From d650b72c0f71142426106db4dd71b2e7c7c413a5 Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Fri, 3 Jan 2025 17:29:55 +0100 Subject: immich --- hosts/vidhar/default.nix | 2 +- hosts/vidhar/immich.nix | 10 ++++++++++ hosts/vidhar/network/ruleset.nft | 7 +++++++ hosts/vidhar/postgresql.nix | 32 ++++++++++++++++++++++++++++++++ hosts/vidhar/zfs.nix | 2 +- 5 files changed, 51 insertions(+), 2 deletions(-) create mode 100644 hosts/vidhar/immich.nix create mode 100644 hosts/vidhar/postgresql.nix (limited to 'hosts/vidhar') diff --git a/hosts/vidhar/default.nix b/hosts/vidhar/default.nix index 42a9e80d..d9bc53f2 100644 --- a/hosts/vidhar/default.nix +++ b/hosts/vidhar/default.nix @@ -4,7 +4,7 @@ with lib; { imports = with flake.nixosModules.systemProfiles; [ - ./zfs.nix ./network ./samba.nix ./dns ./prometheus ./borg ./pgbackrest + ./zfs.nix ./network ./samba.nix ./dns ./prometheus ./borg ./pgbackrest ./postgresql.nix ./immich.nix tmpfs-root zfs initrd-all-crypto-modules default-locale openssh rebuild-machines build-server diff --git a/hosts/vidhar/immich.nix b/hosts/vidhar/immich.nix new file mode 100644 index 00000000..a1f145a8 --- /dev/null +++ b/hosts/vidhar/immich.nix @@ -0,0 +1,10 @@ +{ ... }: + +{ + config = { + services.immich = { + enable = true; + host = "2a03:4000:52:ada:4:1::"; + }; + }; +} diff --git a/hosts/vidhar/network/ruleset.nft b/hosts/vidhar/network/ruleset.nft index 9f519302..10fd4c51 100644 --- a/hosts/vidhar/network/ruleset.nft +++ b/hosts/vidhar/network/ruleset.nft @@ -1,4 +1,5 @@ define icmp_protos = { ipv6-icmp, icmp, igmp } +define bifrost_surtr = 2a03:4000:52:ada:4::/128 table arp filter { limit lim_arp_local { @@ -90,6 +91,7 @@ table inet filter { counter http-rx {} counter tftp-rx {} counter pgbackrest-rx {} + counter immich-rx {} counter established-rx {} @@ -118,6 +120,7 @@ table inet filter { counter http-tx {} counter tftp-tx {} counter pgbackrest-tx {} + counter immich-tx {} counter tx {} @@ -193,6 +196,8 @@ table inet filter { tcp dport 8432 counter name pgbackrest-rx accept + iifname bifrost tcp dport 2283 ip6 saddr $bifrost_surtr counter name immich-rx accept + ct state { established, related } counter name established-rx accept @@ -240,6 +245,8 @@ table inet filter { tcp sport 8432 counter name pgbackrest-tx accept + iifname bifrost tcp sport 2283 ip6 daddr $bifrost_surtr counter name immich-tx accept + counter name tx } diff --git a/hosts/vidhar/postgresql.nix b/hosts/vidhar/postgresql.nix new file mode 100644 index 00000000..fa5b734f --- /dev/null +++ b/hosts/vidhar/postgresql.nix @@ -0,0 +1,32 @@ +{ pkgs, config, flake, flakeInputs, ... }: + +let + nixpkgs-pgbackrest = import (flakeInputs.nixpkgs-pgbackrest.outPath + "/pkgs/top-level") { + overlays = [ flake.overlays.libdscp ]; + localSystem = config.nixpkgs.system; + }; +in { + config = { + services.postgresql = { + enable = true; + package = pkgs.postgresql_15; + }; + + services.pgbackrest = { + settings."vidhar" = { + pg1-path = config.services.postgresql.dataDir; + + repo1-path = "/var/lib/pgbackrest"; + repo1-retention-full-type = "time"; + repo1-retention-full = 14; + repo1-retention-archive = 7; + }; + + backups."vidhar-daily" = { + stanza = "vidhar"; + repo = "1"; + timerConfig.OnCalendar = "daily"; + }; + }; + }; +} diff --git a/hosts/vidhar/zfs.nix b/hosts/vidhar/zfs.nix index 518c3287..9d667fd6 100644 --- a/hosts/vidhar/zfs.nix +++ b/hosts/vidhar/zfs.nix @@ -34,7 +34,7 @@ with lib; }; "/etc/zfs/zfs-list.cache" = - { device = "ssd-raid1/local/zfs-zfs--list.cache"; + { device = "ssd-raid1/local/etc-zfs-zfs--list.cache"; fsType = "zfs"; neededForBoot = true; }; -- cgit v1.2.3