testing use of unstable

2025-10-17 16:11:31 -05:00
parent 25122a4c9c
commit 1cc6abb89a
3 changed files with 66 additions and 23 deletions
--- a/flake.lock
+++ b/flake.lock
@@ -88,6 +88,23 @@
        "type": "github"
      }
    },
+    "brew-src": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1758543057,
+        "narHash": "sha256-lw3V2jOGYphUFHYQ5oARcb6urlbNpUCLJy1qhsGdUmc=",
+        "owner": "Homebrew",
+        "repo": "brew",
+        "rev": "5b236456eb93133c2bd0d60ef35ed63f1c0712f6",
+        "type": "github"
+      },
+      "original": {
+        "owner": "Homebrew",
+        "ref": "4.6.12",
+        "repo": "brew",
+        "type": "github"
+      }
+    },
    "copyparty": {
      "inputs": {
        "flake-utils": "flake-utils",
@@ -285,6 +302,24 @@
        "type": "github"
      }
    },
+    "nix-homebrew": {
+      "inputs": {
+        "brew-src": "brew-src"
+      },
+      "locked": {
+        "lastModified": 1758598228,
+        "narHash": "sha256-qr60maXGbZ4FX5tejPRI3nr0bnRTnZ3AbbbfO6/6jq4=",
+        "owner": "zhaofengli",
+        "repo": "nix-homebrew",
+        "rev": "f36e5db56e117f7df701ab152d0d2036ea85218c",
+        "type": "github"
+      },
+      "original": {
+        "owner": "zhaofengli",
+        "repo": "nix-homebrew",
+        "type": "github"
+      }
+    },
    "nixpkgs": {
      "locked": {
        "lastModified": 1748162331,
@@ -386,6 +421,7 @@
        "copyparty": "copyparty",
        "home-manager": "home-manager",
        "nix-darwin": "nix-darwin",
+        "nix-homebrew": "nix-homebrew",
        "nixpkgs": "nixpkgs_2",
        "nixpkgs-unstable": "nixpkgs-unstable",
        "nvf": "nvf",
--- a/hosts/nixos/snowbelle/configuration.nix
+++ b/hosts/nixos/snowbelle/configuration.nix
@@ -8,7 +8,7 @@ in
  imports =
    [ # Include the results of the hardware scan.
      ./hardware-configuration.nix
-      ../../../hosts
+      ../../nixos
      ../../../users/blake
      ../../../modules/system
      ../../../modules/holocron
--- a/modules/homelab/immich/default.nix
+++ b/modules/homelab/immich/default.nix
@@ -1,12 +1,16 @@
-{ pkgs, config, lib, inputs, ... }:
-
-let
+{
+  pkgs,
+  config,
+  lib,
+  inputs,
+  unstable_pkgs,
+  ...
+}: let
  service = "immich";
  cfg = config.homelab.${service};
  sec = config.sops.secrets;
  homelab = config.homelab;
-in
-{
+in {
  options.homelab.${service} = {
    enable = lib.mkEnableOption "enables ${service}";

@@ -43,9 +47,8 @@ in
  };

  config = lib.mkIf cfg.enable {
-    
    # declare ${service} group
-    users.groups.${service} = { gid = lib.mkForce cfg.ids; };
+    users.groups.${service} = {gid = lib.mkForce cfg.ids;};

    # declare ${service} user
    users.users.${service} = {
@@ -55,13 +58,14 @@ in
      home = cfg.data_dir;
      createHome = true;
      group = service;
-      extraGroups = [ "video" "render" ];
+      extraGroups = ["video" "render"];
    };

    # enable the ${service} service
    services.${service} = {
      enable = true;
-      package = inputs.nixpkgs-unstable.legacyPackages.${pkgs.system}.immich;
+      #package = inputs.nixpkgs-unstable.legacyPackages.${pkgs.system}.immich;
+      package = unstable_pkgs.x86_64.immich;
      openFirewall = true;
      user = service;
      group = service;
@@ -72,16 +76,16 @@ in
    };

    # override umask to make permissions work out
-#    systemd.services."${toString service}-server".serviceConfig = {
-#      UMask = lib.mkForce "0007";
-#    };
+    #    systemd.services."${toString service}-server".serviceConfig = {
+    #      UMask = lib.mkForce "0007";
+    #    };

-#    # open firewall
-#    networking.firewall.allowedTCPPorts = [ cfg.port ];
+    #    # open firewall
+    #    networking.firewall.allowedTCPPorts = [ cfg.port ];

    # add to caddy for reverse proxy
    services.caddy.virtualHosts."${cfg.url}" = {
-      serverAliases = [ "photos.${homelab.public_domain}" ];
+      serverAliases = ["photos.${homelab.public_domain}"];
      extraConfig = ''
        tls ${sec."ssl_blakedheld_crt".path} ${sec."ssl_blakedheld_key".path}
        reverse_proxy 127.0.0.1:${toString cfg.port}
@@ -89,16 +93,19 @@ in
    };

    # add to glance
-    homelab.glance.links.services = [{
-      title = service;
-      url = "https://photos.${homelab.public_domain}";
-      error-url = "http://${homelab.host_ip}:${toString cfg.port}";
-      check-url = "http://${homelab.host_ip}:${toString cfg.port}";
-      icon = "di:${service}"; }];
+    homelab.glance.links.services = [
+      {
+        title = service;
+        url = "https://photos.${homelab.public_domain}";
+        error-url = "http://${homelab.host_ip}:${toString cfg.port}";
+        check-url = "http://${homelab.host_ip}:${toString cfg.port}";
+        icon = "di:${service}";
+      }
+    ];

    # add to backups
    system.backups.baks = {
-      ${service} = { paths = [ cfg.data_dir "/var/lib/redis-immich" ]; };
+      ${service} = {paths = [cfg.data_dir "/var/lib/redis-immich"];};
    };
  };
 }