feat(odin+immich): added avahi and subdomains

hosts/odin/services/avahi.nix

@@ -0,0 +1,36 @@
+{ lib, pkgs, ... }:
+let
+  go-avahi-cname = lib.getExe pkgs.unstable.go-avahi-cname;
+in
+{
+  services.avahi = {
+    nssmdns4 = true;
+    enable = true;
+    ipv4 = true;
+    ipv6 = true;
+    publish = {
+      enable = true;
+      addresses = true;
+      workstation = true;
+      userServices = true;
+    };
+  };
+
+  systemd.services.avahi-cname = {
+    description = "Avahi CNAME Publisher";
+    wantedBy = [ "multi-user.target" ];
+    after = [
+      "network.target"
+      "avahi-daemon.service"
+    ];
+    requires = [ "avahi-daemon.service" ];
+
+    serviceConfig = {
+      Type = "simple";
+      User = "root";
+      ExecStart = "${go-avahi-cname} subdomain";
+      Restart = "always";
+      RestartSec = "10";
+    };
+  };
+}

hosts/odin/services/caddy.nix

@@ -1,5 +1,7 @@
 { config, pkgs, ... }:
 {
+  networking.firewall.allowedTCPPorts = [ 80 ];
+
   services.caddy = {
     enable = true;
 
@@ -13,9 +15,10 @@
       acme_dns cloudflare {env.CF_API_TOKEN}
     '';
 
-    # virtualHosts.welcome.hostName = "{$DOMAIN}";
-    # virtualHosts.welcome.extraConfig = ''
-    #   respond "Hello World"
-    # '';
+    virtualHosts.welcome.hostName = "http://localhost";
+    virtualHosts.welcome.serverAliases = [ "localhost" ];
+    virtualHosts.welcome.extraConfig = ''
+      respond "Hello World"
+    '';
   };
 }

hosts/odin/services/default.nix

@@ -1,6 +1,7 @@
 {
   imports = [
     ./adguard.nix
+    ./avahi.nix
     ./caddy.nix
     ./cloudflared.nix
     ./immich.nix

hosts/odin/services/immich.nix

@@ -1,12 +1,14 @@
-{ config, ... }:
+{ config, lib, pkgs, ... }:
 let
   cfg = config.services.immich;
   domain = "photos.t5.st";
+  go-avahi-cname = lib.getExe pkgs.unstable.go-avahi-cname;
 in
 {
   services.immich = {
     enable = true;
-    host = "127.0.0.1";
+    host = "0.0.0.0";
+    openFirewall = true;
     mediaLocation = "/mnt/storage/immich";
     group = "storage";
     accelerationDevices = [ "/dev/dri/renderD128" ];
@@ -41,15 +43,35 @@ in
   };
 
   services.caddy.virtualHosts.immich = {
-    hostName = "photos.{$DOMAIN}";
+    hostName = "http://photos.odin.local";
+    serverAliases = [ "photos.odin.t5.st" ];
     extraConfig = ''
       encode gzip zstd
       reverse_proxy ${cfg.host}:${toString cfg.port}
     '';
   };
 
+  systemd.services.photos-local = {
+    description = "Avahi photos.odin.local domain";
+    wantedBy = [ "multi-user.target" ];
+    after = [
+      "network.target"
+      "avahi-daemon.service"
+    ];
+    requires = [ "avahi-daemon.service" ];
+
+    serviceConfig = {
+      Type = "simple";
+      User = "root";
+      ExecStart = "${go-avahi-cname} cname photos";
+      Restart = "always";
+      RestartSec = "10";
+    };
+  };
+
   systemd.tmpfiles.rules = [
     "d /mnt/storage/immich 0770 immich storage - -"
+    "d /var/cache/immich 0770 immich storage - -"
     "d /var/cache/immich/mpl 0700 immich storage - -"
     "d /var/cache/immich/encoded-video 0700 immich storage - -"
     "d /var/cache/immich/profile 0700 immich storage - -"
@@ -57,9 +79,9 @@ in
   ];
 
   system.activationScripts.createSymlink = ''
-    ln -sf /mnt/storage/immich/encoded-video /var/cache/immich/encoded-video
-    ln -sf /mnt/storage/immich/profile /var/cache/immich/profile
-    ln -sf /mnt/storage/immich/thumbs /var/cache/immich/thumbs
+    ln -sf /var/cache/immich/encoded-video /mnt/storage/immich/encoded-video
+    ln -sf /var/cache/immich/profile /mnt/storage/immich/profile
+    ln -sf /var/cache/immich/thumbs /mnt/storage/immich/thumbs
   '';
 
   services.samba.settings = {

hosts/odin/system/impermanence.nix

@@ -87,7 +87,7 @@
 
     directories = [
       "/etc/ssh"
-      "/srv"
+      "/var/cache"
     ];
 
     files = [

packages/default.nix

@@ -1,5 +1,6 @@
 { pkgs ? (import <nixpkgs>) { } }: {
   aerospace-tmux-focus = pkgs.callPackage ./aerospace-tmux-focus.nix { };
+  go-avahi-cname = pkgs.callPackage ./go-avahi-cname.nix { };
   hello = pkgs.callPackage ./hello.nix { };
   nct6775-pwm-udev-package = pkgs.callPackage ./nct6775-pwm-udev-package.nix { };
   opencode-nvim = pkgs.callPackage ./opencode-nvim.nix { };

packages/go-avahi-cname.nix

@@ -0,0 +1,25 @@
+{ buildGoModule
+, fetchFromGitHub
+, go_1_25
+, ...
+}:
+
+buildGoModule.override
+{
+  go = go_1_25;
+}
+rec {
+  pname = "go-avahi-cname";
+  version = "2.2.6";
+
+  src = fetchFromGitHub {
+    owner = "grishy";
+    repo = "go-avahi-cname";
+    rev = "v${version}";
+    hash = "sha256-MLCG2QkJZXtgopdG6IT7y/mpyXSiSJvThGD534KVpx4=";
+  };
+
+  vendorHash = "sha256-Y87nIzOSe8UEp07RbVhVDolwjfmjXVCV0qGqvURSuRw=";
+
+  meta.mainProgram = "go-avahi-cname";
+}