helix: host photos.sealight.xyz

hosts/box/configuration.nix

@@ -88,7 +88,6 @@
   # Enable the OpenSSH daemon.
   services.openssh.enable = true;
   networking.firewall.allowedTCPPorts = [ 22 ];
-  sound.enable = false;
 
   programs.gnupg.agent.enable = true;
   programs.gnupg.agent.pinentryPackage = pkgs.pinentry-curses;

hosts/box/default.nix

@@ -9,7 +9,7 @@
     # ../profiles/monitoring
     ../profiles/nfs
     ../profiles/gonic
-    # ../profiles/headphones # TODO broken on 23.11, see: https://github.com/rembo10/headphones/issues/3320
+    ../profiles/headphones 
     ../profiles/radicale
     # ../profiles/seafile # waiting for https://github.com/NixOS/nixpkgs/pull/249523 to be merged
     ../profiles/syncthing
@@ -23,8 +23,10 @@
     # ../profiles/woodpecker-agent
     # ../profiles/jellyfin
     ../profiles/ulogger-server
-    ../profiles/photoprism # Replace with immich
+    ../profiles/immich
+    ../profiles/jacket
     ../profiles/gpodder
+    ../profiles/transmission
     #../profiles/postgres_upgrade_script
   ];
 
@@ -32,7 +34,7 @@
   age.secrets.borg-password.file = "${self}/secrets/borg-password.age";
   services.postgresqlBackup = {
     enable = true;
-    databases = [ "wallabag" "photoprism" "ulogger" ];
+    databases = [ "wallabag" "immich" "ulogger" ];
     location = "/var/backup/postgresql";
   };
   mossnet.backup = {
@@ -52,24 +54,6 @@
     # seafile
   };
 
-  services.transmission = {
-    enable = true;
-    settings = {
-      rpc.bind-address = "0.0.0.0";
-      download-dir = "/mnt/two/new-music";
-    };
-  };
-  services.nginx.virtualHosts."transmission.mossnet.lan" = {
-    enableACME = false;
-    forceSSL = false;
-
-    locations."/" = {
-      extraConfig = ''
-        proxy_pass http://localhost:9091/;
-        proxy_set_header X-Forwarded-Host $host;
-      '';
-    };
-  };
 
   services.nginx.virtualHosts."mast.mossnet.lan" = {
     enableACME = false;

hosts/curve/configuration.nix

@@ -34,7 +34,5 @@
   #   keyMap = "us";
   # };
 
-  sound.enable = true;
-
   services.libinput.enable = true;
 }

hosts/helix/configuration.nix

@@ -21,7 +21,6 @@
 
   # Enable the OpenSSH daemon.
   services.openssh.enable = true;
-  sound.enable = false;
 
   # Define a user account. Don't forget to set a password with ‘passwd’.
   # This value determines the NixOS release with which your system is to be

hosts/helix/default.nix

@@ -30,6 +30,22 @@
     privateKeyFile = "/run/agenix/helix-wg";
   };
 
+  # Reverse proxy for immich
+  services.nginx.virtualHosts."photos.sealight.xyz" = {
+    enableACME = true;
+    forceSSL = true;
+
+    locations."/" = {
+      extraConfig = ''
+        proxy_pass http://10.0.69.4:8567;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+      '';
+    };
+  };
+
   services.postgresql.package = pkgs.postgresql_15;
   services.postgresqlBackup = {
     # TODO needs working wireguard to box

hosts/lituus/configuration.nix

@@ -19,8 +19,6 @@
   # networking.proxy.default = "http://user:password@proxy:port/";
   # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
 
-  sound.enable = false;
-
   # Define a user account. Don't forget to set a password with ‘passwd’.
   # This value determines the NixOS release with which your system is to be
   # compatible, in order to avoid breaking some software such as database

hosts/profiles/desktop/default.nix

@@ -60,7 +60,7 @@ in {
     #unstable.sublime-music
     # olm-3.2.16 is now insecure
     # some reason I can't set insecure packages that will be respected
-    nheko
+    # nheko
     unstable.signal-desktop
     unstable.tuba
     unstable.newsflash

hosts/profiles/headphones/default.nix

@@ -4,7 +4,6 @@
     enable = true;
     host = "0.0.0.0";
     port = 8181;
-    package = "${pkgs.unstable.headphones}";
     user = "headphones";
     group = "audio";
     dataDir = "/data/music";

hosts/profiles/immich/default.nix

@@ -0,0 +1,23 @@
+{ ... }:
+{
+  services.immich = {
+    enable = true;
+    database = {
+      enable = true;
+    };
+    host = "0.0.0.0";
+    port = 8567;
+    mediaLocation = "/data/photos";
+    externalDomain = "https://photos.sealight.xyz";
+  };
+  services.nginx.virtualHosts."photos.mossnet.lan" = {
+    enableACME = false;
+    forceSSL = false;
+
+    locations."/" = {
+      extraConfig = ''
+        proxy_pass http://127.0.0.1:8567/;
+      '';
+    };
+  };
+}

hosts/profiles/jacket/default.nix

@@ -0,0 +1,37 @@
+{ config, lib, pkgs, ... }:
+{
+  services.jackett = {
+    enable = true;
+    host = "0.0.0.0";
+    port = 8011;
+    user = "jackett";
+    group = "transmission";
+  };
+  services.nginx.virtualHosts."jackett.mossnet.lan" = {
+    enableACME = false;
+    forceSSL = false;
+
+    locations."/" = {
+      extraConfig = ''
+        proxy_pass http://127.0.0.1:8011/;
+      '';
+    };
+  };
+  services.lidarr = {
+    enable = true;
+    host = "0.0.0.0";
+    port = 8012;
+    user = "lidarr";
+    group = "transmission";
+  };
+  services.nginx.virtualHosts."lidarr.mossnet.lan" = {
+    enableACME = false;
+    forceSSL = false;
+
+    locations."/" = {
+      extraConfig = ''
+        proxy_pass http://127.0.0.1:8012/;
+      '';
+    };
+  };
+}

hosts/profiles/matrix/mautrix-services.nix

@@ -19,34 +19,34 @@
     homeserverURL = "https://sealight.xyz/";
     homeserverDomain = "sealight.xyz";
     services = {
-      whatsapp = {
-        port = 29183;
-        format = "mautrix-go";
-        package = pkgs.mautrix-whatsapp;
-      };
+      # whatsapp = {
+      #   port = 29183;
+      #   format = "mautrix-go";
+      #   package = pkgs.mautrix-whatsapp;
+      # };
 
-      discord = {
-        port = 29188;
-        format = "mautrix-go";
-        package = pkgs.my-mautrix-discord;
-      };
+      # discord = {
+      #   port = 29188;
+      #   format = "mautrix-go";
+      #   package = pkgs.unstable.mautrix-discord;
+      # };
 
-      signal = {
-        port = 29184;
-        format = "mautrix-python";
-        package = pkgs.unstable.mautrix-signal;
-        serviceConfig = {
-          StateDirectory = [ "matrix-as-signal" "signald" ];
-          SupplementaryGroups = [ "signald" ];
-          TimeoutStopSec = 1; # work around the service ignoring SIGTERM, see https://gitlab.com/coffeetables/nix-matrix-appservices/-/issues/12
-          User = lib.mkForce config.services.signald.user;
-          Group = lib.mkForce config.services.signald.group;
-        };
-        settings.signal = {
-          socket_path = config.services.signald.socketPath;
-          outgoing_attachment_dir = "/var/lib/signald/tmp";
-        };
-      };
+      # signal = {
+      #   port = 29184;
+      #   format = "mautrix-python";
+      #   package = pkgs.unstable.mautrix-signal;
+      #   serviceConfig = {
+      #     StateDirectory = [ "matrix-as-signal" "signald" ];
+      #     SupplementaryGroups = [ "signald" ];
+      #     TimeoutStopSec = 1; # work around the service ignoring SIGTERM, see https://gitlab.com/coffeetables/nix-matrix-appservices/-/issues/12
+      #     User = lib.mkForce config.services.signald.user;
+      #     Group = lib.mkForce config.services.signald.group;
+      #   };
+      #   settings.signal = {
+      #     socket_path = config.services.signald.socketPath;
+      #     outgoing_attachment_dir = "/var/lib/signald/tmp";
+      #   };
+      # };
     };
   };
 }

hosts/profiles/music/default.nix

@@ -12,7 +12,7 @@
     # Plugins
     helm
     # surge
-    distrho
+    # distrho
     orca-c
     supercollider
     dirt

hosts/profiles/transmission/beet-import.sh

@@ -0,0 +1,3 @@
+#!/usr/bin/env bash
+
+beet import -ql "$TR_TORRENT_DIR"

hosts/profiles/transmission/default.nix

@@ -0,0 +1,33 @@
+{ pkgs, ... }:
+{
+  services.transmission = {
+    enable = true;
+    settings = {
+      rpc-enabled = true;
+      rpc-bind-address = "0.0.0.0";
+      rpc-whitelist-enabled = false;
+      script-torrent-done-enabled = true;
+      # Normally, I would write this into the homedir with home-manager
+      # And explictly set the dir to be the output of the home-manager location
+      # But this seems better, if it'll work?
+      script-torrent-done-filename = pkgs.writeShellScript "beet-import.sh" ''
+#!/usr/bin/env bash
+
+beet import -ql "$TR_TORRENT_DIR"
+      '';
+      rpc-url = "/transmission/rpc/";
+      download-dir = "/mnt/two/new-music";
+    };
+  };
+  services.nginx.virtualHosts."transmission.mossnet.lan" = {
+    enableACME = false;
+    forceSSL = false;
+
+    locations."/" = {
+      extraConfig = ''
+        proxy_pass http://localhost:9091/;
+        proxy_set_header X-Forwarded-Host $host;
+      '';
+    };
+  };
+}