From 96a6cb73ae859a0303268c2782d0bb2b082a8df6 Mon Sep 17 00:00:00 2001 From: Philipp Date: Sat, 31 May 2025 12:16:18 +0200 Subject: [PATCH 1/3] fix(librewolf): change startup page url --- modules/home/apps/librewolf/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/modules/home/apps/librewolf/default.nix b/modules/home/apps/librewolf/default.nix index b7a0664..2b0aca1 100644 --- a/modules/home/apps/librewolf/default.nix +++ b/modules/home/apps/librewolf/default.nix @@ -11,7 +11,7 @@ with lib.${namespace}; let cfg = config.${namespace}.apps.librewolf; defaultSettings = { - "browser.startup.homepage" = "https://search.monapona.dev"; + "browser.startup.homepage" = "https://search.stahl.sh"; "browser.startup.page" = 3; "privacy.resistFingerprinting" = false; "privacy.fingerprintingProtection" = true; @@ -36,8 +36,8 @@ let default = "SearXNG"; engines = { "SearXNG" = { - urls = [ { template = "https://search.monapona.dev/search?q={searchTerms}"; } ]; - icon = "https://search.monapona.dev/static/themes/simple/img/favicon.png"; + urls = [ { template = "https://search.stahl.sh/search?q={searchTerms}"; } ]; + icon = "https://search.stahl.sh/static/themes/simple/img/favicon.png"; definedAliases = [ "@s" ]; }; From 93cab840a832a83713e8fb1096e793063a16d905 Mon Sep 17 00:00:00 2001 From: Philipp Date: Sat, 31 May 2025 12:34:57 +0200 Subject: [PATCH 2/3] fmt(all): fix formating, update flake.lock --- flake.lock | 42 +++++++++---------- modules/nixos/services/cinny/default.nix | 3 +- modules/nixos/services/forgejo/default.nix | 5 +-- modules/nixos/services/linkwarden/default.nix | 5 +-- modules/nixos/services/searxng/default.nix | 10 ++--- 5 files changed, 30 insertions(+), 35 deletions(-) diff --git a/flake.lock b/flake.lock index b6f66c6..b806d59 100644 --- a/flake.lock +++ b/flake.lock @@ -8,11 +8,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1748161689, - "narHash": "sha256-gm1ikRi3L2qpTQUUV/dURDUeg/dfstopzBduTKkIdqw=", + "lastModified": 1748405006, + "narHash": "sha256-pmt0SFjACJJAI8g8QU5arg2c9BXNZG9/okVwRSDJkG8=", "owner": "rycee", "repo": "nur-expressions", - "rev": "c60c48473ddf0b439079824cb08ccfa6c703ff87", + "rev": "f9801a86d6603260940890c36650275090d1dceb", "type": "gitlab" }, "original": { @@ -118,11 +118,11 @@ ] }, "locked": { - "lastModified": 1748134483, - "narHash": "sha256-5PBK1nV8X39K3qUj8B477Aa2RdbLq3m7wRxUKRtggX4=", + "lastModified": 1748391243, + "narHash": "sha256-7sCuihzsTRZemtbTXaFUoGJUfuQErhKEcL9v7HKIo1k=", "owner": "nix-community", "repo": "home-manager", - "rev": "c1e671036224089937e111e32ea899f59181c383", + "rev": "f5b12be834874f7661db4ced969a621ab2d57971", "type": "github" }, "original": { @@ -133,11 +133,11 @@ }, "mnw": { "locked": { - "lastModified": 1747499976, - "narHash": "sha256-YTiSI4WLbk0CleXeBheYmKZV6iqKyBpyoh1e+vcQzu4=", + "lastModified": 1748278309, + "narHash": "sha256-JCeiMrUhFku44kfKsgiD9Ibzho4MblBD2WmOQYsQyTY=", "owner": "Gerg-L", "repo": "mnw", - "rev": "72433a144c4ac16931e9148f78db4a0e4c147441", + "rev": "486a17ba1279ab2357cae8ff66b309db622f8831", "type": "github" }, "original": { @@ -189,11 +189,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1748026106, - "narHash": "sha256-6m1Y3/4pVw1RWTsrkAK2VMYSzG4MMIj7sqUy7o8th1o=", + "lastModified": 1748370509, + "narHash": "sha256-QlL8slIgc16W5UaI3w7xHQEP+Qmv/6vSNTpoZrrSlbk=", "owner": "nixos", "repo": "nixpkgs", - "rev": "063f43f2dbdef86376cc29ad646c45c46e93234c", + "rev": "4faa5f5321320e49a78ae7848582f684d64783e9", "type": "github" }, "original": { @@ -220,11 +220,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1746152631, - "narHash": "sha256-zBuvmL6+CUsk2J8GINpyy8Hs1Zp4PP6iBWSmZ4SCQ/s=", + "lastModified": 1748217807, + "narHash": "sha256-P3u2PXxMlo49PutQLnk2PhI/imC69hFl1yY4aT5Nax8=", "owner": "nixos", "repo": "nixpkgs", - "rev": "032bc6539bd5f14e9d0c51bd79cfe9a055b094c3", + "rev": "3108eaa516ae22c2360928589731a4f1581526ef", "type": "github" }, "original": { @@ -260,11 +260,11 @@ "systems": "systems_2" }, "locked": { - "lastModified": 1747525582, - "narHash": "sha256-oEZ6DV4bPcNZIuwW5Kcd+/zT3PMkXse2kX/3jHoomGk=", + "lastModified": 1748318168, + "narHash": "sha256-pUDVxHarStrDYxd2tztz4SjNflzFxuMMEC3SK9WLUK8=", "owner": "notashelf", "repo": "nvf", - "rev": "d3a0e7029ac57eef1120225973247851c5b967b5", + "rev": "74ba4d955976af1422ea1f095968e547db70aa04", "type": "github" }, "original": { @@ -283,11 +283,11 @@ ] }, "locked": { - "lastModified": 1742765550, - "narHash": "sha256-2vVIh2JrL6GAGfgCeY9e6iNKrBjs0Hw3bGQEAbwVs68=", + "lastModified": 1748196248, + "narHash": "sha256-1iHjsH6/5UOerJEoZKE+Gx1BgAoge/YcnUsOA4wQ/BU=", "owner": "nix-community", "repo": "plasma-manager", - "rev": "b70be387276e632fe51232887f9e04e2b6ef8c16", + "rev": "b7697abe89967839b273a863a3805345ea54ab56", "type": "github" }, "original": { diff --git a/modules/nixos/services/cinny/default.nix b/modules/nixos/services/cinny/default.nix index 7b14cbd..53b6569 100644 --- a/modules/nixos/services/cinny/default.nix +++ b/modules/nixos/services/cinny/default.nix @@ -14,8 +14,7 @@ in options.${namespace}.services.cinny = { enable = mkEnableOption "Cinny"; nginx = { - enable = mkEnableOption "Enable nginx for this service." - // { + enable = mkEnableOption "Enable nginx for this service." // { default = true; }; }; diff --git a/modules/nixos/services/forgejo/default.nix b/modules/nixos/services/forgejo/default.nix index 4d36167..051e7e5 100644 --- a/modules/nixos/services/forgejo/default.nix +++ b/modules/nixos/services/forgejo/default.nix @@ -14,9 +14,8 @@ in options.${namespace}.services.forgejo = { enable = mkEnableOption "Forgejo"; nginx = { - enable = mkEnableOption "Enable nginx for this service." - // { - default = true; + enable = mkEnableOption "Enable nginx for this service." // { + default = true; }; }; diff --git a/modules/nixos/services/linkwarden/default.nix b/modules/nixos/services/linkwarden/default.nix index c2236e4..0e0eca0 100644 --- a/modules/nixos/services/linkwarden/default.nix +++ b/modules/nixos/services/linkwarden/default.nix @@ -22,9 +22,8 @@ in enable = mkEnableOption "Linkwarden"; package = lib.mkPackageOption pkgs.awesome-flake "linkwarden" { }; nginx = { - enable = mkEnableOption "Enable nginx for this service." - // { - default = true; + enable = mkEnableOption "Enable nginx for this service." // { + default = true; }; }; diff --git a/modules/nixos/services/searxng/default.nix b/modules/nixos/services/searxng/default.nix index 1a44d38..cc71ea3 100644 --- a/modules/nixos/services/searxng/default.nix +++ b/modules/nixos/services/searxng/default.nix @@ -20,15 +20,13 @@ in }; nginx = { - enable = mkEnableOption "Enable nginx for this service." - // { - default = true; + enable = mkEnableOption "Enable nginx for this service." // { + default = true; }; }; - + redlib = { - enable = mkEnableOption "Whether or not to enable redlib." - // { + enable = mkEnableOption "Whether or not to enable redlib." // { default = true; }; From e0b3e33582aab6ae37c9bc7d85d4f0ce23661757 Mon Sep 17 00:00:00 2001 From: Philipp Date: Sat, 31 May 2025 12:35:23 +0200 Subject: [PATCH 3/3] add(immich) --- .sops.yaml | 4 ++ modules/nixos/services/immich/default.nix | 80 +++++++++++++++++++++++ secrets/blarm-immich.env | 6 ++ systems/x86_64-linux/blarm/default.nix | 1 + 4 files changed, 91 insertions(+) create mode 100644 modules/nixos/services/immich/default.nix create mode 100644 secrets/blarm-immich.env diff --git a/.sops.yaml b/.sops.yaml index f689d0b..443c711 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -25,3 +25,7 @@ creation_rules: key_groups: - age: - *primary + - path_regex: secrets/blarm-immich.env + key_groups: + - age: + - *primary diff --git a/modules/nixos/services/immich/default.nix b/modules/nixos/services/immich/default.nix new file mode 100644 index 0000000..3e47702 --- /dev/null +++ b/modules/nixos/services/immich/default.nix @@ -0,0 +1,80 @@ +{ + lib, + config, + namespace, + ... +}: +with lib; +with lib.${namespace}; +let + cfg = config.${namespace}.services.immich; +in +{ + options.${namespace}.services.immich = { + enable = mkBoolOpt false "Immich"; + + nginx = { + enable = mkEnableOption "Enable nginx for this service." // { + default = true; + }; + }; + + domain = mkOption { + description = "The domain to serve Immich on."; + type = types.nullOr types.str; + default = "immich.stahl.sh"; + }; + + port = mkOption { + type = types.port; + default = 2283; + description = "The port that Immich will listen on."; + }; + }; + + config = mkIf cfg.enable { + + services.immich = { + enable = true; + mediaLocation = "/data/immich"; + host = "0.0.0.0"; + port = cfg.port; + secretsFile = "/run/secrets/immich"; + redis.enable = true; + machine-learning.enable = true; + database = { + enable = true; + createDB = false; + }; + }; + + services.postgresql.extensions = ps: with ps; [ pgvector ]; # Ensure pgvector is available + + networking.firewall.allowedTCPPorts = mkIf cfg.nginx.enable [ + cfg.port + 80 + 443 + ]; + + awesome-flake.services.acme.enable = mkIf cfg.nginx.enable true; + + services.nginx = mkIf cfg.nginx.enable { + enable = true; + + virtualHosts."${cfg.domain}" = { + forceSSL = true; + useACMEHost = "stahl.sh"; + locations."/" = { + proxyPass = "http://127.0.0.1:${builtins.toString cfg.port}"; + proxyWebsockets = true; + }; + }; + }; + + sops.secrets.immich = { + format = "dotenv"; + sopsFile = ../../../../secrets/blarm-immich.env; + }; + }; + +} diff --git a/secrets/blarm-immich.env b/secrets/blarm-immich.env new file mode 100644 index 0000000..f4c33ea --- /dev/null +++ b/secrets/blarm-immich.env @@ -0,0 +1,6 @@ +sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvOS9jWCt6QlFLZ1dQQ1ZO\ncGxzckdaK3VHSXBjaDZWeS9hd1dudU5YNm5NCk05ZEsyUEJoTi83c3J1OE91ODZs\nUDNRRG5VZm1LaUhRLy9UZSs3SDNwQlEKLS0tIFpyZXJIbFZWaUlDckdFRFdySEls\nSlg1dGN5VmEwcTZBWGZVQkt1b2V4ZDQKFYi1xQUv25PkuO9PU1HQ4Y3EahhDoFVj\n7rsuVpfxe6Ci3ezlOqbzbA5EFEZBXhnAqGzABwSAdp7k2UsDbhw3Tg==\n-----END AGE ENCRYPTED FILE-----\n +sops_age__list_0__map_recipient=age132m0pg4utk3cjve2lgcjffvz7cevl0fq5krufu9sgud7wu2wgurqk49kgl +sops_lastmodified=2025-05-25T11:14:04Z +sops_mac=ENC[AES256_GCM,data:aQwqX1QC4EKkRhl3wTvxW2fCn6r5EN4a4rqsBpIIlMO4ZnIanqyhpL4xigIA5el2hw1SCQnj1v07FBt1g1qEPx6yGy7XPTufwXpMTwkm/gTYvRV7wyYs48QAU9c3h6+6ffQzpxvR8gijRzdsvYqKfYXc7dPq1hXrDFMy7e1hDkI=,iv:gDEuGnpJ9PQh3NFFqQzSoV8OAMgZhyXD364UbQkPWv4=,tag:vYyuDR7MYy1OFYDEBwm1hA==,type:str] +sops_unencrypted_suffix=_unencrypted +sops_version=3.10.2 diff --git a/systems/x86_64-linux/blarm/default.nix b/systems/x86_64-linux/blarm/default.nix index 3c35668..7bca4a4 100644 --- a/systems/x86_64-linux/blarm/default.nix +++ b/systems/x86_64-linux/blarm/default.nix @@ -59,6 +59,7 @@ with lib.${namespace}; linkwarden = enabled; forgejo = enabled; searxng = enabled; + immich = enabled; }; #container.invidious = enabled;