upRootNutrition/dotfiles
upRootNutrition/dotfiles
1
0
Fork 0
mirror of https://gitlab.com/upRootNutrition/dotfiles.git synced 2025-12-16 11:30:53 -06:00
Code Issues Projects 1 Releases Packages Wiki Activity Actions

feat: configured syncthing and photoprism

Browse source
This commit is contained in:
Nick 2025-12-14 01:52:25 -06:00
parent 77dcbe3c33
commit 8eb9ed31fc
8 changed files with 161 additions and 92 deletions
Download patch file Download diff file Expand all files Collapse all files

3
modules/nixos/default.nix
View file

@ -59,7 +59,7 @@ in
impermanence
lix
microvm
restic
resticCeres
# wireguard
forgejoCeres
jellyfinCeres
@ -81,6 +81,7 @@ in
inherit (modules)
impermanence
lix
resticEris
microvm
sambaEris
fireflyEris

50
modules/nixos/homelab/guests/photoprism/config/default.nix
View file

@ -1,6 +1,7 @@
{
flake,
lib,
pkgs,
...
}:
let
@ -37,9 +38,13 @@ in
PHOTOPRISM_ADMIN_USER = user;
PHOTOPRISM_DISABLE_TLS = "true";
PHOTOPRISM_DEFAULT_LOCAL = "en";
PHOTOPRISM_BACKUP_DATABASE = "false";
PHOTOPRISM_BACKUP_ALBUMS = "true";
PHOTOPRISM_SIDECAR_YAML = "true";
PHOTOPRISM_READONLY = "true";
PHOTOPRISM_INDEX_SCHEDULE = "0 2 * * *";
};
passwordFile = "/etc/photoprism-secrets/${user}-pass";
# databasePasswordFile = "/etc/photoprism-secrets/${user}-pass";
storagePath = "/var/lib/${serviceCfg.name}";
originalsPath = "/var/lib/${serviceCfg.name}-media";
address = "0.0.0.0";
@ -67,34 +72,29 @@ in
systemd = {
services = {
# fix-secrets-permissions = {
# description = "Fix secrets permissions for photoprism";
# wantedBy = [ "multi-user.target" ];
# before = [
# "photoprism.service"
# ];
# serviceConfig = {
# Type = "oneshot";
# RemainAfterExit = true;
# };
# script = ''
# mkdir -p /etc/photoprism-secrets
# cp /run/secrets/${user}-pass /etc/photoprism-secrets/${user}-pass
# chmod 755 /etc/photoprism-secrets
# chmod 644 /etc/photoprism-secrets/*
# '';
# };
photoprism-secrets = {
description = "Setup photoprism secrets";
wantedBy = [ "multi-user.target" ];
before = [ "photoprism.service" ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
};
script = ''
mkdir -p /etc/photoprism-secrets
cp /run/secrets/${user}-pass /etc/photoprism-secrets/${user}-pass
chmod 755 /etc/photoprism-secrets
chmod 644 /etc/photoprism-secrets/${user}-pass
'';
};
photoprism = {
serviceConfig = {
DynamicUser = lib.mkForce false;
User = serviceCfg.name;
Group = serviceCfg.name;
# Override LoadCredential to use our secrets path
LoadCredential = lib.mkForce [
"PHOTOPRISM_ADMIN_PASSWORD_FILE:/run/secrets/${user}-pass"
];
StateDirectory = lib.mkForce [ ];
StateDirectoryMode = lib.mkForce null;
};
# Make sure secrets are mounted before service starts
after = [ "run-secrets.mount" ];
requires = [ "run-secrets.mount" ];
};
@ -124,8 +124,8 @@ in
};
microvm = {
vcpu = 1;
mem = 512;
vcpu = 2;
mem = 1024 * 4;
hypervisor = "qemu";
interfaces = [
{

3
modules/nixos/homelab/guests/photoprism/photoprismEris/default.nix
View file

@ -1,13 +1,14 @@
{
flake,
lib,
pkgs,
labHelpers,
...
}:
let
inherit (import ../../../helpers.nix { inherit flake; }) labHelpers;
inherit (labHelpers) guestPath mediaPath;
inherit (import ../config { inherit flake lib; }) photoprismVM;
inherit (import ../config { inherit flake lib pkgs; }) photoprismVM;
inherit (flake.config.services.instances) photoprism;
inherit (flake.config.people) user0;
interfaceCfg = photoprism.interfaces.interface0;

2
modules/nixos/homelab/guests/syncthing/config/default.nix
View file

@ -5,7 +5,7 @@
let
inherit (flake.config.people) user0;
inherit (flake.config.services.instances) syncthing;
inherit (import ../../../../helpers.nix { inherit flake; }) labHelpers;
inherit (import ../../../helpers.nix { inherit flake; }) labHelpers;
inherit (labHelpers) mediaPath docsPath miscPath;
serviceCfg = syncthing;
in

66
modules/nixos/homelab/restic/default.nix
View file

@ -1,63 +1,11 @@
{
config,
flake,
...
}:
let
inherit (flake.config.services) instances;
inherit (flake.config.people) user0;
envFile = "backblaze/env";
repoFile = "backblaze/repo";
passFile = "restic/pass";
importList =
let
content = builtins.readDir ./.;
dirContent = builtins.filter (n: content.${n} == "directory") (builtins.attrNames content);
in
map (name: ./. + "/${name}") dirContent;
in
{
services.restic = {
backups = {
remote = {
environmentFile = config.sops.secrets.${envFile}.path;
initialize = true;
passwordFile = config.sops.secrets.${passFile}.path;
repositoryFile = config.sops.secrets.${repoFile}.path;
timerConfig = {
OnCalendar = "0/4:00";
Persistent = true;
};
paths =
let
inst = instance: interface: instances.${instance}.interfaces.${interface}.paths.mntPaths.path0;
in
[
"/home/${user0}/.ssh"
(inst "forgejo" "interface0")
(inst "mastodon" "interface0")
(inst "opencloud" "interface1")
(inst "minecraft" "interface0")
(inst "minecraft" "interface1")
((inst "jellyfin" "interface0") + "/cache")
((inst "jellyfin" "interface0") + "/data")
((inst "jellyfin" "interface0") + "/media/music")
];
};
};
};
sops = {
secrets = builtins.listToAttrs (
map
(secret: {
name = secret;
value = {
path = "/run/secrets/${secret}";
owner = "root";
group = "root";
mode = "0600";
};
})
[
envFile
repoFile
passFile
]
);
};
imports = importList;
}

64
modules/nixos/homelab/restic/resticCeres/default.nix Executable file
View file

@ -0,0 +1,64 @@
{
config,
flake,
...
}:
let
inherit (flake.config.services) instances;
inherit (flake.config.machines.devices) ceres;
inherit (flake.config.people) user0;
envFile = "backblaze/${ceres.name}-env";
repoFile = "backblaze/${ceres.name}-repo";
passFile = "restic/${ceres.name}-pass";
in
{
services.restic = {
backups = {
remote = {
initialize = true;
environmentFile = config.sops.secrets.${envFile}.path;
passwordFile = config.sops.secrets.${passFile}.path;
repositoryFile = config.sops.secrets.${repoFile}.path;
timerConfig = {
OnCalendar = "0/4:00";
Persistent = true;
};
paths =
let
inst = instance: interface: instances.${instance}.interfaces.${interface}.paths.mntPaths.path0;
in
[
"/home/${user0}/.ssh"
(inst "forgejo" "interface0")
(inst "mastodon" "interface0")
(inst "opencloud" "interface1")
(inst "minecraft" "interface0")
(inst "minecraft" "interface1")
((inst "jellyfin" "interface0") + "/cache")
((inst "jellyfin" "interface0") + "/data")
((inst "jellyfin" "interface0") + "/media/music")
];
};
};
};
sops = {
secrets = builtins.listToAttrs (
map
(secret: {
name = secret;
value = {
path = "/run/secrets/${secret}";
owner = "root";
group = "root";
mode = "0600";
};
})
[
envFile
repoFile
passFile
]
);
};
}

52
modules/nixos/homelab/restic/resticEris/default.nix Executable file
View file

@ -0,0 +1,52 @@
{
config,
flake,
...
}:
let
inherit (flake.config.machines.devices) eris;
inherit (flake.config.people) user0;
envFile = "backblaze/${eris.name}-env";
repoFile = "backblaze/${eris.name}-repo";
passFile = "restic/${eris.name}-pass";
in
{
services.restic = {
backups = {
remote = {
environmentFile = config.sops.secrets.${envFile}.path;
initialize = true;
passwordFile = config.sops.secrets.${passFile}.path;
repositoryFile = config.sops.secrets.${repoFile}.path;
timerConfig = {
OnCalendar = "0/4:00";
Persistent = true;
};
paths = [
"/home/${user0}/.ssh"
"/mnt/storage"
];
};
};
};
sops = {
secrets = builtins.listToAttrs (
map
(secret: {
name = secret;
value = {
path = "/run/secrets/${secret}";
owner = "root";
group = "root";
mode = "0600";
};
})
[
envFile
repoFile
passFile
]
);
};
}