diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 0b7214b..3923715 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -114,10 +114,6 @@ adguardhome = { enable = false; }; - immich = { - enable = true; - subdomain = "photos"; - }; sync = { enable = true; folders = { diff --git a/configurations/nixos/horizon/hardware-configuration.nix b/configurations/nixos/horizon/hardware-configuration.nix index e88d8dc..ed743e9 100644 --- a/configurations/nixos/horizon/hardware-configuration.nix +++ b/configurations/nixos/horizon/hardware-configuration.nix @@ -41,71 +41,65 @@ }; "/mnt/leyla_documents" = { - device = "defiant:/export/leyla_documents"; + device = "defiant:/exports/leyla_documents"; fsType = "nfs"; options = [ - "vers=4" "x-systemd.automount" "noauto" "user" "noatime" "nofail" + "soft" "x-systemd.idle-timeout=600" "fsc" - "timeo=600" - "retrans=2" ]; }; "/mnt/eve_documents" = { - device = "defiant:/export/eve_documents"; + device = "defiant:/exports/eve_documents"; fsType = "nfs"; options = [ - "vers=4" "x-systemd.automount" "noauto" "user" "nofail" + "soft" "x-systemd.idle-timeout=600" "fsc" - "timeo=600" - "retrans=2" ]; }; "/mnt/users_documents" = { - device = "defiant:/export/users_documents"; + device = "defiant:/exports/users_documents"; fsType = "nfs"; options = [ - "vers=4" "x-systemd.automount" "noauto" "user" "nofail" + "soft" "x-systemd.idle-timeout=600" "fsc" - "timeo=600" - "retrans=2" ]; }; "/mnt/media" = { - device = "defiant:/export/media"; + device = "defiant:/exports/media"; fsType = "nfs"; options = [ - "vers=4" "x-systemd.automount" "noauto" "user" "noatime" "nofail" + "soft" "x-systemd.idle-timeout=600" "noatime" "nodiratime" "relatime" + "rsize=32768" + "wsize=32768" "fsc" - "timeo=600" - "retrans=2" ]; }; }; diff --git a/configurations/syncthing/default.nix b/configurations/syncthing/default.nix index 1934684..bc557eb 100644 --- a/configurations/syncthing/default.nix +++ b/configurations/syncthing/default.nix @@ -67,9 +67,6 @@ share = { folder = config.folders.share; }; - leyla_documents = { - folder = config.folders.leyla_documents; - }; }; }; ceder = { @@ -78,9 +75,6 @@ share = { folder = config.folders.share; }; - leyla_documents = { - folder = config.folders.leyla_documents; - }; leyla_calendar = { folder = config.folders.leyla_calendar; }; diff --git a/modules/nixos-modules/server/default.nix b/modules/nixos-modules/server/default.nix index 956ad9e..8854936 100644 --- a/modules/nixos-modules/server/default.nix +++ b/modules/nixos-modules/server/default.nix @@ -10,6 +10,5 @@ ./searx.nix ./home-assistant.nix ./adguardhome.nix - ./immich.nix ]; } diff --git a/modules/nixos-modules/server/immich.nix b/modules/nixos-modules/server/immich.nix deleted file mode 100644 index 7dd3a0f..0000000 --- a/modules/nixos-modules/server/immich.nix +++ /dev/null @@ -1,68 +0,0 @@ -{ - lib, - config, - ... -}: let - mediaLocation = "/var/lib/immich"; -in { - options.host.immich = { - enable = lib.mkEnableOption "should immich be enabled on this computer"; - subdomain = lib.mkOption { - type = lib.types.str; - description = "subdomain of base domain that immich will be hosted at"; - default = "immich"; - }; - }; - - config = lib.mkIf config.host.immich.enable (lib.mkMerge [ - { - host = { - reverse_proxy.subdomains.${config.host.immich.subdomain} = { - target = "http://localhost:${toString config.services.immich.port}"; - }; - postgres = { - enable = true; - extraUsers = { - ${config.services.immich.database.user} = { - isClient = true; - }; - }; - }; - }; - - services.immich = { - enable = true; - port = 2283; - # redis.enable = false; - }; - - networking.firewall.interfaces.${config.services.tailscale.interfaceName} = { - allowedUDPPorts = [ - config.services.immich.port - ]; - allowedTCPPorts = [ - config.services.immich.port - ]; - }; - } - (lib.mkIf config.host.impermanence.enable { - assertions = [ - { - assertion = config.services.immich.mediaLocation == mediaLocation; - message = "immich media location does not match persistence"; - } - ]; - environment.persistence."/persist/system/root" = { - enable = true; - hideMounts = true; - directories = [ - { - directory = mediaLocation; - user = "immich"; - group = "immich"; - } - ]; - }; - }) - ]); -} diff --git a/modules/nixos-modules/server/network_storage/default.nix b/modules/nixos-modules/server/network_storage/default.nix index 00ea7ac..f756738 100644 --- a/modules/nixos-modules/server/network_storage/default.nix +++ b/modules/nixos-modules/server/network_storage/default.nix @@ -15,7 +15,7 @@ in { export_directory = lib.mkOption { type = lib.types.path; description = "what are exports going to be stored in"; - default = "/export"; + default = "/exports"; }; directories = lib.mkOption { type = lib.types.listOf (lib.types.submodule ({config, ...}: { @@ -57,7 +57,7 @@ in { # create any folders that we need to have for our exports systemd.tmpfiles.rules = [ - "d ${config.host.network_storage.export_directory} 2775 nobody nogroup -" + "d ${config.host.network_storage.export_directory} 2775 root root -" ] ++ ( builtins.map ( @@ -77,14 +77,14 @@ in { ) ); } - # (lib.mkIf config.host.impermanence.enable { - # environment.persistence."/persist/system/root" = { - # enable = true; - # hideMounts = true; - # directories = [ - # config.host.network_storage.export_directory - # ]; - # }; - # }) + (lib.mkIf config.host.impermanence.enable { + environment.persistence."/persist/system/root" = { + enable = true; + hideMounts = true; + directories = [ + config.host.network_storage.export_directory + ]; + }; + }) ]); } diff --git a/modules/nixos-modules/server/network_storage/nfs.nix b/modules/nixos-modules/server/network_storage/nfs.nix index bad0452..26480d6 100644 --- a/modules/nixos-modules/server/network_storage/nfs.nix +++ b/modules/nixos-modules/server/network_storage/nfs.nix @@ -56,20 +56,11 @@ ++ ( lib.lists.imap0 ( i: directory: let - createOptions = fsid: "(rw,fsid=${toString fsid},nohide,insecure,no_subtree_check)"; - addresses = [ - # loopback - "127.0.0.1" - "::1" - # local network - # "192.168.0.0/24" - # tailscale - "100.64.0.0/10" - "fd7a:115c:a1e0::/48" - ]; + option = fsid: "(rw,fsid=${toString fsid},nohide,insecure,no_subtree_check)"; + addresses = ["100.64.0.0/10" "192.168.0.0/24" "127.0.0.1"]; options = lib.strings.concatStrings ( lib.strings.intersperse " " ( - lib.lists.imap0 (index: address: "${address}${createOptions (1 + (i * (builtins.length addresses)) + index)}") addresses + lib.lists.imap0 (index: address: "${address}${option (1 + (i * (builtins.length addresses)) + index)}") addresses ) ); in "${directory._directory} ${options}" diff --git a/modules/nixos-modules/users.nix b/modules/nixos-modules/users.nix index 7bdb3dd..92f4016 100644 --- a/modules/nixos-modules/users.nix +++ b/modules/nixos-modules/users.nix @@ -19,10 +19,10 @@ forgejo = 2002; adguardhome = 2003; hass = 2004; + headscale = 2005; syncthing = 2007; ollama = 2008; git = 2009; - immich = 2010; }; gids = { @@ -34,10 +34,10 @@ forgejo = 2002; adguardhome = 2003; hass = 2004; + headscale = 2005; syncthing = 2007; ollama = 2008; git = 2009; - immich = 2010; }; users = config.users.users; @@ -135,6 +135,12 @@ in { group = config.users.users.hass.name; }; + headscale = { + uid = lib.mkForce uids.headscale; + isSystemUser = true; + group = config.users.users.headscale.name; + }; + syncthing = { uid = lib.mkForce uids.syncthing; isSystemUser = true; @@ -153,12 +159,6 @@ in { isNormalUser = config.services.forgejo.enable; group = config.users.users.git.name; }; - - immich = { - uid = lib.mkForce uids.immich; - isSystemUser = true; - group = config.users.users.immich.name; - }; }; groups = { @@ -225,6 +225,14 @@ in { ]; }; + headscale = { + gid = lib.mkForce gids.headscale; + members = [ + users.headscale.name + # leyla + ]; + }; + syncthing = { gid = lib.mkForce gids.syncthing; members = [ @@ -247,14 +255,6 @@ in { users.git.name ]; }; - - immich = { - gid = lib.mkForce gids.immich; - members = [ - users.immich.name - # leyla - ]; - }; }; }; }