diff --git a/flake.lock b/flake.lock index c270768..50c6096 100644 --- a/flake.lock +++ b/flake.lock @@ -383,7 +383,7 @@ "hercules-ci-effects": { "inputs": { "flake-parts": "flake-parts_3", - "nixpkgs": "nixpkgs_5" + "nixpkgs": "nixpkgs_4" }, "locked": { "lastModified": 1701009247, @@ -647,7 +647,9 @@ }, "nixDarwin": { "inputs": { - "nixpkgs": "nixpkgs_4" + "nixpkgs": [ + "nixpkgs" + ] }, "locked": { "lastModified": 1727003835, @@ -877,18 +879,6 @@ } }, "nixpkgs_4": { - "locked": { - "lastModified": 0, - "narHash": "sha256-bvGoiQBvponpZh8ClUcmJ6QnsNKw0EMrCQJARK3bI1c=", - "path": "/nix/store/y6205wq8hxvpqvl8l9d1n9xah01kg0lq-source", - "type": "path" - }, - "original": { - "id": "nixpkgs", - "type": "indirect" - } - }, - "nixpkgs_5": { "locked": { "lastModified": 1697723726, "narHash": "sha256-SaTWPkI8a5xSHX/rrKzUe+/uVNy6zCGMXgoeMb7T9rg=", @@ -904,13 +894,13 @@ "type": "github" } }, - "nixpkgs_6": { + "nixpkgs_5": { "locked": { - "lastModified": 1728241625, - "narHash": "sha256-yumd4fBc/hi8a9QgA9IT8vlQuLZ2oqhkJXHPKxH/tRw=", + "lastModified": 1726937504, + "narHash": "sha256-bvGoiQBvponpZh8ClUcmJ6QnsNKw0EMrCQJARK3bI1c=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "c31898adf5a8ed202ce5bea9f347b1c6871f32d1", + "rev": "9357f4f23713673f310988025d9dc261c20e70c6", "type": "github" }, "original": { @@ -920,7 +910,7 @@ "type": "github" } }, - "nixpkgs_7": { + "nixpkgs_6": { "locked": { "lastModified": 1678470307, "narHash": "sha256-OEeMUr3ueLIXyW/OaFUX5jUdimyQwMg/7e+/Q0gC/QE=", @@ -936,7 +926,7 @@ "type": "github" } }, - "nixpkgs_8": { + "nixpkgs_7": { "locked": { "lastModified": 1682134069, "narHash": "sha256-TnI/ZXSmRxQDt2sjRYK/8j8iha4B4zP2cnQCZZ3vp7k=", @@ -1091,7 +1081,7 @@ "fan-control": "fan-control", "flake-parts": "flake-parts_4", "kernel-src": "kernel-src", - "nixpkgs": "nixpkgs_7", + "nixpkgs": "nixpkgs_6", "nixpkgs-kernel": "nixpkgs-kernel", "panfork": "panfork", "tow-boot": "tow-boot", @@ -1130,7 +1120,7 @@ "nixDarwin": "nixDarwin", "nixThePlanet": "nixThePlanet", "nixosHardware": "nixosHardware", - "nixpkgs": "nixpkgs_6", + "nixpkgs": "nixpkgs_5", "rock5b": "rock5b", "treefmt-nix": "treefmt-nix_2", "vscode-server": "vscode-server" @@ -1301,7 +1291,7 @@ "vscode-server": { "inputs": { "flake-utils": "flake-utils_2", - "nixpkgs": "nixpkgs_8" + "nixpkgs": "nixpkgs_7" }, "locked": { "lastModified": 1713958148, diff --git a/flake.nix b/flake.nix index bc75454..28b3f03 100644 --- a/flake.nix +++ b/flake.nix @@ -35,6 +35,7 @@ }; nixDarwin = { url = "github:LnL7/nix-darwin"; + inputs.nixpkgs.follows = "nixpkgs"; }; nix-on-droid.url = "github:nix-community/nix-on-droid"; lix = { diff --git a/hmModules/firefox/default.nix b/hmModules/firefox/default.nix index 43d60a3..4f0a3c2 100644 --- a/hmModules/firefox/default.nix +++ b/hmModules/firefox/default.nix @@ -18,6 +18,7 @@ in policies = { DisableTelemetry = true; DisableFirefoxStudies = true; + EnableTrackingProtection = { Value = true; Locked = true; diff --git a/hmModules/hyprland/hyprland.conf b/hmModules/hyprland/hyprland.conf index c8c20af..c953fc6 100644 --- a/hmModules/hyprland/hyprland.conf +++ b/hmModules/hyprland/hyprland.conf @@ -32,10 +32,9 @@ windowrulev2 = float, title:^(floating)$ bind = $mod, b, exec, firefox bind = $mod, t, exec, footclient $SHELL -C "zellij" bind = $mod, Return, exec, footclient -bind = $mod, m, exec, footclient $SHELL -C "aerc" +bind = $mod, y, exec, waypipe --compress lz4=10 ssh picard.fleet emacsclient -c bind = $mod, d, exec, fuzzel --background-color=253559cc --border-radius=5 --border-width=0 bind = $mod, s, exec, screenshot.sh -bind = $mod, n, exec, logseq bind = , XF86MonBrightnessUp, exec, brightnessctl s +5% bind = , XF86MonBrightnessDown, exec, brightnessctl s 5%- bind = $mod, code:60, exec, brightnessctl s +5% diff --git a/hmModules/libreoffice/default.nix b/hmModules/libreoffice/default.nix deleted file mode 100644 index 1e846d4..0000000 --- a/hmModules/libreoffice/default.nix +++ /dev/null @@ -1,4 +0,0 @@ -{ pkgs, ... }: -{ - home.packages = [ pkgs.libreoffice ]; -} diff --git a/hmModules/logseq/default.nix b/hmModules/logseq/default.nix deleted file mode 100644 index 10c295c..0000000 --- a/hmModules/logseq/default.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ pkgs, ... }: -let - logseq = pkgs.appimageTools.wrapType2 { - name = "logseq"; - version = "nightly-20240909"; - src = pkgs.fetchurl { - url = "https://github.com/logseq/logseq/releases/download/nightly/Logseq-linux-x64-0.10.10-alpha+nightly.20240909.AppImage"; - hash = "sha256-Hy/zk8ZCkWajsMRUMsewLvkKpMpsBZYnFootPU9y6Z0="; - }; - }; -in -{ - home.packages = [ logseq ]; -} diff --git a/hosts/picard/default.nix b/hosts/picard/default.nix index c4128f7..ded359d 100644 --- a/hosts/picard/default.nix +++ b/hosts/picard/default.nix @@ -89,8 +89,6 @@ "freecad" "zathura" "imv" - "libreoffice" - "logseq" ]; extraGroups = [ ]; backupPaths = [ ]; diff --git a/hosts/sisko/default.nix b/hosts/sisko/default.nix index 8a386be..44277c3 100644 --- a/hosts/sisko/default.nix +++ b/hosts/sisko/default.nix @@ -28,14 +28,12 @@ "garmin-collector" "restic" "atuin" - "rock5b-fan-control" - "immich" ] ++ [ ./disko.nix ]; - boot.kernelPackages = pkgs.linuxPackagesFor pkgs.linux_6_11; + boot.kernelPackages = pkgs.linuxPackagesFor pkgs.linux_6_10; system.stateVersion = "24.05"; @@ -96,6 +94,12 @@ fileSystems."/persist".neededForBoot = true; boot.tmp.cleanOnBoot = true; + fileSystems."/mnt/hd" = { + device = "/dev/disk/by-id/ata-WDC_WD5000AAKX-08U6AA0_WD-WCC2E5TR40FU-part1"; + fsType = "ext4"; + options = [ "nofail" ]; + }; + environment.systemPackages = with pkgs; [ cifs-utils ]; diff --git a/hosts/sisko/disko.nix b/hosts/sisko/disko.nix index ba5c708..909a33b 100644 --- a/hosts/sisko/disko.nix +++ b/hosts/sisko/disko.nix @@ -1,7 +1,9 @@ let ssd = "/dev/disk/by-id/ata-CT240BX300SSD1_1739E1042F3C"; - hd = "/dev/disk/by-id/ata-ST12000NM0558_ZHZ6006Q"; in +# hd1 = "/dev/disk/by-id/ata-WDC_WD10EADS-22M2B0_WD-WCAV52709550"; +# hd2 = "/dev/disk/by-id/ata-WDC_WD10EADX-22TDHB0_WD-WCAV5V359530"; +# old_hd = "/dev/disk/by-id/ata-WDC_WD5000AAKX-08U6AA0_WD-WCC2E5TR40FU"; { disko.devices = { nodev."/" = { @@ -56,63 +58,6 @@ in }; }; }; - hd = { - device = hd; - type = "disk"; - content = { - type = "gpt"; - partitions = { - root = { - size = "100%"; - content = { - type = "filesystem"; - format = "bcachefs"; - mountpoint = "/mnt/hd"; - }; - }; - }; - }; - }; - # hd = { - # type = "disk"; - # device = hd; - # content = { - # type = "gpt"; - # partitions = { - # zfs = { - # size = "100%"; - # content = { - # type = "zfs"; - # pool = "zroot"; - # }; - # }; - # }; - # }; - # }; - # }; - # zpool = { - # zroot = { - # type = "zpool"; - # rootFsOptions = { - # compression = "lz4"; - # acltype = "posixacl"; - # xattr = "sa"; - # "com.sun:auto-snapshot" = "true"; - # mountpoint = "none"; - # }; - # datasets = { - # "root" = { - # type = "zfs_fs"; - # options.mountpoint = "/mnt/hd"; - # mountpoint = "/mnt/hd"; - # }; - # "root/torrent" = { - # type = "zfs_fs"; - # options.mountpoint = "/mnt/hd/torrent"; - # mountpoint = "/mnt/hd/torrent"; - # }; - # }; - # }; }; }; } diff --git a/modules/immich/default.nix b/modules/immich/default.nix index ffa5968..be7e905 100644 --- a/modules/immich/default.nix +++ b/modules/immich/default.nix @@ -1,99 +1,20 @@ -{ ... }: -let - vars = { - serviceConfigRoot = "/mnt/hd/immich/state"; - mainArray = "/mnt/hd/immich/"; - domainName = "photos.aciceri.dev"; - }; - directories = [ - "${vars.serviceConfigRoot}/immich" - "${vars.serviceConfigRoot}/immich/postgresql" - "${vars.serviceConfigRoot}/immich/postgresql/data" - "${vars.serviceConfigRoot}/immich/config" - "${vars.serviceConfigRoot}/immich/machine-learning" - "${vars.mainArray}/Photos" - "${vars.mainArray}/Photos/Immich" - "${vars.mainArray}/Photos/S10m" - ]; -in { - systemd.tmpfiles.rules = map (x: "d ${x} 0775 root root - -") directories; - systemd.services = { - podman-immich = { - requires = [ - "podman-immich-redis.service" - "podman-immich-postgres.service" - ]; - after = [ - "podman-immich-redis.service" - "podman-immich-postgres.service" - ]; - }; - podman-immich-postgres = { - requires = [ "podman-immich-redis.service" ]; - after = [ "podman-immich-redis.service" ]; - }; - }; - - virtualisation.oci-containers.containers = { - immich = { - autoStart = true; - image = "ghcr.io/imagegenius/immich:latest"; - volumes = [ - "${vars.serviceConfigRoot}/immich/config:/config" - "${vars.mainArray}/Photos/Immich:/photos" - "${vars.mainArray}/Photos/S10m:/import:ro" - "${vars.serviceConfigRoot}/immich/machine-learning:/config/machine-learning" - ]; - # environmentFiles = [ config.age.secrets.ariaImmichDatabase.path ]; - environment = { - PUID = "994"; - PGID = "993"; - TZ = "Europe/Rome"; - DB_HOSTNAME = "immich-postgres"; - DB_USERNAME = "immich"; - DB_DATABASE_NAME = "immich"; - REDIS_HOSTNAME = "immich-redis"; - DB_PASSWORD = "password"; + containers.immich = { + nixpkgs = builtins.getFlake "github:NixOS/nixpkgs/51296fce6f2b33717f710788af4e134aa7ff0e58"; + autoStart = true; + privateNetwork = true; + # hostAddress = "192.168.100.10"; + # localAddress = "192.168.100.11"; + # hostAddress6 = "fc00::1"; + # localAddress6 = "fc00::2"; + config = + { + ... + }: + { + services.immich = { + enable = true; + }; }; - extraOptions = [ - "--pull=newer" - "--network=container:immich-redis" - ]; - }; - - immich-redis = { - autoStart = true; - image = "redis"; - extraOptions = [ - "--pull=newer" - "-l=traefik.enable=true" - "-l=traefik.http.routers.immich.rule=Host(`photos.${vars.domainName}`)" - "-l=traefik.http.routers.immich.service=immich" - "-l=traefik.http.services.immich.loadbalancer.server.port=8080" - ]; - ports = [ - "8080:8080" - ]; - }; - - immich-postgres = { - autoStart = true; - image = "tensorchord/pgvecto-rs:pg14-v0.2.1"; - volumes = [ - "${vars.serviceConfigRoot}/immich/postgresql/data:/var/lib/postgresql/data" - ]; - # environmentFiles = [ config.age.secrets.ariaImmichDatabase.path ]; - environment = { - POSTGRES_USER = "immich"; - POSTGRES_DB = "immich"; - POSTGRES_HOST_AUTH_METHOD = "trust"; - POSTGRES_PASSWORD = "password"; - }; - extraOptions = [ - "--pull=newer" - "--network=container:immich-redis" - ]; - }; }; } diff --git a/modules/mount-rock5b/default.nix b/modules/mount-rock5b/default.nix index 5ae34a0..a31eb1c 100644 --- a/modules/mount-rock5b/default.nix +++ b/modules/mount-rock5b/default.nix @@ -15,7 +15,7 @@ ''; in [ - "credentials=${credentials},x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s,uid=1000,gid=1000" + "credentials=${credentials},x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s" ]; }; } diff --git a/modules/nextcloud/default.nix b/modules/nextcloud/default.nix index 77d6230..37340e4 100644 --- a/modules/nextcloud/default.nix +++ b/modules/nextcloud/default.nix @@ -8,9 +8,11 @@ "d /mnt/raid/nextcloud 770 nextcloud nextcloud" ]; + ccr.extraGroups = [ "nextcloud" ]; + services.nextcloud = { enable = true; - package = pkgs.nextcloud_30; + package = pkgs.nextcloud26; database.createLocally = true; home = "/mnt/raid/nextcloud"; hostName = "nextcloud.aciceri.dev"; @@ -19,4 +21,6 @@ overwriteProtocol = "https"; }; }; + + networking.firewall.allowedTCPPorts = [ 80 ]; } diff --git a/modules/restic/default.nix b/modules/restic/default.nix index 3edb52d..0d082b3 100644 --- a/modules/restic/default.nix +++ b/modules/restic/default.nix @@ -26,22 +26,13 @@ in }".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIICf9svRenC/PLKIL9nk6K/pxQgoiFC41wTNvoIncOxs"; services.restic.backups.sisko = { - paths = [ - "/persist" - "/mnt/hd/immich" - ]; - exclude = [ " /persist/var/lib/containers" ]; + paths = [ "/persist" ]; passwordFile = config.age.secrets.SISKO_RESTIC_PASSWORD.path; extraOptions = [ "sftp.command='${lib.getExe pkgs.sshpass} -f ${config.age.secrets.HETZNER_STORAGE_BOX_SISKO_SSH_PASSWORD.path} ssh -p${port} ${user}@${host} -s sftp'" ]; repository = "sftp://${user}@${host}:${port}/"; initialize = true; - pruneOpts = [ - "--keep-yearly 1" - "--keep-monthly 2" - "--keep-daily 7" - ]; timerConfig.OnCalendar = "daily"; timerConfig.RandomizedDelaySec = "1h"; }; diff --git a/modules/rock5b-proxy/default.nix b/modules/rock5b-proxy/default.nix index 3a324ef..926f664 100644 --- a/modules/rock5b-proxy/default.nix +++ b/modules/rock5b-proxy/default.nix @@ -36,17 +36,17 @@ proxyPass = "http://localhost:${builtins.toString config.services.invidious.port}"; }; }; - "photos.aciceri.dev" = { - extraConfig = '' - client_max_body_size 50000M; - ''; - forceSSL = true; - enableACME = true; - locations."/" = { - proxyPass = "http://localhost:8080"; - proxyWebsockets = true; - }; - }; + # "photos.aciceri.dev" = { + # extraConfig = '' + # client_max_body_size 50000M; + # ''; + # forceSSL = true; + # enableACME = true; + # locations."/" = { + # proxyPass = "http://localhost:2283"; + # proxyWebsockets = true; + # }; + # }; # "jellyfin.aciceri.dev" = { # forceSSL = true; diff --git a/modules/rock5b-samba/default.nix b/modules/rock5b-samba/default.nix index 9350089..3791c92 100644 --- a/modules/rock5b-samba/default.nix +++ b/modules/rock5b-samba/default.nix @@ -9,7 +9,7 @@ samba = { enable = true; - # global.security = "user"; + securityType = "user"; settings.global = { "workgroup" = "WORKGROUP"; "server string" = "rock5b"; @@ -21,7 +21,7 @@ "recycle:keeptree" = "yes"; "recycle:versions" = "yes"; }; - settings = { + shares = { torrent = { path = "/mnt/hd/torrent"; comment = "torrent"; diff --git a/modules/transmission/default.nix b/modules/transmission/default.nix index 15db1d1..2052b37 100644 --- a/modules/transmission/default.nix +++ b/modules/transmission/default.nix @@ -4,6 +4,8 @@ enable = true; openRPCPort = true; openPeerPorts = true; + # FIXME remove after https://github.com/NixOS/nixpkgs/issues/279049 + webHome = "${config.services.transmission.package}/share/transmission/web"; settings = { download-dir = "/mnt/hd/torrent"; incomplete-dir = "/mnt/hd/torrent/.incomplete"; @@ -30,7 +32,7 @@ alt-speed-time-day = 127; # all days, bitmap, 0111110 is weekends and 1000001 is weekdays ratio-limit-enabled = true; - ratio-limit = 2; + ratio-limit = 100; # I am a generous god }; };