flakes/hosts/hazel/default.nix

{ config, modules, pkgs, ... }: {
  networking.hostName = "hazel";
  system.stateVersion = "24.11";
  time.timeZone = "Australia/Melbourne";

  age.secrets = {
    acme_dns.file = ../../secrets/acme_dns.age;
  };

  imports = with modules.system; with modules.services; [
    home-manager-stable

    base
    kernel
    nginx
    nix-stable
    packages
    security

    ./filesystem.nix
    ./kernel.nix
    ./networking.nix

    ../../users/hana
  ];

  me.environment = "headless";

  services.nextcloud = {
    enable = true;
    package = pkgs.nextcloud31;
    hostName = "cloud.lava.moe";
    database.createLocally = true;
    config = {
      dbtype = "pgsql";
      adminpassFile = "/persist/nextcloud-admin-pass";
    };
    https = true;
  };

  services.nginx.virtualHosts.${config.services.nextcloud.hostName} = {
    forceSSL = true;
    enableACME = true;
  };

  services.immich = {
    enable = true;
    port = 2283;
  };

  users.users.immich.extraGroups = [ "video" "render" ];
  hardware.opengl.enable = true;
  services.nginx.virtualHosts."photos.lava.moe" = {
    enableACME = true;
    forceSSL = true;
    locations."/" = {
      proxyPass = "http://[::1]:${toString config.services.immich.port}";
      proxyWebsockets = true;
      recommendedProxySettings = true;
      extraConfig = ''
        client_max_body_size 50000M;
        proxy_read_timeout   600s;
        proxy_send_timeout   600s;
        send_timeout         600s;
      '';
    };
  };
}
hosts/hazel: enable https 2025-04-05 14:17:51 +11:00			`{ config, modules, pkgs, ... }: {`
hosts/hazel: init 2025-04-05 13:05:59 +11:00			`networking.hostName = "hazel";`
			`system.stateVersion = "24.11";`
			`time.timeZone = "Australia/Melbourne";`

hosts/hazel: add acme_dns secret 2025-04-05 14:13:05 +11:00			`age.secrets = {`
			`acme_dns.file = ../../secrets/acme_dns.age;`
			`};`

hosts/hazel: fix nginx module 2025-04-05 14:11:08 +11:00			`imports = with modules.system; with modules.services; [`
hosts/hazel: use hm-stable 2025-04-05 13:19:34 +11:00			`home-manager-stable`
hosts/hazel: init 2025-04-05 13:05:59 +11:00
			`base`
			`kernel`
hazel: add nextcloud 2025-04-05 14:10:13 +11:00			`nginx`
hosts/hazel: init 2025-04-05 13:05:59 +11:00			`nix-stable`
			`packages`
			`security`

			`./filesystem.nix`
			`./kernel.nix`
			`./networking.nix`

			`../../users/hana`
			`];`
hosts/hazel: set env to headless 2025-04-05 13:21:09 +11:00
			`me.environment = "headless";`
hazel: add nextcloud 2025-04-05 14:10:13 +11:00
			`services.nextcloud = {`
			`enable = true;`
			`package = pkgs.nextcloud31;`
			`hostName = "cloud.lava.moe";`
			`database.createLocally = true;`
			`config = {`
			`dbtype = "pgsql";`
			`adminpassFile = "/persist/nextcloud-admin-pass";`
			`};`
hosts/hazel: enable https 2025-04-05 14:17:51 +11:00			`https = true;`
			`};`

			`services.nginx.virtualHosts.${config.services.nextcloud.hostName} = {`
			`forceSSL = true;`
			`enableACME = true;`
hazel: add nextcloud 2025-04-05 14:10:13 +11:00			`};`
hosts/hazel: init immich 2025-04-05 14:33:57 +11:00
			`services.immich = {`
			`enable = true;`
			`port = 2283;`
			`};`

			`users.users.immich.extraGroups = [ "video" "render" ];`
			`hardware.opengl.enable = true;`
			`services.nginx.virtualHosts."photos.lava.moe" = {`
			`enableACME = true;`
			`forceSSL = true;`
			`locations."/" = {`
			`proxyPass = "http://[::1]:${toString config.services.immich.port}";`
			`proxyWebsockets = true;`
			`recommendedProxySettings = true;`
			`extraConfig = ''`
			`client_max_body_size 50000M;`
			`proxy_read_timeout 600s;`
			`proxy_send_timeout 600s;`
			`send_timeout 600s;`
			`'';`
			`};`
			`};`
hosts/hazel: init 2025-04-05 13:05:59 +11:00			`}`