chandlerswift/machine-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
machine-config/bert
History
Chandler Swift 4ac95b4f6d
bert: navidrome: Disable MemoryDenyWriteExecute for wasm jit 
Without this, we see this error:

    Feb 22 18:07:12 bert navidrome[230133]: time="2026-02-22T18:07:12-06:00" level=info msg="Watcher started for library" absoluteLibPath=/mnt/bigbird_public/media/music libraryID=1 name="Music Library" path=/mnt/bigbird_public/media/music
    Feb 22 18:07:13 bert navidrome[230156]: panic: permission denied [recovered, repanicked]
    Feb 22 18:07:13 bert navidrome[230156]: goroutine 1037 [running]:
    Feb 22 18:07:13 bert navidrome[230156]: go.senan.xyz/taglib.init.OnceValues[...].func3.1.1()
    Feb 22 18:07:13 bert navidrome[230156]:         sync/oncefunc.go:98 +0x75
    Feb 22 18:07:13 bert navidrome[230156]: panic({0x13a32e0?, 0x3649328?})
    Feb 22 18:07:13 bert navidrome[230156]:         runtime/panic.go:783 +0x132
    Feb 22 18:07:13 bert navidrome[230156]: github.com/tetratelabs/wazero/internal/engine/wazevo.mmapExecutable({0xc00030f000, 0xaf0, 0xc000737800?})
    Feb 22 18:07:13 bert navidrome[230156]:         github.com/tetratelabs/wazero@v1.11.0/internal/engine/wazevo/engine.go:881 +0xb4
    […]
    Feb 22 18:07:13 bert navidrome[230133]: time="2026-02-22T18:07:13-06:00" level=error msg="Scan failed" error="failed to read status from scanner: /nix/store/622zip549ggami2mslhabm80sfsjlrxd-navidrome-0.60.0/bin/.navidrome-wrapped scan --nobanner --subprocess --configfile /nix/store/dxsk74a7b92vkv5mwaaihqcrlqmhlnq0-navidrome.json --datafolder . --cachefolder cache exited with non-zero status code: exit status 2"
    Feb 22 18:49:32 bert navidrome[230133]: time="2026-02-22T18:49:32-06:00" level=info msg="Stopping HTTP server"

mkForce is required to avoid a conflicting definition error:

    error: The option `systemd.services.navidrome.serviceConfig.MemoryDenyWriteExecute' has conflicting definition values:
    - In `/nix/store/jyqf4h6n1wm7kg3qrc5njvvgzkn1m2j5-nixos-25.11/nixos/nixos/modules/services/audio/navidrome.nix': true
    - In `/root/config/services/navidrome.nix': false
    Use `lib.mkForce value` or `lib.mkDefault value` to change the priority on any of these definitions.
2026-02-26 21:37:51 -06:00
..
services bert: navidrome: Disable MemoryDenyWriteExecute for wasm jit 2026-02-26 21:37:51 -06:00
caddy-natural-sort.patch bert: Update caddy-natural-sort.patch 2026-02-18 18:23:02 -06:00
configuration.nix bert: Add Minecraft server to firewall 2025-12-28 22:50:10 -06:00
hardware-configuration.nix Set allowDiscards to enable NVMe TRIM 2025-12-28 22:50:10 -06:00
Makefile Replace deprecated --fast with --no-reexec 2025-12-17 19:01:50 -06:00
README.md bert: README: Remove Caddy note obsolete with 24.11 release 2024-11-30 23:41:54 -06:00

README.md

bert

Installation

  1. Install NixOS minimal
  2. ssh-keygen -N "" -f /etc/secrets/initrd/ssh_host_ed25519_key
  3. Enable SSH server and add root SSH key
  4. Deploy updated config with make
  5. Set up Remote Disk Unlocking
    1. mkdir -p /etc/secrets/initrd && ssh-keygen -N "" -f /etc/secrets/initrd/ssh_host_25519_key
  6. Deploy content:
    • websites in /srv
    • factorio world at /var/lib/factorio/saves/default.zip
    • git/forgejo in /var/lib/forgejo
    • navidrome DB/etc in /var/lib/navidrome
  7. Set up Grafana users (log in with default admin/admin; change creds; configure)