From 721fdf971938cef4aa19146320c1d73ece1a10de Mon Sep 17 00:00:00 2001 From: Chandler Swift Date: Thu, 19 Jun 2025 23:17:45 -0500 Subject: [PATCH 01/11] bert: Install immich --- bert/configuration.nix | 1 + bert/services/http/index.nix | 1 + bert/services/http/photos.chandlerswift.com.nix | 5 +++++ 3 files changed, 7 insertions(+) create mode 100644 bert/services/http/photos.chandlerswift.com.nix diff --git a/bert/configuration.nix b/bert/configuration.nix index 3814822..f4e97b4 100644 --- a/bert/configuration.nix +++ b/bert/configuration.nix @@ -6,6 +6,7 @@ ./hardware-configuration.nix ./services/factorio.nix ./services/http/index.nix + ./services/immich.nix ./services/minecraft.nix ./services/monitoring.nix ./services/forgejo.nix diff --git a/bert/services/http/index.nix b/bert/services/http/index.nix index 577cdf0..22f8782 100644 --- a/bert/services/http/index.nix +++ b/bert/services/http/index.nix @@ -13,6 +13,7 @@ ./maps.chandlerswift.com.nix ./music.chandlerswift.com.nix ./nau-sidewalks.chandlerswift.com.nix + ./photos.chandlerswift.com.nix ./preview.chandlerswift.com.nix ./sharontrahan.com.nix ./social.chandlerswift.com.nix diff --git a/bert/services/http/photos.chandlerswift.com.nix b/bert/services/http/photos.chandlerswift.com.nix new file mode 100644 index 0000000..beb78df --- /dev/null +++ b/bert/services/http/photos.chandlerswift.com.nix @@ -0,0 +1,5 @@ +{config, ...}: { + services.caddy.virtualHosts."photos.chandlerswift.com".extraConfig = '' + reverse_proxy localhost:${toString config.services.immich.port} + ''; +} From b933ecc24ed65a57eeb7c22a757183294bea8e77 Mon Sep 17 00:00:00 2001 From: Chandler Swift Date: Fri, 4 Jul 2025 13:43:27 -0500 Subject: [PATCH 02/11] bert: Fix bigbird_public mount path The mount path had changed months back: commit ccc8708a6be082a04f3aa45d3c33eb166e2a200e Author: Chandler Swift Date: Tue Jan 14 23:31:14 2025 -0600 bert: Rename mount so systemd doesn't escape hyphen diff --git a/bert/configuration.nix b/bert/configuration.nix index 61f79b1..4072b87 100644 --- a/bert/configuration.nix +++ b/bert/configuration.nix @@ -40 +40 @@ - fileSystems."/mnt/bigbird-public" = { + fileSystems."/mnt/bigbird_public" = { but I missed this use, so `/sheets` was 404ing. --- bert/services/http/home.chandlerswift.com.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bert/services/http/home.chandlerswift.com.nix b/bert/services/http/home.chandlerswift.com.nix index 1c11558..054c580 100644 --- a/bert/services/http/home.chandlerswift.com.nix +++ b/bert/services/http/home.chandlerswift.com.nix @@ -14,7 +14,7 @@ # vulnerable to a directory traversal attack (and it doesn't really # matter anyway; everything in there is public somewhere or another!) but # it sorta feels wrong to do this without a `/sheets` suffix. - root /mnt/bigbird-public + root /mnt/bigbird_public } handle_errors { From 3e994311ec74bed7143315f8af33797a6746b141 Mon Sep 17 00:00:00 2001 From: Chandler Swift Date: Fri, 4 Jul 2025 14:04:03 -0500 Subject: [PATCH 03/11] oscar: Simplify binfmt config I no longer need the full config now that this PR is merged: https://github.com/NixOS/nixpkgs/pull/334859 --- oscar/configuration.nix | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/oscar/configuration.nix b/oscar/configuration.nix index 6cb71c6..640da6d 100644 --- a/oscar/configuration.nix +++ b/oscar/configuration.nix @@ -34,11 +34,7 @@ boot.plymouth.theme = "breeze"; boot.binfmt.emulatedSystems = [ "aarch64-linux" ]; - boot.binfmt.registrations.aarch64-linux = { - interpreter = "${pkgs.pkgsStatic.qemu-user.override { hostCpuTargets = ["aarch64-linux-user"]; }}/bin/qemu-aarch64"; - wrapInterpreterInShell = false; - fixBinary = true; - }; + boot.binfmt.preferStaticEmulators = true; boot.initrd.luks.devices."luks-ca2fdf0b-d385-498c-9f7d-f58368a65fd4".device = "/dev/disk/by-uuid/ca2fdf0b-d385-498c-9f7d-f58368a65fd4"; networking.hostName = "oscar"; # Define your hostname. From 1bdd5878309d099acfdba9a862c2ad135a5ac1f4 Mon Sep 17 00:00:00 2001 From: Chandler Swift Date: Fri, 4 Jul 2025 14:27:05 -0500 Subject: [PATCH 04/11] oscar: Add chandler to libvirtd for unpriv virt-manager --- oscar/configuration.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/oscar/configuration.nix b/oscar/configuration.nix index 640da6d..1415a44 100644 --- a/oscar/configuration.nix +++ b/oscar/configuration.nix @@ -102,7 +102,7 @@ # Define a user account. Don't forget to set a password with ‘passwd’. users.users.chandler.isNormalUser = true; users.users.chandler.description = "Chandler Swift"; - users.users.chandler.extraGroups = [ "networkmanager" "wheel" "dialout" "cdrom" "plugdev" "adbusers" "docker" ]; + users.users.chandler.extraGroups = [ "networkmanager" "wheel" "dialout" "cdrom" "plugdev" "adbusers" "libvirtd" "docker" ]; home-manager.backupFileExtension = "backup"; home-manager.users.chandler = { pkgs, ... }: { From ccda971ed817028ebc0713fd28b2afa7c8b961fd Mon Sep 17 00:00:00 2001 From: Chandler Swift Date: Fri, 4 Jul 2025 14:43:18 -0500 Subject: [PATCH 05/11] oscar: Set BUILDKIT_PROGRESS=plain for simple docker build output --- oscar/configuration.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/oscar/configuration.nix b/oscar/configuration.nix index 1415a44..1e37e06 100644 --- a/oscar/configuration.nix +++ b/oscar/configuration.nix @@ -97,7 +97,10 @@ jack.enable = true; }; - environment.sessionVariables.NIXOS_OZONE_WL = "1"; + environment.sessionVariables = { + NIXOS_OZONE_WL = "1"; + BUILDKIT_PROGRESS = "plain"; + }; # Define a user account. Don't forget to set a password with ‘passwd’. users.users.chandler.isNormalUser = true; From 1941d89b9e71ff1e7880e81979e267bbed9b9eba Mon Sep 17 00:00:00 2001 From: Chandler Swift Date: Fri, 4 Jul 2025 14:43:39 -0500 Subject: [PATCH 06/11] oscar: Install jujutsu --- oscar/configuration.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/oscar/configuration.nix b/oscar/configuration.nix index 1e37e06..2834428 100644 --- a/oscar/configuration.nix +++ b/oscar/configuration.nix @@ -151,6 +151,7 @@ ffmpeg git-absorb imagemagick + jujutsu killall pv scrcpy From a1cd3c02c5e5f8083d68320d5eceb90d2696fe34 Mon Sep 17 00:00:00 2001 From: Chandler Swift Date: Fri, 4 Jul 2025 16:11:21 -0500 Subject: [PATCH 07/11] bert: Disallow robots on home.chandlerswift.com/sheets I don't want those indexed! --- bert/services/http/home.chandlerswift.com.nix | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/bert/services/http/home.chandlerswift.com.nix b/bert/services/http/home.chandlerswift.com.nix index 054c580..c4886e1 100644 --- a/bert/services/http/home.chandlerswift.com.nix +++ b/bert/services/http/home.chandlerswift.com.nix @@ -7,6 +7,13 @@ reverse_proxy /grafana/* localhost:3000 # hide .git # ??? + respond /robots.txt 200 { + body < Date: Fri, 4 Jul 2025 16:13:34 -0500 Subject: [PATCH 08/11] bert: Serve home.chandlerswift.com/newspapers --- bert/services/http/home.chandlerswift.com.nix | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/bert/services/http/home.chandlerswift.com.nix b/bert/services/http/home.chandlerswift.com.nix index c4886e1..8d280ec 100644 --- a/bert/services/http/home.chandlerswift.com.nix +++ b/bert/services/http/home.chandlerswift.com.nix @@ -11,9 +11,20 @@ body < Date: Fri, 4 Jul 2025 16:23:40 -0500 Subject: [PATCH 09/11] bert: Automatically mount bigbird_public on startup --- bert/configuration.nix | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/bert/configuration.nix b/bert/configuration.nix index f4e97b4..e8a81a0 100644 --- a/bert/configuration.nix +++ b/bert/configuration.nix @@ -42,7 +42,11 @@ fileSystems."/mnt/bigbird_public" = { device = "//bigbird/public"; fsType = "cifs"; - options = [ "guest" ]; + options = [ + "x-systemd.automount" + "x-systemd.requires=network-online.target" + "guest" + ]; }; time.timeZone = "America/Chicago"; From 6e60a9f25fc1820a5969afec5309b1fa54548ea8 Mon Sep 17 00:00:00 2001 From: Chandler Swift Date: Fri, 4 Jul 2025 16:28:06 -0500 Subject: [PATCH 10/11] bert: Store forgejo data in /srv --- bert/services/forgejo.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/bert/services/forgejo.nix b/bert/services/forgejo.nix index ae2f8f8..1d2e170 100644 --- a/bert/services/forgejo.nix +++ b/bert/services/forgejo.nix @@ -1,6 +1,7 @@ { services.forgejo = { enable = true; + stateDir = "/srv/forgejo"; settings = { DEFAULT = { APP_NAME = "Forgejo: Beyond coding. We Forge."; # TODO From 3242d90c24fc238aa76bda15ebeaf079c2a20c77 Mon Sep 17 00:00:00 2001 From: Chandler Swift Date: Fri, 4 Jul 2025 16:33:32 -0500 Subject: [PATCH 11/11] bert: Enable immich --- bert/services/http/photos.chandlerswift.com.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/bert/services/http/photos.chandlerswift.com.nix b/bert/services/http/photos.chandlerswift.com.nix index beb78df..844f309 100644 --- a/bert/services/http/photos.chandlerswift.com.nix +++ b/bert/services/http/photos.chandlerswift.com.nix @@ -1,4 +1,7 @@ {config, ...}: { + services.immich.enable = true; + services.immich.mediaLocation = "/srv/immich"; + services.caddy.virtualHosts."photos.chandlerswift.com".extraConfig = '' reverse_proxy localhost:${toString config.services.immich.port} '';