From 913944cff37a3007574525735c854d4be6dd97eb Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tristan=20Dani=C3=ABl=20Maat?= <tm@tlater.net>
Date: Fri, 23 May 2025 11:40:19 +0800
Subject: [PATCH 1/2] feat(immich): Add immich service
---
configuration/default.nix | 1 +
configuration/services/immich.nix | 65 +++++++++++++++++++
.../services/metrics/victoriametrics.nix | 5 ++
3 files changed, 71 insertions(+)
create mode 100644 configuration/services/immich.nix
diff --git a/configuration/default.nix b/configuration/default.nix
index 544e20c..0377e9c 100644
--- a/configuration/default.nix
+++ b/configuration/default.nix
@@ -19,6 +19,7 @@
./services/crowdsec.nix
./services/foundryvtt.nix
./services/gitea.nix
+ ./services/immich.nix
./services/metrics
./services/nextcloud.nix
./services/webserver.nix
diff --git a/configuration/services/immich.nix b/configuration/services/immich.nix
new file mode 100644
index 0000000..b74c877
--- /dev/null
+++ b/configuration/services/immich.nix
@@ -0,0 +1,65 @@
+{
+ pkgs,
+ config,
+ lib,
+ ...
+}:
+let
+ hostName = "immich.${config.services.nginx.domain}";
+in
+{
+ services.immich = {
+ enable = true;
+ settings.server.externalDomain = "https://${hostName}";
+
+ environment.IMMICH_TELEMETRY_INCLUDE = "all";
+ };
+
+ services.nginx.virtualHosts.${hostName} =
+ let
+ local = "http://${config.services.immich.host}:${toString config.services.immich.port}";
+ in
+ {
+ forceSSL = true;
+ useACMEHost = "tlater.net";
+ enableHSTS = true;
+
+ locations."/" = {
+ proxyPass = local;
+ proxyWebsockets = true;
+ };
+ locations."/metrics" = {
+ extraConfig = ''
+ access_log off;
+ allow 127.0.0.1;
+ ${lib.optionalString config.networking.enableIPv6 "allow ::1;"}
+ deny all;
+ '';
+ };
+ };
+
+ backups.immich =
+ let
+ db-dump = "${config.services.immich.mediaLocation}/immich-db.sql";
+ in
+ {
+ user = "immich";
+ paths = [ config.services.immich.mediaLocation ];
+
+ preparation = {
+ packages = [ config.services.postgresql.package ];
+ text = ''
+ pg_dump ${config.services.immich.database.name} --clean --if-exists --file=${db-dump}
+ '';
+ };
+
+ cleanup = {
+ packages = [ pkgs.coreutils ];
+ text = "rm ${db-dump}";
+ };
+ pauseServices = [
+ "immich-server.service"
+ "immich-machine-learning.service"
+ ];
+ };
+}
diff --git a/configuration/services/metrics/victoriametrics.nix b/configuration/services/metrics/victoriametrics.nix
index 53864d6..f37b8b0 100644
--- a/configuration/services/metrics/victoriametrics.nix
+++ b/configuration/services/metrics/victoriametrics.nix
@@ -84,6 +84,11 @@ in
in
[ "${address}:${toString port}" ];
+ immich.targets = [
+ "127.0.0.1:8081"
+ "127.0.0.1:8082"
+ ];
+
# Configured in the hookshot listeners, but it's hard to filter
# the correct values out of that config.
matrixHookshot.targets = [ "127.0.0.1:9001" ];
From 7cfb9033b09675c13deafe8c06327ff921d9e526 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tristan=20Dani=C3=ABl=20Maat?= <tm@tlater.net>
Date: Thu, 7 Nov 2024 20:26:43 +0100
Subject: [PATCH 2/2] WIP: feat: Add minecraft server
---
configuration/default.nix | 6 +-
configuration/services/minecraft.nix | 83 ++++++++++++++++++++++++++++
2 files changed, 84 insertions(+), 5 deletions(-)
create mode 100644 configuration/services/minecraft.nix
diff --git a/configuration/default.nix b/configuration/default.nix
index 0377e9c..1b9531d 100644
--- a/configuration/default.nix
+++ b/configuration/default.nix
@@ -21,6 +21,7 @@
./services/gitea.nix
./services/immich.nix
./services/metrics
+ ./services/minecraft.nix
./services/nextcloud.nix
./services/webserver.nix
./services/wireguard.nix
@@ -63,8 +64,6 @@
8448
# starbound
21025
- # Minecraft
- 25565
config.services.coturn.listening-port
config.services.coturn.tls-listening-port
@@ -73,9 +72,6 @@
];
allowedUDPPorts = [
- # More minecraft
- 25565
-
config.services.coturn.listening-port
config.services.coturn.tls-listening-port
config.services.coturn.alt-listening-port
diff --git a/configuration/services/minecraft.nix b/configuration/services/minecraft.nix
new file mode 100644
index 0000000..0477f44
--- /dev/null
+++ b/configuration/services/minecraft.nix
@@ -0,0 +1,83 @@
+{
+ pkgs,
+ lib,
+ config,
+ ...
+}:
+{
+ services.minecraft-server = {
+ enable = true;
+ eula = true;
+ # jvmOpts are set using a file for forge
+ # jvmOpts = "-Xmx8G -Xms8G";
+ openFirewall = true;
+
+ declarative = true;
+
+ whitelist = {
+ tlater = "140d177a-966f-41b8-a4c0-e305babd291b";
+ romino25 = "59cd1648-14a4-4bcf-8f5a-2e1bde678f2c";
+ lasi25 = "0ab6e3d1-544a-47e7-8538-2e6c248e49a4";
+ };
+
+ serverProperties = {
+ allow-flight = true;
+ difficulty = "hard";
+ motd = "tlater.net";
+ spawn-protection = 1;
+ white-list = true;
+ enable-query = true;
+ enable-status = true;
+
+ # Allows the server to write chunks without hogging the main
+ # thread...
+ sync-chunk-writes = false;
+ # Disables chat reporting, because we don't need any of that
+ # drama on a lil' friends-only server.
+ enforce-secure-profile = false;
+ };
+
+ package = pkgs.writeShellApplication {
+ name = "minecraft-server";
+ runtimeInputs = with pkgs; [ jdk17_headless ];
+
+ text = ''
+ exec /var/lib/minecraft/run.sh $@
+ '';
+ };
+ };
+
+ systemd.services.minecraft-server = {
+ path = with pkgs; [ jdk17_headless ];
+
+ # Since we read from our own HTTP server, we need to wait for it
+ # to be up
+ after = [ "nginx.service" ];
+
+ serviceConfig = {
+ # Use packwiz to install mods
+ ExecStartPre = [
+ "${pkgs.jdk17_headless}/bin/java -jar ${config.services.minecraft-server.dataDir}/packwiz-installer-bootstrap.jar -g -s server 'https://minecraft.${config.services.nginx.domain}/cobblemon-pack/pack.toml'"
+ ];
+ # Forge requires some bonus JVM options, which they include in a
+ # little `run.sh` script
+ ExecStart = lib.mkForce "${config.services.minecraft-server.dataDir}/run.sh --nogui";
+ };
+ };
+
+ systemd.tmpfiles.settings."10-minecraft" = {
+ "/srv/minecraft".d = {
+ user = "nginx";
+ group = "minecraft";
+ mode = "0775";
+ };
+ };
+
+ services.nginx.virtualHosts."minecraft.${config.services.nginx.domain}" = {
+ forceSSL = true;
+ useACMEHost = "tlater.net";
+ enableHSTS = true;
+
+ root = "/srv/minecraft";
+ };
+}