flake.lock: Update

Flake lock file updates:

• Updated input 'emacs-overlay':
    'github:nix-community/emacs-overlay/2a6d6d064e33d65dc660b65c28ce17195e539db6' (2025-04-28)
  → 'github:nix-community/emacs-overlay/9a415a8b4c90c1f0719aefed19a80514f7a2f771' (2025-05-01)
• Updated input 'emacs-overlay/nixpkgs':
    'github:NixOS/nixpkgs/f771eb401a46846c1aebd20552521b233dd7e18b' (2025-04-24)
  → 'github:NixOS/nixpkgs/46e634be05ce9dc6d4db8e664515ba10b78151ae' (2025-04-29)
• Updated input 'emacs-overlay/nixpkgs-stable':
    'github:NixOS/nixpkgs/26245db0cb552047418cfcef9a25da91b222d6c7' (2025-04-27)
  → 'github:NixOS/nixpkgs/b000159bba69b0106a42f65e52dbf27f77aca9d3' (2025-04-29)
• Updated input 'homeManager':
    'github:nix-community/home-manager/be7cf1709b469a2a2c62169172a167d1fed3509f' (2025-04-28)
  → 'github:nix-community/home-manager/5f217e5a319f6c186283b530f8c975e66c028433' (2025-04-30)
• Updated input 'lix':
    'git+https://git@git.lix.systems/lix-project/lix?ref=refs/heads/main&rev=dad17a54f7cf2bae24274dc2b9a535c1938e6eb0' (2025-04-27)
  → 'git+https://git@git.lix.systems/lix-project/lix?ref=refs/heads/main&rev=a66c91e1018f9e556574f60f8e4cb14544e0e875' (2025-04-30)
• Updated input 'nixosHardware':
    'github:NixOS/nixos-hardware/f7bee55a5e551bd8e7b5b82c9bc559bc50d868d1' (2025-04-24)
  → 'github:NixOS/nixos-hardware/72081c9fbbef63765ae82bff9727ea79cc86bd5b' (2025-04-29)
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/f771eb401a46846c1aebd20552521b233dd7e18b' (2025-04-24)
  → 'github:NixOS/nixpkgs/46e634be05ce9dc6d4db8e664515ba10b78151ae' (2025-04-29)
• Updated input 'treefmt-nix':
    'github:numtide/treefmt-nix/d1863f30d9ca67f679f9c2583d7adf674b5d9b8a' (2025-04-28)
  → 'github:numtide/treefmt-nix/82bf32e541b30080d94e46af13d46da0708609ea' (2025-04-29)

flake.lock

@@ -122,11 +122,11 @@
         "nixpkgs-stable": "nixpkgs-stable"
       },
       "locked": {
-        "lastModified": 1745830889,
-        "narHash": "sha256-P51C3ennff9hNhHr6SsxowZKpbPsa2U4DjC+DIu4Lyg=",
+        "lastModified": 1746066807,
+        "narHash": "sha256-JeUri9kpPguZnY69qXIcCLQAIx7GMbF2dRmRYM6JaZg=",
         "owner": "nix-community",
         "repo": "emacs-overlay",
-        "rev": "2a6d6d064e33d65dc660b65c28ce17195e539db6",
+        "rev": "9a415a8b4c90c1f0719aefed19a80514f7a2f771",
         "type": "github"
       },
       "original": {
@@ -387,11 +387,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1745810134,
-        "narHash": "sha256-WfnYH/i7DFzn4SESQfWviXiNUZjohZhzODqLwKYHIPI=",
+        "lastModified": 1746040799,
+        "narHash": "sha256-osgPX/SzIpkR50vev/rqoTEAVkEcOWXoQXmbzsaI4KU=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "be7cf1709b469a2a2c62169172a167d1fed3509f",
+        "rev": "5f217e5a319f6c186283b530f8c975e66c028433",
         "type": "github"
       },
       "original": {
@@ -464,11 +464,11 @@
     "lix": {
       "flake": false,
       "locked": {
-        "lastModified": 1745775537,
-        "narHash": "sha256-X/mfPstVkj3hhIIBU/tGAuOraiYpm3i/A3BiBg1VH4s=",
+        "lastModified": 1745994134,
+        "narHash": "sha256-rYMXlL9qSv+Syz0udsOJxKeLRQ9FdGmHz6j+YzDi5uE=",
         "ref": "refs/heads/main",
-        "rev": "dad17a54f7cf2bae24274dc2b9a535c1938e6eb0",
-        "revCount": 17805,
+        "rev": "a66c91e1018f9e556574f60f8e4cb14544e0e875",
+        "revCount": 17809,
         "type": "git",
         "url": "https://git@git.lix.systems/lix-project/lix"
       },
@@ -569,11 +569,11 @@
     },
     "nixosHardware": {
       "locked": {
-        "lastModified": 1745503349,
-        "narHash": "sha256-bUGjvaPVsOfQeTz9/rLTNLDyqbzhl0CQtJJlhFPhIYw=",
+        "lastModified": 1745955289,
+        "narHash": "sha256-mmV2oPhQN+YF2wmnJzXX8tqgYmUYXUj3uUUBSTmYN5o=",
         "owner": "NixOS",
         "repo": "nixos-hardware",
-        "rev": "f7bee55a5e551bd8e7b5b82c9bc559bc50d868d1",
+        "rev": "72081c9fbbef63765ae82bff9727ea79cc86bd5b",
         "type": "github"
       },
       "original": {
@@ -647,11 +647,11 @@
     },
     "nixpkgs-stable": {
       "locked": {
-        "lastModified": 1745742390,
-        "narHash": "sha256-1rqa/XPSJqJg21BKWjzJZC7yU0l/YTVtjRi0RJmipus=",
+        "lastModified": 1745921652,
+        "narHash": "sha256-hEAvEN+y/OQ7wA7+u3bFJwXSe8yoSf2QaOMH3hyTJTQ=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "26245db0cb552047418cfcef9a25da91b222d6c7",
+        "rev": "b000159bba69b0106a42f65e52dbf27f77aca9d3",
         "type": "github"
       },
       "original": {
@@ -711,11 +711,11 @@
     },
     "nixpkgs_4": {
       "locked": {
-        "lastModified": 1745526057,
-        "narHash": "sha256-ITSpPDwvLBZBnPRS2bUcHY3gZSwis/uTe255QgMtTLA=",
+        "lastModified": 1745930157,
+        "narHash": "sha256-y3h3NLnzRSiUkYpnfvnS669zWZLoqqI6NprtLQ+5dck=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "f771eb401a46846c1aebd20552521b233dd7e18b",
+        "rev": "46e634be05ce9dc6d4db8e664515ba10b78151ae",
         "type": "github"
       },
       "original": {
@@ -742,11 +742,11 @@
     },
     "nixpkgs_6": {
       "locked": {
-        "lastModified": 1745526057,
-        "narHash": "sha256-ITSpPDwvLBZBnPRS2bUcHY3gZSwis/uTe255QgMtTLA=",
+        "lastModified": 1745930157,
+        "narHash": "sha256-y3h3NLnzRSiUkYpnfvnS669zWZLoqqI6NprtLQ+5dck=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "f771eb401a46846c1aebd20552521b233dd7e18b",
+        "rev": "46e634be05ce9dc6d4db8e664515ba10b78151ae",
         "type": "github"
       },
       "original": {
@@ -1009,11 +1009,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1745829891,
-        "narHash": "sha256-aRkV0ZpfT/ERgRlGrbgjHFRcEWdseltSO+wPnpdPYKg=",
+        "lastModified": 1745929750,
+        "narHash": "sha256-k5ELLpTwRP/OElcLpNaFWLNf8GRDq4/eHBmFy06gGko=",
         "owner": "numtide",
         "repo": "treefmt-nix",
-        "rev": "d1863f30d9ca67f679f9c2583d7adf674b5d9b8a",
+        "rev": "82bf32e541b30080d94e46af13d46da0708609ea",
         "type": "github"
       },
       "original": {

hosts/sisko/default.nix

@@ -35,6 +35,7 @@
       "mosh"
       "amule"
       "adguard-home"
+      "garmin-grafana"
     ]
     ++ [
       ./disko.nix

modules/garmin-grafana/default.nix

@@ -0,0 +1,53 @@
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}:
+let
+  garmin-grafana-flake = builtins.getFlake "github:NixOS/nixpkgs/1f03fefb44665cd2377912033de22ffaba2be48d";
+  inherit (garmin-grafana-flake.legacyPackages.${pkgs.system}) garmin-grafana;
+in
+{
+  users.users.garmin-grafana = {
+    isSystemUser = true;
+    group = "garmin-grafana";
+    extraGroups = [ "garmin-grafana" ];
+    home = "/var/lib/garmin-grafana";
+  };
+
+  users.groups.garmin-grafana = { };
+
+  systemd.services.garmin-grafana = {
+    description = "garmin-grafana";
+    wantedBy = [ "multi-user.target" ];
+    environment = {
+      INFLUXDB_HOST = "localhost";
+      INFLUXDB_PORT = "8086"; # it's hardcoded in the influxdb NixOS module
+      INFLUXDB_USERNAME = "garmin-grafana";
+      INFLUXDB_PASSWORD = "password"; # FIXME terrible but the databse is not exposed at least
+      INFLUXDB_DATABASE = "garmin-stats";
+      GARMINCONNECT_IS_CN = "False";
+      USER_TIMEZONE = "Europe/Rome";
+      KEEP_FIT_FILES = "True";
+      ALWAYS_PROCESS_FIT_FILES = "True";
+      # MANUAL_START_DATE = "2024-06-01";
+      # MANUAL_END_DATE = "2025-12-31";
+    };
+    serviceConfig = {
+      ExecStart = lib.getExe garmin-grafana;
+      Group = "garmin-grafana";
+      User = "garmin-grafana";
+      WorkingDirectory = "/var/lib/garmin-grafana";
+    };
+  };
+
+  # garmin-grafana uses influxdb V1, probably it's the only software I'll ever use using the V1
+  # so I"m keeping its declaration inside this module
+  services.influxdb.enable = true;
+
+  environment.persistence."/persist".directories = [
+    "/var/lib/garmin-grafana"
+    config.services.influxdb.dataDir
+  ];
+}

modules/immich/default.nix

@@ -1,99 +1,25 @@
-{ ... }:
-let
-  vars = {
-    serviceConfigRoot = "/mnt/hd/immich/state";
-    mainArray = "/mnt/hd/immich/";
-    domainName = "photos.aciceri.dev";
-  };
-  directories = [
-    "${vars.serviceConfigRoot}/immich"
-    "${vars.serviceConfigRoot}/immich/postgresql"
-    "${vars.serviceConfigRoot}/immich/postgresql/data"
-    "${vars.serviceConfigRoot}/immich/config"
-    "${vars.serviceConfigRoot}/immich/machine-learning"
-    "${vars.mainArray}/Photos"
-    "${vars.mainArray}/Photos/Immich"
-    "${vars.mainArray}/Photos/S10m"
-  ];
-in
+{ config, ... }:
 {
-  systemd.tmpfiles.rules = map (x: "d ${x} 0775 root root - -") directories;
-  systemd.services = {
-    podman-immich = {
-      requires = [
-        "podman-immich-redis.service"
-        "podman-immich-postgres.service"
-      ];
-      after = [
-        "podman-immich-redis.service"
-        "podman-immich-postgres.service"
-      ];
-    };
-    podman-immich-postgres = {
-      requires = [ "podman-immich-redis.service" ];
-      after = [ "podman-immich-redis.service" ];
-    };
+  environment.persistence."/persist".directories = [
+    config.services.immich.machine-learning.environment.MACHINE_LEARNING_CACHE_FOLDER
+  ];
+
+  services.immich = {
+    enable = true;
+    mediaLocation = "/mnt/hd/immich";
   };
 
-  virtualisation.oci-containers.containers = {
-    immich = {
-      autoStart = true;
-      image = "ghcr.io/imagegenius/immich:latest";
-      volumes = [
-        "${vars.serviceConfigRoot}/immich/config:/config"
-        "${vars.mainArray}/Photos/Immich:/photos"
-        "${vars.mainArray}/Photos/S10m:/import:ro"
-        "${vars.serviceConfigRoot}/immich/machine-learning:/config/machine-learning"
-      ];
-      # environmentFiles = [ config.age.secrets.ariaImmichDatabase.path ];
-      environment = {
-        PUID = "994";
-        PGID = "993";
-        TZ = "Europe/Rome";
-        DB_HOSTNAME = "immich-postgres";
-        DB_USERNAME = "immich";
-        DB_DATABASE_NAME = "immich";
-        REDIS_HOSTNAME = "immich-redis";
-        DB_PASSWORD = "password";
-      };
-      extraOptions = [
-        "--pull=newer"
-        "--network=container:immich-redis"
-      ];
-    };
-
-    immich-redis = {
-      autoStart = true;
-      image = "redis";
-      extraOptions = [
-        "--pull=newer"
-        "-l=traefik.enable=true"
-        "-l=traefik.http.routers.immich.rule=Host(`photos.${vars.domainName}`)"
-        "-l=traefik.http.routers.immich.service=immich"
-        "-l=traefik.http.services.immich.loadbalancer.server.port=8080"
-      ];
-      ports = [
-        "8080:8080"
-      ];
-    };
-
-    immich-postgres = {
-      autoStart = true;
-      image = "tensorchord/pgvecto-rs:pg14-v0.2.1";
-      volumes = [
-        "${vars.serviceConfigRoot}/immich/postgresql/data:/var/lib/postgresql/data"
-      ];
-      # environmentFiles = [ config.age.secrets.ariaImmichDatabase.path ];
-      environment = {
-        POSTGRES_USER = "immich";
-        POSTGRES_DB = "immich";
-        POSTGRES_HOST_AUTH_METHOD = "trust";
-        POSTGRES_PASSWORD = "password";
-      };
-      extraOptions = [
-        "--pull=newer"
-        "--network=container:immich-redis"
-      ];
-    };
+  # The reason for this hack is quite bad
+  # Before using the NixOS module Immich was installed using Docker, for this
+  # reason the paths of the images in the database looks like `/photos/...`
+  # and after migrating to the NixOS module I kept getting 404s for all the
+  # old pictures.
+  # Frankly it seems weird that it saved the absolute paths in the DB, perhaps
+  # it saves somewhere else the media location root and then merge the paths,
+  # however, nevertheless I set `mediaLocation` it didn't work
+  fileSystems."/photos" = {
+    device = "/mnt/hd/immich/";
+    fsType = "ext4";
+    options = [ "bind" ];
   };
 }

modules/sisko-proxy/default.nix

@@ -34,7 +34,7 @@
       forceSSL = true;
       enableACME = true;
       locations."/" = {
-        proxyPass = "http://localhost:8080";
+        proxyPass = "http://localhost:${builtins.toString config.services.immich.port}";
         proxyWebsockets = true;
       };
     };