helix: host photos.sealight.xyz · hyl.st/helm@a305ada

hyl.st / helm

fork

Configure Feed

Issues Pull Requests Commits Tags

Feed URL

Select the types of activity you want to include in your feed.

nix config

fork

Configure Feed

Issues Pull Requests Commits Tags

Feed URL

Select the types of activity you want to include in your feed.

helix: host photos.sealight.xyz

Anish Lakhwara 1 year ago a305adaa c6d64984

+240 -88

24 changed files

expand all collapse all

flake.lock

flake.nix

home

core

default.nix

profiles

cli

default.nix

desktop

default.nix

nvim

default.nix

tmux

default.nix

tmux.conf

hosts

box

configuration.nix

default.nix

curve

configuration.nix

helix

configuration.nix

default.nix

lituus

configuration.nix

profiles

desktop

default.nix

headphones

default.nix

immich

default.nix

jacket

default.nix

matrix

mautrix-services.nix

music

default.nix

transmission

beet-import.sh

default.nix

pkgs

default.nix

tic-80.nix

+11 -11

flake.lock

reviewed

··· 270 270 ] 271 271 }, 272 272 "locked": { 273 273 - "lastModified": 1720042825, 274 274 - "narHash": "sha256-A0vrUB6x82/jvf17qPCpxaM+ulJnD8YZwH9Ci0BsAzE=", 273 273 + "lastModified": 1736373539, 274 274 + "narHash": "sha256-dinzAqCjenWDxuy+MqUQq0I4zUSfaCvN9rzuCmgMZJY=", 275 275 "owner": "nix-community", 276 276 "repo": "home-manager", 277 277 - "rev": "e1391fb22e18a36f57e6999c7a9f966dc80ac073", 277 277 + "rev": "bd65bc3cde04c16755955630b344bc9e35272c56", 278 278 "type": "github" 279 279 }, 280 280 "original": { 281 281 "owner": "nix-community", 282 282 - "ref": "release-24.05", 282 282 + "ref": "release-24.11", 283 283 "repo": "home-manager", 284 284 "type": "github" 285 285 } ··· 354 354 }, 355 355 "nixpkgs_2": { 356 356 "locked": { 357 357 - "lastModified": 1723938990, 358 358 - "narHash": "sha256-9tUadhnZQbWIiYVXH8ncfGXGvkNq3Hag4RCBEMUk7MI=", 357 357 + "lastModified": 1738277201, 358 358 + "narHash": "sha256-6L+WXKCw5mqnUIExvqkD99pJQ41xgyCk6z/H9snClwk=", 359 359 "owner": "nixos", 360 360 "repo": "nixpkgs", 361 361 - "rev": "c42fcfbdfeae23e68fc520f9182dde9f38ad1890", 361 361 + "rev": "666e1b3f09c267afd66addebe80fb05a5ef2b554", 362 362 "type": "github" 363 363 }, 364 364 "original": { 365 365 "owner": "nixos", 366 366 - "ref": "nixos-24.05", 366 366 + "ref": "nixos-24.11", 367 367 "repo": "nixpkgs", 368 368 "type": "github" 369 369 } ··· 534 534 }, 535 535 "unstable": { 536 536 "locked": { 537 537 - "lastModified": 1723637854, 538 538 - "narHash": "sha256-med8+5DSWa2UnOqtdICndjDAEjxr5D7zaIiK4pn0Q7c=", 537 537 + "lastModified": 1738410390, 538 538 + "narHash": "sha256-xvTo0Aw0+veek7hvEVLzErmJyQkEcRk6PSR4zsRQFEc=", 539 539 "owner": "nixos", 540 540 "repo": "nixpkgs", 541 541 - "rev": "c3aa7b8938b17aebd2deecf7be0636000d62a2b9", 541 541 + "rev": "3a228057f5b619feb3186e986dbe76278d707b6e", 542 542 "type": "github" 543 543 }, 544 544 "original": {

+15 -14

flake.nix

reviewed

··· 3 3 4 4 inputs = { 5 5 # Nixpkgs 6 6 - nixpkgs.url = "github:nixos/nixpkgs/nixos-24.05"; 6 6 + nixpkgs.url = "github:nixos/nixpkgs/nixos-24.11"; 7 7 unstable.url = "github:nixos/nixpkgs/nixos-unstable"; 8 8 nixos-hardware.url = "github:NixOS/nixos-hardware/master"; 9 9 ··· 11 11 # ngipkgs-local.url = "path:/home/anish/usr/ngipkgs"; 12 12 13 13 # Home manager 14 14 - home-manager.url = "github:nix-community/home-manager/release-24.05"; 14 14 + home-manager.url = "github:nix-community/home-manager/release-24.11"; 15 15 home-manager.inputs.nixpkgs.follows = "nixpkgs"; 16 16 hardware.url = "github:nixos/nixos-hardware"; 17 17 ··· 78 78 nixpkgsFor = forAllSystems (system: 79 79 import nixpkgs { 80 80 inherit system; 81 81 - config.allowUnfreePredicate = pkg: 82 82 - builtins.elem (nixpkgs.lib.getName pkg) [ 83 83 - "ripcord" 84 84 - "vcv-rack" 85 85 - "SunVox" 86 86 - "renoise" 81 81 + config = { 82 82 + permittedInsecurePackages = [ 83 83 + "olm-3.2.16" 87 84 ]; 88 88 - # config.permittedInsecurePackages = [ 89 89 - # "python3.10-django-3.1.14" # Needed for archivebox deployments on curve 90 90 - # # Check when archive box updates it's dependeny 91 91 - # ]; 85 85 + allowUnfreePredicate = pkg: 86 86 + builtins.elem (nixpkgs.lib.getName pkg) [ 87 87 + "ripcord" 88 88 + "vcv-rack" 89 89 + "SunVox" 90 90 + "renoise" 91 91 + ]; 92 92 + }; 92 93 overlays = [ 93 94 rust-overlay.overlays.default 94 95 tidalcycles.overlays.default ··· 269 270 }; 270 271 }; 271 272 272 272 - checks = builtins.mapAttrs 273 273 - (system: deployLib: deployLib.deployChecks self.deploy) deploy-rs.lib; 273 273 + # checks = builtins.mapAttrs 274 274 + # (system: deployLib: deployLib.deployChecks self.deploy) deploy-rs.lib; 274 275 }; 275 276 }

home/core/default.nix

reviewed

··· 4 4 ../profiles/cli 5 5 ../profiles/direnv 6 6 ../profiles/git 7 7 + # ../profiles/tmux 7 8 ]; 8 9 home.stateVersion = "22.05"; 9 10 }

+1 -2

home/profiles/cli/default.nix

reviewed

··· 53 53 less 54 54 gdb 55 55 xxd 56 56 - taskwarrior 56 56 + taskwarrior2 57 57 gnupg 58 58 syncthing 59 59 dijo ··· 61 61 fontconfig 62 62 pandoc 63 63 taskwarrior-tui 64 64 - python3Packages.howdoi 65 64 vimwiki-cli 66 65 67 66 (pkgs.writeScriptBin "jq-repl" ''

+1 -1

home/profiles/desktop/default.nix

reviewed

··· 22 22 paper-icon-theme 23 23 papirus-icon-theme 24 24 libsForQt5.qtstyleplugin-kvantum 25 25 - qt5ct 25 25 + libsForQt5.qt5ct 26 26 gtk-engine-murrine 27 27 gtk_engines 28 28 maim

+1 -1

home/profiles/nvim/default.nix

reviewed

··· 866 866 zls 867 867 gopls 868 868 gcc 869 869 - nodePackages_latest.pyright 869 869 + pyright 870 870 shellcheck 871 871 proselint 872 872 statix

home/profiles/tmux/default.nix

reviewed

··· 1 1 + { 2 2 + home.file.".tmux.confg".source = ./tmux.conf 3 3 + }

+59

home/profiles/tmux/tmux.conf

reviewed

··· 1 1 + set -g base-index 1 2 2 + setw -g pane-base-index 1 3 3 + 4 4 + # https://old.reddit.com/r/tmux/comments/mesrci/tmux_2_doesnt_seem_to_use_256_colors/ 5 5 + set -g default-terminal "xterm-256color" 6 6 + set -ga terminal-overrides ",*256col*:Tc" 7 7 + set -ga terminal-overrides '*:Ss=\E[%p1%d q:Se=\E[ q' 8 8 + set-environment -g COLORTERM "truecolor" 9 9 + 10 10 + # Mouse works as expected 11 11 + set-option -g mouse on 12 12 + # easy-to-remember split pane commands 13 13 + bind | split-window -h -c "#{pane_current_path}" 14 14 + bind - split-window -v -c "#{pane_current_path}" 15 15 + 16 16 + # don't rename windows automatically 17 17 + set-option -g allow-rename off 18 18 + 19 19 + # DESIGN TWEAKS 20 20 + 21 21 + # don't do anything when a 'bell' rings 22 22 + set -g visual-activity off 23 23 + set -g visual-bell off 24 24 + set -g visual-silence off 25 25 + setw -g monitor-activity off 26 26 + set -g bell-action none 27 27 + 28 28 + # clock mode 29 29 + setw -g clock-mode-colour yellow 30 30 + 31 31 + # copy mode 32 32 + setw -g mode-style 'fg=black bg=green bold' 33 33 + 34 34 + # panes 35 35 + set -g pane-border-style 'fg=green' 36 36 + set -g pane-active-border-style 'fg=yellow' 37 37 + 38 38 + # statusbar 39 39 + set -g status-position bottom 40 40 + set -g status-justify left 41 41 + set -g status-style 'fg=green' 42 42 + 43 43 + set -g status-left '' 44 44 + set -g status-left-length 10 45 45 + 46 46 + set -g status-right-style 'fg=black bg=yellow' 47 47 + set -g status-right '%Y-%m-%d %H:%M ' 48 48 + set -g status-right-length 50 49 49 + 50 50 + setw -g window-status-current-style 'fg=black bg=green' 51 51 + setw -g window-status-current-format ' #I #W #F ' 52 52 + 53 53 + setw -g window-status-style 'fg=green bg=black' 54 54 + setw -g window-status-format ' #I #[fg=white]#W #[fg=yellow]#F ' 55 55 + 56 56 + setw -g window-status-bell-style 'fg=yellow bg=green bold' 57 57 + 58 58 + # messages 59 59 + set -g message-style 'fg=yellow bg=green bold'

-1

hosts/box/configuration.nix

reviewed

··· 88 88 # Enable the OpenSSH daemon. 89 89 services.openssh.enable = true; 90 90 networking.firewall.allowedTCPPorts = [ 22 ]; 91 91 - sound.enable = false; 92 91 93 92 programs.gnupg.agent.enable = true; 94 93 programs.gnupg.agent.pinentryPackage = pkgs.pinentry-curses;

+5 -21

hosts/box/default.nix

reviewed

··· 9 9 # ../profiles/monitoring 10 10 ../profiles/nfs 11 11 ../profiles/gonic 12 12 - # ../profiles/headphones # TODO broken on 23.11, see: https://github.com/rembo10/headphones/issues/3320 12 12 + ../profiles/headphones 13 13 ../profiles/radicale 14 14 # ../profiles/seafile # waiting for https://github.com/NixOS/nixpkgs/pull/249523 to be merged 15 15 ../profiles/syncthing ··· 23 23 # ../profiles/woodpecker-agent 24 24 # ../profiles/jellyfin 25 25 ../profiles/ulogger-server 26 26 - ../profiles/photoprism # Replace with immich 26 26 + ../profiles/immich 27 27 + ../profiles/jacket 27 28 ../profiles/gpodder 29 29 + ../profiles/transmission 28 30 #../profiles/postgres_upgrade_script 29 31 ]; 30 32 ··· 32 34 age.secrets.borg-password.file = "${self}/secrets/borg-password.age"; 33 35 services.postgresqlBackup = { 34 36 enable = true; 35 35 - databases = [ "wallabag" "photoprism" "ulogger" ]; 37 37 + databases = [ "wallabag" "immich" "ulogger" ]; 36 38 location = "/var/backup/postgresql"; 37 39 }; 38 40 mossnet.backup = { ··· 52 54 # seafile 53 55 }; 54 56 55 55 - services.transmission = { 56 56 - enable = true; 57 57 - settings = { 58 58 - rpc.bind-address = "0.0.0.0"; 59 59 - download-dir = "/mnt/two/new-music"; 60 60 - }; 61 61 - }; 62 62 - services.nginx.virtualHosts."transmission.mossnet.lan" = { 63 63 - enableACME = false; 64 64 - forceSSL = false; 65 65 - 66 66 - locations."/" = { 67 67 - extraConfig = '' 68 68 - proxy_pass http://localhost:9091/; 69 69 - proxy_set_header X-Forwarded-Host $host; 70 70 - ''; 71 71 - }; 72 72 - }; 73 57 74 58 services.nginx.virtualHosts."mast.mossnet.lan" = { 75 59 enableACME = false;

-2

hosts/curve/configuration.nix

reviewed

··· 34 34 # keyMap = "us"; 35 35 # }; 36 36 37 37 - sound.enable = true; 38 38 - 39 37 services.libinput.enable = true; 40 38 }

-1

hosts/helix/configuration.nix

reviewed

··· 21 21 22 22 # Enable the OpenSSH daemon. 23 23 services.openssh.enable = true; 24 24 - sound.enable = false; 25 24 26 25 # Define a user account. Don't forget to set a password with ‘passwd’. 27 26 # This value determines the NixOS release with which your system is to be

+16

hosts/helix/default.nix

reviewed

··· 30 30 privateKeyFile = "/run/agenix/helix-wg"; 31 31 }; 32 32 33 33 + # Reverse proxy for immich 34 34 + services.nginx.virtualHosts."photos.sealight.xyz" = { 35 35 + enableACME = true; 36 36 + forceSSL = true; 37 37 + 38 38 + locations."/" = { 39 39 + extraConfig = '' 40 40 + proxy_pass http://10.0.69.4:8567; 41 41 + proxy_set_header Host $host; 42 42 + proxy_set_header X-Real-IP $remote_addr; 43 43 + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 44 44 + proxy_set_header X-Forwarded-Proto $scheme; 45 45 + ''; 46 46 + }; 47 47 + }; 48 48 + 33 49 services.postgresql.package = pkgs.postgresql_15; 34 50 services.postgresqlBackup = { 35 51 # TODO needs working wireguard to box

-2

hosts/lituus/configuration.nix

reviewed

··· 19 19 # networking.proxy.default = "http://user:password@proxy:port/"; 20 20 # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; 21 21 22 22 - sound.enable = false; 23 23 - 24 22 # Define a user account. Don't forget to set a password with ‘passwd’. 25 23 # This value determines the NixOS release with which your system is to be 26 24 # compatible, in order to avoid breaking some software such as database

+1 -1

hosts/profiles/desktop/default.nix

reviewed

··· 60 60 #unstable.sublime-music 61 61 # olm-3.2.16 is now insecure 62 62 # some reason I can't set insecure packages that will be respected 63 63 - nheko 63 63 + # nheko 64 64 unstable.signal-desktop 65 65 unstable.tuba 66 66 unstable.newsflash

-1

hosts/profiles/headphones/default.nix

reviewed

··· 4 4 enable = true; 5 5 host = "0.0.0.0"; 6 6 port = 8181; 7 7 - package = "${pkgs.unstable.headphones}"; 8 7 user = "headphones"; 9 8 group = "audio"; 10 9 dataDir = "/data/music";

+23

hosts/profiles/immich/default.nix

reviewed

··· 1 1 + { ... }: 2 2 + { 3 3 + services.immich = { 4 4 + enable = true; 5 5 + database = { 6 6 + enable = true; 7 7 + }; 8 8 + host = "0.0.0.0"; 9 9 + port = 8567; 10 10 + mediaLocation = "/data/photos"; 11 11 + externalDomain = "https://photos.sealight.xyz"; 12 12 + }; 13 13 + services.nginx.virtualHosts."photos.mossnet.lan" = { 14 14 + enableACME = false; 15 15 + forceSSL = false; 16 16 + 17 17 + locations."/" = { 18 18 + extraConfig = '' 19 19 + proxy_pass http://127.0.0.1:8567/; 20 20 + ''; 21 21 + }; 22 22 + }; 23 23 + }

+37

hosts/profiles/jacket/default.nix

reviewed

··· 1 1 + { config, lib, pkgs, ... }: 2 2 + { 3 3 + services.jackett = { 4 4 + enable = true; 5 5 + host = "0.0.0.0"; 6 6 + port = 8011; 7 7 + user = "jackett"; 8 8 + group = "transmission"; 9 9 + }; 10 10 + services.nginx.virtualHosts."jackett.mossnet.lan" = { 11 11 + enableACME = false; 12 12 + forceSSL = false; 13 13 + 14 14 + locations."/" = { 15 15 + extraConfig = '' 16 16 + proxy_pass http://127.0.0.1:8011/; 17 17 + ''; 18 18 + }; 19 19 + }; 20 20 + services.lidarr = { 21 21 + enable = true; 22 22 + host = "0.0.0.0"; 23 23 + port = 8012; 24 24 + user = "lidarr"; 25 25 + group = "transmission"; 26 26 + }; 27 27 + services.nginx.virtualHosts."lidarr.mossnet.lan" = { 28 28 + enableACME = false; 29 29 + forceSSL = false; 30 30 + 31 31 + locations."/" = { 32 32 + extraConfig = '' 33 33 + proxy_pass http://127.0.0.1:8012/; 34 34 + ''; 35 35 + }; 36 36 + }; 37 37 + }

+26 -26

hosts/profiles/matrix/mautrix-services.nix

reviewed

··· 19 19 homeserverURL = "https://sealight.xyz/"; 20 20 homeserverDomain = "sealight.xyz"; 21 21 services = { 22 22 - whatsapp = { 23 23 - port = 29183; 24 24 - format = "mautrix-go"; 25 25 - package = pkgs.mautrix-whatsapp; 26 26 - }; 22 22 + # whatsapp = { 23 23 + # port = 29183; 24 24 + # format = "mautrix-go"; 25 25 + # package = pkgs.mautrix-whatsapp; 26 26 + # }; 27 27 28 28 - discord = { 29 29 - port = 29188; 30 30 - format = "mautrix-go"; 31 31 - package = pkgs.my-mautrix-discord; 32 32 - }; 28 28 + # discord = { 29 29 + # port = 29188; 30 30 + # format = "mautrix-go"; 31 31 + # package = pkgs.unstable.mautrix-discord; 32 32 + # }; 33 33 34 34 - signal = { 35 35 - port = 29184; 36 36 - format = "mautrix-python"; 37 37 - package = pkgs.unstable.mautrix-signal; 38 38 - serviceConfig = { 39 39 - StateDirectory = [ "matrix-as-signal" "signald" ]; 40 40 - SupplementaryGroups = [ "signald" ]; 41 41 - TimeoutStopSec = 1; # work around the service ignoring SIGTERM, see https://gitlab.com/coffeetables/nix-matrix-appservices/-/issues/12 42 42 - User = lib.mkForce config.services.signald.user; 43 43 - Group = lib.mkForce config.services.signald.group; 44 44 - }; 45 45 - settings.signal = { 46 46 - socket_path = config.services.signald.socketPath; 47 47 - outgoing_attachment_dir = "/var/lib/signald/tmp"; 48 48 - }; 49 49 - }; 34 34 + # signal = { 35 35 + # port = 29184; 36 36 + # format = "mautrix-python"; 37 37 + # package = pkgs.unstable.mautrix-signal; 38 38 + # serviceConfig = { 39 39 + # StateDirectory = [ "matrix-as-signal" "signald" ]; 40 40 + # SupplementaryGroups = [ "signald" ]; 41 41 + # TimeoutStopSec = 1; # work around the service ignoring SIGTERM, see https://gitlab.com/coffeetables/nix-matrix-appservices/-/issues/12 42 42 + # User = lib.mkForce config.services.signald.user; 43 43 + # Group = lib.mkForce config.services.signald.group; 44 44 + # }; 45 45 + # settings.signal = { 46 46 + # socket_path = config.services.signald.socketPath; 47 47 + # outgoing_attachment_dir = "/var/lib/signald/tmp"; 48 48 + # }; 49 49 + # }; 50 50 }; 51 51 }; 52 52 }

+1 -1

hosts/profiles/music/default.nix

reviewed

··· 12 12 # Plugins 13 13 helm 14 14 # surge 15 15 - distrho 15 15 + # distrho 16 16 orca-c 17 17 supercollider 18 18 dirt

hosts/profiles/transmission/beet-import.sh

reviewed

··· 1 1 + #!/usr/bin/env bash 2 2 + 3 3 + beet import -ql "$TR_TORRENT_DIR"

+33

hosts/profiles/transmission/default.nix

reviewed

··· 1 1 + { pkgs, ... }: 2 2 + { 3 3 + services.transmission = { 4 4 + enable = true; 5 5 + settings = { 6 6 + rpc-enabled = true; 7 7 + rpc-bind-address = "0.0.0.0"; 8 8 + rpc-whitelist-enabled = false; 9 9 + script-torrent-done-enabled = true; 10 10 + # Normally, I would write this into the homedir with home-manager 11 11 + # And explictly set the dir to be the output of the home-manager location 12 12 + # But this seems better, if it'll work? 13 13 + script-torrent-done-filename = pkgs.writeShellScript "beet-import.sh" '' 14 14 + #!/usr/bin/env bash 15 15 + 16 16 + beet import -ql "$TR_TORRENT_DIR" 17 17 + ''; 18 18 + rpc-url = "/transmission/rpc/"; 19 19 + download-dir = "/mnt/two/new-music"; 20 20 + }; 21 21 + }; 22 22 + services.nginx.virtualHosts."transmission.mossnet.lan" = { 23 23 + enableACME = false; 24 24 + forceSSL = false; 25 25 + 26 26 + locations."/" = { 27 27 + extraConfig = '' 28 28 + proxy_pass http://localhost:9091/; 29 29 + proxy_set_header X-Forwarded-Host $host; 30 30 + ''; 31 31 + }; 32 32 + }; 33 33 + }

+2 -2

pkgs/default.nix

reviewed

··· 6 6 tic-80 = pkgs.callPackage ./tic-80.nix { }; 7 7 fennel-ls = pkgs.callPackage ./fennel-ls.nix { }; 8 8 # kobopatch = pkgs.callPackage ./kobopatch.nix { }; 9 9 - my-mautrix-discord = pkgs.callPackage ./mautrix-discord.nix { }; # Handled by matrix-appservices input 9 9 + # my-mautrix-discord = pkgs.callPackage ./mautrix-discord.nix { }; # Handled by matrix-appservices input 10 10 ulogger-server = pkgs.callPackage ./ulogger.nix { }; 11 11 # Wallabag is now an overlay 12 12 # TODO: we still use the patch from this folder though 13 13 my-wallabag = pkgs.callPackage ./wallabag.nix { }; 14 14 - mautrix-slack = pkgs.callPackage ./mautrix-slack.nix { }; 14 14 + # mautrix-slack = pkgs.callPackage ./mautrix-slack.nix { }; 15 15 gpodder2go = pkgs.callPackage ./gpodder2go.nix { }; 16 16 }

+1 -1

pkgs/tic-80.nix

reviewed

··· 33 33 mesa_glu 34 34 mesa_glu 35 35 freeglut 36 36 - ] ++ lib.optional stdenv.isLinux alsaLib; 36 36 + ] ++ lib.optional stdenv.isLinux alsa-lib; 37 37 38 38 configurePhase = '' 39 39 echo [DIRECTORY] $(pwd)