diff --git a/flake.lock b/flake.lock index a99b377..7f3706c 100644 --- a/flake.lock +++ b/flake.lock @@ -52,11 +52,11 @@ ] }, "locked": { - "lastModified": 1730927643, - "narHash": "sha256-3wb8lbQUzXZ0n8FWUxsISubTLi0bRV97GFIxd9Ne1B4=", + "lastModified": 1730074366, + "narHash": "sha256-u8aVS/u/CSOt4M+VEdFNiVRZt1YsM00i7sF8OVDGi6Q=", "ref": "refs/heads/main", - "rev": "b35276acd405b1c305cafeb04416d4f61ee78251", - "revCount": 25, + "rev": "54ec36a05d01e506b789fd4b5b825a3012bf7a22", + "revCount": 24, "type": "git", "url": "https://codeberg.org/kampka/nix-flake-crowdsec.git" }, @@ -394,16 +394,16 @@ ] }, "locked": { - "lastModified": 1731880681, - "narHash": "sha256-FmYTkIyPBUxSWgA7DPIVTsCCMvSSbs56yOtHpLNSnKg=", + "lastModified": 1726989464, + "narHash": "sha256-Vl+WVTJwutXkimwGprnEtXc/s/s8sMuXzqXaspIGlwM=", "owner": "nix-community", "repo": "home-manager", - "rev": "aecd341dfead1c3ef7a3c15468ecd71e8343b7c6", + "rev": "2f23fa308a7c067e52dfcc30a0758f47043ec176", "type": "github" }, "original": { "owner": "nix-community", - "ref": "release-24.11", + "ref": "release-24.05", "repo": "home-manager", "type": "github" } @@ -432,11 +432,11 @@ }, "impermanence": { "locked": { - "lastModified": 1731242966, - "narHash": "sha256-B3C3JLbGw0FtLSWCjBxU961gLNv+BOOBC6WvstKLYMw=", + "lastModified": 1730403150, + "narHash": "sha256-W1FH5aJ/GpRCOA7DXT/sJHFpa5r8sq2qAUncWwRZ3Gg=", "owner": "nix-community", "repo": "impermanence", - "rev": "3ed3f0eaae9fcc0a8331e77e9319c8a4abd8a71a", + "rev": "0d09341beeaa2367bac5d718df1404bf2ce45e6f", "type": "github" }, "original": { @@ -474,11 +474,11 @@ "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1731981116, - "narHash": "sha256-SgnDCrAuX9JxRk7NqGJCXYmt+EUkDF2rfL7QjtNImuk=", + "lastModified": 1731030299, + "narHash": "sha256-PwtzMWPJhz9Rn/0rzQfMb6icSA6DtJZKCuK88IwFSos=", "owner": "Infinidoge", "repo": "nix-minecraft", - "rev": "3b71545aa21e6fe9eb7690be7ee2ee3d633b1990", + "rev": "11ca743d2e4602d5b8bfc8d65303f969d58ec338", "type": "github" }, "original": { @@ -533,11 +533,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1731676054, - "narHash": "sha256-OZiZ3m8SCMfh3B6bfGC/Bm4x3qc1m2SVEAlkV6iY7Yg=", + "lastModified": 1730785428, + "narHash": "sha256-Zwl8YgTVJTEum+L+0zVAWvXAGbWAuXHax3KzuejaDyo=", "owner": "nixos", "repo": "nixpkgs", - "rev": "5e4fbfb6b3de1aa2872b76d49fafc942626e2add", + "rev": "4aa36568d413aca0ea84a1684d2d46f55dbabad7", "type": "github" }, "original": { @@ -565,16 +565,16 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1731755305, - "narHash": "sha256-v5P3dk5JdiT+4x69ZaB18B8+Rcu3TIOrcdG4uEX7WZ8=", + "lastModified": 1730883749, + "narHash": "sha256-mwrFF0vElHJP8X3pFCByJR365Q2463ATp2qGIrDUdlE=", "owner": "nixos", "repo": "nixpkgs", - "rev": "057f63b6dc1a2c67301286152eb5af20747a9cb4", + "rev": "dba414932936fde69f0606b4f1d87c5bc0003ede", "type": "github" }, "original": { "owner": "nixos", - "ref": "nixos-24.11", + "ref": "nixos-24.05", "repo": "nixpkgs", "type": "github" } diff --git a/flake.nix b/flake.nix index 6f4fa3c..b2d6698 100644 --- a/flake.nix +++ b/flake.nix @@ -3,12 +3,12 @@ inputs = { # Nixpkgs - nixpkgs.url = "github:nixos/nixpkgs/nixos-24.11"; + nixpkgs.url = "github:nixos/nixpkgs/nixos-24.05"; nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable"; # Home manager home-manager = { - url = "github:nix-community/home-manager/release-24.11"; + url = "github:nix-community/home-manager/release-24.05"; inputs.nixpkgs.follows = "nixpkgs"; }; diff --git a/home-manager/sajenim/features/cli/default.nix b/home-manager/sajenim/features/cli/default.nix index 9b2a39f..555d138 100644 --- a/home-manager/sajenim/features/cli/default.nix +++ b/home-manager/sajenim/features/cli/default.nix @@ -8,13 +8,13 @@ programs.ssh = { enable = true; matchBlocks."viridian" = { - hostname = "viridian.home.arpa"; + hostname = "viridian.kanto.dev"; identityFile = "/home/sajenim/.ssh/sajenim_sk"; port = 22; }; matchBlocks."lavender" = { - hostname = "lavender.home.arpa"; + hostname = "lavender.kanto.dev"; identityFile = "/home/sajenim/.ssh/sajenim_sk"; port = 22; }; diff --git a/home-manager/sajenim/features/desktop/default.nix b/home-manager/sajenim/features/desktop/default.nix index 16cf05c..2fd4b10 100644 --- a/home-manager/sajenim/features/desktop/default.nix +++ b/home-manager/sajenim/features/desktop/default.nix @@ -6,6 +6,7 @@ imports = [ ./discord ./dunst + ./cava ./irc ./mpd ./picom diff --git a/home-manager/sajenim/features/printing/default.nix b/home-manager/sajenim/features/printing/default.nix index fb1dbb5..bffce40 100644 --- a/home-manager/sajenim/features/printing/default.nix +++ b/home-manager/sajenim/features/printing/default.nix @@ -3,8 +3,9 @@ packages = with pkgs; [ blender freecad + kicad openscad - orca-slicer + prusa-slicer ]; }; } diff --git a/nixos/fuchsia/hardware-configuration.nix b/nixos/fuchsia/hardware-configuration.nix index 99bfb93..86906a8 100644 --- a/nixos/fuchsia/hardware-configuration.nix +++ b/nixos/fuchsia/hardware-configuration.nix @@ -48,9 +48,17 @@ enable = true; powerOnBoot = true; }; - graphics = { + pulseaudio = { enable = true; - enable32Bit = true; + support32Bit = true; + extraConfig = "load-module module-native-protocol-tcp auth-ip-acl=127.0.0.1"; + }; + opengl = { + enable = true; + # Vulkan + driSupport = true; + driSupport32Bit = true; + # OpenCL extraPackages = with pkgs; [ rocmPackages.clr.icd ]; diff --git a/nixos/viridian/configuration.nix b/nixos/viridian/configuration.nix index 95c1097..8d52e07 100644 --- a/nixos/viridian/configuration.nix +++ b/nixos/viridian/configuration.nix @@ -10,6 +10,7 @@ ./services/borgbackup ./services/crowdsec ./services/forgejo + ./services/immich ./services/lighttpd ./services/minecraft ./services/mpd diff --git a/nixos/viridian/hardware-configuration.nix b/nixos/viridian/hardware-configuration.nix index 7f51f6f..7fa9529 100644 --- a/nixos/viridian/hardware-configuration.nix +++ b/nixos/viridian/hardware-configuration.nix @@ -35,7 +35,7 @@ }; # Hardware configuration - hardware.graphics = { + hardware.opengl = { enable = true; extraPackages = with pkgs; [ intel-media-driver diff --git a/nixos/viridian/multimedia/jellyfin/default.nix b/nixos/viridian/multimedia/jellyfin/default.nix index b1d2e77..480e68c 100644 --- a/nixos/viridian/multimedia/jellyfin/default.nix +++ b/nixos/viridian/multimedia/jellyfin/default.nix @@ -33,7 +33,7 @@ in { services.traefik.dynamicConfigOptions.http.routers = { jellyfin = { - rule = "Host(`jellyfin.home.arpa`)"; + rule = "Host(`jellyfin.kanto.dev`)"; entryPoints = [ "websecure" ]; diff --git a/nixos/viridian/multimedia/lidarr/default.nix b/nixos/viridian/multimedia/lidarr/default.nix index 12b955e..e2f9820 100644 --- a/nixos/viridian/multimedia/lidarr/default.nix +++ b/nixos/viridian/multimedia/lidarr/default.nix @@ -27,7 +27,7 @@ in { services.traefik.dynamicConfigOptions.http.routers = { lidarr = { - rule = "Host(`lidarr.home.arpa`)"; + rule = "Host(`lidarr.kanto.dev`)"; entryPoints = [ "websecure" ]; diff --git a/nixos/viridian/multimedia/prowlarr/default.nix b/nixos/viridian/multimedia/prowlarr/default.nix index 3714cd2..011713f 100644 --- a/nixos/viridian/multimedia/prowlarr/default.nix +++ b/nixos/viridian/multimedia/prowlarr/default.nix @@ -24,7 +24,7 @@ in { }; services.traefik.dynamicConfigOptions.http.routers = { prowlarr = { - rule = "Host(`prowlarr.home.arpa`)"; + rule = "Host(`prowlarr.kanto.dev`)"; entryPoints = [ "websecure" ]; diff --git a/nixos/viridian/multimedia/qbittorrent/default.nix b/nixos/viridian/multimedia/qbittorrent/default.nix index 162d6c2..5ad3fee 100644 --- a/nixos/viridian/multimedia/qbittorrent/default.nix +++ b/nixos/viridian/multimedia/qbittorrent/default.nix @@ -27,7 +27,7 @@ in { services.traefik.dynamicConfigOptions.http.routers = { qbittorrent = { - rule = "Host(`qbittorrent.home.arpa`)"; + rule = "Host(`qbittorrent.kanto.dev`)"; entryPoints = [ "websecure" ]; diff --git a/nixos/viridian/multimedia/radarr/default.nix b/nixos/viridian/multimedia/radarr/default.nix index 7f66254..95ac698 100644 --- a/nixos/viridian/multimedia/radarr/default.nix +++ b/nixos/viridian/multimedia/radarr/default.nix @@ -26,7 +26,7 @@ in { }; services.traefik.dynamicConfigOptions.http.routers = { radarr = { - rule = "Host(`radarr.home.arpa`)"; + rule = "Host(`radarr.kanto.dev`)"; entryPoints = [ "websecure" ]; diff --git a/nixos/viridian/multimedia/sonarr/default.nix b/nixos/viridian/multimedia/sonarr/default.nix index 69b0cdb..be12dcd 100644 --- a/nixos/viridian/multimedia/sonarr/default.nix +++ b/nixos/viridian/multimedia/sonarr/default.nix @@ -27,7 +27,7 @@ in { services.traefik.dynamicConfigOptions.http.routers = { sonarr = { - rule = "Host(`sonarr.home.arpa`)"; + rule = "Host(`sonarr.kanto.dev`)"; entryPoints = [ "websecure" ]; diff --git a/nixos/viridian/services/immich/default.nix b/nixos/viridian/services/immich/default.nix new file mode 100644 index 0000000..58f1884 --- /dev/null +++ b/nixos/viridian/services/immich/default.nix @@ -0,0 +1,70 @@ +{ + inputs, + pkgs, + config, + ... +}: { + imports = [ + "${inputs.nixpkgs-unstable}/nixos/modules/services/web-apps/immich.nix" + ]; + + age.secrets.immich = { + rekeyFile = ./secrets.age; + owner = "immich"; + group = "immich"; + }; + + services.immich = { + enable = true; + package = pkgs.unstable.immich; + port = 5489; + host = "0.0.0.0"; + openFirewall = true; + mediaLocation = "/var/lib/immich"; + secretsFile = config.age.secrets.immich.path; + database = { + enable = true; + user = "immich"; + name = "immich"; + }; + environment = { + TZ = "Australia/Perth"; + DB_USERNAME = "immich"; + DB_DATABASE_NAME = "immich"; + }; + }; + + services.traefik.dynamicConfigOptions.http.routers = { + immich = { + rule = "Host(`photos.kanto.dev`)"; + entryPoints = [ + "websecure" + ]; + middlewares = [ + "internal" + ]; + service = "immich"; + }; + }; + + services.traefik.dynamicConfigOptions.http.services = { + immich.loadBalancer.servers = [ + {url = "http://127.0.0.1:${toString config.services.immich.port}";} + ]; + }; + + environment.persistence."/persist" = { + directories = [ + { + directory = "/var/lib/immich"; + user = "immich"; + group = "immich"; + } + { + directory = "/var/lib/redis-immich"; + user = "immich"; + group = "immich"; + } + ]; + }; +} diff --git a/nixos/viridian/services/immich/secrets.age b/nixos/viridian/services/immich/secrets.age new file mode 100644 index 0000000..dd2fe5a --- /dev/null +++ b/nixos/viridian/services/immich/secrets.age @@ -0,0 +1,9 @@ +age-encryption.org/v1 +-> piv-p256 hdSnGw Ave/yX17ylsK6RI5ei/oxD58h8nzXisgLiNvs8p7PKd4 +eUz/WZTS3nQ8IyeBZd2/zzW4hjRexuYUuGAiLRFamb4 +-> C[:7-grease +tVpdl3Ch +--- wTWoOAjmo0FL1kNZ/6QIMSwA4IV6XQkZLbWobJjnlPY +HÚ’#º-Øth­„î ("ÎI +t-FmšÔƒK•cÿ×F ´SPdBÃ5– +H%LOˆÅØ=½P‚Ì ÿ \ No newline at end of file diff --git a/nixos/viridian/services/minecraft/default.nix b/nixos/viridian/services/minecraft/default.nix index d5d1070..1203bbb 100644 --- a/nixos/viridian/services/minecraft/default.nix +++ b/nixos/viridian/services/minecraft/default.nix @@ -81,7 +81,7 @@ in { services.traefik.dynamicConfigOptions.http.routers = { minecraft = { - rule = "Host(`minecraft.home.arpa`)"; + rule = "Host(`minecraft.kanto.dev`)"; entryPoints = [ "websecure" ]; diff --git a/nixos/viridian/services/mpd/default.nix b/nixos/viridian/services/mpd/default.nix index 41cec3c..2370e7d 100644 --- a/nixos/viridian/services/mpd/default.nix +++ b/nixos/viridian/services/mpd/default.nix @@ -21,7 +21,7 @@ statdPort = 4000; extraNfsdConfig = ''''; exports = '' - /srv/multimedia/library/music fuchsia.home.arpa(rw,nohide,insecure,no_subtree_check) + /srv/multimedia/library/music fuchsia.kanto.dev(rw,nohide,insecure,no_subtree_check) ''; }; networking.firewall = { diff --git a/nixos/viridian/services/paperless-ngx/default.nix b/nixos/viridian/services/paperless-ngx/default.nix index 64f9faf..e04d79a 100644 --- a/nixos/viridian/services/paperless-ngx/default.nix +++ b/nixos/viridian/services/paperless-ngx/default.nix @@ -18,7 +18,7 @@ in { services.traefik.dynamicConfigOptions.http.routers = { paperless-ngx = { - rule = "Host(`docs.home.arpa`)"; + rule = "Host(`docs.kanto.dev`)"; entryPoints = [ "websecure" ]; diff --git a/nixos/viridian/services/traefik/default.nix b/nixos/viridian/services/traefik/default.nix index 8e7f782..3bba7fc 100644 --- a/nixos/viridian/services/traefik/default.nix +++ b/nixos/viridian/services/traefik/default.nix @@ -8,7 +8,9 @@ imports = [ "${inputs.nixpkgs-unstable}/nixos/modules/services/web-servers/traefik.nix" + ./routers.nix ./middlewares.nix + ./services.nix ]; age.secrets.traefik = { @@ -86,6 +88,11 @@ certResolver = "lets-encrypt"; # List of domains in our network domains = [ + # Internal services + { + main = "kanto.dev"; + sans = ["*.kanto.dev"]; + } # Public services { main = "sajenim.dev"; diff --git a/nixos/viridian/services/traefik/routers.nix b/nixos/viridian/services/traefik/routers.nix new file mode 100644 index 0000000..82e5cca --- /dev/null +++ b/nixos/viridian/services/traefik/routers.nix @@ -0,0 +1,25 @@ +{...}: { + services.traefik.dynamicConfigOptions.http.routers = { + traefik-dashboard = { + rule = "Host(`traefik.kanto.dev`)"; + entryPoints = [ + "websecure" + ]; + middlewares = [ + "internal" + ]; + service = "api@internal"; + }; + + ender1 = { + rule = "Host(`e1.kanto.dev`)"; + entryPoints = [ + "websecure" + ]; + middlewares = [ + "internal" + ]; + service = "ender1"; + }; + }; +} diff --git a/nixos/viridian/services/traefik/services.nix b/nixos/viridian/services/traefik/services.nix new file mode 100644 index 0000000..7a9f665 --- /dev/null +++ b/nixos/viridian/services/traefik/services.nix @@ -0,0 +1,7 @@ +{...}: { + services.traefik.dynamicConfigOptions.http.services = { + ender1.loadBalancer.servers = [ + {url = "http://192.168.50.202:80";} + ]; + }; +}