79 lines
1.6 KiB
Nix
79 lines
1.6 KiB
Nix
{
|
|
domain,
|
|
lib,
|
|
isProd,
|
|
config,
|
|
pkgs,
|
|
...
|
|
}:
|
|
{
|
|
sops.secrets.immich_db_password = { };
|
|
sops.secrets.immich_jwt_secret = { };
|
|
|
|
sops.templates."immich.env".content = ''
|
|
DB_PASSWORD=${config.sops.placeholder.immich_db_password}
|
|
JWT_SECRET=${config.sops.placeholder.immich_jwt_secret}
|
|
'';
|
|
|
|
#users.users.immich.extraGroups = [ "users" ];
|
|
users.users.immich.uid = 900;
|
|
users.groups.immich.gid = 900;
|
|
|
|
services.immich = {
|
|
enable = true;
|
|
host = "127.0.0.1";
|
|
port = 2283;
|
|
|
|
mediaLocation = "/mnt/media/immich";
|
|
|
|
secretsFile = config.sops.templates."immich.env".path;
|
|
|
|
redis.enable = true;
|
|
database = {
|
|
enable = true;
|
|
createDB = true;
|
|
user = "immich";
|
|
name = "immich";
|
|
host = "/run/postgresql";
|
|
};
|
|
|
|
machine-learning.enable = true;
|
|
};
|
|
|
|
systemd.services.immich-server = {
|
|
requires = [ "mnt-media.mount" ];
|
|
after = [ "mnt-media.mount" ];
|
|
|
|
serviceConfig = {
|
|
DynamicUser = lib.mkForce false;
|
|
ReadWritePaths = [ "/mnt/media/immich" ];
|
|
BindPaths = [ "/mnt/media/immich" ];
|
|
};
|
|
};
|
|
|
|
services.postgresql = {
|
|
enable = true;
|
|
|
|
dataDir = "/mnt/data/postgresql";
|
|
|
|
ensureDatabases = [ "immich" ];
|
|
ensureUsers = [
|
|
{
|
|
name = "immich";
|
|
ensureDBOwnership = true;
|
|
}
|
|
];
|
|
};
|
|
|
|
services.nginx.virtualHosts."photo.${domain}" = {
|
|
forceSSL = isProd;
|
|
enableACME = isProd;
|
|
|
|
locations."/" = {
|
|
proxyPass = "http://127.0.0.1:2283";
|
|
proxyWebsockets = true;
|
|
extraConfig = "client_max_body_size 50G;";
|
|
};
|
|
|
|
};
|
|
}
|