Replace Nominatim with self-hosted Photon for Dawarich geocoding

- Add Photon OCI container on nixnuc (rtuszik/photon-docker, planet index) storing data on the /orico ZFS mirror - Open port 2322 in nixnuc's main firewall allowlist (LAN + Tailscale) - Remove services.nominatim, its nginx vhost, and www-data PostgreSQL user from nixnuc - Switch Dawarich on hetznix01 from NOMINATIM_API_HOST to PHOTON_API_HOST pointing at nixnuc.atlas-snares.ts.net:2322 - Add zfs-datasets.nix oneshot to declaratively ensure all orico datasets exist before services start Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-31 07:45:20 -04:00 · 2026-05-27 22:58:30 -04:00 · 2026-05-27 22:58:30 -04:00 · 952fd0e083
commit 952fd0e083
parent f317a10095
4 changed files with 82 additions and 32 deletions
--- a/modules/hosts/nixos/nixnuc/default.nix
+++ b/modules/hosts/nixos/nixnuc/default.nix
@ -16,9 +16,11 @@ in
    ./hardware-configuration.nix
    ./containers/audiobookshelf.nix
    ./containers/mountain-mesh-bot-discord.nix
+    ./containers/photon.nix
    ./containers/psitransfer.nix
    ./cup-collector.nix
    ./monitoring-stack.nix
+    ./zfs-datasets.nix
    ../../../shared/nixos/lets-encrypt.nix
    ../../../shared/nixos/restic.nix
  ];
@ -75,6 +77,7 @@ in
        22 # ssh
        80 # http to local Nginx
        443 # https to local Nginx
+        2322 # Photon geocoder in oci-container
        3000 # PsiTransfer in oci-container
        3001 # immich-kiosk in compose
        3002 # grafana
@ -525,18 +528,6 @@ in
          acmeRoot = null;
          forceSSL = true;
        };
-        "nominatim.${home_domain}" = {
-          enableACME = true;
-          acmeRoot = null;
-          forceSSL = true;
-          extraConfig = ''
-            allow 127.0.0.1;
-            allow ::1;
-            allow 2600:1700:1712:880f:8eee:4ba4:75dc:f39c;
-            allow 100.64.0.0/10;
-            deny all;
-          '';
-        };
        "readit.${home_domain}" = {
          listen = [
            {
@ -552,17 +543,6 @@ in
        };
      };
    };
-    nominatim = {
-      enable = true;
-      hostName = "nominatim.home.technicalissues.us";
-      settings = {
-        NOMINATIM_PROJECT_DIR = "/var/lib/nominatim/project";
-      };
-      ui.config = ''
-        Nominatim_Config.Page_Title="Beantown's Nominatim";
-        Nominatim_Config.Nominatim_API_Endpoint='https://${config.services.nominatim.hostName}/';
-      '';
-    };
    pinchflat = {
      enable = true;
      group = "jellyfin";
@ -586,13 +566,6 @@ in
    postgresql = {
      enable = true;
      package = pkgs.postgresql_16;
-      ensureUsers = [
-        {
-          # Required by Nominatim
-          name = "www-data";
-          ensureDBOwnership = false;
-        }
-      ];
    };
    postgresqlBackup = {
      enable = true;