Configure mangadex downloader

nix/deployments/hive.nix

@@ -59,8 +59,8 @@ in
         ../system/xps11/configuration.nix
         ../home/programs/nginx
         ../home/programs/jellyfin
-        ../home/programs/calibre-web
         ../home/programs/forgejo/webserver.nix
+        ../home/programs/immich
       ];
 
       fileSystems."/storage" = {

nix/home/programs/beets/default.nix

@@ -1,6 +1,8 @@
 { pkgs, ... }:
 {
-  environment.systemPackages = with pkgs; [ beets-unstable ];
+  environment.systemPackages = with pkgs; [
+    beets
+  ];
 
   # If using home-manager, we could the beets settings in a more in-nix way. As
   # it is, here's the YAML that's currently on the NAS. If being serious, we

nix/home/programs/immich/default.nix

@@ -0,0 +1,62 @@
+{ lib, config, ... }:
+
+let
+  immichDomain = lib.strings.fileContents ../../../../secrets/letsencrypt/mediaserver/immichdomain;
+in
+{
+  services.immich = {
+    enable = true;
+  port = 2283;
+  mediaLocation = "/storage/organized/photos";
+
+  ## Enable hardware acceleration for video
+  # `null` will give access to all devices.
+# You may want to restrict this by using something like `[ "/dev/dri/renderD128" ]`
+  accelerationDevices = null;
+
+  settings.server.externalDomain = "https://${immichDomain}";
+};
+
+  hardware.graphics = {
+    enable = true;
+    # Maybe we need more here, hard to say...
+  };
+
+  users.users.immich.extraGroups = [ "video" "render" "multimedia"
+  # something strange here about remote file-system groups...
+  "jellyfin" ];
+
+  ## Expose immich to "the world"
+  networking.firewall = {
+    allowedTCPPorts = [
+      #nginx
+      80
+      443
+    ];
+  };
+
+  services.nginx = {
+
+    recommendedProxySettings = true;
+    recommendedGzipSettings = true;
+    recommendedOptimisation = true;
+    recommendedTlsSettings = true;
+
+    virtualHosts."${immichDomain}" = {
+      forceSSL = true;
+      enableACME = true;
+      extraConfig = ''
+        client_max_body_size 50000M;
+        proxy_read_timeout   600s;
+        proxy_send_timeout   600s;
+        send_timeout         600s;
+      '';
+
+      locations."/" = {
+        proxyPass = "http://[::1]:${toString config.services.immich.port}";
+        proxyWebsockets = true;
+      };
+    };
+  };
+}
+

nix/home/programs/jellyfin/default.nix

@@ -3,9 +3,6 @@
 {
   networking.firewall = {
     allowedTCPPorts = [
-      # jellyfin frontend
-      8096
-      8920
       #nginx
       80
       443
@@ -22,6 +19,7 @@
   # 2. override default hardening measure from NixOS - this is default since 22.05
   systemd.services.jellyfin.serviceConfig.PrivateDevices = lib.mkForce false;
 
+  ## Expose jelly to "the world"
   services.nginx = {
     virtualHosts."${lib.strings.fileContents ../../../../secrets/letsencrypt/mediaserver/domain}" = {
       forceSSL = true;

nix/home/programs/mangadex-downloader/default.nix

@@ -0,0 +1,58 @@
+{ pkgs, ... }:
+
+let
+
+  buildPythonPackage = pkgs.python311Packages.buildPythonPackage;
+  fetchPypi = pkgs.python311Packages.fetchPypi;
+  requests_doh = buildPythonPackage rec {
+    pname = "requests_doh";
+    version = "1.0.0";
+    format = "setuptools";
+      src = fetchPypi {
+        inherit pname version;
+        sha256 = "sha256-bOi8liRQMKGY7yDSEAtNyzsSCgWljfcD+L4SGnn48vs=";
+      };
+
+      doCheck = false;
+
+      propagatedBuildInputs = with pkgs.python311Packages; [
+        requests
+        dnspython
+      ] ++ requests.optional-dependencies.socks ++ dnspython.optional-dependencies.doh;
+    };
+
+  mangadex-downloader = buildPythonPackage
+    rec {
+      pname = "mangadex_downloader";
+      version = "3.1.4";
+      format = "setuptools";
+
+      src = fetchPypi {
+        inherit pname version;
+        sha256 = "sha256-653lHYQPFZ3I9+bqMRxGcSyJv1MEqPvYbbX0j/SATyo=";
+      };
+
+      doCheck = false;
+
+      propagatedBuildInputs = with pkgs.python311Packages; [
+        pysocks
+        requests_doh
+        requests
+        beautifulsoup4
+        chardet
+        packaging
+        requests
+        tqdm
+        pyjwt
+        pillow
+        pathvalidate
+      ]++ requests.optional-dependencies.socks;
+    };
+in
+{
+  environment.systemPackages = [
+    (pkgs.python311.withPackages (p: [
+      mangadex-downloader
+    ]))
+  ];
+}

nix/home/programs/nvim/default.nix

@@ -127,7 +127,7 @@ with builtins;
             pkgs.replaceVars ./nvim-lspconfig.lua {
               # since both of these are used for actually configuring the system,
               # we'll probably always want them around.
-              lua_ls = pkgs.sumneko-lua-language-server;
+              lua_ls = pkgs.lua-language-server;
               nixd = pkgs.nixd;
               ts_server = pkgs.nodePackages.typescript-language-server;
               diagnostic_server = pkgs.nodePackages.diagnostic-languageserver;

nix/home/programs/nvim/init.vim

@@ -6,7 +6,6 @@ filetype plugin indent on
 let g:netrw_liststyle = 3
 set nobackup
 set noswapfile
-set pastetoggle=<F3>
 set nowrap
 
 set background=dark

nix/home/programs/zsh/default.nix

@@ -12,7 +12,7 @@ with builtins; {
     enableCompletion = true;
     defaultKeymap = "viins";
 
-    initExtra = readFile ./zshrc;
+    initContent = readFile ./zshrc;
 
     oh-my-zsh = {
       enable = true;

nix/system/framework/configuration.nix

@@ -15,6 +15,7 @@
       # Include the results of the hardware scan.
       ./hardware-configuration.nix
       ../common/users.nix
+      (import ../../home/programs/mangadex-downloader)
     ];
 
   # enable nix-flakes

nix/system/svalbard/configuration.nix

@@ -42,7 +42,7 @@
     (pkgs.writeTextFile {
       name = "dev-device-no-auto-name";
       text = ''
-        SUBSYSTEM=="net", ACTION=="add", DEVTYPE!=="?*", ATTR{address}=="04:7c:16:10:27:5e", NAME="eth0"
+        SUBSYSTEM=="net", ACTION=="add", ENV{DEVTYPE}!="?*", ATTR{address}=="04:7c:16:10:27:5e", NAME="eth0"
       '';
 
       destination = "/etc/udev/rules.d/70-persistent-net.rules";
@@ -50,12 +50,12 @@
   ];
 
   # Select internationalisation properties.
-  i18n.defaultLocale = "en_US.utf8";
+  i18n.defaultLocale = "en_US.UTF-8";
 
   # Configure keymap in X11
   services.xserver = {
-    layout = "us";
+    xkb.layout = "us";
-    xkbVariant = "";
+    xkb.variant = "";
   };
 
   # Allow unfree packages
@@ -94,5 +94,4 @@
   # Before changing this value read the documentation for this option
   # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
   system.stateVersion = "22.05"; # Did you read the comment?
-
 }

nix/system/xps11/configuration.nix

@@ -82,7 +82,7 @@
       name = "dev-device-no-auto-name";
       # xps11 uses a usb device as an ethernet port
       text = ''
-        SUBSYSTEM=="net", ACTION=="add", DEVTYPE!=="?*", ATTR{address}=="00:e0:4c:68:13:bf", NAME="eth0"
+        SUBSYSTEM=="net", ACTION=="add", ENV{DEVTYPE}!="?*", ATTR{address}=="00:e0:4c:68:13:bf", NAME="eth0"
       '';
 
       destination = "/etc/udev/rules.d/70-persistent-net.rules";
@@ -116,4 +116,6 @@
   # servers. You should change this only after NixOS release notes say you
   # should.
   system.stateVersion = "20.03"; # Did you read the comment?
+  # postgres 11 has EOL'd
+  services.postgresql.package = pkgs.postgresql_15;
 }