diff --git a/home/yt/ytnix.nix b/home/yt/ytnix.nix index c0182e7..214b4af 100644 --- a/home/yt/ytnix.nix +++ b/home/yt/ytnix.nix @@ -101,6 +101,7 @@ wl-clipboard-rs pixelflasher element-desktop + freetube ]; programs.feh.enable = true; diff --git a/hosts/chunk/default.nix b/hosts/chunk/default.nix index 48d7d84..465e0b9 100644 --- a/hosts/chunk/default.nix +++ b/hosts/chunk/default.nix @@ -79,6 +79,7 @@ networkmanager.enable = true; firewall = { enable = true; + trustedInterfaces = [ "tailscale0" ]; allowedTCPPorts = [ 22 80 @@ -86,8 +87,6 @@ ]; allowedUDPPorts = [ 443 - 53 - 853 ]; extraCommands = let diff --git a/hosts/chunk/immich.nix b/hosts/chunk/immich.nix index 9661e8c..6541770 100644 --- a/hosts/chunk/immich.nix +++ b/hosts/chunk/immich.nix @@ -1,6 +1,7 @@ { pkgs, config, + lib, ... }: let @@ -67,21 +68,9 @@ in ]; networks = [ "immich-net" ]; }; - - # immich-ml = { - # image = "ghcr.io/immich-app/immich-machine-learning:release"; - # autoStart = true; - # pull = "newer"; - # environment = { - # REDIS_HOSTNAME = "immich-redis"; - # DB_HOSTNAME = "immich-db"; - # }; - # volumes = [ "${modelCache}:/cache" ]; - # networks = [ "immich-net" ]; - # }; }; - systemd.services.create-immich-net = { + systemd.services.create-immich-net = rec { serviceConfig.Type = "oneshot"; requiredBy = with config.virtualisation.oci-containers; [ "${backend}-immich.service" @@ -89,10 +78,10 @@ in "${backend}-immich-redis.service" # "${backend}-immich-ml.service" ]; - before = config.systemd.services.create-immich-net.requiredBy; + before = requiredBy; script = '' - ${pkgs.podman}/bin/podman network exists immich-net || \ - ${pkgs.podman}/bin/podman network create immich-net + ${lib.getExe pkgs.podman} network exists immich-net || \ + ${lib.getExe pkgs.podman} network create immich-net ''; }; diff --git a/hosts/ytnix/containers.nix b/hosts/ytnix/containers.nix new file mode 100644 index 0000000..a2aa405 --- /dev/null +++ b/hosts/ytnix/containers.nix @@ -0,0 +1,36 @@ +{ + config, + pkgs, + lib, + ... +}: +{ + virtualisation.oci-containers.containers = { + immich-ml = let + modelCache = "/opt/immich-ml"; + in { + image = "ghcr.io/immich-app/immich-machine-learning:release"; + autoStart = true; + pull = "newer"; + ports = [ "3003:3003" ]; + environment = { + REDIS_HOSTNAME = "immich-redis"; + DB_HOSTNAME = "immich-db"; + }; + volumes = [ "${modelCache}:/cache" ]; + networks = [ "immich-net" ]; + }; + }; + + systemd.services.create-immich-net = rec { + serviceConfig.Type = "oneshot"; + requiredBy = with config.virtualisation.oci-containers; [ + "${backend}-immich-ml.service" + ]; + before = requiredBy; + script = '' + ${lib.getExe pkgs.podman} network exists immich-net || \ + ${lib.getExe pkgs.podman} network create immich-net + ''; + }; +} \ No newline at end of file diff --git a/hosts/ytnix/default.nix b/hosts/ytnix/default.nix index c097165..5aa406a 100644 --- a/hosts/ytnix/default.nix +++ b/hosts/ytnix/default.nix @@ -10,6 +10,7 @@ ../common.nix ../zsh.nix ./tailscale.nix + ./containers.nix ]; sops.age.keyFile = "/root/.config/sops/age/keys.txt"; @@ -86,10 +87,12 @@ resolvconf.enable = true; firewall = { enable = true; - allowedTCPPorts = [ - 8080 # mitmproxy - 22000 # syncthing - ]; + trustedInterfaces = [ "tailscale0" ]; + # allowedTCPPorts = [ + # 8080 # mitmproxy + # 22000 # syncthing + # 3003 # immich-ml + # ]; }; }; programs.nm-applet.enable = true; @@ -252,7 +255,6 @@ xdg.mime.defaultApplications = { "application/pdf" = "okular.desktop"; "image/*" = "gwenview.desktop"; - "*/html" = "chromium-browser.desktop"; }; virtualisation = {