update immich

dns/dns.nix

@@ -37,6 +37,7 @@
         "tools"
         "ytproxy"
         "nitter"
+        "changedetect"
       ] (name: {cname.data = "cluster";})
       // lib.attrsets.genAttrs [
         # Externally hosted applications with Tunnels

flake.lock

@@ -27,11 +27,11 @@
         "nixpkgs": "nixpkgs_2"
       },
       "locked": {
-        "lastModified": 1672175240,
+        "lastModified": 1710590710,
-        "narHash": "sha256-znVCx+4j9961QJJGI5RHIFrv2SGFd799Hao+LRThm+I=",
+        "narHash": "sha256-944FyFvgVl1fLUgWCdh6gS6Zi/Wmk7zusfMCoKTv2zE=",
         "owner": "alexbakker",
         "repo": "alertmanager-ntfy",
-        "rev": "1e8a0901410207fa4357799f4e9f6d8f26e15626",
+        "rev": "b60d1feee3844f091cfa911d9125bd836039dc08",
         "type": "github"
       },
       "original": {
@@ -183,11 +183,11 @@
         "systems": "systems_2"
       },
       "locked": {
-        "lastModified": 1709126324,
+        "lastModified": 1710146030,
-        "narHash": "sha256-q6EQdSeUZOG26WelxqkmR7kArjgWCdw5sfJVHPH/7j8=",
+        "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
         "owner": "numtide",
         "repo": "flake-utils",
-        "rev": "d465f4819400de7c8d874d50b982301f28a84605",
+        "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
         "type": "github"
       },
       "original": {
@@ -239,11 +239,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1709938482,
+        "lastModified": 1710532761,
-        "narHash": "sha256-2Vw2WOFmEXWQH8ziFNOr0U48Guh5FacuD6BOEIcE99s=",
+        "narHash": "sha256-SUXGZNrXX05YA9G6EmgupxhOr3swI1gcxLUeDMUhrEY=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "17431970b4ebc75a92657101ccffcfc9e1f9d8f0",
+        "rev": "206f457fffdb9a73596a4cb2211a471bd305243d",
         "type": "github"
       },
       "original": {
@@ -279,11 +279,11 @@
         "nixpkgs-lib": "nixpkgs-lib"
       },
       "locked": {
-        "lastModified": 1709467759,
+        "lastModified": 1710184940,
-        "narHash": "sha256-ojIpNROGKk56wyvpMAlBVor3CvPez3pFMORrocxW4io=",
+        "narHash": "sha256-FzYm4td3FJfzOAuEkCXt3KdUgZuA072OAQXqIq+IAMo=",
         "owner": "nix-community",
         "repo": "lib-aggregate",
-        "rev": "206e40afdc468d0658e30e1644e2473dc6285cf2",
+        "rev": "45b75bf534592c0c1c881a1c447f7fdb37a87eaf",
         "type": "github"
       },
       "original": {
@@ -355,11 +355,11 @@
     },
     "nixlib": {
       "locked": {
-        "lastModified": 1709426687,
+        "lastModified": 1710031547,
-        "narHash": "sha256-jLBZmwXf0WYHzLkmEMq33bqhX55YtT5edvluFr0RcSA=",
+        "narHash": "sha256-pkUg3hOKuGWMGF9WEMPPN/G4pqqdbNGJQ54yhyQYDVY=",
         "owner": "nix-community",
         "repo": "nixpkgs.lib",
-        "rev": "7873d84a89ae6e4841528ff7f5697ddcb5bdfe6c",
+        "rev": "630ebdc047ca96d8126e16bb664c7730dc52f6e6",
         "type": "github"
       },
       "original": {
@@ -397,11 +397,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1709887845,
+        "lastModified": 1710398463,
-        "narHash": "sha256-803UIoB8+vGkm/VK/g55aBAAOf/ncTGvxXyjTF4ydm0=",
+        "narHash": "sha256-fQlYanU84E8uwBpcoTCcLCwU8cqn0eQ7nwTcrWfSngc=",
         "owner": "nix-community",
         "repo": "nixos-generators",
-        "rev": "bef32a05496d9480b02be586fa7827748b9e597b",
+        "rev": "efd4e38532b5abfaa5c9fc95c5a913157dc20ccb",
         "type": "github"
       },
       "original": {
@@ -428,11 +428,11 @@
     },
     "nixpkgs-lib": {
       "locked": {
-        "lastModified": 1709426687,
+        "lastModified": 1710031547,
-        "narHash": "sha256-jLBZmwXf0WYHzLkmEMq33bqhX55YtT5edvluFr0RcSA=",
+        "narHash": "sha256-pkUg3hOKuGWMGF9WEMPPN/G4pqqdbNGJQ54yhyQYDVY=",
         "owner": "nix-community",
         "repo": "nixpkgs.lib",
-        "rev": "7873d84a89ae6e4841528ff7f5697ddcb5bdfe6c",
+        "rev": "630ebdc047ca96d8126e16bb664c7730dc52f6e6",
         "type": "github"
       },
       "original": {
@@ -451,11 +451,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1709975798,
+        "lastModified": 1710631003,
-        "narHash": "sha256-LdHYxpw7N7inGInX3i6Z6Rm3hl0ai7YXkbzJn+WV0l4=",
+        "narHash": "sha256-6bOCj2BUwOYDO1Lq3DgwIfrdUiieKkm1fCHFQRkLK4Y=",
         "owner": "nix-community",
         "repo": "nixpkgs-wayland",
-        "rev": "639141e297f4fe7c1bbf0662e1fde05fa964efa9",
+        "rev": "bce941770aa96005f08c7b60851037352bf76156",
         "type": "github"
       },
       "original": {
@@ -514,11 +514,11 @@
     },
     "nixpkgs_5": {
       "locked": {
-        "lastModified": 1709780214,
+        "lastModified": 1710534455,
-        "narHash": "sha256-p4iDKdveHMhfGAlpxmkCtfQO3WRzmlD11aIcThwPqhk=",
+        "narHash": "sha256-huQT4Xs0y4EeFKn2BTBVYgEwJSv8SDlm82uWgMnCMmI=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "f945939fd679284d736112d3d5410eb867f3b31c",
+        "rev": "9af9c1c87ed3e3ed271934cb896e0cdd33dae212",
         "type": "github"
       },
       "original": {

homelab/changedetection.nix

@@ -0,0 +1,97 @@
+let
+  appName = "changedetection";
+  changedetection-Image = "dgtlmoon/changedetection.io:latest";
+  browserless-Image = "browserless/chrome:latest";
+in
+  {...}: {
+    kubernetes.resources.services.changedetection = {
+      spec = {
+        selector.app = appName;
+        ports.http = {
+          port = 5000;
+          targetPort = 5000;
+        };
+      };
+    };
+    kubernetes.resources.statefulSets.changedetection.spec = {
+      selector.matchLabels.app = appName;
+      serviceName = appName;
+      template = {
+        metadata.labels.app = appName;
+        spec = {
+          volumes = {
+            config.configMap.name = appName;
+          };
+          containers = {
+            changedetection = {
+              image = changedetection-Image;
+              imagePullPolicy = "Always";
+              ports.http.containerPort = 5000;
+              env = [
+                {
+                  name = "PLAYWRIGHT_DRIVER_URL";
+                  value = "ws://localhost:3000";
+                }
+              ];
+              volumeMounts = [
+                {
+                  name = "data";
+                  mountPath = "/datastore";
+                }
+              ];
+            };
+            browserless = {
+              image = browserless-Image;
+              imagePullPolicy = "Always";
+              ports.webdriver.containerPort = 3000;
+              resources = {
+                requests.memory = "768Mi";
+                limits.memory = "2Gi";
+              };
+            };
+          };
+        };
+      };
+      volumeClaimTemplates = [
+        {
+          metadata.name = "data";
+          spec = {
+            storageClassName = "nfs-client";
+            accessModes = ["ReadWriteOnce"];
+            resources.requests.storage = "1Gi";
+          };
+        }
+      ];
+    };
+    kubernetes.resources.ingresses.changedetection = {
+      metadata = {
+        name = appName;
+        annotations = {
+          "cert-manager.io/issuer" = "le-issuer";
+        };
+      };
+      spec = {
+        tls = [
+          {
+            hosts = ["changedetect.gmem.ca"];
+            secretName = "gmem-ca-wildcard";
+          }
+        ];
+        rules = [
+          {
+            host = "changedetect.gmem.ca";
+            http.paths = [
+              {
+                path = "/";
+                pathType = "Prefix";
+                backend.service = {
+                  name = appName;
+                  port.name = "http";
+                };
+              }
+            ];
+          }
+        ];
+      };
+    };
+  }

homelab/cloudflared.yml

@@ -7,7 +7,7 @@ spec:
   selector:
     matchLabels:
       app: cloudflared
-  replicas: 1
+  replicas: 3
   template:
     metadata:
       labels:
@@ -15,12 +15,15 @@ spec:
     spec:
       containers:
       - name: cloudflared
-        image: cloudflare/cloudflared:2023.10.0-arm64
+        image: cloudflare/cloudflared:2024.2.1
         args:
         - tunnel
         - --config
         - /etc/cloudflared/config/config.yaml
         - run
+        ports:
+          - containerPort: 2000
+            name: metrics
         livenessProbe:
           httpGet:
             # Cloudflared has a /ready endpoint which returns 200 if and only if
@@ -47,4 +50,29 @@ spec:
           items:
           - key: config.yaml
             path: config.yaml
-
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: cloudflared-metrics
+spec:
+  selector:
+    app: cloudflared
+  ports:
+  - name: metrics
+    port: 2000
+    targetPort: 2000
+---
+apiVersion: monitoring.coreos.com/v1
+kind: PodMonitor
+metadata:
+  name: cloudflared
+  labels:
+    release: prometheus
+spec:
+  selector:
+    matchLabels:
+      app: cloudflared
+  podMetricsEndpoints:
+  - port: metrics
+    interval: 30s

homelab/immich.nix

@@ -13,7 +13,7 @@
     };
     # arbitrary attrset passed as values to the helm release
     values = {
-      image.tag = "v1.95.1";
+      image.tag = "v1.98.2";
       machine-learning.enabled = false;
       immich.persistence.library.existingClaim = "immich";
       redis.enabled = true;

homelab/kubernetes.nix

@@ -22,5 +22,6 @@
     (import ./irc.nix)
     (import ./netboot.nix)
     (import ./nitter.nix)
+    (import ./changedetection.nix)
   ];
 }

homelab/prometheus-agent.yml

@@ -3,52 +3,7 @@ prometheus:
   prometheusSpec:
       podMonitorSelectorNilUsesHelmValues: false
       serviceMonitorSelectorNilUsesHelmValues: false
-      additionalScrapeConfigs:
+      ruleSelectorNilUsesHelmValues: false
-      - job_name: kubernetes-service-endpoints
-        kubernetes_sd_configs:
-        - role: service
-        relabel_configs:
-
-        # annotation 'prometheus.io/scrape' must be set to 'true'
-        - action: keep
-          regex: true
-          source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scrape]
-
-        # service cannot be in kube-system or prom namespaces
-        - action: drop
-          regex: (kube-system|prom)
-          source_labels: [__meta_kubernetes_namespace]
-
-        # service port name must end with word 'metrics'
-        - action: keep
-          regex: .*metrics
-          source_labels: [__meta_kubernetes_service_port_name]
-
-        # allow override of http scheme
-        - action: replace
-          regex: (https?)
-          source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scheme]
-          target_label: __scheme__
-
-        # allow override of default /metrics path
-        - action: replace
-          regex: (.+)
-          source_labels: [__meta_kubernetes_service_annotation_prometheus_io_path]
-          target_label: __metrics_path__
-
-        # allow override of default port
-        - action: replace
-          regex: ([^:]+)(?::\d+)?;(\d+)
-          replacement: $1:$2
-          source_labels: [__address__, __meta_kubernetes_service_annotation_prometheus_io_port]
-          target_label: __address__
-        - {action: labelmap, regex: __meta_kubernetes_service_label_(.+)}
-        - action: replace
-          source_labels: [__meta_kubernetes_namespace]
-          target_label: kubernetes_namespace
-        - action: replace
-          source_labels: [__meta_kubernetes_service_name]
-          target_label: kubernetes_name
       remoteWrite:
       - name: monitoring
         url: http://grafana.gmem.ca:9001/api/v1/write

homelab/tclip.nix

@@ -15,11 +15,7 @@ in {
     };
   };
   kubernetes.resources.services.tclip = {
-    metadata.annotations = {
+    metadata.labels.app = appName;
-      "prometheus.io/port" = "9090";
-      "prometheus.io/scrape" = "true";
-      "prometheus.io/path" = "/metrics";
-    };
     spec = {
       selector.app = appName;
       ports.metrics = {
@@ -90,7 +86,10 @@ in {
               }
             ];
             envFrom = [{secretRef.name = "tclip-litestream-s3";}];
-            ports.metrics.containerPort = 9090;
+            ports.metrics = {
+              containerPort = 9090;
+              name = "metrics";
+            };
           };
         };
       };

homelab/vaultwarden.yml

@@ -33,7 +33,6 @@ spec:
           envFrom:
             - secretRef:
                 name: vaultwarden-litestream-s3
-
       containers:
       - name: vaultwarden
         image: docker.io/vaultwarden/server:testing
@@ -91,10 +90,8 @@ apiVersion: v1
 kind: Service
 metadata:
   name: vaultwarden
-  annotations:
+  labels:
-     prometheus.io/port: "9090"
+    app: vaultwarden
-     prometheus.io/scrape: "true"
-     prometheus.io/path: "/metrics"
 spec:
   selector:
     app: vaultwarden
@@ -104,7 +101,7 @@ spec:
     name: web
   - port: 9090
     targetPort: 9090
-    name: litestream-metrics
+    name: metrics
 ---
 apiVersion: monitoring.coreos.com/v1
 kind: ServiceMonitor

homelab/vrchat-prometheus-exporter.nix

@@ -14,11 +14,7 @@ in {
     };
   };
   kubernetes.resources.services.vrchat-prometheus-adapter = {
-    metadata.annotations = {
+    metadata.labels.app = appName;
-      "prometheus.io/port" = "6534";
-      "prometheus.io/scrape" = "true";
-      "prometheus.io/path" = "/metrics";
-    };
     spec = {
       selector.app = appName;
       ports.metrics = {

nix/london/configuration.nix

@@ -140,12 +140,11 @@
       xkb.layout = "us";
       xkb.variant = "";
       enable = true;
-      desktopManager = {
-        # plasma5.enable = true;
-        plasma6.enable = true;
-      };
       displayManager.sddm.enable = true;
     };
+    desktopManager = {
+      plasma6.enable = true;
+    };
     pipewire = {
       enable = true;
       alsa.enable = true;
@@ -193,7 +192,7 @@
   xdg.portal.enable = true;
 
   programs = {
-    sway.enable = true;
+    tmux.enable = true;
     gamemode.enable = true;
     zsh.enable = true;
     fish.enable = true;
@@ -207,7 +206,6 @@
     };
     gnupg.agent = {
       enable = true;
-      pinentryFlavor = "qt";
       enableSSHSupport = false;
     };
   };
@@ -254,7 +252,6 @@
       pinentry-curses
       noisetorch
       nix-output-monitor
-      pinentry-gnome
       xdg-utils
       dracula-theme
       yubikey-touch-detector

nix/london/gsimmer.nix

@@ -22,7 +22,7 @@
     in [
       (import (builtins.fetchTarball {
         url = "https://github.com/nix-community/emacs-overlay/archive/master.tar.gz";
-        sha256 = "0i972nkqhjfpy8g7dmryw2fvkfda43624zfhsh35k795zbx38jc7";
+        sha256 = "0w843vgi0d7p2hmhlgq046r2gg7aid3xphnzibv17fp38wa1y6dm";
       }))
       discordOverlay
     ];
@@ -45,6 +45,12 @@
   };
 
   programs = {
+    alacritty = {
+      enable = true;
+      settings = {
+        import = [ "${pkgs.alacritty-theme}/breeze.toml" ];
+      };
+    };
     bash.enable = false;
     fish = {
       enable = true;
@@ -77,6 +83,7 @@
           gpgSign = true;
         };
       };
+      difftastic.enable = true;
     };
 
     emacs = {
@@ -89,8 +96,8 @@
 
     eza = {
       enable = true;
+      enableFishIntegration = true;
     };
-
     bat = {
       enable = true;
     };
@@ -115,7 +122,6 @@
     thunderbird
     prismlauncher
     ripgrep
-    kitty
     virt-manager
     jre8
     parsec-bin

nix/nas/home.nix

@@ -23,7 +23,6 @@
         function fish_greeting; end
         function fish_title; end
       end
-      atuin init fish | source
     '';
     loginShellInit = ''
       if test "$TERM" = "dumb"
@@ -45,15 +44,13 @@
 
   programs.eza = {
     enable = true;
-    enableAliases = true;
+    enableFishIntegration = true;
   };
 
   programs.bat = {
     enable = true;
   };
 
-  home.packages = with pkgs; [atuin];
-
   # This value determines the Home Manager release that your
   # configuration is compatible with. This helps avoid breakage
   # when a new Home Manager release introduces backwards