8096 - 8920 #nginx 80 443 @@ -22,6 +19,7 @@ # 2. override default hardening measure from NixOS - this is default since 22.05 systemd.services.jellyfin.serviceConfig.PrivateDevices = lib.mkForce false; + ## Expose jelly to "the world" services.nginx = { virtualHosts."${lib.strings.fileContents ../../../../secrets/letsencrypt/mediaserver/domain}" = { forceSSL = true; diff --git a/nix/home/programs/mangadex-downloader/default.nix b/nix/home/programs/mangadex-downloader/default.nix new file mode 100644 index 0000000..6b14982 --- /dev/null +++ b/nix/home/programs/mangadex-downloader/default.nix @@ -0,0 +1,58 @@ +{ pkgs, ... }: + +let + + buildPythonPackage = pkgs.python311Packages.buildPythonPackage; + fetchPypi = pkgs.python311Packages.fetchPypi; + requests_doh = buildPythonPackage rec { + pname = "requests_doh"; + version = "1.0.0"; + format = "setuptools"; + src = fetchPypi { + inherit pname version; + sha256 = "sha256-bOi8liRQMKGY7yDSEAtNyzsSCgWljfcD+L4SGnn48vs="; + }; + + doCheck = false; + + propagatedBuildInputs = with pkgs.python311Packages; [ + requests + dnspython + ] ++ requests.optional-dependencies.socks ++ dnspython.optional-dependencies.doh; + }; + + mangadex-downloader = buildPythonPackage + rec { + pname = "mangadex_downloader"; + version = "3.1.4"; + format = "setuptools"; + + src = fetchPypi { + inherit pname version; + sha256 = "sha256-653lHYQPFZ3I9+bqMRxGcSyJv1MEqPvYbbX0j/SATyo="; + }; + + doCheck = false; + + propagatedBuildInputs = with pkgs.python311Packages; [ + pysocks + requests_doh + requests + beautifulsoup4 + chardet + packaging + requests + tqdm + pyjwt + pillow + pathvalidate + ]++ requests.optional-dependencies.socks; + }; +in +{ + environment.systemPackages = [ + (pkgs.python311.withPackages (p: [ + mangadex-downloader + ])) + ]; +} diff --git a/nix/home/programs/nvim/default.nix b/nix/home/programs/nvim/default.nix index d8bafd0..60cd79d 100644 --- a/nix/home/programs/nvim/default.nix +++ b/nix/home/programs/nvim/default.nix @@ -127,7 +127,7 @@ with builtins; pkgs.replaceVars ./nvim-lspconfig.lua { # since both of these are used for actually configuring the system, # we'll probably always want them around. - lua_ls = pkgs.sumneko-lua-language-server; + lua_ls = pkgs.lua-language-server; nixd = pkgs.nixd; ts_server = pkgs.nodePackages.typescript-language-server; diagnostic_server = pkgs.nodePackages.diagnostic-languageserver; diff --git a/nix/home/programs/nvim/init.vim b/nix/home/programs/nvim/init.vim index 854bfd8..a3c9351 100644 --- a/nix/home/programs/nvim/init.vim +++ b/nix/home/programs/nvim/init.vim @@ -6,7 +6,6 @@ filetype plugin indent on let g:netrw_liststyle = 3 set nobackup set noswapfile -set pastetoggle= set nowrap set background=dark diff --git a/nix/home/programs/zsh/default.nix b/nix/home/programs/zsh/default.nix index 355cde6..53c4ad1 100644 --- a/nix/home/programs/zsh/default.nix +++ b/nix/home/programs/zsh/default.nix @@ -12,7 +12,7 @@ with builtins; { enableCompletion = true; defaultKeymap = "viins"; - initExtra = readFile ./zshrc; + initContent = readFile ./zshrc; oh-my-zsh = { enable = true; diff --git a/nix/system/framework/configuration.nix b/nix/system/framework/configuration.nix index a602dab..0bccf23 100644 --- a/nix/system/framework/configuration.nix +++ b/nix/system/framework/configuration.nix @@ -15,6 +15,7 @@ # Include the results of the hardware scan. ./hardware-configuration.nix ../common/users.nix + (import ../../home/programs/mangadex-downloader) ]; # enable nix-flakes diff --git a/nix/system/svalbard/configuration.nix b/nix/system/svalbard/configuration.nix index 323bc50..57b0e51 100644 --- a/nix/system/svalbard/configuration.nix +++ b/nix/system/svalbard/configuration.nix @@ -42,7 +42,7 @@ (pkgs.writeTextFile { name = "dev-device-no-auto-name"; text = '' - SUBSYSTEM=="net", ACTION=="add", DEVTYPE!=="?*", ATTR{address}=="04:7c:16:10:27:5e", NAME="eth0" + SUBSYSTEM=="net", ACTION=="add", ENV{DEVTYPE}!="?*", ATTR{address}=="04:7c:16:10:27:5e", NAME="eth0" ''; destination = "/etc/udev/rules.d/70-persistent-net.rules"; @@ -50,12 +50,12 @@ ]; # Select internationalisation properties. - i18n.defaultLocale = "en_US.utf8"; + i18n.defaultLocale = "en_US.UTF-8"; # Configure keymap in X11 services.xserver = { - layout = "us"; - xkbVariant = ""; + xkb.layout = "us"; + xkb.variant = ""; }; # Allow unfree packages @@ -94,5 +94,4 @@ # Before changing this value read the documentation for this option # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). system.stateVersion = "22.05"; # Did you read the comment? - } diff --git a/nix/system/xps11/configuration.nix b/nix/system/xps11/configuration.nix index e274c57..bf3ca8f 100644 --- a/nix/system/xps11/configuration.nix +++ b/nix/system/xps11/configuration.nix @@ -82,7 +82,7 @@ name = "dev-device-no-auto-name"; # xps11 uses a usb device as an ethernet port text = '' - SUBSYSTEM=="net", ACTION=="add", DEVTYPE!=="?*", ATTR{address}=="00:e0:4c:68:13:bf", NAME="eth0" + SUBSYSTEM=="net", ACTION=="add", ENV{DEVTYPE}!="?*", ATTR{address}=="00:e0:4c:68:13:bf", NAME="eth0" ''; destination = "/etc/udev/rules.d/70-persistent-net.rules"; @@ -116,4 +116,6 @@ # servers. You should change this only after NixOS release notes say you # should. system.stateVersion = "20.03"; # Did you read the comment? + # postgres 11 has EOL'd + services.postgresql.package = pkgs.postgresql_15; }