Bump flake inputs

Don't follow the nixpkgs input for nix-darwin, otherwise it rebuilds the vm every time
Decrease torrents ratio (probably the old disk died because of this)
2024-10-10 17:09:14 +02:00 · 2024-10-10 17:08:29 +02:00 · 2024-10-10 17:07:38 +02:00 · 2024-10-10 17:07:12 +02:00 · 2024-10-10 17:07:04 +02:00 · 2024-10-10 17:06:54 +02:00
16 changed files with 227 additions and 65 deletions
--- a/flake.lock
+++ b/flake.lock
@ -383,7 +383,7 @@
    "hercules-ci-effects": {
      "inputs": {
        "flake-parts": "flake-parts_3",
-        "nixpkgs": "nixpkgs_4"
+        "nixpkgs": "nixpkgs_5"
      },
      "locked": {
        "lastModified": 1701009247,
@ -647,9 +647,7 @@
    },
    "nixDarwin": {
      "inputs": {
-        "nixpkgs": [
-          "nixpkgs"
-        ]
+        "nixpkgs": "nixpkgs_4"
      },
      "locked": {
        "lastModified": 1727003835,
@ -879,6 +877,18 @@
      }
    },
    "nixpkgs_4": {
+      "locked": {
+        "lastModified": 0,
+        "narHash": "sha256-bvGoiQBvponpZh8ClUcmJ6QnsNKw0EMrCQJARK3bI1c=",
+        "path": "/nix/store/y6205wq8hxvpqvl8l9d1n9xah01kg0lq-source",
+        "type": "path"
+      },
+      "original": {
+        "id": "nixpkgs",
+        "type": "indirect"
+      }
+    },
+    "nixpkgs_5": {
      "locked": {
        "lastModified": 1697723726,
        "narHash": "sha256-SaTWPkI8a5xSHX/rrKzUe+/uVNy6zCGMXgoeMb7T9rg=",
@ -894,13 +904,13 @@
        "type": "github"
      }
    },
-    "nixpkgs_5": {
+    "nixpkgs_6": {
      "locked": {
-        "lastModified": 1726937504,
-        "narHash": "sha256-bvGoiQBvponpZh8ClUcmJ6QnsNKw0EMrCQJARK3bI1c=",
+        "lastModified": 1728241625,
+        "narHash": "sha256-yumd4fBc/hi8a9QgA9IT8vlQuLZ2oqhkJXHPKxH/tRw=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "9357f4f23713673f310988025d9dc261c20e70c6",
+        "rev": "c31898adf5a8ed202ce5bea9f347b1c6871f32d1",
        "type": "github"
      },
      "original": {
@ -910,7 +920,7 @@
        "type": "github"
      }
    },
-    "nixpkgs_6": {
+    "nixpkgs_7": {
      "locked": {
        "lastModified": 1678470307,
        "narHash": "sha256-OEeMUr3ueLIXyW/OaFUX5jUdimyQwMg/7e+/Q0gC/QE=",
@ -926,7 +936,7 @@
        "type": "github"
      }
    },
-    "nixpkgs_7": {
+    "nixpkgs_8": {
      "locked": {
        "lastModified": 1682134069,
        "narHash": "sha256-TnI/ZXSmRxQDt2sjRYK/8j8iha4B4zP2cnQCZZ3vp7k=",
@ -1081,7 +1091,7 @@
        "fan-control": "fan-control",
        "flake-parts": "flake-parts_4",
        "kernel-src": "kernel-src",
-        "nixpkgs": "nixpkgs_6",
+        "nixpkgs": "nixpkgs_7",
        "nixpkgs-kernel": "nixpkgs-kernel",
        "panfork": "panfork",
        "tow-boot": "tow-boot",
@ -1120,7 +1130,7 @@
        "nixDarwin": "nixDarwin",
        "nixThePlanet": "nixThePlanet",
        "nixosHardware": "nixosHardware",
-        "nixpkgs": "nixpkgs_5",
+        "nixpkgs": "nixpkgs_6",
        "rock5b": "rock5b",
        "treefmt-nix": "treefmt-nix_2",
        "vscode-server": "vscode-server"
@ -1291,7 +1301,7 @@
    "vscode-server": {
      "inputs": {
        "flake-utils": "flake-utils_2",
-        "nixpkgs": "nixpkgs_7"
+        "nixpkgs": "nixpkgs_8"
      },
      "locked": {
        "lastModified": 1713958148,
--- a/flake.nix
+++ b/flake.nix
@ -35,7 +35,6 @@
    };
    nixDarwin = {
      url = "github:LnL7/nix-darwin";
-      inputs.nixpkgs.follows = "nixpkgs";
    };
    nix-on-droid.url = "github:nix-community/nix-on-droid";
    lix = {
--- a/hmModules/firefox/default.nix
+++ b/hmModules/firefox/default.nix
@ -18,7 +18,6 @@ in
    policies = {
      DisableTelemetry = true;
      DisableFirefoxStudies = true;
-
      EnableTrackingProtection = {
        Value = true;
        Locked = true;
--- a/hmModules/hyprland/hyprland.conf
+++ b/hmModules/hyprland/hyprland.conf
@ -32,9 +32,10 @@ windowrulev2 = float, title:^(floating)$
 bind = $mod, b, exec, firefox
 bind = $mod, t, exec, footclient $SHELL -C "zellij"
 bind = $mod, Return, exec, footclient
-bind = $mod, y, exec, waypipe --compress lz4=10 ssh picard.fleet emacsclient -c
+bind = $mod, m, exec, footclient $SHELL -C "aerc"
 bind = $mod, d, exec, fuzzel --background-color=253559cc --border-radius=5 --border-width=0
 bind = $mod, s, exec, screenshot.sh
+bind = $mod, n, exec, logseq
 bind = , XF86MonBrightnessUp, exec, brightnessctl s +5%
 bind = , XF86MonBrightnessDown, exec, brightnessctl s 5%-
 bind = $mod, code:60, exec, brightnessctl s +5%
--- a/hmModules/libreoffice/default.nix
+++ b/hmModules/libreoffice/default.nix
@ -0,0 +1,4 @@
+{ pkgs, ... }:
+{
+  home.packages = [ pkgs.libreoffice ];
+}
--- a/hmModules/logseq/default.nix
+++ b/hmModules/logseq/default.nix
@ -0,0 +1,14 @@
+{ pkgs, ... }:
+let
+  logseq = pkgs.appimageTools.wrapType2 {
+    name = "logseq";
+    version = "nightly-20240909";
+    src = pkgs.fetchurl {
+      url = "https://github.com/logseq/logseq/releases/download/nightly/Logseq-linux-x64-0.10.10-alpha+nightly.20240909.AppImage";
+      hash = "sha256-Hy/zk8ZCkWajsMRUMsewLvkKpMpsBZYnFootPU9y6Z0=";
+    };
+  };
+in
+{
+  home.packages = [ logseq ];
+}
--- a/hosts/picard/default.nix
+++ b/hosts/picard/default.nix
@ -89,6 +89,8 @@
      "freecad"
      "zathura"
      "imv"
+      "libreoffice"
+      "logseq"
    ];
    extraGroups = [ ];
    backupPaths = [ ];
--- a/hosts/sisko/default.nix
+++ b/hosts/sisko/default.nix
@ -28,12 +28,14 @@
      "garmin-collector"
      "restic"
      "atuin"
+      "rock5b-fan-control"
+      "immich"
    ]
    ++ [
      ./disko.nix
    ];

-  boot.kernelPackages = pkgs.linuxPackagesFor pkgs.linux_6_10;
+  boot.kernelPackages = pkgs.linuxPackagesFor pkgs.linux_6_11;

  system.stateVersion = "24.05";

@ -94,12 +96,6 @@
  fileSystems."/persist".neededForBoot = true;
  boot.tmp.cleanOnBoot = true;

-  fileSystems."/mnt/hd" = {
-    device = "/dev/disk/by-id/ata-WDC_WD5000AAKX-08U6AA0_WD-WCC2E5TR40FU-part1";
-    fsType = "ext4";
-    options = [ "nofail" ];
-  };
-
  environment.systemPackages = with pkgs; [
    cifs-utils
  ];
--- a/hosts/sisko/disko.nix
+++ b/hosts/sisko/disko.nix
@ -1,9 +1,7 @@
 let
  ssd = "/dev/disk/by-id/ata-CT240BX300SSD1_1739E1042F3C";
+  hd = "/dev/disk/by-id/ata-ST12000NM0558_ZHZ6006Q";
 in
-# hd1 = "/dev/disk/by-id/ata-WDC_WD10EADS-22M2B0_WD-WCAV52709550";
-# hd2 = "/dev/disk/by-id/ata-WDC_WD10EADX-22TDHB0_WD-WCAV5V359530";
-# old_hd = "/dev/disk/by-id/ata-WDC_WD5000AAKX-08U6AA0_WD-WCC2E5TR40FU";
 {
  disko.devices = {
    nodev."/" = {
@ -58,6 +56,63 @@ in
          };
        };
      };
+      hd = {
+        device = hd;
+        type = "disk";
+        content = {
+          type = "gpt";
+          partitions = {
+            root = {
+              size = "100%";
+              content = {
+                type = "filesystem";
+                format = "bcachefs";
+                mountpoint = "/mnt/hd";
+              };
+            };
+          };
+        };
+      };
+      #   hd = {
+      #     type = "disk";
+      #     device = hd;
+      #     content = {
+      #       type = "gpt";
+      #       partitions = {
+      #         zfs = {
+      #           size = "100%";
+      #           content = {
+      #             type = "zfs";
+      #             pool = "zroot";
+      #           };
+      #         };
+      #       };
+      #     };
+      #   };
+      # };
+      # zpool = {
+      #   zroot = {
+      #     type = "zpool";
+      #     rootFsOptions = {
+      #       compression = "lz4";
+      #       acltype = "posixacl";
+      #       xattr = "sa";
+      #       "com.sun:auto-snapshot" = "true";
+      #       mountpoint = "none";
+      #     };
+      #     datasets = {
+      #       "root" = {
+      #         type = "zfs_fs";
+      #         options.mountpoint = "/mnt/hd";
+      #         mountpoint = "/mnt/hd";
+      #       };
+      #       "root/torrent" = {
+      #         type = "zfs_fs";
+      #         options.mountpoint = "/mnt/hd/torrent";
+      #         mountpoint = "/mnt/hd/torrent";
+      #       };
+      #     };
+      #  };
    };
  };
 }
--- a/modules/immich/default.nix
+++ b/modules/immich/default.nix
@ -1,20 +1,99 @@
+{ ... }:
+let
+  vars = {
+    serviceConfigRoot = "/mnt/hd/immich/state";
+    mainArray = "/mnt/hd/immich/";
+    domainName = "photos.aciceri.dev";
+  };
+  directories = [
+    "${vars.serviceConfigRoot}/immich"
+    "${vars.serviceConfigRoot}/immich/postgresql"
+    "${vars.serviceConfigRoot}/immich/postgresql/data"
+    "${vars.serviceConfigRoot}/immich/config"
+    "${vars.serviceConfigRoot}/immich/machine-learning"
+    "${vars.mainArray}/Photos"
+    "${vars.mainArray}/Photos/Immich"
+    "${vars.mainArray}/Photos/S10m"
+  ];
+in
 {
-  containers.immich = {
-    nixpkgs = builtins.getFlake "github:NixOS/nixpkgs/51296fce6f2b33717f710788af4e134aa7ff0e58";
-    autoStart = true;
-    privateNetwork = true;
-    # hostAddress = "192.168.100.10";
-    # localAddress = "192.168.100.11";
-    # hostAddress6 = "fc00::1";
-    # localAddress6 = "fc00::2";
-    config =
-      {
-        ...
-      }:
-      {
-        services.immich = {
-          enable = true;
-        };
+  systemd.tmpfiles.rules = map (x: "d ${x} 0775 root root - -") directories;
+  systemd.services = {
+    podman-immich = {
+      requires = [
+        "podman-immich-redis.service"
+        "podman-immich-postgres.service"
+      ];
+      after = [
+        "podman-immich-redis.service"
+        "podman-immich-postgres.service"
+      ];
+    };
+    podman-immich-postgres = {
+      requires = [ "podman-immich-redis.service" ];
+      after = [ "podman-immich-redis.service" ];
+    };
+  };
+
+  virtualisation.oci-containers.containers = {
+    immich = {
+      autoStart = true;
+      image = "ghcr.io/imagegenius/immich:latest";
+      volumes = [
+        "${vars.serviceConfigRoot}/immich/config:/config"
+        "${vars.mainArray}/Photos/Immich:/photos"
+        "${vars.mainArray}/Photos/S10m:/import:ro"
+        "${vars.serviceConfigRoot}/immich/machine-learning:/config/machine-learning"
+      ];
+      # environmentFiles = [ config.age.secrets.ariaImmichDatabase.path ];
+      environment = {
+        PUID = "994";
+        PGID = "993";
+        TZ = "Europe/Rome";
+        DB_HOSTNAME = "immich-postgres";
+        DB_USERNAME = "immich";
+        DB_DATABASE_NAME = "immich";
+        REDIS_HOSTNAME = "immich-redis";
+        DB_PASSWORD = "password";
      };
+      extraOptions = [
+        "--pull=newer"
+        "--network=container:immich-redis"
+      ];
+    };
+
+    immich-redis = {
+      autoStart = true;
+      image = "redis";
+      extraOptions = [
+        "--pull=newer"
+        "-l=traefik.enable=true"
+        "-l=traefik.http.routers.immich.rule=Host(`photos.${vars.domainName}`)"
+        "-l=traefik.http.routers.immich.service=immich"
+        "-l=traefik.http.services.immich.loadbalancer.server.port=8080"
+      ];
+      ports = [
+        "8080:8080"
+      ];
+    };
+
+    immich-postgres = {
+      autoStart = true;
+      image = "tensorchord/pgvecto-rs:pg14-v0.2.1";
+      volumes = [
+        "${vars.serviceConfigRoot}/immich/postgresql/data:/var/lib/postgresql/data"
+      ];
+      # environmentFiles = [ config.age.secrets.ariaImmichDatabase.path ];
+      environment = {
+        POSTGRES_USER = "immich";
+        POSTGRES_DB = "immich";
+        POSTGRES_HOST_AUTH_METHOD = "trust";
+        POSTGRES_PASSWORD = "password";
+      };
+      extraOptions = [
+        "--pull=newer"
+        "--network=container:immich-redis"
+      ];
+    };
  };
 }
--- a/modules/mount-rock5b/default.nix
+++ b/modules/mount-rock5b/default.nix
@ -15,7 +15,7 @@
        '';
      in
      [
-        "credentials=${credentials},x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s"
+        "credentials=${credentials},x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s,uid=1000,gid=1000"
      ];
  };
 }
--- a/modules/nextcloud/default.nix
+++ b/modules/nextcloud/default.nix
@ -8,11 +8,9 @@
    "d /mnt/raid/nextcloud 770 nextcloud nextcloud"
  ];

-  ccr.extraGroups = [ "nextcloud" ];
-
  services.nextcloud = {
    enable = true;
-    package = pkgs.nextcloud26;
+    package = pkgs.nextcloud_30;
    database.createLocally = true;
    home = "/mnt/raid/nextcloud";
    hostName = "nextcloud.aciceri.dev";
@ -21,6 +19,4 @@
      overwriteProtocol = "https";
    };
  };
-
-  networking.firewall.allowedTCPPorts = [ 80 ];
 }
--- a/modules/restic/default.nix
+++ b/modules/restic/default.nix
@ -26,13 +26,22 @@ in
  }".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIICf9svRenC/PLKIL9nk6K/pxQgoiFC41wTNvoIncOxs";

  services.restic.backups.sisko = {
-    paths = [ "/persist" ];
+    paths = [
+      "/persist"
+      "/mnt/hd/immich"
+    ];
+    exclude = [ " /persist/var/lib/containers" ];
    passwordFile = config.age.secrets.SISKO_RESTIC_PASSWORD.path;
    extraOptions = [
      "sftp.command='${lib.getExe pkgs.sshpass} -f ${config.age.secrets.HETZNER_STORAGE_BOX_SISKO_SSH_PASSWORD.path} ssh -p${port} ${user}@${host} -s sftp'"
    ];
    repository = "sftp://${user}@${host}:${port}/";
    initialize = true;
+    pruneOpts = [
+      "--keep-yearly 1"
+      "--keep-monthly 2"
+      "--keep-daily 7"
+    ];
    timerConfig.OnCalendar = "daily";
    timerConfig.RandomizedDelaySec = "1h";
  };
--- a/modules/rock5b-proxy/default.nix
+++ b/modules/rock5b-proxy/default.nix
@ -36,17 +36,17 @@
        proxyPass = "http://localhost:${builtins.toString config.services.invidious.port}";
      };
    };
-    # "photos.aciceri.dev" = {
-    #   extraConfig = ''
-    #     client_max_body_size 50000M;
-    #   '';
-    #   forceSSL = true;
-    #   enableACME = true;
-    #   locations."/" = {
-    #     proxyPass = "http://localhost:2283";
-    #     proxyWebsockets = true;
-    #   };
-    # };
+    "photos.aciceri.dev" = {
+      extraConfig = ''
+        client_max_body_size 50000M;
+      '';
+      forceSSL = true;
+      enableACME = true;
+      locations."/" = {
+        proxyPass = "http://localhost:8080";
+        proxyWebsockets = true;
+      };
+    };

    # "jellyfin.aciceri.dev" = {
    #   forceSSL = true;
--- a/modules/rock5b-samba/default.nix
+++ b/modules/rock5b-samba/default.nix
@ -9,7 +9,7 @@

    samba = {
      enable = true;
-      securityType = "user";
+      # global.security = "user";
      settings.global = {
        "workgroup" = "WORKGROUP";
        "server string" = "rock5b";
@ -21,7 +21,7 @@
        "recycle:keeptree" = "yes";
        "recycle:versions" = "yes";
      };
-      shares = {
+      settings = {
        torrent = {
          path = "/mnt/hd/torrent";
          comment = "torrent";
--- a/modules/transmission/default.nix
+++ b/modules/transmission/default.nix
@ -4,8 +4,6 @@
    enable = true;
    openRPCPort = true;
    openPeerPorts = true;
-    # FIXME remove after https://github.com/NixOS/nixpkgs/issues/279049
-    webHome = "${config.services.transmission.package}/share/transmission/web";
    settings = {
      download-dir = "/mnt/hd/torrent";
      incomplete-dir = "/mnt/hd/torrent/.incomplete";
@ -32,7 +30,7 @@
      alt-speed-time-day = 127; # all days, bitmap, 0111110 is weekends and 1000001 is weekdays

      ratio-limit-enabled = true;
-      ratio-limit = 100; # I am a generous god
+      ratio-limit = 2;
    };
  };
Author	SHA1	Message	Date
Andrea Ciceri	f774f4b674	Bump flake inputs Some checks failed / test (push) Failing after 13s Details	2024-10-10 17:09:14 +02:00
Andrea Ciceri	a0307ebb97	Don't follow the `nixpkgs` input for `nix-darwin`, otherwise it rebuilds the vm every time	2024-10-10 17:08:29 +02:00
Andrea Ciceri	d710638278	Decrease torrents ratio (probably the old disk died because of this)	2024-10-10 17:07:38 +02:00
Andrea Ciceri	72f21229f3	Trying to fix samba	2024-10-10 17:07:12 +02:00
Andrea Ciceri	d122f9061a	Enable reverse proxy for `immich`	2024-10-10 17:07:04 +02:00
Andrea Ciceri	f5091547bb	Update nextcloud module	2024-10-10 17:06:54 +02:00
Andrea Ciceri	c35c00bf75	Still doesn't work	2024-10-10 17:06:42 +02:00
Andrea Ciceri	eb09394470	Install `restic` on `sisko`	2024-10-10 17:06:33 +02:00
Andrea Ciceri	180e5743cc	Use new hard disk on `sisko`	2024-10-10 17:05:46 +02:00
Andrea Ciceri	34b7c07297	Use linux 6.11 on `sisko` (cpufreq e thermal support)	2024-10-10 17:05:32 +02:00
Andrea Ciceri	cad15d88fd	Remove empty line	2024-10-10 17:05:01 +02:00
Andrea Ciceri	7fcc87b549	Install `logseq` and enable it on `picard`	2024-10-10 16:56:37 +02:00
Andrea Ciceri	bc88e102b6	Install `libreoffice` on `picard`	2024-10-10 16:55:35 +02:00