feat(photo01): init #4

Merged
cst1 merged 19 commits from cst1/lab-infra:init_photo01 into main 2024-11-22 14:04:37 +01:00
4 changed files with 54 additions and 30 deletions
Showing only changes of commit 271fa9ec35 - Show all commits

View file

@ -1,7 +1,12 @@
# TODO: revamp to use the same framework as the other VMs
{ lib, pkgs, inputs, ... }:
{
pkgs,
inputs,
...
}:
let address = "129.199.146.101";
let
address = "129.199.146.101";
in
{
imports = [
@ -28,7 +33,9 @@ in
services.openssh = {
enable = true;
settings = { PasswordAuthentication = false; };
settings = {
PasswordAuthentication = false;
};
};
users.users.root.openssh.authorizedKeys.keys = [
@ -39,7 +46,12 @@ in
security.acme.acceptTerms = true;
security.acme.defaults.email = "webmaster@nixos.org";
networking.firewall.allowedTCPPorts = [ 22 80 443 8007 ];
networking.firewall.allowedTCPPorts = [
22
80
443
8007
];
networking.firewall.allowedUDPPorts = [ ];
networking.useNetworkd = true;
@ -75,14 +87,19 @@ in
nix = {
settings = {
trusted-users = [ "@wheel" "root" "nix-ssh" ];
trusted-users = [
"@wheel"
"root"
"nix-ssh"
];
auto-optimise-store = true;
};
#package = pkgs.nixUnstable;
extraOptions = let
empty_registry = builtins.toFile "empty-flake-registry.json"
''{"flakes":[],"version":2}'';
in ''
extraOptions =
let
empty_registry = builtins.toFile "empty-flake-registry.json" ''{"flakes":[],"version":2}'';
in
''
experimental-features = nix-command flakes
flake-registry = ${empty_registry}
builders-use-substitutes = true
@ -91,7 +108,5 @@ in
nixPath = [ "nixpkgs=${inputs.nixpkgs}" ];
};
system.stateVersion = "24.05";
}

View file

@ -3,8 +3,14 @@
{
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
boot.initrd.availableKernelModules =
[ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ];
boot.initrd.availableKernelModules = [
"ata_piix"
"uhci_hcd"
"virtio_pci"
"virtio_scsi"
"sd_mod"
"sr_mod"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
@ -13,4 +19,3 @@
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
}

View file

@ -9,8 +9,7 @@
services.nginx.virtualHosts."immich.cgiga.fr" = {
enableACME = true;
forceSSL = true;
serverAliases = [];
serverAliases = [ ];
locations."/".proxyPass = "http://localhost:2283/";
};
}

View file

@ -1,6 +1,10 @@
{ lib, modulesPath, pkgs, ... }:
{
pkgs,
...
}:
let port = 2342;
let
port = 2342;
in
{
services.photoprism = {
@ -32,22 +36,23 @@ in
dataDir = "/data/mysql";
package = pkgs.mariadb;
ensureDatabases = [ "photoprism" ];
ensureUsers = [{
ensureUsers = [
{
name = "photoprism";
ensurePermissions = {
"photoprism.*" = "ALL PRIVILEGES";
};
}];
}
];
};
services.nginx.virtualHosts."photoprism.cgiga.fr" = {
enableACME = true;
forceSSL = true;
serverAliases = [];
serverAliases = [ ];
locations."/" = {
proxyPass = "http://localhost:${toString port}/";
proxyWebsockets = true;
};
};
}