random rice

2025-06-20 23:39:52 -05:00 · 2025-06-20 23:39:52 -05:00 · 60613b0a1d
commit 60613b0a1d
parent f080730c99
17 changed files with 221 additions and 143 deletions
--- a/nixos/consensus/configuration.nix
+++ b/nixos/consensus/configuration.nix
@ -1,11 +1,16 @@
-{lib, pkgs, config, ...}: {
+{
+  lib,
+  pkgs,
+  config,
+  ...
+}: {
  imports = [
    ./hardware-configuration.nix
    ./backups.nix
  ];
  sops = {
    secrets = {
-      "env" = { sopsFile = ../../secrets/cf-acme.yaml; };
+      "env" = {sopsFile = ../../secrets/cf-acme.yaml;};
    };
  };
  documentation = {
@ -44,26 +49,26 @@
      port = 2283;
      host = "localhost";
      openFirewall = true;
-      machine-learning.enable = false;
+      machine-learning.enable = true;
      mediaLocation = "/rice/immich";
    };
    nginx = {
-        enable = true;
-        virtualHosts."img.10110110.xyz" = {
-          useACMEHost = "10110110.xyz";
-          forceSSL = true;
-          locations."/" = {
-            proxyPass = "http://localhost:${toString config.services.immich.port}";
-            proxyWebsockets = true;
-            recommendedProxySettings = true;
-            extraConfig = ''
-              client_max_body_size 50000M;
-              proxy_read_timeout   600s;
-              proxy_send_timeout   600s;
-              send_timeout         600s;
-            '';
-          };
+      enable = true;
+      virtualHosts."img.10110110.xyz" = {
+        useACMEHost = "10110110.xyz";
+        forceSSL = true;
+        locations."/" = {
+          proxyPass = "http://localhost:${toString config.services.immich.port}";
+          proxyWebsockets = true;
+          recommendedProxySettings = true;
+          extraConfig = ''
+            client_max_body_size 50000M;
+            proxy_read_timeout   600s;
+            proxy_send_timeout   600s;
+            send_timeout         600s;
+          '';
        };
+      };
    };
  };
  boot = {
@ -76,8 +81,8 @@
  zramSwap.enable = false;
  swapDevices = [
    {
-      device = "/var/swapfile";
-      size = 4 * 1024;
+      device = "/swapfile";
+      size = 8 * 1024;
    }
  ];
  virtualisation.docker.enable = true;
@ -115,7 +120,7 @@
      ];
    };
  };
-  security.sudo.wheelNeedsPassword = false;
+  security.sudo-rs.wheelNeedsPassword = false;
  security.acme = {
    acceptTerms = true;
    defaults.email = "acme@10110110.xyz";