bert: Enable immich

I don't want those indexed!

bert/configuration.nix

@@ -6,6 +6,7 @@
       ./hardware-configuration.nix
       ./services/factorio.nix
       ./services/http/index.nix
+      ./services/immich.nix
       ./services/minecraft.nix
       ./services/monitoring.nix
       ./services/forgejo.nix
@@ -41,7 +42,11 @@
   fileSystems."/mnt/bigbird_public" = {
     device = "//bigbird/public";
     fsType = "cifs";
-    options = [ "guest" ];
+    options = [
+      "x-systemd.automount"
+      "x-systemd.requires=network-online.target"
+      "guest"
+    ];
   };
 
   time.timeZone = "America/Chicago";

bert/services/forgejo.nix

@@ -1,6 +1,7 @@
 {
   services.forgejo = {
     enable = true;
+    stateDir = "/srv/forgejo";
     settings = {
       DEFAULT = {
         APP_NAME = "Forgejo: Beyond coding. We Forge."; # TODO

bert/services/http/home.chandlerswift.com.nix

@@ -7,6 +7,24 @@
     reverse_proxy /grafana/* localhost:3000
     # hide .git # ???
 
+    respond /robots.txt 200 {
+      body <<EOF
+    User-agent: *
+    Disallow: /sheets/
+    Disallow: /newspapers/
+    EOF
+    }
+
+    file_server /newspapers/* {
+      browse ${./caddy-browse-template.html}
+
+      # TOOD: is there a better way to strip the prefix here? This shouldn't be
+      # vulnerable to a directory traversal attack (and it doesn't really
+      # matter anyway; everything in there is public somewhere or another!) but
+      # it sorta feels wrong to do this without a `/sheets` suffix.
+      root /mnt/bigbird_public
+    }
+
     file_server /sheets/* {
       browse ${./caddy-browse-template.html}
 
@@ -14,7 +32,7 @@
       # vulnerable to a directory traversal attack (and it doesn't really
       # matter anyway; everything in there is public somewhere or another!) but
       # it sorta feels wrong to do this without a `/sheets` suffix.
-      root /mnt/bigbird-public
+      root /mnt/bigbird_public
     }
 
     handle_errors {

bert/services/http/index.nix

@@ -13,6 +13,7 @@
     ./maps.chandlerswift.com.nix
     ./music.chandlerswift.com.nix
     ./nau-sidewalks.chandlerswift.com.nix
+    ./photos.chandlerswift.com.nix
     ./preview.chandlerswift.com.nix
     ./sharontrahan.com.nix
     ./social.chandlerswift.com.nix

bert/services/http/photos.chandlerswift.com.nix

@@ -0,0 +1,8 @@
+{config, ...}: {
+  services.immich.enable = true;
+  services.immich.mediaLocation = "/srv/immich";
+
+  services.caddy.virtualHosts."photos.chandlerswift.com".extraConfig = ''
+    reverse_proxy localhost:${toString config.services.immich.port}
+  '';
+}

oscar/configuration.nix

@@ -34,11 +34,7 @@
   boot.plymouth.theme = "breeze";
 
   boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
-  boot.binfmt.registrations.aarch64-linux = {
-    interpreter = "${pkgs.pkgsStatic.qemu-user.override { hostCpuTargets = ["aarch64-linux-user"]; }}/bin/qemu-aarch64";
-    wrapInterpreterInShell = false;
-    fixBinary = true;
-  };
+  boot.binfmt.preferStaticEmulators = true;
 
   boot.initrd.luks.devices."luks-ca2fdf0b-d385-498c-9f7d-f58368a65fd4".device = "/dev/disk/by-uuid/ca2fdf0b-d385-498c-9f7d-f58368a65fd4";
   networking.hostName = "oscar"; # Define your hostname.
@@ -101,12 +97,15 @@
     jack.enable = true;
   };
 
-  environment.sessionVariables.NIXOS_OZONE_WL = "1";
+  environment.sessionVariables = {
+    NIXOS_OZONE_WL = "1";
+    BUILDKIT_PROGRESS = "plain";
+  };
 
   # Define a user account. Don't forget to set a password with ‘passwd’.
   users.users.chandler.isNormalUser = true;
   users.users.chandler.description = "Chandler Swift";
-  users.users.chandler.extraGroups = [ "networkmanager" "wheel" "dialout" "cdrom" "plugdev" "adbusers" "docker" ];
+  users.users.chandler.extraGroups = [ "networkmanager" "wheel" "dialout" "cdrom" "plugdev" "adbusers" "libvirtd" "docker" ];
   home-manager.backupFileExtension = "backup";
   home-manager.users.chandler = { pkgs, ... }: {
 
@@ -152,6 +151,7 @@
       ffmpeg
       git-absorb
       imagemagick
+      jujutsu
       killall
       pv
       scrcpy