flakes/hosts/hazel/default.nix

{ config, modules, pkgs, ... }:
let
  dirs = [
    ["immich" "immich"]
    ["nextcloud" "nextcloud"]
    ["postgresql" "postgres"]
    ["redis-immich" "redis-immich"]
  ];

  rules = builtins.map (d: "d /flower/${builtins.elemAt d 0} 750 ${builtins.elemAt d 1} ${builtins.elemAt d 1}") dirs;
  mounts = builtins.listToAttrs (builtins.map (d: {
    name = "/var/lib/${builtins.elemAt d 0}";
    value = {
      depends = [ "/flower" ];
      device = "/flower/${builtins.elemAt d 0}";
      fsType = "none";
      options = [ "bind" ];
    };
  }) dirs);
in
{
  networking.hostName = "hazel";
  system.stateVersion = "24.11";
  time.timeZone = "Australia/Melbourne";

  age.secrets = {
    acme_dns.file = ../../secrets/acme_dns.age;
  };

  imports = with modules.system; with modules.services; [
    home-manager-stable

    base
    kernel
    nix-stable
    packages
    security

    nginx
    unbound

    ./filesystem.nix
    ./kernel.nix
    ./networking.nix

    ../../users/hana
  ];

  me.environment = "headless";

  services.nextcloud = {
    enable = true;
    package = pkgs.nextcloud31;
    hostName = "cloud.lava.moe";
    database.createLocally = true;
    config = {
      dbtype = "pgsql";
      adminpassFile = "/persist/nextcloud-admin-pass";
    };
    https = true;
  };

  services.nginx.virtualHosts.${config.services.nextcloud.hostName} = {
    forceSSL = true;
    enableACME = true;
  };

  services.immich = {
    enable = true;
    port = 2283;
  };

  users.users.immich.extraGroups = [ "video" "render" ];
  hardware.opengl.enable = true;
  services.nginx.virtualHosts."photos.lava.moe" = {
    enableACME = true;
    forceSSL = true;
    locations."/" = {
      proxyPass = "http://[::1]:${toString config.services.immich.port}";
      proxyWebsockets = true;
      recommendedProxySettings = true;
      extraConfig = ''
        client_max_body_size 50000M;
        proxy_read_timeout   600s;
        proxy_send_timeout   600s;
        send_timeout         600s;
      '';
    };
  };

  systemd.tmpfiles.rules = rules;
  fileSystems = mounts;
}
hosts/hazel: move services data to /flower 2025-04-07 00:46:43 +10:00			`{ config, modules, pkgs, ... }:`
			`let`
			`dirs = [`
			`["immich" "immich"]`
			`["nextcloud" "nextcloud"]`
			`["postgresql" "postgres"]`
			`["redis-immich" "redis-immich"]`
			`];`

			`rules = builtins.map (d: "d /flower/${builtins.elemAt d 0} 750 ${builtins.elemAt d 1} ${builtins.elemAt d 1}") dirs;`
			`mounts = builtins.listToAttrs (builtins.map (d: {`
			`name = "/var/lib/${builtins.elemAt d 0}";`
			`value = {`
			`depends = [ "/flower" ];`
			`device = "/flower/${builtins.elemAt d 0}";`
			`fsType = "none";`
			`options = [ "bind" ];`
			`};`
			`}) dirs);`
			`in`
			`{`
hosts/hazel: init 2025-04-05 13:05:59 +11:00			`networking.hostName = "hazel";`
			`system.stateVersion = "24.11";`
			`time.timeZone = "Australia/Melbourne";`

hosts/hazel: add acme_dns secret 2025-04-05 14:13:05 +11:00			`age.secrets = {`
			`acme_dns.file = ../../secrets/acme_dns.age;`
			`};`

hosts/hazel: fix nginx module 2025-04-05 14:11:08 +11:00			`imports = with modules.system; with modules.services; [`
hosts/hazel: use hm-stable 2025-04-05 13:19:34 +11:00			`home-manager-stable`
hosts/hazel: init 2025-04-05 13:05:59 +11:00
			`base`
			`kernel`
			`nix-stable`
			`packages`
			`security`

hosts/hazel: add unbound 2025-05-23 00:06:27 +10:00			`nginx`
			`unbound`

hosts/hazel: init 2025-04-05 13:05:59 +11:00			`./filesystem.nix`
			`./kernel.nix`
			`./networking.nix`

			`../../users/hana`
			`];`
hosts/hazel: set env to headless 2025-04-05 13:21:09 +11:00
			`me.environment = "headless";`
hazel: add nextcloud 2025-04-05 14:10:13 +11:00
			`services.nextcloud = {`
			`enable = true;`
			`package = pkgs.nextcloud31;`
			`hostName = "cloud.lava.moe";`
			`database.createLocally = true;`
			`config = {`
			`dbtype = "pgsql";`
			`adminpassFile = "/persist/nextcloud-admin-pass";`
			`};`
hosts/hazel: enable https 2025-04-05 14:17:51 +11:00			`https = true;`
			`};`

			`services.nginx.virtualHosts.${config.services.nextcloud.hostName} = {`
			`forceSSL = true;`
			`enableACME = true;`
hazel: add nextcloud 2025-04-05 14:10:13 +11:00			`};`
hosts/hazel: init immich 2025-04-05 14:33:57 +11:00
			`services.immich = {`
			`enable = true;`
			`port = 2283;`
			`};`

			`users.users.immich.extraGroups = [ "video" "render" ];`
			`hardware.opengl.enable = true;`
			`services.nginx.virtualHosts."photos.lava.moe" = {`
			`enableACME = true;`
			`forceSSL = true;`
			`locations."/" = {`
			`proxyPass = "http://[::1]:${toString config.services.immich.port}";`
			`proxyWebsockets = true;`
			`recommendedProxySettings = true;`
			`extraConfig = ''`
			`client_max_body_size 50000M;`
			`proxy_read_timeout 600s;`
			`proxy_send_timeout 600s;`
			`send_timeout 600s;`
			`'';`
			`};`
			`};`
hosts/hazel: move services data to /flower 2025-04-07 00:46:43 +10:00
			`systemd.tmpfiles.rules = rules;`
			`fileSystems = mounts;`
hosts/hazel: init 2025-04-05 13:05:59 +11:00			`}`