blake/nix
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

testing use of unstable

Browse Source
This commit is contained in:
blake
2025-10-17 16:11:31 -05:00
parent 25122a4c9c
commit 1cc6abb89a
3 changed files with 66 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
flake.lock generated
View File

@@ -88,6 +88,23 @@
"type": "github" "type": "github"
} }
}, },
"brew-src": {
"flake": false,
"locked": {
"lastModified": 1758543057,
"narHash": "sha256-lw3V2jOGYphUFHYQ5oARcb6urlbNpUCLJy1qhsGdUmc=",
"owner": "Homebrew",
"repo": "brew",
"rev": "5b236456eb93133c2bd0d60ef35ed63f1c0712f6",
"type": "github"
},
"original": {
"owner": "Homebrew",
"ref": "4.6.12",
"repo": "brew",
"type": "github"
}
},
"copyparty": { "copyparty": {
"inputs": { "inputs": {
"flake-utils": "flake-utils", "flake-utils": "flake-utils",
@@ -285,6 +302,24 @@
"type": "github" "type": "github"
} }
}, },
"nix-homebrew": {
"inputs": {
"brew-src": "brew-src"
},
"locked": {
"lastModified": 1758598228,
"narHash": "sha256-qr60maXGbZ4FX5tejPRI3nr0bnRTnZ3AbbbfO6/6jq4=",
"owner": "zhaofengli",
"repo": "nix-homebrew",
"rev": "f36e5db56e117f7df701ab152d0d2036ea85218c",
"type": "github"
},
"original": {
"owner": "zhaofengli",
"repo": "nix-homebrew",
"type": "github"
}
},
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1748162331, "lastModified": 1748162331,
@@ -386,6 +421,7 @@
"copyparty": "copyparty", "copyparty": "copyparty",
"home-manager": "home-manager", "home-manager": "home-manager",
"nix-darwin": "nix-darwin", "nix-darwin": "nix-darwin",
"nix-homebrew": "nix-homebrew",
"nixpkgs": "nixpkgs_2", "nixpkgs": "nixpkgs_2",
"nixpkgs-unstable": "nixpkgs-unstable", "nixpkgs-unstable": "nixpkgs-unstable",
"nvf": "nvf", "nvf": "nvf",

2
hosts/nixos/snowbelle/configuration.nix
View File

@@ -8,7 +8,7 @@ in
imports = imports =
[ # Include the results of the hardware scan. [ # Include the results of the hardware scan.
./hardware-configuration.nix ./hardware-configuration.nix
../../../hosts ../../nixos
../../../users/blake ../../../users/blake
../../../modules/system ../../../modules/system
../../../modules/holocron ../../../modules/holocron

43
modules/homelab/immich/default.nix
View File

@@ -1,12 +1,16 @@
{ pkgs, config, lib, inputs, ... }: {
pkgs,
let config,
lib,
inputs,
unstable_pkgs,
...
}: let
service = "immich"; service = "immich";
cfg = config.homelab.${service}; cfg = config.homelab.${service};
sec = config.sops.secrets; sec = config.sops.secrets;
homelab = config.homelab; homelab = config.homelab;
in in {
{
options.homelab.${service} = { options.homelab.${service} = {
enable = lib.mkEnableOption "enables ${service}"; enable = lib.mkEnableOption "enables ${service}";
@@ -43,9 +47,8 @@ in
}; };
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
# declare ${service} group # declare ${service} group
users.groups.${service} = { gid = lib.mkForce cfg.ids; }; users.groups.${service} = {gid = lib.mkForce cfg.ids;};
# declare ${service} user # declare ${service} user
users.users.${service} = { users.users.${service} = {
@@ -55,13 +58,14 @@ in
home = cfg.data_dir; home = cfg.data_dir;
createHome = true; createHome = true;
group = service; group = service;
extraGroups = [ "video" "render" ]; extraGroups = ["video" "render"];
}; };
# enable the ${service} service # enable the ${service} service
services.${service} = { services.${service} = {
enable = true; enable = true;
package = inputs.nixpkgs-unstable.legacyPackages.${pkgs.system}.immich; #package = inputs.nixpkgs-unstable.legacyPackages.${pkgs.system}.immich;
package = unstable_pkgs.x86_64.immich;
openFirewall = true; openFirewall = true;
user = service; user = service;
group = service; group = service;
@@ -72,16 +76,16 @@ in
}; };
# override umask to make permissions work out # override umask to make permissions work out
# systemd.services."${toString service}-server".serviceConfig = { # systemd.services."${toString service}-server".serviceConfig = {
# UMask = lib.mkForce "0007"; # UMask = lib.mkForce "0007";
# }; # };
# # open firewall # # open firewall
# networking.firewall.allowedTCPPorts = [ cfg.port ]; # networking.firewall.allowedTCPPorts = [ cfg.port ];
# add to caddy for reverse proxy # add to caddy for reverse proxy
services.caddy.virtualHosts."${cfg.url}" = { services.caddy.virtualHosts."${cfg.url}" = {
serverAliases = [ "photos.${homelab.public_domain}" ]; serverAliases = ["photos.${homelab.public_domain}"];
extraConfig = '' extraConfig = ''
tls ${sec."ssl_blakedheld_crt".path} ${sec."ssl_blakedheld_key".path} tls ${sec."ssl_blakedheld_crt".path} ${sec."ssl_blakedheld_key".path}
reverse_proxy 127.0.0.1:${toString cfg.port} reverse_proxy 127.0.0.1:${toString cfg.port}
@@ -89,16 +93,19 @@ in
}; };
# add to glance # add to glance
homelab.glance.links.services = [{ homelab.glance.links.services = [
{
title = service; title = service;
url = "https://photos.${homelab.public_domain}"; url = "https://photos.${homelab.public_domain}";
error-url = "http://${homelab.host_ip}:${toString cfg.port}"; error-url = "http://${homelab.host_ip}:${toString cfg.port}";
check-url = "http://${homelab.host_ip}:${toString cfg.port}"; check-url = "http://${homelab.host_ip}:${toString cfg.port}";
icon = "di:${service}"; }]; icon = "di:${service}";
}
];
# add to backups # add to backups
system.backups.baks = { system.backups.baks = {
${service} = { paths = [ cfg.data_dir "/var/lib/redis-immich" ]; }; ${service} = {paths = [cfg.data_dir "/var/lib/redis-immich"];};
}; };
}; };
} }