feat(odin+mollywebsocket+ntfy): notifications for molly

flake.lock

@@ -109,11 +109,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1756819550,
-        "narHash": "sha256-mEOVgPTK9rL4500U+KslZXyXQOD/v4iW0nu5oc0pbkc=",
+        "lastModified": 1757003908,
+        "narHash": "sha256-Op3cnPTav+ObcL4R4BGuWHEFxW6YS2A0aE3Av6sZN2g=",
         "owner": "cachix",
         "repo": "devenv",
-        "rev": "f0a22d26a3c5f6f66249739a0e59ab828271ce72",
+        "rev": "ac8ebf17828c0e7d9be0270d359123fffcc6f066",
         "type": "github"
       },
       "original": {
@@ -295,11 +295,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1756788591,
-        "narHash": "sha256-LOrOfPWpJU/ADWDyVwPv9XNuYPq5KJtmAmSzplpccmE=",
+        "lastModified": 1757075491,
+        "narHash": "sha256-a+NMGl5tcvm+hyfSG2DlVPa8nZLpsumuRj1FfcKb2mQ=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "f3d3b4592a73fb64b5423234c01985ea73976596",
+        "rev": "f56bf065f9abedc7bc15e1f2454aa5c8edabaacf",
         "type": "github"
       },
       "original": {
@@ -406,11 +406,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1756754095,
-        "narHash": "sha256-9Rsn9XEWINExosFkKEqdp8EI6Mujr1gmQiyrEcts2ls=",
+        "lastModified": 1757020766,
+        "narHash": "sha256-PLoSjHRa2bUbi1x9HoXgTx2AiuzNXs54c8omhadyvp0=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "7c815e513adbf03c9098b2bd230c1e0525c8a7f9",
+        "rev": "fe83bbdde2ccdc2cb9573aa846abe8363f79a97a",
         "type": "github"
       },
       "original": {
@@ -422,11 +422,11 @@
     },
     "nixpkgs-darwin": {
       "locked": {
-        "lastModified": 1756767162,
-        "narHash": "sha256-Qf7v44D1soMGDLJPAQECa89Xwlg58isNydQCVBhtQk0=",
+        "lastModified": 1756999638,
+        "narHash": "sha256-R9wNXA8KT71zo/GeMdVgB3KoHj11h4eHa7woTLXMQVw=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "cf39b1d1570b3e752c2b0e5dbac1260e7196c4ba",
+        "rev": "e7b7aee12245de9127b3af86ae049cccd490d7cb",
         "type": "github"
       },
       "original": {
@@ -438,11 +438,11 @@
     },
     "nixpkgs-unstable": {
       "locked": {
-        "lastModified": 1756696532,
-        "narHash": "sha256-6FWagzm0b7I/IGigOv9pr6LL7NQ86mextfE8g8Q6HBg=",
+        "lastModified": 1756911493,
+        "narHash": "sha256-6n/n1GZQ/vi+LhFXMSyoseKdNfc2QQaSBXJdgamrbkE=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "58dcbf1ec551914c3756c267b8b9c8c86baa1b2f",
+        "rev": "c6a788f552b7b7af703b1a29802a7233c0067908",
         "type": "github"
       },
       "original": {
@@ -517,11 +517,11 @@
     },
     "secrets": {
       "locked": {
-        "lastModified": 1756895361,
-        "narHash": "sha256-AXfHHVQMI+407fm/Ec+QohhITRsD/YpgnXVY6yCDWDM=",
+        "lastModified": 1757264397,
+        "narHash": "sha256-62DhzyJpPgUhvdBuamONA3uLtImlUqjXxvIZE1RgbV4=",
         "ref": "refs/heads/master",
-        "rev": "bd7584b71fc4ed9170df404cd1021235d6f1d470",
-        "revCount": 14,
+        "rev": "c706ddb14e494add37f787a9a55ea5b630f51269",
+        "revCount": 20,
         "type": "git",
         "url": "ssh://[email protected]/control/secrets.git"
       },

hosts/odin/services/adguard.nix

@@ -6,7 +6,8 @@ in
   services.adguardhome = {
     enable = true;
     settings = {
-      host = "127.0.0.1";
+      host = "0.0.0.0";
+      openFirewall = true;
 
       users = [ ];
 

hosts/odin/services/default.nix

@@ -3,8 +3,8 @@
     ./adguard.nix
     ./caddy.nix
     ./cloudflared.nix
-    ./homepage.nix
     ./immich.nix
+    ./ntfy.nix
     ./samba.nix
     ./snapraid.nix
     ./tailscale.nix

hosts/odin/services/homepage.nix

@@ -1,76 +0,0 @@
-{ config, ... }:
-let
-  cfg = config.services.homepage-dashboard;
-  domain = "odin.t5.st";
-in
-{
-  services.homepage-dashboard = {
-    enable = true;
-    allowedHosts = "${domain}";
-
-    bookmarks = [
-      {
-        Developer = [
-          {
-            Github = [
-              {
-                abbr = "GH";
-                href = "https://github.com/";
-              }
-            ];
-          }
-        ];
-      }
-      {
-        Entertainment = [
-          {
-            YouTube = [
-              {
-                abbr = "YT";
-                href = "https://youtube.com/";
-              }
-            ];
-          }
-        ];
-      }
-    ];
-
-    services = [
-      {
-        "Apps" = [
-          {
-            "AdGuard Home" = {
-              href = "https://adguard.odin.t5.st/";
-              description = "Network-wide ads & trackers blocking DNS server";
-            };
-          }
-          {
-            "Immich Photos" = {
-              href = "https://photos.t5.st/";
-              description = "High performance self-hosted photo and video management solution.";
-            };
-          }
-        ];
-      }
-    ];
-
-    widgets = [ ];
-
-    settings = {
-      title = "Odin (/ˈoʊdɪn/; from Old Norse: Óðinn)";
-      description = "A widely revered god in Norse mythology and Germanic paganism. Most surviving information on Odin comes from Norse mythology, but he figures prominently in the recorded history of Northern Europe.";
-      background = "https://images.unsplash.com/photo-1604223190546-a43e4c7f29d7?q=80&w=2669&auto=format&fit=crop&ixlib=rb-4.1.0";
-      cardBlur = "sm";
-      theme = "dark";
-      color = "stone";
-    };
-  };
-
-  services.caddy.virtualHosts.homepage = {
-    hostName = "{$DOMAIN}";
-    extraConfig = ''
-      encode gzip zstd
-      reverse_proxy 127.0.0.1:${toString cfg.listenPort}
-    '';
-  };
-}

hosts/odin/services/immich.nix

@@ -10,10 +10,22 @@ in
     mediaLocation = "/mnt/storage/immich";
     group = "storage";
     accelerationDevices = [ "/dev/dri/renderD128" ];
+    # environment = {
+    #   INFO: Not needed but left for reference
+    #   ENCODED_VIDEO_LOCATION = "/var/cache/immich/encoded-video";
+    #   MPLCONFIGDIR = "/var/cache/immich/mpl";
+    #   PROFILE_LOCATION = "/var/cache/immich/profile";
+    #   THUMB_LOCATION = "/var/cache/immich/thumbs";
+    # };
     settings = {
       metadata.faces.import = true;
       newVersionCheck.enabled = false;
       server.externalDomain = "https://${domain}";
+      storageTemplate = {
+        enabled = true;
+        hashVerificationEnabled = true;
+        template = "{{y}}/{{MM}}/{{dd}}/{{filename}}";
+      };
       # TODO: add smtp authentication to environment
       # notifications.smtp.enabled = true;
       # notifications.smtp.from = "Odin Photos <[email protected]>";
@@ -28,7 +40,35 @@ in
       "http://${cfg.host}:${toString cfg.port}";
   };
 
+  services.caddy.virtualHosts.immich = {
+    hostName = "photos.{$DOMAIN}";
+    extraConfig = ''
+      encode gzip zstd
+      reverse_proxy ${cfg.host}:${toString cfg.port}
+    '';
+  };
+
   systemd.tmpfiles.rules = [
     "d /mnt/storage/immich 0770 immich storage - -"
+    "d /var/cache/immich/mpl 0700 immich storage - -"
+    "d /var/cache/immich/encoded-video 0700 immich storage - -"
+    "d /var/cache/immich/profile 0700 immich storage - -"
+    "d /var/cache/immich/thumbs 0700 immich storage - -"
   ];
+
+  system.activationScripts.createSymlink = ''
+    ln -sf /mnt/storage/immich/encoded-video /var/cache/immich/encoded-video
+    ln -sf /mnt/storage/immich/profile /var/cache/immich/profile
+    ln -sf /mnt/storage/immich/thumbs /var/cache/immich/thumbs
+  '';
+
+  services.samba.settings = {
+    christine-photos = {
+      "path" = "/mnt/storage/immich/library/3aaaf0a1-011e-450d-a47c-4a320deb93e5";
+      "browseable" = "yes";
+      "read only" = "yes";
+      "valid users" = "christine";
+      "force user" = "immich";
+    };
+  };
 }

hosts/odin/services/ntfy.nix

@@ -0,0 +1,32 @@
+{ config, ... }:
+{
+  services.mollysocket.enable = true;
+  services.mollysocket.settings = {
+    port = 4337;
+    allowed_endpoints = [ "https://ntfy.odin.t5.st/" ];
+    allowed_uuids = [ "fa14700c-a870-4f6d-8cfc-3be1466903c6" ];
+  };
+  services.mollysocket.logLevel = "debug";
+  services.mollysocket.environmentFile =
+    config.age.secrets."odin/services/mollysocket".path;
+
+  services.caddy.virtualHosts.mollysocket = {
+    hostName = "mollysocket.odin.t5.st";
+    extraConfig = ''
+      encode gzip zstd
+      reverse_proxy 127.0.0.1:4337
+    '';
+  };
+
+  services.ntfy-sh.enable = true;
+  services.ntfy-sh.settings.base-url = "https://ntfy.odin.t5.st";
+  services.ntfy-sh.settings.listen-http = "127.0.0.1:5267";
+
+  services.caddy.virtualHosts.ntfy = {
+    hostName = "ntfy.odin.t5.st";
+    extraConfig = ''
+      encode gzip zstd
+      reverse_proxy 127.0.0.1:5267
+    '';
+  };
+}

hosts/odin/services/vaultwarden.nix

@@ -17,11 +17,11 @@ in
     "d /mnt/storage/vaultwarden 0755 vaultwarden storage -"
   ];
 
-  services.cloudflared.tunnels."71c89a7f-2467-444c-9fda-4864860dc8c4" = {
-    credentialsFile =
-      config.age.secrets."odin/services/cloudflared-tunnel".path;
-    default = "http_status:404";
-    ingress."vault.t5.st".service =
-      "http://${cfg.ROCKET_ADDRESS}:${toString cfg.ROCKET_PORT}";
+  services.caddy.virtualHosts.vaultwarden = {
+    hostName = "vault.{$DOMAIN}";
+    extraConfig = ''
+      encode gzip zstd
+      reverse_proxy ${cfg.ROCKET_ADDRESS}:${toString cfg.ROCKET_PORT}
+    '';
   };
 }

hosts/odin/system/age.nix

@@ -13,6 +13,8 @@
       inputs.secrets."odin/services/cloudflared.age";
     "odin/services/cloudflared-tunnel".file =
       inputs.secrets."odin/services/cloudflared-tunnel.age";
+    "odin/services/mollysocket".file =
+      inputs.secrets."odin/services/mollysocket.age";
     "odin/services/nullmailer" = {
       file = inputs.secrets."odin/services/nullmailer.age";
       owner = config.services.nullmailer.user;

hosts/odin/users/default.nix

@@ -4,7 +4,7 @@
 
   users.users.thomas = {
     isNormalUser = true;
-    extraGroups = [ "wheel" "users" ];
+    extraGroups = [ "wheel" "users" "storage" ];
     shell = config.programs.fish.package;
     hashedPasswordFile = config.age.secrets."odin/users/thomas".path;
     openssh.authorizedKeys.keys = [