feat(photo01): init #4

Merged
cst1 merged 19 commits from cst1/lab-infra:init_photo01 into main 2024-11-22 14:04:37 +01:00
4 changed files with 54 additions and 30 deletions
Showing only changes of commit 271fa9ec35 - Show all commits

View file

@ -1,7 +1,12 @@
# TODO: revamp to use the same framework as the other VMs # TODO: revamp to use the same framework as the other VMs
{ lib, pkgs, inputs, ... }: {
pkgs,
inputs,
...
}:
let address = "129.199.146.101"; let
address = "129.199.146.101";
in in
{ {
imports = [ imports = [
@ -28,7 +33,9 @@ in
services.openssh = { services.openssh = {
enable = true; enable = true;
settings = { PasswordAuthentication = false; }; settings = {
PasswordAuthentication = false;
};
}; };
users.users.root.openssh.authorizedKeys.keys = [ users.users.root.openssh.authorizedKeys.keys = [
@ -39,7 +46,12 @@ in
security.acme.acceptTerms = true; security.acme.acceptTerms = true;
security.acme.defaults.email = "webmaster@nixos.org"; security.acme.defaults.email = "webmaster@nixos.org";
networking.firewall.allowedTCPPorts = [ 22 80 443 8007 ]; networking.firewall.allowedTCPPorts = [
22
80
443
8007
];
networking.firewall.allowedUDPPorts = [ ]; networking.firewall.allowedUDPPorts = [ ];
networking.useNetworkd = true; networking.useNetworkd = true;
@ -75,14 +87,19 @@ in
nix = { nix = {
settings = { settings = {
trusted-users = [ "@wheel" "root" "nix-ssh" ]; trusted-users = [
"@wheel"
"root"
"nix-ssh"
];
auto-optimise-store = true; auto-optimise-store = true;
}; };
#package = pkgs.nixUnstable; #package = pkgs.nixUnstable;
extraOptions = let extraOptions =
empty_registry = builtins.toFile "empty-flake-registry.json" let
''{"flakes":[],"version":2}''; empty_registry = builtins.toFile "empty-flake-registry.json" ''{"flakes":[],"version":2}'';
in '' in
''
experimental-features = nix-command flakes experimental-features = nix-command flakes
flake-registry = ${empty_registry} flake-registry = ${empty_registry}
builders-use-substitutes = true builders-use-substitutes = true
@ -91,7 +108,5 @@ in
nixPath = [ "nixpkgs=${inputs.nixpkgs}" ]; nixPath = [ "nixpkgs=${inputs.nixpkgs}" ];
}; };
system.stateVersion = "24.05"; system.stateVersion = "24.05";
} }

View file

@ -3,8 +3,14 @@
{ {
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
boot.initrd.availableKernelModules = boot.initrd.availableKernelModules = [
[ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ]; "ata_piix"
"uhci_hcd"
"virtio_pci"
"virtio_scsi"
"sd_mod"
"sr_mod"
];
boot.initrd.kernelModules = [ ]; boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ]; boot.kernelModules = [ ];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];
@ -13,4 +19,3 @@
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
} }

View file

@ -9,8 +9,7 @@
services.nginx.virtualHosts."immich.cgiga.fr" = { services.nginx.virtualHosts."immich.cgiga.fr" = {
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;
serverAliases = []; serverAliases = [ ];
locations."/".proxyPass = "http://localhost:2283/"; locations."/".proxyPass = "http://localhost:2283/";
}; };
} }

View file

@ -1,6 +1,10 @@
{ lib, modulesPath, pkgs, ... }: {
pkgs,
...
}:
let port = 2342; let
port = 2342;
in in
{ {
services.photoprism = { services.photoprism = {
@ -32,22 +36,23 @@ in
dataDir = "/data/mysql"; dataDir = "/data/mysql";
package = pkgs.mariadb; package = pkgs.mariadb;
ensureDatabases = [ "photoprism" ]; ensureDatabases = [ "photoprism" ];
ensureUsers = [{ ensureUsers = [
{
name = "photoprism"; name = "photoprism";
ensurePermissions = { ensurePermissions = {
"photoprism.*" = "ALL PRIVILEGES"; "photoprism.*" = "ALL PRIVILEGES";
}; };
}]; }
];
}; };
services.nginx.virtualHosts."photoprism.cgiga.fr" = { services.nginx.virtualHosts."photoprism.cgiga.fr" = {
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;
serverAliases = []; serverAliases = [ ];
locations."/" = { locations."/" = {
proxyPass = "http://localhost:${toString port}/"; proxyPass = "http://localhost:${toString port}/";
proxyWebsockets = true; proxyWebsockets = true;
}; };
}; };
} }