Spaenny/nix-config
Spaenny/nix-config
1
0
Fork 0
Code Activity

Compare commits

base: Spaenny:7a384841b0f2aa668f4923f173470b6976971988
Branches Tags
Spaenny:main
Spaenny:ente-api
...
compare: Spaenny:e0b3e33582aab6ae37c9bc7d85d4f0ce23661757
Branches Tags
Spaenny:main
Spaenny:ente-api

3 commits
7a384841b0 ... e0b3e33582

Author SHA1 Message Date
Philipp
e0b3e33582
add(immich) 2025-05-31 12:35:23 +02:00
Philipp
93cab840a8
fmt(all): fix formating, update flake.lock 2025-05-31 12:34:57 +02:00
Philipp
96a6cb73ae
fix(librewolf): change startup page url 2025-05-31 12:16:18 +02:00
10 changed files with 124 additions and 38 deletions
Download patch file Download diff file Expand all files Collapse all files

4
.sops.yaml
View file

@ -25,3 +25,7 @@ creation_rules:
key_groups: key_groups:
- age: - age:
- *primary - *primary
- path_regex: secrets/blarm-immich.env
key_groups:
- age:
- *primary

42
flake.lock generated
View file

@ -8,11 +8,11 @@
}, },
"locked": { "locked": {
"dir": "pkgs/firefox-addons", "dir": "pkgs/firefox-addons",
"lastModified": 1748161689, "lastModified": 1748405006,
"narHash": "sha256-gm1ikRi3L2qpTQUUV/dURDUeg/dfstopzBduTKkIdqw=", "narHash": "sha256-pmt0SFjACJJAI8g8QU5arg2c9BXNZG9/okVwRSDJkG8=",
"owner": "rycee", "owner": "rycee",
"repo": "nur-expressions", "repo": "nur-expressions",
"rev": "c60c48473ddf0b439079824cb08ccfa6c703ff87", "rev": "f9801a86d6603260940890c36650275090d1dceb",
"type": "gitlab" "type": "gitlab"
}, },
"original": { "original": {
@ -118,11 +118,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1748134483, "lastModified": 1748391243,
"narHash": "sha256-5PBK1nV8X39K3qUj8B477Aa2RdbLq3m7wRxUKRtggX4=", "narHash": "sha256-7sCuihzsTRZemtbTXaFUoGJUfuQErhKEcL9v7HKIo1k=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "c1e671036224089937e111e32ea899f59181c383", "rev": "f5b12be834874f7661db4ced969a621ab2d57971",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -133,11 +133,11 @@
}, },
"mnw": { "mnw": {
"locked": { "locked": {
"lastModified": 1747499976, "lastModified": 1748278309,
"narHash": "sha256-YTiSI4WLbk0CleXeBheYmKZV6iqKyBpyoh1e+vcQzu4=", "narHash": "sha256-JCeiMrUhFku44kfKsgiD9Ibzho4MblBD2WmOQYsQyTY=",
"owner": "Gerg-L", "owner": "Gerg-L",
"repo": "mnw", "repo": "mnw",
"rev": "72433a144c4ac16931e9148f78db4a0e4c147441", "rev": "486a17ba1279ab2357cae8ff66b309db622f8831",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -189,11 +189,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1748026106, "lastModified": 1748370509,
"narHash": "sha256-6m1Y3/4pVw1RWTsrkAK2VMYSzG4MMIj7sqUy7o8th1o=", "narHash": "sha256-QlL8slIgc16W5UaI3w7xHQEP+Qmv/6vSNTpoZrrSlbk=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "063f43f2dbdef86376cc29ad646c45c46e93234c", "rev": "4faa5f5321320e49a78ae7848582f684d64783e9",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -220,11 +220,11 @@
}, },
"nixpkgs_2": { "nixpkgs_2": {
"locked": { "locked": {
"lastModified": 1746152631, "lastModified": 1748217807,
"narHash": "sha256-zBuvmL6+CUsk2J8GINpyy8Hs1Zp4PP6iBWSmZ4SCQ/s=", "narHash": "sha256-P3u2PXxMlo49PutQLnk2PhI/imC69hFl1yY4aT5Nax8=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "032bc6539bd5f14e9d0c51bd79cfe9a055b094c3", "rev": "3108eaa516ae22c2360928589731a4f1581526ef",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -260,11 +260,11 @@
"systems": "systems_2" "systems": "systems_2"
}, },
"locked": { "locked": {
"lastModified": 1747525582, "lastModified": 1748318168,
"narHash": "sha256-oEZ6DV4bPcNZIuwW5Kcd+/zT3PMkXse2kX/3jHoomGk=", "narHash": "sha256-pUDVxHarStrDYxd2tztz4SjNflzFxuMMEC3SK9WLUK8=",
"owner": "notashelf", "owner": "notashelf",
"repo": "nvf", "repo": "nvf",
"rev": "d3a0e7029ac57eef1120225973247851c5b967b5", "rev": "74ba4d955976af1422ea1f095968e547db70aa04",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -283,11 +283,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1742765550, "lastModified": 1748196248,
"narHash": "sha256-2vVIh2JrL6GAGfgCeY9e6iNKrBjs0Hw3bGQEAbwVs68=", "narHash": "sha256-1iHjsH6/5UOerJEoZKE+Gx1BgAoge/YcnUsOA4wQ/BU=",
"owner": "nix-community", "owner": "nix-community",
"repo": "plasma-manager", "repo": "plasma-manager",
"rev": "b70be387276e632fe51232887f9e04e2b6ef8c16", "rev": "b7697abe89967839b273a863a3805345ea54ab56",
"type": "github" "type": "github"
}, },
"original": { "original": {

6
modules/home/apps/librewolf/default.nix
View file

@ -11,7 +11,7 @@ with lib.${namespace};
let let
cfg = config.${namespace}.apps.librewolf; cfg = config.${namespace}.apps.librewolf;
defaultSettings = { defaultSettings = {
"browser.startup.homepage" = "https://search.monapona.dev"; "browser.startup.homepage" = "https://search.stahl.sh";
"browser.startup.page" = 3; "browser.startup.page" = 3;
"privacy.resistFingerprinting" = false; "privacy.resistFingerprinting" = false;
"privacy.fingerprintingProtection" = true; "privacy.fingerprintingProtection" = true;
@ -36,8 +36,8 @@ let
default = "SearXNG"; default = "SearXNG";
engines = { engines = {
"SearXNG" = { "SearXNG" = {
urls = [ { template = "https://search.monapona.dev/search?q={searchTerms}"; } ]; urls = [ { template = "https://search.stahl.sh/search?q={searchTerms}"; } ];
icon = "https://search.monapona.dev/static/themes/simple/img/favicon.png"; icon = "https://search.stahl.sh/static/themes/simple/img/favicon.png";
definedAliases = [ "@s" ]; definedAliases = [ "@s" ];
}; };

3
modules/nixos/services/cinny/default.nix
View file

@ -14,8 +14,7 @@ in
options.${namespace}.services.cinny = { options.${namespace}.services.cinny = {
enable = mkEnableOption "Cinny"; enable = mkEnableOption "Cinny";
nginx = { nginx = {
enable = mkEnableOption "Enable nginx for this service." enable = mkEnableOption "Enable nginx for this service." // {
// {
default = true; default = true;
}; };
}; };

5
modules/nixos/services/forgejo/default.nix
View file

@ -14,9 +14,8 @@ in
options.${namespace}.services.forgejo = { options.${namespace}.services.forgejo = {
enable = mkEnableOption "Forgejo"; enable = mkEnableOption "Forgejo";
nginx = { nginx = {
enable = mkEnableOption "Enable nginx for this service." enable = mkEnableOption "Enable nginx for this service." // {
// { default = true;
default = true;
}; };
}; };

80
modules/nixos/services/immich/default.nix Normal file
View file

@ -0,0 +1,80 @@
{
lib,
config,
namespace,
...
}:
with lib;
with lib.${namespace};
let
cfg = config.${namespace}.services.immich;
in
{
options.${namespace}.services.immich = {
enable = mkBoolOpt false "Immich";
nginx = {
enable = mkEnableOption "Enable nginx for this service." // {
default = true;
};
};
domain = mkOption {
description = "The domain to serve Immich on.";
type = types.nullOr types.str;
default = "immich.stahl.sh";
};
port = mkOption {
type = types.port;
default = 2283;
description = "The port that Immich will listen on.";
};
};
config = mkIf cfg.enable {
services.immich = {
enable = true;
mediaLocation = "/data/immich";
host = "0.0.0.0";
port = cfg.port;
secretsFile = "/run/secrets/immich";
redis.enable = true;
machine-learning.enable = true;
database = {
enable = true;
createDB = false;
};
};
services.postgresql.extensions = ps: with ps; [ pgvector ]; # Ensure pgvector is available
networking.firewall.allowedTCPPorts = mkIf cfg.nginx.enable [
cfg.port
80
443
];
awesome-flake.services.acme.enable = mkIf cfg.nginx.enable true;
services.nginx = mkIf cfg.nginx.enable {
enable = true;
virtualHosts."${cfg.domain}" = {
forceSSL = true;
useACMEHost = "stahl.sh";
locations."/" = {
proxyPass = "http://127.0.0.1:${builtins.toString cfg.port}";
proxyWebsockets = true;
};
};
};
sops.secrets.immich = {
format = "dotenv";
sopsFile = ../../../../secrets/blarm-immich.env;
};
};
}

5
modules/nixos/services/linkwarden/default.nix
View file

@ -22,9 +22,8 @@ in
enable = mkEnableOption "Linkwarden"; enable = mkEnableOption "Linkwarden";
package = lib.mkPackageOption pkgs.awesome-flake "linkwarden" { }; package = lib.mkPackageOption pkgs.awesome-flake "linkwarden" { };
nginx = { nginx = {
enable = mkEnableOption "Enable nginx for this service." enable = mkEnableOption "Enable nginx for this service." // {
// { default = true;
default = true;
}; };
}; };

10
modules/nixos/services/searxng/default.nix
View file

@ -20,15 +20,13 @@ in
}; };
nginx = { nginx = {
enable = mkEnableOption "Enable nginx for this service." enable = mkEnableOption "Enable nginx for this service." // {
// { default = true;
default = true;
}; };
}; };
redlib = { redlib = {
enable = mkEnableOption "Whether or not to enable redlib." enable = mkEnableOption "Whether or not to enable redlib." // {
// {
default = true; default = true;
}; };

6
secrets/blarm-immich.env Normal file
View file

@ -0,0 +1,6 @@
sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvOS9jWCt6QlFLZ1dQQ1ZO\ncGxzckdaK3VHSXBjaDZWeS9hd1dudU5YNm5NCk05ZEsyUEJoTi83c3J1OE91ODZs\nUDNRRG5VZm1LaUhRLy9UZSs3SDNwQlEKLS0tIFpyZXJIbFZWaUlDckdFRFdySEls\nSlg1dGN5VmEwcTZBWGZVQkt1b2V4ZDQKFYi1xQUv25PkuO9PU1HQ4Y3EahhDoFVj\n7rsuVpfxe6Ci3ezlOqbzbA5EFEZBXhnAqGzABwSAdp7k2UsDbhw3Tg==\n-----END AGE ENCRYPTED FILE-----\n
sops_age__list_0__map_recipient=age132m0pg4utk3cjve2lgcjffvz7cevl0fq5krufu9sgud7wu2wgurqk49kgl
sops_lastmodified=2025-05-25T11:14:04Z
sops_mac=ENC[AES256_GCM,data:aQwqX1QC4EKkRhl3wTvxW2fCn6r5EN4a4rqsBpIIlMO4ZnIanqyhpL4xigIA5el2hw1SCQnj1v07FBt1g1qEPx6yGy7XPTufwXpMTwkm/gTYvRV7wyYs48QAU9c3h6+6ffQzpxvR8gijRzdsvYqKfYXc7dPq1hXrDFMy7e1hDkI=,iv:gDEuGnpJ9PQh3NFFqQzSoV8OAMgZhyXD364UbQkPWv4=,tag:vYyuDR7MYy1OFYDEBwm1hA==,type:str]
sops_unencrypted_suffix=_unencrypted
sops_version=3.10.2

1
systems/x86_64-linux/blarm/default.nix
View file

@ -59,6 +59,7 @@ with lib.${namespace};
linkwarden = enabled; linkwarden = enabled;
forgejo = enabled; forgejo = enabled;
searxng = enabled; searxng = enabled;
immich = enabled;
}; };
#container.invidious = enabled; #container.invidious = enabled;