From 553a07f0a92fcc5ebaf89fa478cc528acafceafa Mon Sep 17 00:00:00 2001 From: cy Date: Sun, 9 Mar 2025 22:23:58 -0400 Subject: [PATCH 1/3] run immich-ml from ytnix and add tailscale0 to trustedInterfaces --- home/yt/ytnix.nix | 1 + hosts/chunk/default.nix | 3 +-- hosts/chunk/immich.nix | 21 +++++---------------- hosts/ytnix/containers.nix | 36 ++++++++++++++++++++++++++++++++++++ hosts/ytnix/default.nix | 12 +++++++----- 5 files changed, 50 insertions(+), 23 deletions(-) create mode 100644 hosts/ytnix/containers.nix diff --git a/home/yt/ytnix.nix b/home/yt/ytnix.nix index c0182e7..214b4af 100644 --- a/home/yt/ytnix.nix +++ b/home/yt/ytnix.nix @@ -101,6 +101,7 @@ wl-clipboard-rs pixelflasher element-desktop + freetube ]; programs.feh.enable = true; diff --git a/hosts/chunk/default.nix b/hosts/chunk/default.nix index 48d7d84..465e0b9 100644 --- a/hosts/chunk/default.nix +++ b/hosts/chunk/default.nix @@ -79,6 +79,7 @@ networkmanager.enable = true; firewall = { enable = true; + trustedInterfaces = [ "tailscale0" ]; allowedTCPPorts = [ 22 80 @@ -86,8 +87,6 @@ ]; allowedUDPPorts = [ 443 - 53 - 853 ]; extraCommands = let diff --git a/hosts/chunk/immich.nix b/hosts/chunk/immich.nix index 9661e8c..6541770 100644 --- a/hosts/chunk/immich.nix +++ b/hosts/chunk/immich.nix @@ -1,6 +1,7 @@ { pkgs, config, + lib, ... }: let @@ -67,21 +68,9 @@ in ]; networks = [ "immich-net" ]; }; - - # immich-ml = { - # image = "ghcr.io/immich-app/immich-machine-learning:release"; - # autoStart = true; - # pull = "newer"; - # environment = { - # REDIS_HOSTNAME = "immich-redis"; - # DB_HOSTNAME = "immich-db"; - # }; - # volumes = [ "${modelCache}:/cache" ]; - # networks = [ "immich-net" ]; - # }; }; - systemd.services.create-immich-net = { + systemd.services.create-immich-net = rec { serviceConfig.Type = "oneshot"; requiredBy = with config.virtualisation.oci-containers; [ "${backend}-immich.service" @@ -89,10 +78,10 @@ in "${backend}-immich-redis.service" # "${backend}-immich-ml.service" ]; - before = config.systemd.services.create-immich-net.requiredBy; + before = requiredBy; script = '' - ${pkgs.podman}/bin/podman network exists immich-net || \ - ${pkgs.podman}/bin/podman network create immich-net + ${lib.getExe pkgs.podman} network exists immich-net || \ + ${lib.getExe pkgs.podman} network create immich-net ''; }; diff --git a/hosts/ytnix/containers.nix b/hosts/ytnix/containers.nix new file mode 100644 index 0000000..a2aa405 --- /dev/null +++ b/hosts/ytnix/containers.nix @@ -0,0 +1,36 @@ +{ + config, + pkgs, + lib, + ... +}: +{ + virtualisation.oci-containers.containers = { + immich-ml = let + modelCache = "/opt/immich-ml"; + in { + image = "ghcr.io/immich-app/immich-machine-learning:release"; + autoStart = true; + pull = "newer"; + ports = [ "3003:3003" ]; + environment = { + REDIS_HOSTNAME = "immich-redis"; + DB_HOSTNAME = "immich-db"; + }; + volumes = [ "${modelCache}:/cache" ]; + networks = [ "immich-net" ]; + }; + }; + + systemd.services.create-immich-net = rec { + serviceConfig.Type = "oneshot"; + requiredBy = with config.virtualisation.oci-containers; [ + "${backend}-immich-ml.service" + ]; + before = requiredBy; + script = '' + ${lib.getExe pkgs.podman} network exists immich-net || \ + ${lib.getExe pkgs.podman} network create immich-net + ''; + }; +} \ No newline at end of file diff --git a/hosts/ytnix/default.nix b/hosts/ytnix/default.nix index c097165..5aa406a 100644 --- a/hosts/ytnix/default.nix +++ b/hosts/ytnix/default.nix @@ -10,6 +10,7 @@ ../common.nix ../zsh.nix ./tailscale.nix + ./containers.nix ]; sops.age.keyFile = "/root/.config/sops/age/keys.txt"; @@ -86,10 +87,12 @@ resolvconf.enable = true; firewall = { enable = true; - allowedTCPPorts = [ - 8080 # mitmproxy - 22000 # syncthing - ]; + trustedInterfaces = [ "tailscale0" ]; + # allowedTCPPorts = [ + # 8080 # mitmproxy + # 22000 # syncthing + # 3003 # immich-ml + # ]; }; }; programs.nm-applet.enable = true; @@ -252,7 +255,6 @@ xdg.mime.defaultApplications = { "application/pdf" = "okular.desktop"; "image/*" = "gwenview.desktop"; - "*/html" = "chromium-browser.desktop"; }; virtualisation = { From ab0dfe08c7a1129cc3c9fa84effde75f2f4cb07f Mon Sep 17 00:00:00 2001 From: cy Date: Tue, 11 Mar 2025 11:18:21 -0400 Subject: [PATCH 2/3] unpin vscode-extensions --- flake.lock | 10 +++------- flake.nix | 4 +--- home/yt/ytnix.nix | 43 +++++++++++++++++++++++------------------ hosts/ytnix/default.nix | 6 ++++-- 4 files changed, 32 insertions(+), 31 deletions(-) diff --git a/flake.lock b/flake.lock index 8916bfc..129ff5f 100644 --- a/flake.lock +++ b/flake.lock @@ -1210,9 +1210,6 @@ }, "vscode-extensions": { "inputs": { - "flake-compat": [ - "flake-compat" - ], "flake-utils": [ "flake-utils" ], @@ -1221,17 +1218,16 @@ ] }, "locked": { - "lastModified": 1740924345, - "narHash": "sha256-TO8Ttb+7PeKBkUe8vUrBt6Vxg3RMeQp4ARmlWQfcWrs=", + "lastModified": 1741693734, + "narHash": "sha256-Df0jzarVCkwJttnITExjsbSN20FOOuenGhpKvOj49hk=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "1fc267a10f46200e32f0850caa396bd1ba4ba08e", + "rev": "6d444be7edf281b8df98235d911d176beaa31510", "type": "github" }, "original": { "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "1fc267a10f46200e32f0850caa396bd1ba4ba08e", "type": "github" } } diff --git a/flake.nix b/flake.nix index cdb829e..29fc0ab 100644 --- a/flake.nix +++ b/flake.nix @@ -68,11 +68,9 @@ inputs.flake-utils.follows = "flake-utils"; }; vscode-extensions = { - # https://github.com/nix-community/nix-vscode-extensions/issues/102 - url = "github:nix-community/nix-vscode-extensions/1fc267a10f46200e32f0850caa396bd1ba4ba08e"; + url = "github:nix-community/nix-vscode-extensions/"; inputs.nixpkgs.follows = "nixpkgs"; inputs.flake-utils.follows = "flake-utils"; - inputs.flake-compat.follows = "flake-compat"; }; nix-index-database = { url = "github:nix-community/nix-index-database"; diff --git a/home/yt/ytnix.nix b/home/yt/ytnix.nix index 214b4af..9b20a66 100644 --- a/home/yt/ytnix.nix +++ b/home/yt/ytnix.nix @@ -104,25 +104,6 @@ freetube ]; - programs.feh.enable = true; - - xdg.configFile = { - mpv.source = ../mpv; - }; - - programs.direnv = { - enable = true; - nix-direnv.enable = true; - }; - - programs.git.extraConfig = { - user = { - signingKey = "~/.ssh/id_ed25519"; - }; - gpg.format = "ssh"; - commit.gpgsign = true; - }; - home.sessionVariables = { # to make ghidra work on xwayland _JAVA_AWT_WM_NONREPARENTING = 1; @@ -145,5 +126,29 @@ SSH_AUTH_SOCK = "$HOME/.bitwarden-ssh-agent.sock"; }; + home.sessionPath = [ + "$HOME/.cargo/bin" + "$HOME/go/bin" + ]; + + programs.feh.enable = true; + + xdg.configFile = { + mpv.source = ../mpv; + }; + + programs.direnv = { + enable = true; + nix-direnv.enable = true; + }; + + programs.git.extraConfig = { + user = { + signingKey = "~/.ssh/id_ed25519"; + }; + gpg.format = "ssh"; + commit.gpgsign = true; + }; + programs.nix-index-database.comma.enable = true; } diff --git a/hosts/ytnix/default.nix b/hosts/ytnix/default.nix index 5aa406a..c185991 100644 --- a/hosts/ytnix/default.nix +++ b/hosts/ytnix/default.nix @@ -257,8 +257,9 @@ "image/*" = "gwenview.desktop"; }; - virtualisation = { - libvirtd.enable = true; + virtualisation.libvirtd = { + enable = true; + qemu.vhostUserPackages = with pkgs; [ virtiofsd ]; }; programs.virt-manager.enable = true; my.containerization.enable = true; @@ -382,4 +383,5 @@ programs.ccache.enable = true; nix.settings.extra-sandbox-paths = [ config.programs.ccache.cacheDir ]; + programs.fuse.userAllowOther = true; } From dd0ede34f688fa5553127480a43c56da8d3c763d Mon Sep 17 00:00:00 2001 From: cy Date: Tue, 11 Mar 2025 11:19:47 -0400 Subject: [PATCH 3/3] flake update Signed-off-by: cy --- flake.lock | 112 ++++++++++++++++++++++++++--------------------------- 1 file changed, 56 insertions(+), 56 deletions(-) diff --git a/flake.lock b/flake.lock index 129ff5f..7696580 100644 --- a/flake.lock +++ b/flake.lock @@ -10,11 +10,11 @@ "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1731270564, - "narHash": "sha256-6KMC/NH/VWP5Eb+hA56hz0urel3jP6Y6cF2PX6xaTkk=", + "lastModified": 1738524606, + "narHash": "sha256-hPYEJ4juK3ph7kbjbvv7PlU1D9pAkkhl+pwx8fZY53U=", "owner": "zhaofengli", "repo": "attic", - "rev": "47752427561f1c34debb16728a210d378f0ece36", + "rev": "ff8a897d1f4408ebbf4d45fa9049c06b3e1e3f4e", "type": "github" }, "original": { @@ -83,11 +83,11 @@ "complement": { "flake": false, "locked": { - "lastModified": 1734303596, - "narHash": "sha256-HjDRyLR4MBqQ3IjfMM6eE+8ayztXlbz3gXdyDmFla68=", + "lastModified": 1741378155, + "narHash": "sha256-rJSfqf3q4oWxcAwENtAowLZeCi8lktwKVH9XQvvZR64=", "owner": "girlbossceo", "repo": "complement", - "rev": "14cc5be797b774f1a2b9f826f38181066d4952b8", + "rev": "1502a00d8551d0f6e8954a23e43868877c3e57d9", "type": "github" }, "original": { @@ -120,11 +120,11 @@ "rocksdb": "rocksdb" }, "locked": { - "lastModified": 1739202916, - "narHash": "sha256-QdPUbONWFUdUSagT0pwad5yzOP0+Vxmmb6pM6QjhyFI=", + "lastModified": 1741642109, + "narHash": "sha256-vO66C3rCb4lz3NU012fZj8+5BaFGuOCq/BJqiOXpqSA=", "owner": "girlbossceo", "repo": "conduwuit", - "rev": "e3b81f7b6488b5c483e8b13e3959fe591bf4cb92", + "rev": "c4b05e77f3dd66636e26b64f8f4852703816c399", "type": "github" }, "original": { @@ -157,11 +157,11 @@ }, "crane_2": { "locked": { - "lastModified": 1741396358, - "narHash": "sha256-js4c6tqxluo4Fysn8gloLnlZ6ZjQkuWMgGjHN8+WssE=", + "lastModified": 1741481578, + "narHash": "sha256-JBTSyJFQdO3V8cgcL08VaBUByEU6P5kXbTJN6R0PFQo=", "owner": "ipetkov", "repo": "crane", - "rev": "aaebfb7ce7e13c691aea178aff7621906f466662", + "rev": "bb1c9567c43e4434f54e9481eb4b8e8e0d50f0b5", "type": "github" }, "original": { @@ -213,11 +213,11 @@ "rust-analyzer-src": "rust-analyzer-src" }, "locked": { - "lastModified": 1737786656, - "narHash": "sha256-ubCW9Jy7ZUOF354bWxTgLDpVnTvIpNr6qR4H/j7I0oo=", + "lastModified": 1740724364, + "narHash": "sha256-D1jLIueJx1dPrP09ZZwTrPf4cubV+TsFMYbpYYTVj6A=", "owner": "nix-community", "repo": "fenix", - "rev": "2f721f527886f801403f389a9cabafda8f1e3b7f", + "rev": "edf7d9e431cda8782e729253835f178a356d3aab", "type": "github" }, "original": { @@ -472,11 +472,11 @@ ] }, "locked": { - "lastModified": 1741461731, - "narHash": "sha256-BBQfGvO3GWOV+5tmqH14gNcZrRaQ7Q3tQx31Frzoip8=", + "lastModified": 1741701235, + "narHash": "sha256-gBlb8R9gnjUAT5XabJeel3C2iEUiBHx3+91651y3Sqo=", "owner": "nix-community", "repo": "home-manager", - "rev": "7f4c60a3d6e548dbc13666565c22cb3f8dcdad44", + "rev": "c630dfa8abcc65984cc1e47fb25d4552c81dd37e", "type": "github" }, "original": { @@ -566,11 +566,11 @@ "liburing": { "flake": false, "locked": { - "lastModified": 1737600516, - "narHash": "sha256-EKyLQ3pbcjoU5jH5atge59F4fzuhTsb6yalUj6Ve2t8=", + "lastModified": 1740613216, + "narHash": "sha256-NpPOBqNND3Qe9IwqYs0mJLGTmIx7e6FgUEBAnJ+1ZLA=", "owner": "axboe", "repo": "liburing", - "rev": "6c509e2b0c881a13b83b259a221bf15fc9b3f681", + "rev": "e1003e496e66f9b0ae06674869795edf772d5500", "type": "github" }, "original": { @@ -593,11 +593,11 @@ "pre-commit-hooks": "pre-commit-hooks" }, "locked": { - "lastModified": 1741358751, - "narHash": "sha256-cDPg74UirjlGcVjB9qI/8ImkdEJ9p2y8Y2FQBfU8KzY=", + "lastModified": 1741700536, + "narHash": "sha256-0OJER7bI6UsCFnKfKdLtgjpOTNccbN3N1dDriP4XRwA=", "ref": "refs/heads/main", - "rev": "93c3ca4e92b8cd1a129498f4c3f4c48558032d46", - "revCount": 17620, + "rev": "be1491fa6aef638e0147b81ff172131d6db668d9", + "revCount": 17635, "type": "git", "url": "https://git.lix.systems/lix-project/lix" }, @@ -745,11 +745,11 @@ ] }, "locked": { - "lastModified": 1741446546, - "narHash": "sha256-0z0GiUsUhjhZWa24bcAxqmlI3Ch8QvEeh42wghc6oVw=", + "lastModified": 1741619381, + "narHash": "sha256-koZtlJRqi0/MD/AKd0KrXLA2NuBOVzlIyAJprjzpxZE=", "owner": "nix-community", "repo": "nix-index-database", - "rev": "eeaf10849c3a0435323216885c0df7569dc95cb9", + "rev": "66537fb185462ba9b07f4e6f2d54894a1b2d04ab", "type": "github" }, "original": { @@ -765,11 +765,11 @@ ] }, "locked": { - "lastModified": 1740995332, - "narHash": "sha256-SELnZZg9LOhw+kz60yEAr3l1plu70rBLInMRszLHtuc=", + "lastModified": 1741597901, + "narHash": "sha256-nLUTgXXcFFz+3pd3Khz1H4jUECqX5+OapNPGioPJRQs=", "owner": "nix-community", "repo": "nix-ld", - "rev": "090c2003e3faa739e5a94e0a3cd782a1ccc40964", + "rev": "8e0308dd7dd9cd3656866fb2387bc29052fd6d3a", "type": "github" }, "original": { @@ -860,11 +860,11 @@ }, "nixpkgs-stable_3": { "locked": { - "lastModified": 1741332913, - "narHash": "sha256-ri1e8ZliWS3Jnp9yqpKApHaOo7KBN33W8ECAKA4teAQ=", + "lastModified": 1741600792, + "narHash": "sha256-yfDy6chHcM7pXpMF4wycuuV+ILSTG486Z/vLx/Bdi6Y=", "owner": "nixos", "repo": "nixpkgs", - "rev": "20755fa05115c84be00b04690630cb38f0a203ad", + "rev": "ebe2788eafd539477f83775ef93c3c7e244421d3", "type": "github" }, "original": { @@ -924,11 +924,11 @@ }, "nixpkgs_5": { "locked": { - "lastModified": 1741455743, - "narHash": "sha256-raXtjhD9mmNrVdCoJkYoUo0X2lhEyIZYQ6M7uUp/Uuc=", + "lastModified": 1741692589, + "narHash": "sha256-t1BrOTAUIkRY4YlSspERzz5iaFbzJTIE6mhLmnWrDaA=", "owner": "nixos", "repo": "nixpkgs", - "rev": "c1ee2620296430ac1e3ee72583ad0191463a9d60", + "rev": "a7010334ad6d8082bb8aa5dd2e37bf3b98b1a713", "type": "github" }, "original": { @@ -949,11 +949,11 @@ "nuschtosSearch": "nuschtosSearch" }, "locked": { - "lastModified": 1741098523, - "narHash": "sha256-gXDSXDr6tAb+JgxGMvcEjKC9YO8tVOd8hMMZHJLyQ6Q=", + "lastModified": 1741637833, + "narHash": "sha256-1uBkdOwxNmkdXXjoycnEBZUoHZ/22GitQRVXjZlsVK0=", "owner": "nix-community", "repo": "nixvim", - "rev": "03065fd4708bfdf47dd541d655392a60daa25ded", + "rev": "bc34099731a7e3799c0d52ccdf4599409a2ef9b9", "type": "github" }, "original": { @@ -1062,16 +1062,16 @@ "rocksdb": { "flake": false, "locked": { - "lastModified": 1737828695, - "narHash": "sha256-8Ev6zzhNPU798JNvU27a7gj5X+6SDG3jBweUkQ59DbA=", + "lastModified": 1741308171, + "narHash": "sha256-YdBvdQ75UJg5ffwNjxizpviCVwVDJnBkM8ZtGIduMgY=", "owner": "girlbossceo", "repo": "rocksdb", - "rev": "a4d9230dcc9d03be428b9a728133f8f646c0065c", + "rev": "3ce04794bcfbbb0d2e6f81ae35fc4acf688b6986", "type": "github" }, "original": { "owner": "girlbossceo", - "ref": "v9.9.3", + "ref": "v9.11.1", "repo": "rocksdb", "type": "github" } @@ -1104,11 +1104,11 @@ "rust-analyzer-src": { "flake": false, "locked": { - "lastModified": 1737728869, - "narHash": "sha256-U4pl3Hi0lT6GP4ecN3q9wdD2sdaKMbmD/5NJ1NdJ9AM=", + "lastModified": 1740691488, + "narHash": "sha256-Fs6vBrByuiOf2WO77qeMDMTXcTGzrIMqLBv+lNeywwM=", "owner": "rust-lang", "repo": "rust-analyzer", - "rev": "6e4c29f7ce18cea7d3d31237a4661ab932eab636", + "rev": "fe3eda77d3a7ce212388bda7b6cec8bffcc077e5", "type": "github" }, "original": { @@ -1125,11 +1125,11 @@ ] }, "locked": { - "lastModified": 1741400194, - "narHash": "sha256-tEpgT+q5KlGjHSm8MnINgTPErEl8YDzX3Eps8PVc09g=", + "lastModified": 1741660300, + "narHash": "sha256-0jldJ58sC5RjqwpwE+ER+RPMeX4Moz5im/evQ3SU/dU=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "16b6045a232fea0e9e4c69e55a6e269607dd8e3f", + "rev": "ac2f556db0eb5cbba3c4f5f5989c46330f439b0b", "type": "github" }, "original": { @@ -1145,11 +1145,11 @@ ] }, "locked": { - "lastModified": 1741043164, - "narHash": "sha256-9lfmSZLz6eq9Ygr6cCmvQiiBEaPb54pUBcjvbEMPORc=", + "lastModified": 1741644481, + "narHash": "sha256-E0RrMykMtEv15V3QhpsFutgoSKhL1JBhidn+iZajOyg=", "owner": "Mic92", "repo": "sops-nix", - "rev": "3f2412536eeece783f0d0ad3861417f347219f4d", + "rev": "e653d71e82575a43fe9d228def8eddb73887b866", "type": "github" }, "original": { @@ -1218,11 +1218,11 @@ ] }, "locked": { - "lastModified": 1741693734, - "narHash": "sha256-Df0jzarVCkwJttnITExjsbSN20FOOuenGhpKvOj49hk=", + "lastModified": 1741704640, + "narHash": "sha256-FSvtxhfB0PQtFOj8PMfcgUG1QVaQzjTZvAxLiqDysKI=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "6d444be7edf281b8df98235d911d176beaa31510", + "rev": "27f37976beb94100b18ab8407ff056654db68506", "type": "github" }, "original": {