sokai/mynixos-config
1
1
Fork 0
forked from mirrors_public/oddlama_nix-config
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

chore: format everything

Browse source
This commit is contained in:
oddlama 2024-11-26 13:34:55 +01:00
parent deca311c68
commit 7ccd7856ee
No known key found for this signature in database
GPG key ID: 14EFE510775FE39A
162 changed files with 4750 additions and 3718 deletions
Download patch file Download diff file Expand all files Collapse all files

51
hosts/sire/guests/immich.nix
View file

@ -4,7 +4,8 @@
nodes,
pkgs,
...
}: let
}:
let
sentinelCfg = nodes.sentinel.config;
wardWebProxyCfg = nodes.ward-web-proxy.config;
immichDomain = "immich.${globals.domains.me}";
@ -127,12 +128,13 @@
serviceConfig = {
serviceConfig.Restart = "always";
after = ["podman-network-immich-default.service"];
requires = ["podman-network-immich-default.service"];
partOf = ["podman-compose-immich-root.target"];
wantedBy = ["podman-compose-immich-root.target"];
after = [ "podman-network-immich-default.service" ];
requires = [ "podman-network-immich-default.service" ];
partOf = [ "podman-compose-immich-root.target" ];
wantedBy = [ "podman-compose-immich-root.target" ];
};
in {
in
{
microvm.mem = 1024 * 12;
microvm.vcpu = 16;
@ -155,7 +157,7 @@ in {
system.activationScripts.agenixRooterDerivedSecrets = {
# Run after agenix has generated secrets
deps = ["agenix"];
deps = [ "agenix" ];
text = ''
immichClientSecret=$(< ${config.age.secrets.immich-oauth2-client-secret.path})
${pkgs.jq}/bin/jq --arg immichClientSecret "$immichClientSecret" '.oauth.clientSecret = $immichClientSecret' ${configFile} > ${processedConfigFile}
@ -165,14 +167,14 @@ in {
wireguard.proxy-sentinel = {
client.via = "sentinel";
firewallRuleForNode.sentinel.allowedTCPPorts = [2283];
firewallRuleForNode.sentinel.allowedTCPPorts = [ 2283 ];
};
wireguard.proxy-home = {
client.via = "ward";
firewallRuleForNode.ward-web-proxy.allowedTCPPorts = [2283];
firewallRuleForNode.ward-web-proxy.allowedTCPPorts = [ 2283 ];
};
networking.nftables.chains.forward.into-immich-container = {
after = ["conntrack"];
after = [ "conntrack" ];
rules = [
"iifname proxy-sentinel ip saddr ${sentinelCfg.wireguard.proxy-sentinel.ipv4} tcp dport 2283 accept"
"iifname proxy-home ip saddr ${wardWebProxyCfg.wireguard.proxy-home.ipv4} tcp dport 2283 accept"
@ -190,7 +192,7 @@ in {
nodes.sentinel = {
services.nginx = {
upstreams.immich = {
servers."${config.wireguard.proxy-sentinel.ipv4}:2283" = {};
servers."${config.wireguard.proxy-sentinel.ipv4}:2283" = { };
extraConfig = ''
zone immich 64k;
keepalive 2;
@ -222,7 +224,7 @@ in {
nodes.ward-web-proxy = {
services.nginx = {
upstreams.immich = {
servers."${config.wireguard.proxy-home.ipv4}:2283" = {};
servers."${config.wireguard.proxy-home.ipv4}:2283" = { };
extraConfig = ''
zone immich 64k;
keepalive 2;
@ -238,8 +240,7 @@ in {
locations."/" = {
proxyPass = "http://immich";
proxyWebsockets = true;
extraConfig = ''
'';
extraConfig = '''';
};
extraConfig = ''
client_max_body_size 50G;
@ -348,18 +349,16 @@ in {
"--ip=${ipImmichServer}"
];
};
systemd.services."podman-immich_server" =
serviceConfig
// {
unitConfig.UpheldBy = [
"podman-immich_postgres.service"
"podman-immich_redis.service"
];
};
systemd.services."podman-immich_server" = serviceConfig // {
unitConfig.UpheldBy = [
"podman-immich_postgres.service"
"podman-immich_redis.service"
];
};
# Networks
systemd.services."podman-network-immich-default" = {
path = [pkgs.podman];
path = [ pkgs.podman ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
@ -368,8 +367,8 @@ in {
script = ''
podman network inspect immich-default || podman network create immich-default --opt isolate=true --subnet=10.89.0.0/24 --disable-dns
'';
partOf = ["podman-compose-immich-root.target"];
wantedBy = ["podman-compose-immich-root.target"];
partOf = [ "podman-compose-immich-root.target" ];
wantedBy = [ "podman-compose-immich-root.target" ];
};
# Root service
@ -379,6 +378,6 @@ in {
unitConfig = {
Description = "Root target generated by compose2nix.";
};
wantedBy = ["multi-user.target"];
wantedBy = [ "multi-user.target" ];
};
}