diff --git a/flake.lock b/flake.lock index 5a41cc85..0bfea4ab 100644 --- a/flake.lock +++ b/flake.lock @@ -10,11 +10,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1718371084, - "narHash": "sha256-abpBi61mg0g+lFFU0zY4C6oP6fBwPzbHPKBGw676xsA=", + "lastModified": 1722339003, + "narHash": "sha256-ZeS51uJI30ehNkcZ4uKqT4ZDARPyqrHADSKAwv5vVCU=", "owner": "ryantm", "repo": "agenix", - "rev": "3a56735779db467538fb2e577eda28a9daacaca6", + "rev": "3f1dae074a12feb7327b4bf43cbac0d124488bb7", "type": "github" }, "original": { @@ -24,22 +24,6 @@ "type": "github" } }, - "agkozak-zsh-prompt": { - "flake": false, - "locked": { - "lastModified": 1709936542, - "narHash": "sha256-YBqFA/DK2K1effniwjPSe5VMx9tZGbmxyJp92TiingU=", - "owner": "agkozak", - "repo": "agkozak-zsh-prompt", - "rev": "617fc2e6d6ec56d79a22804a37188c586a7ced31", - "type": "github" - }, - "original": { - "owner": "agkozak", - "repo": "agkozak-zsh-prompt", - "type": "github" - } - }, "crane": { "inputs": { "nixpkgs": [ @@ -90,11 +74,11 @@ ] }, "locked": { - "lastModified": 1719845423, - "narHash": "sha256-ZLHDmWAsHQQKnmfyhYSHJDlt8Wfjv6SQhl2qek42O7A=", + "lastModified": 1722924007, + "narHash": "sha256-+CQDamNwqO33REJLft8c26NbUi2Td083hq6SvAm2xkU=", "owner": "lnl7", "repo": "nix-darwin", - "rev": "ec12b88104d6c117871fad55e931addac4626756", + "rev": "91010a5613ffd7ee23ee9263213157a1c422b705", "type": "github" }, "original": { @@ -104,39 +88,6 @@ "type": "github" } }, - "flake-parts": { - "inputs": { - "nixpkgs-lib": "nixpkgs-lib" - }, - "locked": { - "lastModified": 1714606777, - "narHash": "sha256-bMkNmAXLj8iyTvxaaD/StcLSadbj1chPcJOjtuVnLmA=", - "owner": "hercules-ci", - "repo": "flake-parts", - "rev": "4d34ce6412bc450b1d4208c953dc97c7fc764f1a", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "flake-parts", - "type": "github" - } - }, - "flake-root": { - "locked": { - "lastModified": 1713493429, - "narHash": "sha256-ztz8JQkI08tjKnsTpfLqzWoKFQF4JGu2LRz8bkdnYUk=", - "owner": "srid", - "repo": "flake-root", - "rev": "bc748b93b86ee76e2032eecda33440ceb2532fcd", - "type": "github" - }, - "original": { - "owner": "srid", - "repo": "flake-root", - "type": "github" - } - }, "flake-utils": { "inputs": { "systems": "systems_2" @@ -195,6 +146,24 @@ "inputs": { "systems": "systems_5" }, + "locked": { + "lastModified": 1710146030, + "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_5": { + "inputs": { + "systems": "systems_6" + }, "locked": { "lastModified": 1685518550, "narHash": "sha256-o2d0KcvaXzTrPRIo0kOLV0/QXHhDQ5DTi+OxcjO8xqY=", @@ -209,6 +178,21 @@ "type": "github" } }, + "flakey-profile": { + "locked": { + "lastModified": 1712898590, + "narHash": "sha256-FhGIEU93VHAChKEXx905TSiPZKga69bWl1VB37FK//I=", + "owner": "lf-", + "repo": "flakey-profile", + "rev": "243c903fd8eadc0f63d205665a92d4df91d42d9d", + "type": "github" + }, + "original": { + "owner": "lf-", + "repo": "flakey-profile", + "type": "github" + } + }, "helix": { "inputs": { "crane": "crane", @@ -217,11 +201,11 @@ "rust-overlay": "rust-overlay" }, "locked": { - "lastModified": 1719909389, - "narHash": "sha256-d6PZ7WpOV+yb4u4P+8vJ+xmRZbZxiQCpjNnqYoUTBQc=", + "lastModified": 1722983375, + "narHash": "sha256-EW07wheW5b2LGLDXlZ/V+qAyjBZIbwgqZE/mUP4nxu4=", "owner": "helix-editor", "repo": "helix", - "rev": "fc97ecc3e3186b9dfe958869178bdb6b8cd7d8df", + "rev": "0929704699ec14e6d4770ddc345a80225a8a7fae", "type": "github" }, "original": { @@ -281,11 +265,11 @@ "rust-overlay": "rust-overlay_2" }, "locked": { - "lastModified": 1716678964, - "narHash": "sha256-6FPtXPjImzVg4kBEKZSIZwNnlWU+y+bqzOXnp/SpD3w=", + "lastModified": 1722498350, + "narHash": "sha256-t0heqTBYYBj8XfOH2eqQ3mb5fmatdRxumOLs5H6Lfy8=", "owner": "ulyssa", "repo": "iamb", - "rev": "497be7f0998d850e123362aa0ac2f8fdb8362066", + "rev": "653287478efeb0c1d4dfe85f2f24437fb0e38e11", "type": "github" }, "original": { @@ -309,6 +293,41 @@ "type": "github" } }, + "lix": { + "flake": false, + "locked": { + "lastModified": 1720626042, + "narHash": "sha256-f8k+BezKdJfmE+k7zgBJiohtS3VkkriycdXYsKOm3sc=", + "rev": "2a4376be20d70feaa2b0e640c5041fb66ddc67ed", + "type": "tarball", + "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/2a4376be20d70feaa2b0e640c5041fb66ddc67ed.tar.gz" + }, + "original": { + "type": "tarball", + "url": "https://git.lix.systems/lix-project/lix/archive/2.90.0.tar.gz" + } + }, + "lix-module": { + "inputs": { + "flake-utils": "flake-utils_4", + "flakey-profile": "flakey-profile", + "lix": "lix", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1720641669, + "narHash": "sha256-yEO2cGNgzm9x/XxiDQI+WckSWnZX63R8aJLBRSXtYNE=", + "rev": "5c48c833c15bb80d127a398a8c2484d42fdd8257", + "type": "tarball", + "url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/5c48c833c15bb80d127a398a8c2484d42fdd8257.tar.gz" + }, + "original": { + "type": "tarball", + "url": "https://git.lix.systems/lix-project/nixos-module/archive/2.90.0.tar.gz" + } + }, "lolpizza": { "inputs": { "nixpkgs": [ @@ -346,35 +365,13 @@ "type": "github" } }, - "nixd": { - "inputs": { - "flake-parts": "flake-parts", - "flake-root": "flake-root", - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1719387257, - "narHash": "sha256-q5nj4TFggEHcyKuETmVEFeGztkAYXl3TDIOfd6swo4U=", - "owner": "nix-community", - "repo": "nixd", - "rev": "60a925008bc353136ba5babce437f42819c1645c", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "nixd", - "type": "github" - } - }, "nixos-hardware": { "locked": { - "lastModified": 1719895800, - "narHash": "sha256-xNbjISJTFailxass4LmdWeV4jNhAlmJPwj46a/GxE6M=", + "lastModified": 1722332872, + "narHash": "sha256-2xLM4sc5QBfi0U/AANJAW21Bj4ZX479MHPMPkB+eKBU=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "6e253f12b1009053eff5344be5e835f604bb64cd", + "rev": "14c333162ba53c02853add87a0000cbd7aa230c2", "type": "github" }, "original": { @@ -402,11 +399,11 @@ }, "nixpkgs-darwin": { "locked": { - "lastModified": 1720122915, - "narHash": "sha256-Nby8WWxj0elBu1xuRaUcRjPi/rU3xVbkAt2kj4QwX2U=", + "lastModified": 1722940684, + "narHash": "sha256-X8JnSq0ruRWsU4PdYuxV+8W4W66F1lnCcxIZZMWzo4E=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "835cf2d3f37989c5db6585a28de967a667a75fb1", + "rev": "a3103d68517c6ad262ea27c96fc4a38ad81be7a0", "type": "github" }, "original": { @@ -416,31 +413,13 @@ "type": "github" } }, - "nixpkgs-lib": { - "locked": { - "dir": "lib", - "lastModified": 1714253743, - "narHash": "sha256-mdTQw2XlariysyScCv2tTE45QSU9v/ezLcHJ22f0Nxc=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "58a1abdbae3217ca6b702f03d3b35125d88a2994", - "type": "github" - }, - "original": { - "dir": "lib", - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, "nixpkgs-master": { "locked": { - "lastModified": 1720193536, - "narHash": "sha256-9+H1hDPilw2/DYzUWDLxG4bWrrFA/G4XnCjfbh1h1XQ=", + "lastModified": 1723031421, + "narHash": "sha256-Q4iMzihS+4mzCadp+ADr782Jrd1Mgvr7lLZbkWx33Hw=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "e727204914fc58a7fe20be31d882d1c342606b14", + "rev": "1602c0d3c0247d23eb7ca501c3e592aa1762e37b", "type": "github" }, "original": { @@ -468,11 +447,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1719956923, - "narHash": "sha256-nNJHJ9kfPdzYsCOlHOnbiiyKjZUW5sWbwx3cakg3/C4=", + "lastModified": 1722869614, + "narHash": "sha256-7ojM1KSk3mzutD7SkrdSflHXEujPvW1u7QuqWoTLXQU=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "706eef542dec88cc0ed25b9075d3037564b2d164", + "rev": "883180e6550c1723395a3a342f830bfc5c371f6b", "type": "github" }, "original": { @@ -482,54 +461,6 @@ "type": "github" } }, - "nnn-nvim": { - "flake": false, - "locked": { - "lastModified": 1691595542, - "narHash": "sha256-8+ax8n1fA4jgJugvWtRXkad4YM7TmAAsAopzalmGu/4=", - "owner": "luukvbaal", - "repo": "nnn.nvim", - "rev": "662034c73718885ee599ad9fb193ab1ede70fbcb", - "type": "github" - }, - "original": { - "owner": "luukvbaal", - "repo": "nnn.nvim", - "type": "github" - } - }, - "noice-nvim": { - "flake": false, - "locked": { - "lastModified": 1720187089, - "narHash": "sha256-QvvQsRdKVOdG5tzk8WCcHCIywo1V792h1+OFEoQu3yk=", - "owner": "folke", - "repo": "noice.nvim", - "rev": "f26515c768a4b8eb39b4ec6b04d244ad4bc7cfc9", - "type": "github" - }, - "original": { - "owner": "folke", - "repo": "noice.nvim", - "type": "github" - } - }, - "notify-nvim": { - "flake": false, - "locked": { - "lastModified": 1715959703, - "narHash": "sha256-wxyHwL/uFdp6w32CVHgSOWkzRrIRuFvWh+J2401RAAA=", - "owner": "rcarriga", - "repo": "nvim-notify", - "rev": "d333b6f167900f6d9d42a59005d82919830626bf", - "type": "github" - }, - "original": { - "owner": "rcarriga", - "repo": "nvim-notify", - "type": "github" - } - }, "pandoc-latex-template": { "flake": false, "locked": { @@ -548,7 +479,7 @@ }, "pnpm2nix": { "inputs": { - "flake-utils": "flake-utils_4", + "flake-utils": "flake-utils_5", "nixpkgs": [ "lolpizza", "nixpkgs" @@ -571,32 +502,23 @@ "root": { "inputs": { "agenix": "agenix", - "agkozak-zsh-prompt": "agkozak-zsh-prompt", "darwin": "darwin_2", "helix": "helix", "home-manager": "home-manager_2", "imab": "imab", "impermanence": "impermanence", + "lix-module": "lix-module", "lolpizza": "lolpizza", "miro": "miro", - "nixd": "nixd", "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs_3", "nixpkgs-darwin": "nixpkgs-darwin", "nixpkgs-master": "nixpkgs-master", - "nnn-nvim": "nnn-nvim", - "noice-nvim": "noice-nvim", - "notify-nvim": "notify-nvim", "pandoc-latex-template": "pandoc-latex-template", "spoons": "spoons", "utils": "utils", "x": "x", - "xonsh-direnv": "xonsh-direnv", - "xonsh-fish-completer": "xonsh-fish-completer", - "xynoblog": "xynoblog", - "zsh-completions": "zsh-completions", - "zsh-syntax-highlighting": "zsh-syntax-highlighting", - "zsh-vim-mode": "zsh-vim-mode" + "xynoblog": "xynoblog" } }, "rust-overlay": { @@ -749,9 +671,24 @@ "type": "github" } }, + "systems_7": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, "utils": { "inputs": { - "systems": "systems_6" + "systems": "systems_7" }, "locked": { "lastModified": 1710146030, @@ -787,38 +724,6 @@ "type": "github" } }, - "xonsh-direnv": { - "flake": false, - "locked": { - "lastModified": 1655602282, - "narHash": "sha256-h56Gx/MMCW4L6nGwLAhBkiR7bX+qfFk80LEsJMiDtjQ=", - "owner": "74th", - "repo": "xonsh-direnv", - "rev": "3bea5847b9459c5799c64966ec85e624d0be69b9", - "type": "github" - }, - "original": { - "owner": "74th", - "repo": "xonsh-direnv", - "type": "github" - } - }, - "xonsh-fish-completer": { - "flake": false, - "locked": { - "lastModified": 1718649913, - "narHash": "sha256-WmxOQ7F8avd/FWiezK54e2vBvvAolmDy51KwLA6FXkU=", - "owner": "xonsh", - "repo": "xontrib-fish-completer", - "rev": "c345f0bf8c6aa8b717ac645c38050ae1a1902e0e", - "type": "github" - }, - "original": { - "owner": "xonsh", - "repo": "xontrib-fish-completer", - "type": "github" - } - }, "xynoblog": { "inputs": { "nixpkgs": [ @@ -838,55 +743,6 @@ "repo": "blog", "type": "github" } - }, - "zsh-completions": { - "flake": false, - "locked": { - "lastModified": 1719369174, - "narHash": "sha256-ZMkGQT27PKi5yYT9eIF2yj8Hlk2oRIQTkY+J+aXZZ5E=", - "owner": "zsh-users", - "repo": "zsh-completions", - "rev": "7a884c75b4f3ce2d8d24df8e55dcc359a020be3f", - "type": "github" - }, - "original": { - "owner": "zsh-users", - "repo": "zsh-completions", - "type": "github" - } - }, - "zsh-syntax-highlighting": { - "flake": false, - "locked": { - "lastModified": 1704566212, - "narHash": "sha256-4rW2N+ankAH4sA6Sa5mr9IKsdAg7WTgrmyqJ2V1vygQ=", - "owner": "zsh-users", - "repo": "zsh-syntax-highlighting", - "rev": "e0165eaa730dd0fa321a6a6de74f092fe87630b0", - "type": "github" - }, - "original": { - "owner": "zsh-users", - "ref": "master", - "repo": "zsh-syntax-highlighting", - "type": "github" - } - }, - "zsh-vim-mode": { - "flake": false, - "locked": { - "lastModified": 1616290526, - "narHash": "sha256-a+6EWMRY1c1HQpNtJf5InCzU7/RphZjimLdXIXbO6cQ=", - "owner": "softmoth", - "repo": "zsh-vim-mode", - "rev": "1f9953b7d6f2f0a8d2cb8e8977baa48278a31eab", - "type": "github" - }, - "original": { - "owner": "softmoth", - "repo": "zsh-vim-mode", - "type": "github" - } } }, "root": "root", diff --git a/flake.nix b/flake.nix index f15b6c4e..fafb5c65 100644 --- a/flake.nix +++ b/flake.nix @@ -16,6 +16,10 @@ nixos-hardware.url = "github:NixOS/nixos-hardware/master"; darwin.url = "github:lnl7/nix-darwin/master"; darwin.inputs.nixpkgs.follows = "nixpkgs"; + lix-module = { + url = "https://git.lix.systems/lix-project/nixos-module/archive/2.90.0.tar.gz"; + inputs.nixpkgs.follows = "nixpkgs"; + }; # programs xynoblog.url = "github:thexyno/blog"; @@ -29,33 +33,33 @@ helix.url = "github:helix-editor/helix"; ## editor stuff - nixd.url = "github:nix-community/nixd"; - nixd.inputs.nixpkgs.follows = "nixpkgs"; + # nixd.url = "github:nix-community/nixd"; + # nixd.inputs.nixpkgs.follows = "nixpkgs"; ## vim - nnn-nvim.url = "github:luukvbaal/nnn.nvim"; - nnn-nvim.flake = false; - notify-nvim.url = "github:rcarriga/nvim-notify"; - notify-nvim.flake = false; - noice-nvim.url = "github:folke/noice.nvim"; - noice-nvim.flake = false; + # nnn-nvim.url = "github:luukvbaal/nnn.nvim"; + # nnn-nvim.flake = false; + # notify-nvim.url = "github:rcarriga/nvim-notify"; + # notify-nvim.flake = false; + # noice-nvim.url = "github:folke/noice.nvim"; + # noice-nvim.flake = false; - ## zsh - zsh-completions.url = "github:zsh-users/zsh-completions"; - zsh-completions.flake = false; - zsh-syntax-highlighting.url = "github:zsh-users/zsh-syntax-highlighting/master"; - zsh-syntax-highlighting.flake = false; - zsh-vim-mode.url = "github:softmoth/zsh-vim-mode"; - zsh-vim-mode.flake = false; - agkozak-zsh-prompt.url = "github:agkozak/agkozak-zsh-prompt"; - agkozak-zsh-prompt.flake = false; + # ## zsh + # zsh-completions.url = "github:zsh-users/zsh-completions"; + # zsh-completions.flake = false; + # zsh-syntax-highlighting.url = "github:zsh-users/zsh-syntax-highlighting/master"; + # zsh-syntax-highlighting.flake = false; + # zsh-vim-mode.url = "github:softmoth/zsh-vim-mode"; + # zsh-vim-mode.flake = false; + # agkozak-zsh-prompt.url = "github:agkozak/agkozak-zsh-prompt"; + # agkozak-zsh-prompt.flake = false; - ## xonsh - xonsh-fish-completer.url = "github:xonsh/xontrib-fish-completer"; - xonsh-fish-completer.flake = false; - xonsh-direnv.url = "github:74th/xonsh-direnv"; - xonsh-direnv.flake = false; + # ## xonsh + # xonsh-fish-completer.url = "github:xonsh/xontrib-fish-completer"; + # xonsh-fish-completer.flake = false; + # xonsh-direnv.url = "github:74th/xonsh-direnv"; + # xonsh-direnv.flake = false; ## hammerspoon miro.url = "github:miromannino/miro-windows-manager"; @@ -83,7 +87,7 @@ , utils , xynoblog , lolpizza - , nixd + , lix-module , x , ... }: @@ -95,7 +99,6 @@ overlays = [ self.overlays.default - nixd.overlays.default ]; genPkgsWithOverlays = system: import nixpkgs { inherit system overlays; @@ -118,6 +121,7 @@ inherit system; specialArgs = { inherit lib inputs; }; modules = [ + lix-module.nixosModules.default agenix.nixosModules.age impermanence.nixosModules.impermanence home-manager.nixosModules.home-manager diff --git a/hm-modules/helix/default.nix b/hm-modules/helix/default.nix index 5f77c1af..71b89349 100644 --- a/hm-modules/helix/default.nix +++ b/hm-modules/helix/default.nix @@ -9,7 +9,9 @@ in jsonnet-language-server jsonnet nixpkgs-fmt + omnisharp-roslyn ## ts + nodePackages_latest.prettier typescript dprint nodePackages_latest.typescript-language-server @@ -30,17 +32,27 @@ in }; }; languages = { + language-server.pyright.config.python.analysis.typeCheckingMode = "basic"; + language-server.ruff = { + command = "ruff-lsp"; + config.settings.args = ["--ignore" "E501"]; + }; language = lib.flatten [ (map (x: { name = x; language-servers = [ "typescript-language-server" "eslint" ]; - formatter = { command = "dprint"; args = [ "fmt" "--stdin" x ]; }; + #formatter = { command = "dprint"; args = [ "fmt" "--stdin" x ]; }; + formatter = { command = "prettier"; args = ["--parser" "typescript"]; }; }) [ "typescript" "javascript" "jsx" "tsx" ]) { name = "nix"; formatter = { command = "nixpkgs-fmt"; }; } + { + name = "python"; + language-servers = [ "pyright" "ruff" ]; + } ]; }; }; diff --git a/hosts/ds9/containers.nix b/hosts/ds9/containers.nix new file mode 100644 index 00000000..e80ba653 --- /dev/null +++ b/hosts/ds9/containers.nix @@ -0,0 +1,128 @@ +{ config, pkgs, lib, ... }: +let + postgres-multi-db = pkgs.writeText "postgres-multiple-db.sh" '' + #!/usr/bin/env bash + set -eu + + if [ -n "$POSTGRES_MULTIPLE_DATABASES" ]; then + echo "Multiple database creation requested: $POSTGRES_MULTIPLE_DATABASES" + ( + for db in $(echo $POSTGRES_MULTIPLE_DATABASES | tr ',' ' '); do + echo "CREATE DATABASE $db;" + done + for user in $(echo $POSTGRES_MULTIPLE_DATABASES_USERS | tr ',' ' '); do + while IFS=":" read -r usr pw + do + echo "CREATE USER $usr PASSWORD '$pw';" + echo "GRANT ALL PRIVILEGES ON DATABASE \"$usr\" TO $usr;" + done <(echo $user) + done + ) | psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" + fi + ''; +in +{ + networking.firewall.interfaces."podman+".allowedUDPPorts = [ 53 ]; + networking.firewall.interfaces."podman+".allowedTCPPorts = [ 12300 3001 ]; + fileSystems."/var/lib/containers" = { + device = "spool/safe/containers"; + fsType = "zfs"; + }; + # plex + networking.firewall = { + allowedTCPPorts = [ 32400 3005 8324 32469 ]; + allowedUDPPorts = [ 1900 5353 32410 32412 32413 32414 ]; + }; + virtualisation.oci-containers.containers.plex = { + image = "docker.io/plexinc/pms-docker"; + extraOptions = [ "--network=host" ]; + environment = { + TZ = "Europe/Berlin"; + PLEX_UID = "1000"; + PLEX_GID = "100"; + }; + + volumes = [ + "/data/media:/data/media" + "plex-transcode:/transcode" + "plex-db:/config" + ]; + }; + # postgres + ragon.agenix.secrets.ds9PostgresEnv = { }; + systemd.services."podman-db-network" = { + script = '' + ${pkgs.podman}/bin/podman network exists db-net || ${pkgs.podman}/bin/podman network create db-net --internal --ipv6 + ''; + }; + virtualisation.oci-containers.containers.postgres = { + image = "docker.io/tensorchord/pgvecto-rs:pg16-v0.2.1"; + extraOptions = [ "--network=db-net" "--health-cmd" "pg_isready -U postgres" ]; + dependsOn = [ "db-network" ]; + environment = { + POSTGRES_INITDB_ARGS = "--data-checksums"; + }; + environmentFiles = [ + config.age.secrets.ds9PostgresEnv.path + ]; + volumes = [ + "${postgres-multi-db}:/docker-entrypoint-initdb.d/create-multiple-postgresql-databases.sh" + "postgres:/var/lib/postgresql/data" + ]; + }; + # immich + ragon.agenix.secrets.ds9ImmichEnv = { }; + systemd.services."podman-immich-network" = { + script = '' + echo "Creating immich network" + ${pkgs.podman}/bin/podman network exists immich-net || ${pkgs.podman}/bin/podman network create immich-net --internal --ipv6 + echo "Created immich network" + ''; + }; + virtualisation.oci-containers.containers.immich-redis = { + image = "docker.io/valkey/valkey:7.2.6-alpine"; + environment.TZ = "Europe/Berlin"; + extraOptions = [ "--health-cmd" "valkey-cli ping || exit 1" "--network=immich-net" ]; + environmentFiles = [ + config.age.secrets.ds9ImmichEnv.path + ]; + dependsOn = [ "immich-network" ]; + }; + virtualisation.oci-containers.containers.immich-server = { + user = "1000:100"; + image = "ghcr.io/immich-app/immich-server:release"; + extraOptions = [ "--network=immich-net" "--network=db-net" ]; + dependsOn = [ "immich-network" "immich-redis" "postgres" ]; + ports = [ "8765:3001" ]; + volumes = [ + "/data/immich:/usr/src/app/upload" + ]; + environment = { + IMICH_HOST = "0.0.0.0"; + DB_HOSTNAME = "postgres"; + REDIS_HOSTNAME = "immich-redis"; + TZ = "Europe/Berlin"; + }; + environmentFiles = [ + config.age.secrets.ds9ImmichEnv.path + ]; + }; + virtualisation.oci-containers.containers.immich-machine-learning = { + user = "1000:100"; + image = "ghcr.io/immich-app/immich-machine-learning:release"; + extraOptions = [ "--network=immich-net" "--network=db-net" "--network=podman" ]; + dependsOn = [ "immich-network" "immich-redis" "postgres" ]; + volumes = [ + "immich-model-cache:/cache" + ]; + environment = { + DB_HOSTNAME = "postgres"; + REDIS_HOSTNAME = "immich-redis"; + TZ = "Europe/Berlin"; + }; + environmentFiles = [ + config.age.secrets.ds9ImmichEnv.path + ]; + }; + +} diff --git a/hosts/ds9/default.nix b/hosts/ds9/default.nix index 85fd041b..ebe402a0 100644 --- a/hosts/ds9/default.nix +++ b/hosts/ds9/default.nix @@ -8,16 +8,17 @@ in [ ./hardware-configuration.nix + ./containers.nix ./backup.nix - ./plex.nix + # ./plex.nix ./samba.nix ../../nixos-modules/networking/tailscale.nix ../../nixos-modules/services/docker.nix ../../nixos-modules/services/libvirt.nix ../../nixos-modules/services/msmtp.nix - ../../nixos-modules/services/paperless.nix - ../../nixos-modules/services/photoprism.nix + # ../../nixos-modules/services/paperless.nix + # ../../nixos-modules/services/photoprism.nix ../../nixos-modules/services/samba.nix ../../nixos-modules/services/ssh.nix ../../nixos-modules/services/caddy @@ -137,13 +138,13 @@ in } ''; virtualHosts."*.hailsatan.eu".extraConfig = '' - @paperless host paperless.hailsatan.eu - handle @paperless { - reverse_proxy ${config.ragon.services.paperless.location} - } - @photos host photos.hailsatan.eu - handle @photos { - reverse_proxy ${config.ragon.services.photoprism.location} + @immich host immich.hailsatan.eu + handle @immich { + reverse_proxy http://immich-server:3001 { + transport http { + resolvers 10.89.0.1 # podman dns + } + } } @bzzt-api host bzzt-api.hailsatan.eu handle @bzzt-api { @@ -165,44 +166,45 @@ in home-manager.users.ragon = { pkgs, lib, inputs, config, ... }: { imports = [ - ../../hm-modules/nvim - ../../hm-modules/zsh + # ../../hm-modules/nvim + ../../hm-modules/helix + # ../../hm-modules/zsh ../../hm-modules/tmux - ../../hm-modules/xonsh + # ../../hm-modules/xonsh ../../hm-modules/cli.nix ../../hm-modules/files.nix ]; - ragon.xonsh.enable = true; + # ragon.xonsh.enable = true; programs.home-manager.enable = true; home.stateVersion = "23.11"; }; # begin kube - services.k3s = { - enable = true; - extraFlags = "--disable=traefik --cluster-cidr 10.42.0.0/16,2001:cafe:42::/56 --service-cidr=10.43.0.0/16,2001:cafe:43::/112 --vpn-auth-file=/persistent/tailscale-auth-file"; - }; - systemd.services.k3s.path = [pkgs.tailscale pkgs.coreutils pkgs.bash]; + # services.k3s = { + # enable = true; + # extraFlags = "--disable=traefik --cluster-cidr 10.42.0.0/16,2001:cafe:42::/56 --service-cidr=10.43.0.0/16,2001:cafe:43::/112 --vpn-auth-file=/persistent/tailscale-auth-file"; + #}; + # systemd.services.k3s.path = [pkgs.tailscale pkgs.coreutils pkgs.bash]; # end kube ragon = { agenix.secrets."ionos" = { }; user.enable = true; persist.enable = true; - persist.extraDirectories = [ "/var/lib/syncthing" config.services.plex.dataDir "/var/lib/minecraft" "/var/lib/bzzt" "/var/lib/rancher" "/etc/rancher" ]; + persist.extraDirectories = [ "/var/lib/syncthing" "/var/lib/minecraft" "/var/lib/bzzt" "/var/lib/rancher" "/etc/rancher" "/root/.cache" ]; services = { caddy.enable = true; docker.enable = true; ssh.enable = true; msmtp.enable = true; - photoprism.enable = true; + # photoprism.enable = true; tailscale.enable = true; tailscale.exitNode = true; tailscale.extraUpCommands = "--advertise-routes=10.0.0.0/16"; libvirt.enable = true; - paperless.enable = true; + # paperless.enable = true; }; }; diff --git a/nixos-modules/services/caddy/custom-caddy.nix b/nixos-modules/services/caddy/custom-caddy.nix index 219001c5..976426e1 100644 --- a/nixos-modules/services/caddy/custom-caddy.nix +++ b/nixos-modules/services/caddy/custom-caddy.nix @@ -37,7 +37,7 @@ caddy.override { cp -r --reflink=auto . $out ''; - outputHash = "sha256-mKBIAwYXHeR9J6yFD/Exn5Yh6sd6Hl2tlZNE+f/z+BQ="; + outputHash = "sha256-0wTy7+nOcTlnbs8BDpleKW6X8Lo21Okas4wh7PLl254="; outputHashMode = "recursive"; }; diff --git a/nixos-modules/services/docker.nix b/nixos-modules/services/docker.nix index e583676d..69f8585e 100644 --- a/nixos-modules/services/docker.nix +++ b/nixos-modules/services/docker.nix @@ -5,8 +5,10 @@ in { options.ragon.services.docker.enable = lib.mkEnableOption "Enables docker"; config = lib.mkIf cfg.enable { - virtualisation.oci-containers.backend = "docker"; - virtualisation.docker.enable = true; + virtualisation.oci-containers.backend = "podman"; + virtualisation.podman.enable = true; + virtualisation.podman.dockerCompat = true; + virtualisation.podman.defaultNetwork.settings.dns_enabled = true; ragon.user.extraGroups = [ "docker" "podman" ]; ragon.persist.extraDirectories = [ "/var/lib/docker" diff --git a/secrets/ds9ImmichEnv.age b/secrets/ds9ImmichEnv.age new file mode 100644 index 00000000..406f1bb5 Binary files /dev/null and b/secrets/ds9ImmichEnv.age differ diff --git a/secrets/ds9PostgresEnv.age b/secrets/ds9PostgresEnv.age new file mode 100644 index 00000000..aa8b831b --- /dev/null +++ b/secrets/ds9PostgresEnv.age @@ -0,0 +1,17 @@ +age-encryption.org/v1 +-> ssh-ed25519 IbXxfw P10Lhs1gujyqDzLxd1h7GuAFXB99z5sSG0dDV/hqR2c +c7vDnj6LlfMXrr0pNY07N7vhkgKDh1ViZdihb1mKN2A +-> ssh-ed25519 ugHWWw y/nd+5zDy8Kr9ilNbqhOyG/9nEzteN/wCZ9kF/bX5Ts +ynnNLHcs0wapcdpmcL10yDVdKaBzEiuVlmOQEZy0oVw +-> ssh-ed25519 UU9RSA 3d7ZP1P/Ag7DumJEmwoSWVal+DIaJcXmfXcSBvwJtQ8 +dj+t6FQNnt2ce02hoEJOfhgSPO1mN0BC11g4UNNIrDs +-> ssh-ed25519 RJI3BA 7Sxgas0Enl5oHY4i4LW67Gw0EGc8+TQ5GTcqivgDcDs +lhuosgaaIyj8WCAYdzxPQPI2cYNdPZzAsHoiHyOkGmU +-> ssh-ed25519 XnvJKw DMDpaKnhYfNCXicz6jsXvugFTCn5daEqNlZhxkCloik +g1FtcJZjwFrbxi15hrvDixtz6DNFAMwY2PwS7Ccblgk +-> ssh-ed25519 7NL5Ng p2tm4jsK4L6QoiLxlvyWga5fRGNgugdvutdnMcN9mBQ +XWLbcAiojL9oev6YNClM39M4lbK0stICiAhEQ4gEdrw +--- fZu3KRb/I7iMUVsUPZLoxn7HcyGxPTwVGY2wBf75duo +LB| +XQf뎲>:j'Fns:h-7;NPoQNrM\R&CiS,PcMVk~ms>3"vgOMH3D.~ߏ0Sq+0$t.G̡2 o8R/)]+#pZ@@ϯ>^:^fYe^# E;  +͑ ?$3Ͼ І*gm xbO#*л^P rs3F L9r$a(2N \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix index ccb56d44..7743abc4 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -17,6 +17,8 @@ in "photoprismEnv.age".publicKeys = pubkeys.ragon.host "ds9"; "ds9OffsiteBackupSSH.age".publicKeys = pubkeys.ragon.host "ds9"; "ds9SyncoidHealthCheckUrl.age".publicKeys = pubkeys.ragon.host "ds9"; + "ds9PostgresEnv.age".publicKeys = pubkeys.ragon.host "ds9"; + "ds9ImmichEnv.age".publicKeys = pubkeys.ragon.host "ds9"; "gatebridgeHostKeys.age".publicKeys = pubkeys.ragon.server; "plausibleAdminPw.age".publicKeys = pubkeys.ragon.host "picard"; "plausibleGoogleClientId.age".publicKeys = pubkeys.ragon.host "picard";