From dff837606b9b8c55e5c44cf903bd0f8724cc4e91 Mon Sep 17 00:00:00 2001 From: cy Date: Tue, 17 Dec 2024 00:55:28 -0500 Subject: [PATCH 1/4] init --- hosts/chunk/default.nix | 14 ++++++++++++-- hosts/chunk/ghost.nix | 37 +++++++++++++++++++++++++++++++++++++ 2 files changed, 49 insertions(+), 2 deletions(-) create mode 100644 hosts/chunk/ghost.nix diff --git a/hosts/chunk/default.nix b/hosts/chunk/default.nix index 94d384a..1de5cdc 100644 --- a/hosts/chunk/default.nix +++ b/hosts/chunk/default.nix @@ -21,6 +21,7 @@ ./wireguard.nix ./grafana.nix ./tor.nix + ./ghost.nix ]; sops.age.keyFile = "/root/.config/sops/age/keys.txt"; @@ -126,7 +127,7 @@ users.users.yt = { isNormalUser = true; - extraGroups = ["wheel" "networkmanager" "docker"]; + extraGroups = ["wheel" "networkmanager" "podman"]; openssh.authorizedKeys.keys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPdhAQYy0+vS+QmyCd0MAbqbgzyMGcsuuFyf6kg2yKge yt@ytlinux"]; shell = pkgs.zsh; }; @@ -170,5 +171,14 @@ logFormat = lib.mkForce "level INFO"; }; - virtualisation.docker.enable = true; + # container stuff + virtualisation.container.enable = true; + vrtualisation.podman = { + enable = true; + # create 'docker' alias for podman, to use as + # drop-in replacement + dockerCompat = true; + defaultNetwork.settings.dns_enabled = true; + }; + virtualisation.oci-containers.backend = "podman"; } diff --git a/hosts/chunk/ghost.nix b/hosts/chunk/ghost.nix new file mode 100644 index 0000000..24ced0e --- /dev/null +++ b/hosts/chunk/ghost.nix @@ -0,0 +1,37 @@ +{...}: { + virtualisation.oci-containers.containers.ghost = { + imgage = "ghost:5-alpine"; + autoStart = true; + ports = ["127.0.0.1:8084:2368"]; + pull = "always"; + environment = { + database__client = "mysql"; + database__connection__host = "ghost-db"; + database__connection__user = "root"; + database__connection__password = "example"; + database__connection__databse = "ghost"; + url = "https://cything.io"; + NODE_ENV = "production"; + }; + volumes = [ + "/opt/ghost/data:/var/lib/ghost/content" + ]; + networks = [ + "ghost-net" + ]; + }; + + virtualisation.oci-containers.containers.ghost-db = { + image = "mysql:8.0"; + autoStart = true; + environment = { + MYSQL_ROOT_PASSWORD = "example"; + }; + volumes = [ + "/opt/ghost/db:/var/lib/mysql" + ]; + networks = [ + "ghost-net" + ]; + }; +} From 4fc952c732f6529cf13b4e64c8469c3cd39705c8 Mon Sep 17 00:00:00 2001 From: cy Date: Tue, 17 Dec 2024 02:09:57 -0500 Subject: [PATCH 2/4] make ghost work on podman --- hosts/chunk/adguard.nix | 7 +++++++ hosts/chunk/default.nix | 9 ++++++--- hosts/chunk/ghost.nix | 30 ++++++++++++++++++++++-------- 3 files changed, 35 insertions(+), 11 deletions(-) diff --git a/hosts/chunk/adguard.nix b/hosts/chunk/adguard.nix index 3223a9f..7bab3ea 100644 --- a/hosts/chunk/adguard.nix +++ b/hosts/chunk/adguard.nix @@ -11,6 +11,13 @@ password = "$2y$10$BZy2zYJj5z4e8LZCq/GwuuhWUafL/MNFO.YcsAMmpDS.2krPxi7KC"; } ]; + # do not listen eveywhere cause podman runs it's own DNS + dns.bind_hosts = [ + "127.0.0.1" + "::1" + "31.59.129.225" + "2a0f:85c1:840:2bfb::1" + ]; }; }; } diff --git a/hosts/chunk/default.nix b/hosts/chunk/default.nix index 1de5cdc..e655365 100644 --- a/hosts/chunk/default.nix +++ b/hosts/chunk/default.nix @@ -172,13 +172,16 @@ }; # container stuff - virtualisation.container.enable = true; - vrtualisation.podman = { + virtualisation.containers.enable = true; + virtualisation.podman = { enable = true; # create 'docker' alias for podman, to use as # drop-in replacement dockerCompat = true; - defaultNetwork.settings.dns_enabled = true; + defaultNetwork.settings = { + dns_enabled = true; + ipv6_enabled = true; + }; }; virtualisation.oci-containers.backend = "podman"; } diff --git a/hosts/chunk/ghost.nix b/hosts/chunk/ghost.nix index 24ced0e..00274c7 100644 --- a/hosts/chunk/ghost.nix +++ b/hosts/chunk/ghost.nix @@ -1,9 +1,13 @@ -{...}: { +{ + pkgs, + config, + ... +}: { virtualisation.oci-containers.containers.ghost = { - imgage = "ghost:5-alpine"; + image = "ghost:5-alpine"; autoStart = true; ports = ["127.0.0.1:8084:2368"]; - pull = "always"; + pull = "newer"; environment = { database__client = "mysql"; database__connection__host = "ghost-db"; @@ -16,22 +20,32 @@ volumes = [ "/opt/ghost/data:/var/lib/ghost/content" ]; - networks = [ - "ghost-net" - ]; + networks = ["ghost-net"]; + dependsOn = ["ghost-db"]; }; virtualisation.oci-containers.containers.ghost-db = { image = "mysql:8.0"; autoStart = true; + pull = "newer"; environment = { MYSQL_ROOT_PASSWORD = "example"; }; volumes = [ "/opt/ghost/db:/var/lib/mysql" ]; - networks = [ - "ghost-net" + networks = ["ghost-net"]; + }; + + systemd.services.create-ghost-net = { + serviceConfig.Type = "oneshot"; + wantedBy = with config.virtualisation.oci-containers; [ + "${backend}-ghost.service" + "${backend}-ghost-db.service" ]; + script = '' + ${pkgs.podman}/bin/podman network exists ghost-net || \ + ${pkgs.podman}/bin/podman network create ghost-net + ''; }; } From edbf958227e88a4df4480458e118683583551a83 Mon Sep 17 00:00:00 2001 From: cy Date: Tue, 17 Dec 2024 02:39:04 -0500 Subject: [PATCH 3/4] bring conduit here --- hosts/chunk/conduit.nix | 40 ++++++++++++++++++++++++++++++++++++++++ hosts/chunk/default.nix | 1 + 2 files changed, 41 insertions(+) create mode 100644 hosts/chunk/conduit.nix diff --git a/hosts/chunk/conduit.nix b/hosts/chunk/conduit.nix new file mode 100644 index 0000000..a4546ba --- /dev/null +++ b/hosts/chunk/conduit.nix @@ -0,0 +1,40 @@ +{ + pkgs, + config, + ... +}: { + virtualisation.oci-containers.containers.conduit = { + image = "matrixconduit/matrix-conduit:latest"; + autoStart = true; + ports = ["127.0.0.1:8448:8448"]; + pull = "newer"; + environment = { + CONDUIT_SERVER_NAME = "cything.io"; + CONDUIT_DATABASE_PATH = "/var/lib/matrix-conduit/"; + CONDUIT_DATABASE_BACKEND = "rocksdb"; + CONDUIT_PORT = "8448"; + CONDUIT_MAX_REQUEST_SIZE = "20000000"; # in bytes ~20MB + CONDUIT_ALLOW_REGISTRATION = "false"; + CONDUIT_ALLOW_FEDERATION = "true"; + CONDUIT_ALLOW_CHECK_FOR_UPDATES = "true"; + CONDUIT_TRUSTED_SERVERS = ''["matrix.org"]''; + CONDUIT_ADDRESS = "0.0.0.0"; + CONDUIT_CONFIG = ""; + }; + volumes = [ + "/opt/conduit/db:/var/lib/matrix-conduit/" + ]; + networks = ["conduit-net"]; + }; + + systemd.services.create-conduit-net = { + serviceConfig.Type = "oneshot"; + wantedBy = with config.virtualisation.oci-containers; [ + "${backend}-conduit.service" + ]; + script = '' + ${pkgs.podman}/bin/podman network exists conduit-net || \ + ${pkgs.podman}/bin/podman network create conduit-net + ''; + }; +} diff --git a/hosts/chunk/default.nix b/hosts/chunk/default.nix index e655365..cd4550a 100644 --- a/hosts/chunk/default.nix +++ b/hosts/chunk/default.nix @@ -22,6 +22,7 @@ ./grafana.nix ./tor.nix ./ghost.nix + ./conduit.nix ]; sops.age.keyFile = "/root/.config/sops/age/keys.txt"; From 945daae07bd18df720c4a852e294947635c9d424 Mon Sep 17 00:00:00 2001 From: cy Date: Tue, 17 Dec 2024 04:02:34 -0500 Subject: [PATCH 4/4] nixify immich --- hosts/chunk/default.nix | 1 + hosts/chunk/immich.nix | 87 +++++++++++++++++++++++++++++++++++++++++ 2 files changed, 88 insertions(+) create mode 100644 hosts/chunk/immich.nix diff --git a/hosts/chunk/default.nix b/hosts/chunk/default.nix index cd4550a..83b173d 100644 --- a/hosts/chunk/default.nix +++ b/hosts/chunk/default.nix @@ -23,6 +23,7 @@ ./tor.nix ./ghost.nix ./conduit.nix + ./immich.nix ]; sops.age.keyFile = "/root/.config/sops/age/keys.txt"; diff --git a/hosts/chunk/immich.nix b/hosts/chunk/immich.nix new file mode 100644 index 0000000..b008dd7 --- /dev/null +++ b/hosts/chunk/immich.nix @@ -0,0 +1,87 @@ +{ + pkgs, + config, + ... +}: let + uploadLocation = "/mnt/photos/immich"; + thumbsLocation = "/opt/immich/thumbs"; + profileLocation = "/opt/immich/profile"; + dbDataLocation = "/opt/immich/postgres"; + modelCache = "/opt/immich-ml"; +in { + virtualisation.oci-containers.containers = { + immich-server = { + image = "ghcr.io/immich-app/immich-server:release"; + autoStart = true; + ports = ["127.0.0.1:2283:2283"]; + pull = "newer"; + volumes = [ + "${uploadLocation}:/usr/src/app/upload" + "${thumbsLocation}:/usr/src/app/upload/thumbs" + "${profileLocation}:/usr/src/app/upload/profile" + ]; + environment = { + REDIS_HOSTNAME = "immich-redis"; + DB_HOSTNAME = "immich-db"; + }; + networks = ["immich-net"]; + dependsOn = ["immich-db" "immich-redis"]; + }; + + immich-redis = { + image = "redis:6.2-alpine"; + autoStart = true; + pull = "newer"; + networks = ["immich-net"]; + }; + + immich-db = { + image = "tensorchord/pgvecto-rs:pg14-v0.2.0"; + autoStart = true; + pull = "newer"; + environment = { + POSTGRES_PASSWORD = "postgres"; + POSTGRES_USER = "postgres"; + POSTGRES_DB = "immich"; + POSTGRES_INITDB_ARGS = "--data-checksums"; + }; + volumes = ["${dbDataLocation}:/var/lib/postgresql/data"]; + cmd = [ + "postgres" + "-c" "shared_preload_libraries=vectors.so" + "-c" ''search_path="$$user", public, vectors'' + "-c" "logging_collector=on" + "-c" "max_wal_size=2GB" + "-c" "shared_buffers=512MB" + "-c" "wal_compression=on" + ]; + networks = ["immich-net"]; + }; + + immich-ml = { + image = "ghcr.io/immich-app/immich-machine-learning:release"; + autoStart = true; + pull = "newer"; + environment = { + REDIS_HOSTNAME = "immich-redis"; + DB_HOSTNAME = "immich-db"; + }; + volumes = ["${modelCache}:/cache"]; + networks = ["immich-net"]; + }; + }; + + systemd.services.create-immich-net = { + serviceConfig.Type = "oneshot"; + wantedBy = with config.virtualisation.oci-containers; [ + "${backend}-immich.service" + "${backend}-immich-db.service" + "${backend}-immich-redis.service" + "${backend}-immich-ml.service" + ]; + script = '' + ${pkgs.podman}/bin/podman network exists immich-net || \ + ${pkgs.podman}/bin/podman network create immich-net + ''; + }; +}