genebean/dots
1
0
Fork 0
mirror of https://github.com/genebean/dots.git synced 2026-05-30 23:35:22 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Compare commits

base: genebean:f317a10095265cd9365697d3759f7208d9a03ff0
Branches Tags
genebean:main
genebean:cups-update
genebean:genebean-module
genebean:hm-puppet
genebean:remote_builds
genebean:fix-htts-redirects
genebean:commit-signing
genebean:create-host-smarthome
genebean:owntracks
...
compare: genebean:840f7b90e6a5e50ae09a6b58beb35f3671bd004c
Branches Tags
genebean:cups-update
genebean:main
genebean:genebean-module
genebean:hm-puppet
genebean:remote_builds
genebean:fix-htts-redirects
genebean:commit-signing
genebean:create-host-smarthome
genebean:owntracks

4 commits
f317a10095 ... 840f7b90e6

Author SHA1 Message Date
Gene Liverman
840f7b90e6
Merge pull request #652 from genebean/suppress-boltdb-warning 
Suppress Podman BoltDB deprecation warning in photon container
 2026-05-28 13:10:17 -04:00
Gene Liverman
9c83c552a8
Suppress Podman BoltDB deprecation warning in photon container 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-05-28 11:36:08 -04:00
Gene Liverman
edfe81ea6b
Merge pull request #651 from genebean/photon-geocoder 
Replace Nominatim with self-hosted Photon for Dawarich geocoding
 2026-05-28 11:22:02 -04:00
Gene Liverman
952fd0e083
Replace Nominatim with self-hosted Photon for Dawarich geocoding 
- Add Photon OCI container on nixnuc (rtuszik/photon-docker, planet
  index) storing data on the /orico ZFS mirror
- Open port 2322 in nixnuc's main firewall allowlist (LAN + Tailscale)
- Remove services.nominatim, its nginx vhost, and www-data PostgreSQL
  user from nixnuc
- Switch Dawarich on hetznix01 from NOMINATIM_API_HOST to
  PHOTON_API_HOST pointing at nixnuc.atlas-snares.ts.net:2322
- Add zfs-datasets.nix oneshot to declaratively ensure all orico
  datasets exist before services start

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-05-28 09:26:26 -04:00
4 changed files with 83 additions and 32 deletions
Download patch file Download diff file Expand all files Collapse all files

4
modules/hosts/nixos/hetznix01/post-install/default.nix
View file

@ -51,8 +51,8 @@ in
enable = true;
configureNginx = true;
environment = {
NOMINATIM_API_HOST = "nominatim.home.technicalissues.us";
NOMINATIM_API_USE_HTTPS = "true";
PHOTON_API_HOST = "nixnuc.atlas-snares.ts.net:2322";
PHOTON_API_USE_HTTPS = "false";
};
extraEnvFiles = [
"${config.sops.secrets.dawarich_env.path}"

29
modules/hosts/nixos/nixnuc/containers/photon.nix Normal file
View file

@ -0,0 +1,29 @@
{ config, ... }:
let
volume_base = "/orico/photon";
http_port = "2322";
in
{
systemd.services."${config.virtualisation.oci-containers.containers.photon.serviceName}" = {
after = [ "zfs-create-orico-datasets.service" ];
wants = [ "zfs-create-orico-datasets.service" ];
};
virtualisation.oci-containers.containers = {
"photon" = {
autoStart = true;
image = "docker.io/rtuszik/photon-docker:latest";
environment = {
REGION = "planet";
SUPPRESS_BOLTDB_WARNING = "1";
UPDATE_STRATEGY = "PARALLEL";
UPDATE_INTERVAL = "30d";
};
ports = [ "${http_port}:2322" ];
volumes = [
"${volume_base}:/photon/data"
];
};
};
}

33
modules/hosts/nixos/nixnuc/default.nix
View file

@ -16,9 +16,11 @@ in
./hardware-configuration.nix
./containers/audiobookshelf.nix
./containers/mountain-mesh-bot-discord.nix
./containers/photon.nix
./containers/psitransfer.nix
./cup-collector.nix
./monitoring-stack.nix
./zfs-datasets.nix
../../../shared/nixos/lets-encrypt.nix
../../../shared/nixos/restic.nix
];
@ -75,6 +77,7 @@ in
22 # ssh
80 # http to local Nginx
443 # https to local Nginx
2322 # Photon geocoder in oci-container
3000 # PsiTransfer in oci-container
3001 # immich-kiosk in compose
3002 # grafana
@ -525,18 +528,6 @@ in
acmeRoot = null;
forceSSL = true;
};
"nominatim.${home_domain}" = {
enableACME = true;
acmeRoot = null;
forceSSL = true;
extraConfig = ''
allow 127.0.0.1;
allow ::1;
allow 2600:1700:1712:880f:8eee:4ba4:75dc:f39c;
allow 100.64.0.0/10;
deny all;
'';
};
"readit.${home_domain}" = {
listen = [
{
@ -552,17 +543,6 @@ in
};
};
};
nominatim = {
enable = true;
hostName = "nominatim.home.technicalissues.us";
settings = {
NOMINATIM_PROJECT_DIR = "/var/lib/nominatim/project";
};
ui.config = ''
Nominatim_Config.Page_Title="Beantown's Nominatim";
Nominatim_Config.Nominatim_API_Endpoint='https://${config.services.nominatim.hostName}/';
'';
};
pinchflat = {
enable = true;
group = "jellyfin";
@ -586,13 +566,6 @@ in
postgresql = {
enable = true;
package = pkgs.postgresql_16;
ensureUsers = [
{
# Required by Nominatim
name = "www-data";
ensureDBOwnership = false;
}
];
};
postgresqlBackup = {
enable = true;

49
modules/hosts/nixos/nixnuc/zfs-datasets.nix Normal file
View file

@ -0,0 +1,49 @@
{ config, pkgs, ... }:
{
systemd.services.zfs-create-orico-datasets = {
description = "Create orico ZFS datasets";
serviceConfig.Type = "oneshot";
wantedBy = [ "multi-user.target" ];
before = [
# Legacy ZFS mount units (datasets must exist before mount happens)
"var-lib-audiobookshelf.mount"
"var-lib-postgresql.mount"
"var-lib-postgresql-16-pg_wal.mount"
# NixOS services with orico state dirs
"forgejo.service"
"immich-server.service"
"jellyfin.service"
"nextcloud-setup.service"
"pinchflat.service"
"postgresql.service"
]
# Dynamically include every OCI container's systemd service unit so new
# containers are automatically covered without editing this file.
# c.serviceName comes from virtualisation.oci-containers.containers.<name>.serviceName
# and resolves to e.g. "podman-photon" for a container named "photon".
++ map (c: "${c.serviceName}.service") (
builtins.attrValues config.virtualisation.oci-containers.containers
);
after = [ "zfs-import-orico.service" ];
script =
let
zfs = "${pkgs.zfs}/bin/zfs";
datasets = [
"orico/audiobookshelf"
"orico/forgejo"
"orico/immich"
"orico/jellyfin"
"orico/mountain-mesh-bot-discord"
"orico/nextcloud"
"orico/photon"
"orico/pinchflat"
"orico/postgresql-data"
"orico/postgresql-wal-16"
"orico/psitransfer"
];
in
builtins.concatStringsSep "\n" (
map (d: "${zfs} list ${d} >/dev/null 2>&1 || ${zfs} create -p ${d}") datasets
);
};
}