updates

hosts/olympus/bastion/containers/default.nix

@@ -37,11 +37,6 @@ in {
           inputs.catppuccin.nixosModules.catppuccin
         ];
 
-        services.v.dns = {
-          enable = true;
-          openFirewall = true;
-          mode = "server";
-        };
       };
     };
   };

hosts/olympus/bastion/default.nix

@@ -7,6 +7,7 @@
     # Include the results of the hardware scan.
     ./hardware-configuration.nix
     ./containers
+    ./immich.nix
     # ./vms.nix
   ];
 
@@ -30,7 +31,7 @@
   # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
   system.stateVersion = "22.11"; # Did you read the comment?
 
-  virtualisation.podman.enable = true;
+  virtualisation.docker.enable = true;
 
   # Additional packages
   environment.systemPackages = with pkgs; [ vault ];

hosts/olympus/bastion/immich.nix

@@ -0,0 +1,78 @@
+{ config, pkgs, ... }:
+{
+  boot.kernel.sysctl = { "vm.overcommit_memory" = 1; };
+
+  virtualisation.oci-containers.backend = "docker";
+  virtualisation.docker.autoPrune.enable = true;
+
+
+  systemd.services.init-filerun-network-and-files = {
+    description = "Create the network bridge for Immich.";
+    after = [ "network.target" ];
+    wantedBy = [ "multi-user.target" ];
+
+    serviceConfig.Type = "oneshot";
+    script =
+      let
+        dockercli = "${config.virtualisation.docker.package}/bin/docker";
+      in
+      ''
+        # immich-net network
+        check=$(${dockercli} network ls | grep "immich-net" || true)
+        if [ -z "$check" ]; then
+          ${dockercli} network create immich-net
+        else
+          echo "immich-net already exists in docker"
+        fi
+      '';
+  };
+
+  virtualisation.oci-containers.containers = {
+    immich = {
+      autoStart = true;
+      image = "ghcr.io/imagegenius/immich:latest";
+      volumes = [
+        "/mnt/backup/immich/config:/config"
+        "/mnt/backup/immich/photos:/photos"
+        "/mnt/backup/replicated/photos:/replicated"
+        "/mnt/backup/immich/config/machine-learning:/config/machine-learning"
+      ];
+      ports = [ "2283:8080" ];
+      environment = {
+        PUID = "1000";
+        PGID = "1000";
+        TZ = "Europe/Amsterdam"; # Change this to your timezone
+        DB_HOSTNAME = "postgres14";
+        DB_USERNAME = "postgres";
+        DB_PASSWORD = "postgres";
+        DB_DATABASE_NAME = "immich";
+        REDIS_HOSTNAME = "redis";
+      };
+      extraOptions = [
+        "--network=immich-net"
+        "--pull=always"
+        # "--gpus=all"
+      ];
+    };
+
+    redis = {
+      autoStart = true;
+      image = "redis";
+      ports = [ "6379:6379" ];
+      extraOptions = [ "--network=immich-net" ];
+    };
+
+    postgres14 = {
+      autoStart = true;
+      image = "tensorchord/pgvecto-rs:pg14-v0.2.0";
+      ports = [ "5432:5432" ];
+      volumes = [ "pgdata:/var/lib/postgresql/data" ];
+      environment = {
+        POSTGRES_USER = "postgres";
+        POSTGRES_PASSWORD = "postgres";
+        POSTGRES_DB = "immich";
+      };
+      extraOptions = [ "--network=immich-net" ];
+    };
+  };
+}

hosts/olympus/eevee/default.nix

@@ -0,0 +1,53 @@
+# Edit this configuration file to define what should be installed on
+# your system.  Help is available in the configuration.nix(5) man page
+# and in the NixOS manual (accessible by running ‘nixos-help’).
+
+{ pkgs, ... }: {
+  imports = [ ./hardware-configuration.nix ./hardware.nix ];
+
+  # Bootloader.
+  boot = {
+    kernelPackages = pkgs.linuxPackages_latest;
+    initrd = {
+      kernelModules = [ "nvidia" "nvidia_modeset" "nvidia_uvm" "nvidia_drm" ];
+    };
+    loader.systemd-boot.configurationLimit = 5;
+  };
+
+  fileSystems."/".options = [ "compress=zstd" ];
+
+  # Set your time zone.
+  time.timeZone = "Europe/Amsterdam";
+
+  # Select internationalisation properties.
+  i18n.defaultLocale = "en_GB.UTF-8";
+  i18n.extraLocaleSettings = {
+    LC_ADDRESS = "nl_NL.UTF-8";
+    LC_IDENTIFICATION = "nl_NL.UTF-8";
+    LC_MEASUREMENT = "nl_NL.UTF-8";
+    LC_MONETARY = "nl_NL.UTF-8";
+    LC_NAME = "nl_NL.UTF-8";
+    LC_NUMERIC = "nl_NL.UTF-8";
+    LC_PAPER = "nl_NL.UTF-8";
+    LC_TELEPHONE = "nl_NL.UTF-8";
+    LC_TIME = "nl_NL.UTF-8";
+  };
+
+  # Enable CUPS to print documents.
+  services.printing.enable = true;
+
+  environment.systemPackages = with pkgs; [ wireguard-tools ];
+
+  environment.sessionVariables.NIXOS_OZONE_WL = "1";
+
+  home-manager = {
+    users.vivian = import ./home;
+  };
+  # This value determines the NixOS release from which the default
+  # settings for stateful data, like file locations and database versions
+  # on your system were taken. It‘s perfectly fine and recommended to leave
+  # this value at the release version of the first install of this system.
+  # Before changing this value read the documentation for this option
+  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+  system.stateVersion = "23.05"; # Did you read the comment?
+}

hosts/olympus/eevee/hardware-configuration.nix

@@ -0,0 +1,42 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, modulesPath, ... }:
+
+{
+  imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
+  boot = {
+
+    initrd.availableKernelModules =
+      [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ];
+    initrd.kernelModules = [ ];
+    kernelModules = [ "kvm-intel" ];
+    extraModulePackages = [ ];
+  };
+
+  fileSystems."/" = {
+    device = "/dev/disk/by-uuid/947a98af-9a4e-4811-a2ca-9aa00b319e9c";
+    fsType = "btrfs";
+    options = [ "subvol=@" ];
+  };
+
+  fileSystems."/boot/efi" = {
+    device = "/dev/disk/by-uuid/D883-F146";
+    fsType = "vfat";
+  };
+
+  swapDevices =
+    [{ device = "/dev/disk/by-uuid/a99402e1-6f2a-4c4b-b69f-aae2fd13ffc0"; }];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp0s31f6.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
+  hardware.cpu.intel.updateMicrocode =
+    lib.mkDefault config.hardware.enableRedistributableFirmware;
+}

hosts/olympus/eevee/hardware.nix

@@ -0,0 +1,43 @@
+{ pkgs, ... }:
+{
+  hardware = {
+    enableAllFirmware = true;
+    nvidia = {
+      # package = config.boot.kernelPackages.nvidiaPackages.stable;
+
+      # Open drivers cause gdm to crash
+      # open = true;
+
+      # nvidia-drm.modeset=1
+      modesetting.enable = true;
+      powerManagement.enable = false;
+    };
+
+    # Hardware acceleration
+    graphics.enable = true;
+
+    logitech.wireless = {
+      enable = true;
+      enableGraphical = true;
+    };
+  };
+  services = {
+
+    hardware.bolt.enable = true;
+
+    xserver.videoDrivers = [ "nvidia" ];
+
+    # udev
+    udev.packages = with pkgs; [
+      android-udev-rules
+      logitech-udev-rules
+      wooting-udev-rules
+    ];
+
+    # SSD Trim
+    fstrim.enable = true;
+  };
+
+  # FS
+  fileSystems."/".options = [ "compress=zstd" ];
+}

hosts/olympus/eevee/home/.gitignore

@@ -0,0 +1 @@
+*dconf_dump*

hosts/olympus/eevee/home/default.nix

@@ -0,0 +1,9 @@
+{ pkgs, ... }: {
+  dconf.settings."org/gnome/desktop/peripherals/mouse" = {
+    accel-profile = "flat";
+  };
+
+  home.packages = with pkgs; [
+    zoom-us
+  ];
+}