From 1c0928578a6f44dbb1436a205d4ca4555dd0d3dc Mon Sep 17 00:00:00 2001 From: mjallen18 Date: Thu, 24 Apr 2025 18:16:39 -0500 Subject: [PATCH] immich --- hosts/deck/home.nix | 1 - hosts/desktop/configuration.nix | 3 -- hosts/desktop/home.nix | 1 - hosts/nas/apps.nix | 1 + hosts/nas/apps/immich/default.nix | 26 +++++++++ hosts/nas/apps/netbootxyz/default.nix | 25 --------- hosts/nas/apps/netbootxyz/options.nix | 58 -------------------- hosts/nas/apps/traefik/default.nix | 13 +++++ hosts/nas/configuration.nix | 1 - hosts/nas/home.nix | 1 - hosts/nas/networking.nix | 1 + hosts/nas/services.nix | 78 +-------------------------- hosts/nas/sops.nix | 19 ++----- secrets/secrets.yaml | 11 ++-- 14 files changed, 48 insertions(+), 191 deletions(-) create mode 100755 hosts/nas/apps/immich/default.nix delete mode 100755 hosts/nas/apps/netbootxyz/default.nix delete mode 100755 hosts/nas/apps/netbootxyz/options.nix diff --git a/hosts/deck/home.nix b/hosts/deck/home.nix index e2c5947..e32a1e4 100755 --- a/hosts/deck/home.nix +++ b/hosts/deck/home.nix @@ -27,7 +27,6 @@ in programs.home-manager.enable = true; programs = { - fish.enable = false; mangohud.enable = true; java.enable = true; diff --git a/hosts/desktop/configuration.nix b/hosts/desktop/configuration.nix index 5ec4640..fb62148 100755 --- a/hosts/desktop/configuration.nix +++ b/hosts/desktop/configuration.nix @@ -103,8 +103,6 @@ in ../../share/amd ]; - chaotic.mesa-git.enable = false; - # Environment configuration environment = { systemPackages = systemPackages; @@ -125,7 +123,6 @@ in sane = { enable = true; brscan5.enable = true; - dsseries.enable = false; extraBackends = [ pkgsVersion.brscan5 ]; }; }; diff --git a/hosts/desktop/home.nix b/hosts/desktop/home.nix index 9261b42..5637829 100755 --- a/hosts/desktop/home.nix +++ b/hosts/desktop/home.nix @@ -44,7 +44,6 @@ in }; programs = { - fish.enable = false; mangohud.enable = true; java.enable = true; home-manager.enable = true; diff --git a/hosts/nas/apps.nix b/hosts/nas/apps.nix index 577ae1f..57874da 100755 --- a/hosts/nas/apps.nix +++ b/hosts/nas/apps.nix @@ -5,6 +5,7 @@ ./apps/arrs ./apps/crowdsec ./apps/gitea + ./apps/immich ./apps/jellyfin ./apps/jellyseerr ./apps/lubelogger diff --git a/hosts/nas/apps/immich/default.nix b/hosts/nas/apps/immich/default.nix new file mode 100755 index 0000000..ba7c199 --- /dev/null +++ b/hosts/nas/apps/immich/default.nix @@ -0,0 +1,26 @@ +{ config, lib, ... }: +let + immichPort = 2283; + dataDir = "/media/nas/main/photos"; + dbPassword = config.sops.secrets."jallen-nas/immich/db-password".path; +in +{ + # Enable immich service + services.immich = { + enable = true; + port = immichPort; + openFirewall = true; + secretsFile = dbPassword; + mediaLocation = dataDir; + + environment = { + IMMICH_HOST = lib.mkForce "0.0.0.0"; + IMMICH_TRUSTED_PROXIES = "10.0.1.18"; + TZ = "America/Chicago"; + }; + + machine-learning = { + enable = false; + }; + }; +} diff --git a/hosts/nas/apps/netbootxyz/default.nix b/hosts/nas/apps/netbootxyz/default.nix deleted file mode 100755 index 57fb3ef..0000000 --- a/hosts/nas/apps/netbootxyz/default.nix +++ /dev/null @@ -1,25 +0,0 @@ -{ lib, config, ... }: -with lib; -let - cfg = config.nas-apps.netbootxyz; -in -{ - imports = [ ./options.nix ]; - - config = mkIf cfg.enable { - - virtualisation.oci-containers.containers.${cfg.name} = { - autoStart = true; - image = cfg.image; - volumes = [ "${cfg.configPath}:/config" "${cfg.assetsPath}:/assets" ]; - ports = [ "${cfg.port}:3000" "69:69" "${cfg.port2}:80" ]; - environment = { - PUID = cfg.puid; - PGID = cfg.pgid; - TZ = cfg.timeZone; - WEB_APP_PORT = cfg.port; - NGINX_PORT = cfg.port2; - }; - }; - }; -} diff --git a/hosts/nas/apps/netbootxyz/options.nix b/hosts/nas/apps/netbootxyz/options.nix deleted file mode 100755 index 7c5bd55..0000000 --- a/hosts/nas/apps/netbootxyz/options.nix +++ /dev/null @@ -1,58 +0,0 @@ -{ lib, ... }: -with lib; -{ - options.nas-apps.netbootxyz = { - enable = mkEnableOption "netbootxyz docker service"; - - autoStart = mkOption { - type = types.bool; - default = true; - }; - - port = mkOption { - type = types.str; - default = "3003"; - }; - - port2 = mkOption { - type = types.str; - default = "8080"; - }; - - name = mkOption { - type = types.str; - default = "netbootxyz"; - }; - - image = mkOption { - type = types.str; - default = "ghcr.io/netbootxyz/netbootxyz"; - }; - - configPath = mkOption { - type = types.str; - default = "/media/nas/ssd/nix-app-data/netbootxyz"; - }; - - assetsPath = mkOption { - type = types.str; - default = "/media/nas/main/isos"; - }; - - - puid = mkOption { - type = types.str; - default = "911"; - }; - - pgid = mkOption { - type = types.str; - default = "1000"; - }; - - timeZone = mkOption { - type = types.str; - default = "America/Chicago"; - }; - }; -} diff --git a/hosts/nas/apps/traefik/default.nix b/hosts/nas/apps/traefik/default.nix index 3bb6355..6ba77ed 100755 --- a/hosts/nas/apps/traefik/default.nix +++ b/hosts/nas/apps/traefik/default.nix @@ -16,6 +16,7 @@ let giteaUrl = "http://10.0.4.18:3000"; actualUrl = "http://10.0.3.18:3333"; lubeloggerUrl = "http://10.0.1.18:6754"; + immichUrl = "http://10.0.1.18:2283"; # Plugins traefikPlugins = { @@ -275,6 +276,11 @@ in url = lubeloggerUrl; } ]; + immich.loadBalancer.servers = [ + { + url = immichUrl; + } + ]; }; routers = { @@ -358,6 +364,13 @@ in middlewares = [ "crowdsec" "whitelist-geoblock" ]; tls.certResolver = "letsencrypt"; }; + immich = { + entryPoints = [ "websecure" ]; + rule = "Host(`immich.${domain}`)"; + service = "immich"; + middlewares = [ "crowdsec" "whitelist-geoblock" ]; + tls.certResolver = "letsencrypt"; + }; }; }; }; diff --git a/hosts/nas/configuration.nix b/hosts/nas/configuration.nix index 717b6d0..aad736f 100755 --- a/hosts/nas/configuration.nix +++ b/hosts/nas/configuration.nix @@ -111,7 +111,6 @@ # Configure programs programs = { - fish.enable = false; virt-manager.enable = true; nix-ld.enable = true; screen.enable = true; diff --git a/hosts/nas/home.nix b/hosts/nas/home.nix index be36c8e..247ecfb 100755 --- a/hosts/nas/home.nix +++ b/hosts/nas/home.nix @@ -61,7 +61,6 @@ in programs = { home-manager.enable = true; - fish.enable = false; mangohud.enable = true; java.enable = true; password-store.enable = true; diff --git a/hosts/nas/networking.nix b/hosts/nas/networking.nix index a49d7df..179e3f5 100755 --- a/hosts/nas/networking.nix +++ b/hosts/nas/networking.nix @@ -19,6 +19,7 @@ let 3300 9898 6754 # lubelogger + 2283 # immich ]; in { diff --git a/hosts/nas/services.nix b/hosts/nas/services.nix index 13ab03f..4d62693 100755 --- a/hosts/nas/services.nix +++ b/hosts/nas/services.nix @@ -29,55 +29,6 @@ in jvmOpts = "-Xms4092M -Xmx4092M -XX:+UseG1GC -XX:ParallelGCThreads=2 -XX:MinHeapFreeRatio=5 -XX:MaxHeapFreeRatio=10"; }; - adguardhome = { - enable = false; - allowDHCP = true; - port = 1880; - openFirewall = true; - settings = { - dns = { - upstream_dns = [ - "https://dns10.quad9.net/dns-query" - "1.1.1.1" - "1.0.0.1" - "8.8.8.8" - "208.67.222.222" - "208.67.220.220" - ]; - fallback_dns = [ - "https://dns10.quad9.net/dns-query" - "1.1.1.1" - "1.0.0.1" - "8.8.8.8" - "208.67.222.222" - "208.67.220.220" - ]; - bootstrap_dns = [ - "9.9.9.10" - "1.1.1.1" - "1.0.0.1" - "8.8.8.8" - "8.8.4.4" - "208.67.222.222" - "208.67.220.220" - "149.112.112.10" - "2620:fe::10" - "2620:fe::fe:10" - ]; - }; - dhcp = { - enabled = true; - interface_name = "wlp6s0"; - dhcpv4 = { - gateway_ip = "10.0.1.1"; - subnet_mask = "255.255.255.0"; - range_start = "10.0.1.151"; - range_end = "10.0.1.250"; - }; - }; - }; - }; - udisks2.enable = true; # Enable the Desktop Environment. @@ -87,8 +38,6 @@ in defaultSession = "plasma"; }; - # Set to enable Flatpak - flatpak.enable = false; gnome.gnome-keyring.enable = true; # Enable RDP @@ -123,16 +72,6 @@ in ''; }; }; - - cockpit = { - enable = false; - port = 9090; - settings = { - WebService = { - AllowUnencrypted = true; - }; - }; - }; tailscale = { enable = true; @@ -175,7 +114,6 @@ in authentik = { enable = true; - # environmentFile = "/media/nas/ssd/nix-app-data/authentik/.env"; environmentFile = config.sops.secrets."jallen-nas/authentik-env".path; }; @@ -183,20 +121,12 @@ in enable = true; package = pkgs.postgresql_16; dataDir = "/media/nas/ssd/nix-app-data/postgresql"; - ensureDatabases = [ "authentik" "maybe_finance" "lubelogger" ]; + ensureDatabases = [ "authentik" ]; ensureUsers = [ { name = "authentik"; ensureDBOwnership = true; } - { - name = "lubelogger"; - ensureDBOwnership = true; - } - { - name = "maybe_finance"; - ensureDBOwnership = true; - } ]; }; @@ -210,12 +140,6 @@ in manyfold = { enable = true; port = 6380; - # user = "911";#"${config.users.users.nix-apps.name}:${config.users.groups.jallen-nas.name}"; - }; - - maybe = { - enable = true; - port = 6381; }; }; }; diff --git a/hosts/nas/sops.nix b/hosts/nas/sops.nix index e84b261..93fe5bf 100755 --- a/hosts/nas/sops.nix +++ b/hosts/nas/sops.nix @@ -81,22 +81,9 @@ in restartUnits = [ "podman-manyfold.service" ]; }; "jallen-nas/immich/db-password" = { - restartUnits = [ "podman-immich-postgres.service" ]; - }; - "jallen-nas/immich/db-name" = { - restartUnits = [ "podman-immich-postgres.service" ]; - }; - "jallen-nas/immich/db-user" = { - restartUnits = [ "podman-immich-postgres.service" ]; - }; - "jallen-nas/immich/server-db-password" = { - restartUnits = [ "podman-immich-server.service" ]; - }; - "jallen-nas/immich/server-db-name" = { - restartUnits = [ "podman-immich-server.service" ]; - }; - "jallen-nas/immich/server-db-user" = { - restartUnits = [ "podman-immich-server.service" ]; + mode = "0440"; + group = "keys"; + restartUnits = [ "container@immich.service" ]; }; "jallen-nas/open-webui" = { restartUnits = [ "open-webui.service" ]; diff --git a/secrets/secrets.yaml b/secrets/secrets.yaml index caed24a..b9fab10 100755 --- a/secrets/secrets.yaml +++ b/secrets/secrets.yaml @@ -26,12 +26,7 @@ jallen-nas: manyfold: secretkeybase: ENC[AES256_GCM,data:b+fgTrtnZcp34DOQ0dtKc6bX6/dm9j0o3QJr,iv:e4hOwgTFCXVokGqhwKsYHt5IQgtaKcMmEqvDoMly5aI=,tag:E8gFiOuozA4T1mmcgXfbDg==,type:str] immich: - db-password: ENC[AES256_GCM,data:QOCPlkJX3o6hjJviYmu/HCwTchLVkP9Y5QWVjXs=,iv:JauPXpgvQcxUeBzDZ/dtc0fOScOmxo58uPNNWAF+e+Y=,tag:Oc+xUcD25P6lAOnoeNtxQA==,type:str] - db-name: ENC[AES256_GCM,data:UNJGb5TJ4G4ov0wUPdYLLsIx,iv:70RBulQkrPixRbOf1owSDq9pjxZGh91VW5WorUZ0ta4=,tag:hY2kUXTEXA0rjxbMGo82AQ==,type:str] - db-user: ENC[AES256_GCM,data:0hFTUW7tKfjEFDLqrrv20GMsQHFfNotp,iv:5SUb36awCbvQ2U2K8pNUIDIbTnoA4pcy1Y128sSpmMk=,tag:lQ5sYcBCicyvsaXrWk7v4Q==,type:str] - server-db-password: ENC[AES256_GCM,data:NtNMYemg+Se0CKT7yF7Yqso+33gCZn4=,iv:9lp0GoQY+I+2u/O/PFEu97H++HXDWgL1bxlOYqWfzyY=,tag:kILw1T9Ne7nSoIET4SSrOA==,type:str] - server-db-name: ENC[AES256_GCM,data:bMXo9Jds5l0p9eYEPmquHQ8wwxbM+c0=,iv:fkb0P9uD9oMTOl5OuK7QDOxgJVfquKLaMfoPhRTwsAk=,tag:2Kat49n3odcVhn34c7+rig==,type:str] - server-db-user: ENC[AES256_GCM,data:od8C91VJVK/cWCl824gCRqnOAC7mGA==,iv:mHJnrpKoD3c0z/XuUwFMHm8pDrOHoVzIloOS2U4IHzg=,tag:xE44Svdg/RWTe1i9Q43QQQ==,type:str] + db-password: ENC[AES256_GCM,data:XEio4AiIBJgcyTpZ6EuRpFkWfRy3xCQ=,iv:1kujOTjqhlQPSNOv/SR958bYEQ9HOv3MzcpYkRoCnII=,tag:9FVBgxa7skccgB3DEaqWvA==,type:str] open-webui2: ENC[AES256_GCM,data:CLPp/DXHlGPKyvNABmyR/dNGxcnmxOP8gaFWsTqUOS8A9ZJIh1VNdq6GgggcfLSVQtFDKrVktoy8+9gvoj/X57ScpRVskjvFuhCbzeGE8XQG3d53cBDOKlUGj101d4hHCTW4wxCqw1kNVeaNMojM1xi0Hy6CFNW3ZMtw/Dq/IalV3KJT+uCw2ryfgNWeOdfbzRU0TIi9S0pL3sjpLGGUjZqEJy4wEh6OxjVpRQJslIXvm+e65OWODIP5M77qk2Z57NBLQ61imN8BRjm2Aw==,iv:F3fRN2tp14wMZYdnJRM3gfA41O4+qXBFD/Oy/o0vRhA=,tag:0a3aBiUNJmomT70XgKDI6g==,type:str] open-webui: ENC[AES256_GCM,data:AB5y49HDrqSxZw74/whyFlsZmRXfvPSPUPz0/RE7O0Q=,iv:nkQybdlxGHnDo7e4vUIR5adv5Vn7yJKSoPrHMEjZmX4=,tag:2jLJ9vRrsb1oFZ0ZvVb+cw==,type:str] paperless: @@ -149,7 +144,7 @@ sops: TWRvYVZ5eklJQU81SzBVZ1BBbENuTkEKwMTa1cAH3sNm2npVhQ/dDl5M7Q8T3vOx 9slEt5EVUgqaJVhVr9AM9aAhghWJa5i5+Eh628C6p53XFxrO+6zUYA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-04-24T20:09:26Z" - mac: ENC[AES256_GCM,data:IpZwdqqGM9I7To1N/J/PTq/d7fXtmpYN5cK3l4SIjDlAtR2zlTEWxKYDWZauDATNSLEuZ8ssuohzfwaa+hVxkQLjqvKhvdlSlODVL5wdVZGP17E0uJPPQn6hoYmivslZ//91+/zD1TgcTPzEdm7F0q/NrvJVg4zgnWjOKrMhJVY=,iv:q52RCURJSZ+J4ZrebboM6YihuZrBSMIqomgI3aRRmBc=,tag:7ETvaLMs3JqcdNQvil1bqg==,type:str] + lastmodified: "2025-04-24T22:13:06Z" + mac: ENC[AES256_GCM,data:jsi3XcVxICs/MWYLbUKekYaZXbBLtz13s2Mu/iGVaEgkzCotrR7c5OkQZb2pDGbmu2vzFYEuGFBV2xIF1ZrqLo7rnLiyLP/nbq2qiwlFfBZKMhdAzPfBS/e9O2u9ypU/2m6NiKF2/IsI+vrJifA6e5DnWeybD37zJjTfWZAFBdY=,iv:3C+JWdbRiH26Zak56kxFxY8E6SNnuTzhydqpQm9iUIc=,tag:rj53qyMFevqlPoT7hNd4/A==,type:str] unencrypted_suffix: _unencrypted version: 3.10.1