flake.lock: Update

Flake lock file updates:

• Updated input 'emacs-overlay':
    'github:nix-community/emacs-overlay/2a6d6d064e33d65dc660b65c28ce17195e539db6' (2025-04-28)
  → 'github:nix-community/emacs-overlay/769f426eb3f6bc6d26f03106ac5772b98595a7b8' (2025-04-30)
• Updated input 'emacs-overlay/nixpkgs':
    'github:NixOS/nixpkgs/f771eb401a46846c1aebd20552521b233dd7e18b' (2025-04-24)
  → 'github:NixOS/nixpkgs/46e634be05ce9dc6d4db8e664515ba10b78151ae' (2025-04-29)
• Updated input 'emacs-overlay/nixpkgs-stable':
    'github:NixOS/nixpkgs/26245db0cb552047418cfcef9a25da91b222d6c7' (2025-04-27)
  → 'github:NixOS/nixpkgs/b000159bba69b0106a42f65e52dbf27f77aca9d3' (2025-04-29)
• Updated input 'homeManager':
    'github:nix-community/home-manager/be7cf1709b469a2a2c62169172a167d1fed3509f' (2025-04-28)
  → 'github:nix-community/home-manager/d2b3e6c83d457aa0e7f9344c61c3fed32bad0f7e' (2025-04-30)
• Updated input 'lix':
    'git+https://git@git.lix.systems/lix-project/lix?ref=refs/heads/main&rev=dad17a54f7cf2bae24274dc2b9a535c1938e6eb0' (2025-04-27)
  → 'git+https://git@git.lix.systems/lix-project/lix?ref=refs/heads/main&rev=a66c91e1018f9e556574f60f8e4cb14544e0e875' (2025-04-30)
• Updated input 'nixosHardware':
    'github:NixOS/nixos-hardware/f7bee55a5e551bd8e7b5b82c9bc559bc50d868d1' (2025-04-24)
  → 'github:NixOS/nixos-hardware/72081c9fbbef63765ae82bff9727ea79cc86bd5b' (2025-04-29)
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/f771eb401a46846c1aebd20552521b233dd7e18b' (2025-04-24)
  → 'github:NixOS/nixpkgs/46e634be05ce9dc6d4db8e664515ba10b78151ae' (2025-04-29)
• Updated input 'treefmt-nix':
    'github:numtide/treefmt-nix/d1863f30d9ca67f679f9c2583d7adf674b5d9b8a' (2025-04-28)
  → 'github:numtide/treefmt-nix/82bf32e541b30080d94e46af13d46da0708609ea' (2025-04-29)

flake.lock

@@ -122,11 +122,11 @@
         "nixpkgs-stable": "nixpkgs-stable"
       },
       "locked": {
-        "lastModified": 1746066807,
+        "lastModified": 1746001439,
-        "narHash": "sha256-JeUri9kpPguZnY69qXIcCLQAIx7GMbF2dRmRYM6JaZg=",
+        "narHash": "sha256-MQplzhcXXrAlfDIfklvYxXtnxv5akmeLaeGIvouYYUI=",
         "owner": "nix-community",
         "repo": "emacs-overlay",
-        "rev": "9a415a8b4c90c1f0719aefed19a80514f7a2f771",
+        "rev": "769f426eb3f6bc6d26f03106ac5772b98595a7b8",
         "type": "github"
       },
       "original": {
@@ -387,11 +387,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1746040799,
+        "lastModified": 1745987135,
-        "narHash": "sha256-osgPX/SzIpkR50vev/rqoTEAVkEcOWXoQXmbzsaI4KU=",
+        "narHash": "sha256-8Up4QPuMZEJBU0eefAY+nUe7DYKQQzvaHnMpNdwRgKA=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "5f217e5a319f6c186283b530f8c975e66c028433",
+        "rev": "d2b3e6c83d457aa0e7f9344c61c3fed32bad0f7e",
         "type": "github"
       },
       "original": {

hosts/sisko/default.nix

@@ -35,7 +35,6 @@
       "mosh"
       "amule"
       "adguard-home"
-      "garmin-grafana"
     ]
     ++ [
       ./disko.nix

modules/garmin-grafana/default.nix

@@ -1,53 +0,0 @@
-{
-  config,
-  pkgs,
-  lib,
-  ...
-}:
-let
-  garmin-grafana-flake = builtins.getFlake "github:NixOS/nixpkgs/1f03fefb44665cd2377912033de22ffaba2be48d";
-  inherit (garmin-grafana-flake.legacyPackages.${pkgs.system}) garmin-grafana;
-in
-{
-  users.users.garmin-grafana = {
-    isSystemUser = true;
-    group = "garmin-grafana";
-    extraGroups = [ "garmin-grafana" ];
-    home = "/var/lib/garmin-grafana";
-  };
-
-  users.groups.garmin-grafana = { };
-
-  systemd.services.garmin-grafana = {
-    description = "garmin-grafana";
-    wantedBy = [ "multi-user.target" ];
-    environment = {
-      INFLUXDB_HOST = "localhost";
-      INFLUXDB_PORT = "8086"; # it's hardcoded in the influxdb NixOS module
-      INFLUXDB_USERNAME = "garmin-grafana";
-      INFLUXDB_PASSWORD = "password"; # FIXME terrible but the databse is not exposed at least
-      INFLUXDB_DATABASE = "garmin-stats";
-      GARMINCONNECT_IS_CN = "False";
-      USER_TIMEZONE = "Europe/Rome";
-      KEEP_FIT_FILES = "True";
-      ALWAYS_PROCESS_FIT_FILES = "True";
-      # MANUAL_START_DATE = "2024-06-01";
-      # MANUAL_END_DATE = "2025-12-31";
-    };
-    serviceConfig = {
-      ExecStart = lib.getExe garmin-grafana;
-      Group = "garmin-grafana";
-      User = "garmin-grafana";
-      WorkingDirectory = "/var/lib/garmin-grafana";
-    };
-  };
-
-  # garmin-grafana uses influxdb V1, probably it's the only software I'll ever use using the V1
-  # so I"m keeping its declaration inside this module
-  services.influxdb.enable = true;
-
-  environment.persistence."/persist".directories = [
-    "/var/lib/garmin-grafana"
-    config.services.influxdb.dataDir
-  ];
-}

modules/immich/default.nix

@@ -1,25 +1,99 @@
-{ config, ... }:
+{ ... }:
-{
+let
-  environment.persistence."/persist".directories = [
+  vars = {
-    config.services.immich.machine-learning.environment.MACHINE_LEARNING_CACHE_FOLDER
+    serviceConfigRoot = "/mnt/hd/immich/state";
+    mainArray = "/mnt/hd/immich/";
+    domainName = "photos.aciceri.dev";
+  };
+  directories = [
+    "${vars.serviceConfigRoot}/immich"
+    "${vars.serviceConfigRoot}/immich/postgresql"
+    "${vars.serviceConfigRoot}/immich/postgresql/data"
+    "${vars.serviceConfigRoot}/immich/config"
+    "${vars.serviceConfigRoot}/immich/machine-learning"
+    "${vars.mainArray}/Photos"
+    "${vars.mainArray}/Photos/Immich"
+    "${vars.mainArray}/Photos/S10m"
   ];
-
+in
-  services.immich = {
+{
-    enable = true;
+  systemd.tmpfiles.rules = map (x: "d ${x} 0775 root root - -") directories;
-    mediaLocation = "/mnt/hd/immich";
+  systemd.services = {
+    podman-immich = {
+      requires = [
+        "podman-immich-redis.service"
+        "podman-immich-postgres.service"
+      ];
+      after = [
+        "podman-immich-redis.service"
+        "podman-immich-postgres.service"
+      ];
+    };
+    podman-immich-postgres = {
+      requires = [ "podman-immich-redis.service" ];
+      after = [ "podman-immich-redis.service" ];
+    };
   };
 
-  # The reason for this hack is quite bad
+  virtualisation.oci-containers.containers = {
-  # Before using the NixOS module Immich was installed using Docker, for this
+    immich = {
-  # reason the paths of the images in the database looks like `/photos/...`
+      autoStart = true;
-  # and after migrating to the NixOS module I kept getting 404s for all the
+      image = "ghcr.io/imagegenius/immich:latest";
-  # old pictures.
+      volumes = [
-  # Frankly it seems weird that it saved the absolute paths in the DB, perhaps
+        "${vars.serviceConfigRoot}/immich/config:/config"
-  # it saves somewhere else the media location root and then merge the paths,
+        "${vars.mainArray}/Photos/Immich:/photos"
-  # however, nevertheless I set `mediaLocation` it didn't work
+        "${vars.mainArray}/Photos/S10m:/import:ro"
-  fileSystems."/photos" = {
+        "${vars.serviceConfigRoot}/immich/machine-learning:/config/machine-learning"
-    device = "/mnt/hd/immich/";
+      ];
-    fsType = "ext4";
+      # environmentFiles = [ config.age.secrets.ariaImmichDatabase.path ];
-    options = [ "bind" ];
+      environment = {
+        PUID = "994";
+        PGID = "993";
+        TZ = "Europe/Rome";
+        DB_HOSTNAME = "immich-postgres";
+        DB_USERNAME = "immich";
+        DB_DATABASE_NAME = "immich";
+        REDIS_HOSTNAME = "immich-redis";
+        DB_PASSWORD = "password";
+      };
+      extraOptions = [
+        "--pull=newer"
+        "--network=container:immich-redis"
+      ];
+    };
+
+    immich-redis = {
+      autoStart = true;
+      image = "redis";
+      extraOptions = [
+        "--pull=newer"
+        "-l=traefik.enable=true"
+        "-l=traefik.http.routers.immich.rule=Host(`photos.${vars.domainName}`)"
+        "-l=traefik.http.routers.immich.service=immich"
+        "-l=traefik.http.services.immich.loadbalancer.server.port=8080"
+      ];
+      ports = [
+        "8080:8080"
+      ];
+    };
+
+    immich-postgres = {
+      autoStart = true;
+      image = "tensorchord/pgvecto-rs:pg14-v0.2.1";
+      volumes = [
+        "${vars.serviceConfigRoot}/immich/postgresql/data:/var/lib/postgresql/data"
+      ];
+      # environmentFiles = [ config.age.secrets.ariaImmichDatabase.path ];
+      environment = {
+        POSTGRES_USER = "immich";
+        POSTGRES_DB = "immich";
+        POSTGRES_HOST_AUTH_METHOD = "trust";
+        POSTGRES_PASSWORD = "password";
+      };
+      extraOptions = [
+        "--pull=newer"
+        "--network=container:immich-redis"
+      ];
+    };
   };
 }

modules/sisko-proxy/default.nix

@@ -34,7 +34,7 @@
       forceSSL = true;
       enableACME = true;
       locations."/" = {
-        proxyPass = "http://localhost:${builtins.toString config.services.immich.port}";
+        proxyPass = "http://localhost:8080";
         proxyWebsockets = true;
       };
     };