5 files changed, 51 insertions, 2 deletions
diff --git a/hosts/vidhar/default.nix b/hosts/vidhar/default.nix
index 42a9e80d..d9bc53f2 100644
--- a/hosts/vidhar/default.nix
+++ b/hosts/vidhar/default.nix
@@ -4,7 +4,7 @@ with lib;
 {
  imports = with flake.nixosModules.systemProfiles; [
-    ./zfs.nix ./network ./samba.nix ./dns ./prometheus ./borg ./pgbackrest
+    ./zfs.nix ./network ./samba.nix ./dns ./prometheus ./borg ./pgbackrest ./postgresql.nix ./immich.nix
    tmpfs-root zfs
    initrd-all-crypto-modules default-locale openssh rebuild-machines
    build-server
diff --git a/hosts/vidhar/immich.nix b/hosts/vidhar/immich.nix
new file mode 100644
index 00000000..a1f145a8
--- /dev/null
+++ b/hosts/vidhar/immich.nix
@@ -0,0 +1,10 @@
+{ ... }:
+{
+  config = {
+    services.immich = {
+      enable = true;
+      host = "2a03:4000:52:ada:4:1::";
+    };
+  };
+}
diff --git a/hosts/vidhar/network/ruleset.nft b/hosts/vidhar/network/ruleset.nft
index 9f519302..10fd4c51 100644
--- a/hosts/vidhar/network/ruleset.nft
+++ b/hosts/vidhar/network/ruleset.nft
@@ -1,4 +1,5 @@
 define icmp_protos = { ipv6-icmp, icmp, igmp }
+define bifrost_surtr = 2a03:4000:52:ada:4::/128
 table arp filter {
  limit lim_arp_local {
@@ -90,6 +91,7 @@ table inet filter {
  counter http-rx {}
  counter tftp-rx {}
  counter pgbackrest-rx {}
+  counter immich-rx {}
  counter established-rx {}
@@ -118,6 +120,7 @@ table inet filter {
  counter http-tx {}
  counter tftp-tx {}
  counter pgbackrest-tx {}
+  counter immich-tx {}
  counter tx {}
@@ -193,6 +196,8 @@ table inet filter {
    tcp dport 8432 counter name pgbackrest-rx accept
+    iifname bifrost tcp dport 2283 ip6 saddr $bifrost_surtr counter name immich-rx accept
    ct state { established, related } counter name established-rx accept
@@ -240,6 +245,8 @@ table inet filter {
    tcp sport 8432 counter name pgbackrest-tx accept
+    iifname bifrost tcp sport 2283 ip6 daddr $bifrost_surtr counter name immich-tx accept
    counter name tx
  }
diff --git a/hosts/vidhar/postgresql.nix b/hosts/vidhar/postgresql.nix
new file mode 100644
index 00000000..fa5b734f
--- /dev/null
+++ b/hosts/vidhar/postgresql.nix
@@ -0,0 +1,32 @@
+{ pkgs, config, flake, flakeInputs, ... }:
+let
+  nixpkgs-pgbackrest = import (flakeInputs.nixpkgs-pgbackrest.outPath + "/pkgs/top-level") {
+    overlays = [ flake.overlays.libdscp ];
+    localSystem = config.nixpkgs.system;
+  };
+in {
+  config = {
+    services.postgresql = {
+      enable = true;
+      package = pkgs.postgresql_15;
+    };
+    services.pgbackrest = {
+      settings."vidhar" = {
+        pg1-path = config.services.postgresql.dataDir;
+        repo1-path = "/var/lib/pgbackrest";
+        repo1-retention-full-type = "time";
+        repo1-retention-full = 14;
+        repo1-retention-archive = 7;
+      };
+      backups."vidhar-daily" = {
+        stanza = "vidhar";
+        repo = "1";
+        timerConfig.OnCalendar = "daily";
+      };
+    };
+  };
+}
diff --git a/hosts/vidhar/zfs.nix b/hosts/vidhar/zfs.nix
index 518c3287..9d667fd6 100644
--- a/hosts/vidhar/zfs.nix
+++ b/hosts/vidhar/zfs.nix
@@ -34,7 +34,7 @@ with lib;
        };
      "/etc/zfs/zfs-list.cache" =
-        { device = "ssd-raid1/local/zfs-zfs--list.cache";
+        { device = "ssd-raid1/local/etc-zfs-zfs--list.cache";
          fsType = "zfs";
          neededForBoot = true;
        };

diff --git a/hosts/vidhar/default.nix b/hosts/vidhar/default.nix index 42a9e80d..d9bc53f2 100644 --- a/hosts/vidhar/default.nix +++ b/hosts/vidhar/default.nix
@@ -4,7 +4,7 @@ with lib;
4		4
5	{	5	{
6	imports = with flake.nixosModules.systemProfiles; [	6	imports = with flake.nixosModules.systemProfiles; [
7	./zfs.nix ./network ./samba.nix ./dns ./prometheus ./borg ./pgbackrest	7	./zfs.nix ./network ./samba.nix ./dns ./prometheus ./borg ./pgbackrest ./postgresql.nix ./immich.nix
8	tmpfs-root zfs	8	tmpfs-root zfs
9	initrd-all-crypto-modules default-locale openssh rebuild-machines	9	initrd-all-crypto-modules default-locale openssh rebuild-machines
10	build-server	10	build-server


diff --git a/hosts/vidhar/immich.nix b/hosts/vidhar/immich.nix new file mode 100644 index 00000000..a1f145a8 --- /dev/null +++ b/hosts/vidhar/immich.nix
@@ -0,0 +1,10 @@
		1	{ ... }:
		2
		3	{
		4	config = {
		5	services.immich = {
		6	enable = true;
		7	host = "2a03:4000:52:ada:4:1::";
		8	};
		9	};
		10	}


diff --git a/hosts/vidhar/network/ruleset.nft b/hosts/vidhar/network/ruleset.nft index 9f519302..10fd4c51 100644 --- a/hosts/vidhar/network/ruleset.nft +++ b/hosts/vidhar/network/ruleset.nft
@@ -1,4 +1,5 @@
1	define icmp_protos = { ipv6-icmp, icmp, igmp }	1	define icmp_protos = { ipv6-icmp, icmp, igmp }
		2	define bifrost_surtr = 2a03:4000:52:ada:4::/128
2		3
3	table arp filter {	4	table arp filter {
4	limit lim_arp_local {	5	limit lim_arp_local {
@@ -90,6 +91,7 @@ table inet filter {
90	counter http-rx {}	91	counter http-rx {}
91	counter tftp-rx {}	92	counter tftp-rx {}
92	counter pgbackrest-rx {}	93	counter pgbackrest-rx {}
		94	counter immich-rx {}
93		95
94	counter established-rx {}	96	counter established-rx {}
95		97
@@ -118,6 +120,7 @@ table inet filter {
118	counter http-tx {}	120	counter http-tx {}
119	counter tftp-tx {}	121	counter tftp-tx {}
120	counter pgbackrest-tx {}	122	counter pgbackrest-tx {}
		123	counter immich-tx {}
121		124
122	counter tx {}	125	counter tx {}
123		126
@@ -193,6 +196,8 @@ table inet filter {
193		196
194	tcp dport 8432 counter name pgbackrest-rx accept	197	tcp dport 8432 counter name pgbackrest-rx accept
195		198
		199	iifname bifrost tcp dport 2283 ip6 saddr $bifrost_surtr counter name immich-rx accept
		200
196	ct state { established, related } counter name established-rx accept	201	ct state { established, related } counter name established-rx accept
197		202
198		203
@@ -240,6 +245,8 @@ table inet filter {
240		245
241	tcp sport 8432 counter name pgbackrest-tx accept	246	tcp sport 8432 counter name pgbackrest-tx accept
242		247
		248	iifname bifrost tcp sport 2283 ip6 daddr $bifrost_surtr counter name immich-tx accept
		249
243		250
244	counter name tx	251	counter name tx
245	}	252	}


diff --git a/hosts/vidhar/postgresql.nix b/hosts/vidhar/postgresql.nix new file mode 100644 index 00000000..fa5b734f --- /dev/null +++ b/hosts/vidhar/postgresql.nix
@@ -0,0 +1,32 @@
		1	{ pkgs, config, flake, flakeInputs, ... }:
		2
		3	let
		4	nixpkgs-pgbackrest = import (flakeInputs.nixpkgs-pgbackrest.outPath + "/pkgs/top-level") {
		5	overlays = [ flake.overlays.libdscp ];
		6	localSystem = config.nixpkgs.system;
		7	};
		8	in {
		9	config = {
		10	services.postgresql = {
		11	enable = true;
		12	package = pkgs.postgresql_15;
		13	};
		14
		15	services.pgbackrest = {
		16	settings."vidhar" = {
		17	pg1-path = config.services.postgresql.dataDir;
		18
		19	repo1-path = "/var/lib/pgbackrest";
		20	repo1-retention-full-type = "time";
		21	repo1-retention-full = 14;
		22	repo1-retention-archive = 7;
		23	};
		24
		25	backups."vidhar-daily" = {
		26	stanza = "vidhar";
		27	repo = "1";
		28	timerConfig.OnCalendar = "daily";
		29	};
		30	};
		31	};
		32	}


diff --git a/hosts/vidhar/zfs.nix b/hosts/vidhar/zfs.nix index 518c3287..9d667fd6 100644 --- a/hosts/vidhar/zfs.nix +++ b/hosts/vidhar/zfs.nix
@@ -34,7 +34,7 @@ with lib;
34	};	34	};
35		35
36	"/etc/zfs/zfs-list.cache" =	36	"/etc/zfs/zfs-list.cache" =
37	{ device = "ssd-raid1/local/zfs-zfs--list.cache";	37	{ device = "ssd-raid1/local/etc-zfs-zfs--list.cache";
38	fsType = "zfs";	38	fsType = "zfs";
39	neededForBoot = true;	39	neededForBoot = true;
40	};	40	};