diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 3923715..0b7214b 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -114,6 +114,10 @@ adguardhome = { enable = false; }; + immich = { + enable = true; + subdomain = "photos"; + }; sync = { enable = true; folders = { diff --git a/configurations/nixos/horizon/hardware-configuration.nix b/configurations/nixos/horizon/hardware-configuration.nix index ed743e9..e88d8dc 100644 --- a/configurations/nixos/horizon/hardware-configuration.nix +++ b/configurations/nixos/horizon/hardware-configuration.nix @@ -41,65 +41,71 @@ }; "/mnt/leyla_documents" = { - device = "defiant:/exports/leyla_documents"; + device = "defiant:/export/leyla_documents"; fsType = "nfs"; options = [ + "vers=4" "x-systemd.automount" "noauto" "user" "noatime" "nofail" - "soft" "x-systemd.idle-timeout=600" "fsc" + "timeo=600" + "retrans=2" ]; }; "/mnt/eve_documents" = { - device = "defiant:/exports/eve_documents"; + device = "defiant:/export/eve_documents"; fsType = "nfs"; options = [ + "vers=4" "x-systemd.automount" "noauto" "user" "nofail" - "soft" "x-systemd.idle-timeout=600" "fsc" + "timeo=600" + "retrans=2" ]; }; "/mnt/users_documents" = { - device = "defiant:/exports/users_documents"; + device = "defiant:/export/users_documents"; fsType = "nfs"; options = [ + "vers=4" "x-systemd.automount" "noauto" "user" "nofail" - "soft" "x-systemd.idle-timeout=600" "fsc" + "timeo=600" + "retrans=2" ]; }; "/mnt/media" = { - device = "defiant:/exports/media"; + device = "defiant:/export/media"; fsType = "nfs"; options = [ + "vers=4" "x-systemd.automount" "noauto" "user" "noatime" "nofail" - "soft" "x-systemd.idle-timeout=600" "noatime" "nodiratime" "relatime" - "rsize=32768" - "wsize=32768" "fsc" + "timeo=600" + "retrans=2" ]; }; }; diff --git a/configurations/syncthing/default.nix b/configurations/syncthing/default.nix index bc557eb..1934684 100644 --- a/configurations/syncthing/default.nix +++ b/configurations/syncthing/default.nix @@ -67,6 +67,9 @@ share = { folder = config.folders.share; }; + leyla_documents = { + folder = config.folders.leyla_documents; + }; }; }; ceder = { @@ -75,6 +78,9 @@ share = { folder = config.folders.share; }; + leyla_documents = { + folder = config.folders.leyla_documents; + }; leyla_calendar = { folder = config.folders.leyla_calendar; }; diff --git a/modules/nixos-modules/server/default.nix b/modules/nixos-modules/server/default.nix index 8854936..956ad9e 100644 --- a/modules/nixos-modules/server/default.nix +++ b/modules/nixos-modules/server/default.nix @@ -10,5 +10,6 @@ ./searx.nix ./home-assistant.nix ./adguardhome.nix + ./immich.nix ]; } diff --git a/modules/nixos-modules/server/immich.nix b/modules/nixos-modules/server/immich.nix new file mode 100644 index 0000000..7dd3a0f --- /dev/null +++ b/modules/nixos-modules/server/immich.nix @@ -0,0 +1,68 @@ +{ + lib, + config, + ... +}: let + mediaLocation = "/var/lib/immich"; +in { + options.host.immich = { + enable = lib.mkEnableOption "should immich be enabled on this computer"; + subdomain = lib.mkOption { + type = lib.types.str; + description = "subdomain of base domain that immich will be hosted at"; + default = "immich"; + }; + }; + + config = lib.mkIf config.host.immich.enable (lib.mkMerge [ + { + host = { + reverse_proxy.subdomains.${config.host.immich.subdomain} = { + target = "http://localhost:${toString config.services.immich.port}"; + }; + postgres = { + enable = true; + extraUsers = { + ${config.services.immich.database.user} = { + isClient = true; + }; + }; + }; + }; + + services.immich = { + enable = true; + port = 2283; + # redis.enable = false; + }; + + networking.firewall.interfaces.${config.services.tailscale.interfaceName} = { + allowedUDPPorts = [ + config.services.immich.port + ]; + allowedTCPPorts = [ + config.services.immich.port + ]; + }; + } + (lib.mkIf config.host.impermanence.enable { + assertions = [ + { + assertion = config.services.immich.mediaLocation == mediaLocation; + message = "immich media location does not match persistence"; + } + ]; + environment.persistence."/persist/system/root" = { + enable = true; + hideMounts = true; + directories = [ + { + directory = mediaLocation; + user = "immich"; + group = "immich"; + } + ]; + }; + }) + ]); +} diff --git a/modules/nixos-modules/server/network_storage/default.nix b/modules/nixos-modules/server/network_storage/default.nix index f756738..00ea7ac 100644 --- a/modules/nixos-modules/server/network_storage/default.nix +++ b/modules/nixos-modules/server/network_storage/default.nix @@ -15,7 +15,7 @@ in { export_directory = lib.mkOption { type = lib.types.path; description = "what are exports going to be stored in"; - default = "/exports"; + default = "/export"; }; directories = lib.mkOption { type = lib.types.listOf (lib.types.submodule ({config, ...}: { @@ -57,7 +57,7 @@ in { # create any folders that we need to have for our exports systemd.tmpfiles.rules = [ - "d ${config.host.network_storage.export_directory} 2775 root root -" + "d ${config.host.network_storage.export_directory} 2775 nobody nogroup -" ] ++ ( builtins.map ( @@ -77,14 +77,14 @@ in { ) ); } - (lib.mkIf config.host.impermanence.enable { - environment.persistence."/persist/system/root" = { - enable = true; - hideMounts = true; - directories = [ - config.host.network_storage.export_directory - ]; - }; - }) + # (lib.mkIf config.host.impermanence.enable { + # environment.persistence."/persist/system/root" = { + # enable = true; + # hideMounts = true; + # directories = [ + # config.host.network_storage.export_directory + # ]; + # }; + # }) ]); } diff --git a/modules/nixos-modules/server/network_storage/nfs.nix b/modules/nixos-modules/server/network_storage/nfs.nix index 26480d6..bad0452 100644 --- a/modules/nixos-modules/server/network_storage/nfs.nix +++ b/modules/nixos-modules/server/network_storage/nfs.nix @@ -56,11 +56,20 @@ ++ ( lib.lists.imap0 ( i: directory: let - option = fsid: "(rw,fsid=${toString fsid},nohide,insecure,no_subtree_check)"; - addresses = ["100.64.0.0/10" "192.168.0.0/24" "127.0.0.1"]; + createOptions = fsid: "(rw,fsid=${toString fsid},nohide,insecure,no_subtree_check)"; + addresses = [ + # loopback + "127.0.0.1" + "::1" + # local network + # "192.168.0.0/24" + # tailscale + "100.64.0.0/10" + "fd7a:115c:a1e0::/48" + ]; options = lib.strings.concatStrings ( lib.strings.intersperse " " ( - lib.lists.imap0 (index: address: "${address}${option (1 + (i * (builtins.length addresses)) + index)}") addresses + lib.lists.imap0 (index: address: "${address}${createOptions (1 + (i * (builtins.length addresses)) + index)}") addresses ) ); in "${directory._directory} ${options}" diff --git a/modules/nixos-modules/users.nix b/modules/nixos-modules/users.nix index 92f4016..7bdb3dd 100644 --- a/modules/nixos-modules/users.nix +++ b/modules/nixos-modules/users.nix @@ -19,10 +19,10 @@ forgejo = 2002; adguardhome = 2003; hass = 2004; - headscale = 2005; syncthing = 2007; ollama = 2008; git = 2009; + immich = 2010; }; gids = { @@ -34,10 +34,10 @@ forgejo = 2002; adguardhome = 2003; hass = 2004; - headscale = 2005; syncthing = 2007; ollama = 2008; git = 2009; + immich = 2010; }; users = config.users.users; @@ -135,12 +135,6 @@ in { group = config.users.users.hass.name; }; - headscale = { - uid = lib.mkForce uids.headscale; - isSystemUser = true; - group = config.users.users.headscale.name; - }; - syncthing = { uid = lib.mkForce uids.syncthing; isSystemUser = true; @@ -159,6 +153,12 @@ in { isNormalUser = config.services.forgejo.enable; group = config.users.users.git.name; }; + + immich = { + uid = lib.mkForce uids.immich; + isSystemUser = true; + group = config.users.users.immich.name; + }; }; groups = { @@ -225,14 +225,6 @@ in { ]; }; - headscale = { - gid = lib.mkForce gids.headscale; - members = [ - users.headscale.name - # leyla - ]; - }; - syncthing = { gid = lib.mkForce gids.syncthing; members = [ @@ -255,6 +247,14 @@ in { users.git.name ]; }; + + immich = { + gid = lib.mkForce gids.immich; + members = [ + users.immich.name + # leyla + ]; + }; }; }; }