1
0
Fork 0

add(immich)

This commit is contained in:
Philipp 2025-05-31 12:35:23 +02:00
parent 93cab840a8
commit e0b3e33582
Signed by: Philipp
GPG key ID: 9EBD8439AFBAB750
4 changed files with 91 additions and 0 deletions

View file

@ -25,3 +25,7 @@ creation_rules:
key_groups:
- age:
- *primary
- path_regex: secrets/blarm-immich.env
key_groups:
- age:
- *primary

View file

@ -0,0 +1,80 @@
{
lib,
config,
namespace,
...
}:
with lib;
with lib.${namespace};
let
cfg = config.${namespace}.services.immich;
in
{
options.${namespace}.services.immich = {
enable = mkBoolOpt false "Immich";
nginx = {
enable = mkEnableOption "Enable nginx for this service." // {
default = true;
};
};
domain = mkOption {
description = "The domain to serve Immich on.";
type = types.nullOr types.str;
default = "immich.stahl.sh";
};
port = mkOption {
type = types.port;
default = 2283;
description = "The port that Immich will listen on.";
};
};
config = mkIf cfg.enable {
services.immich = {
enable = true;
mediaLocation = "/data/immich";
host = "0.0.0.0";
port = cfg.port;
secretsFile = "/run/secrets/immich";
redis.enable = true;
machine-learning.enable = true;
database = {
enable = true;
createDB = false;
};
};
services.postgresql.extensions = ps: with ps; [ pgvector ]; # Ensure pgvector is available
networking.firewall.allowedTCPPorts = mkIf cfg.nginx.enable [
cfg.port
80
443
];
awesome-flake.services.acme.enable = mkIf cfg.nginx.enable true;
services.nginx = mkIf cfg.nginx.enable {
enable = true;
virtualHosts."${cfg.domain}" = {
forceSSL = true;
useACMEHost = "stahl.sh";
locations."/" = {
proxyPass = "http://127.0.0.1:${builtins.toString cfg.port}";
proxyWebsockets = true;
};
};
};
sops.secrets.immich = {
format = "dotenv";
sopsFile = ../../../../secrets/blarm-immich.env;
};
};
}

6
secrets/blarm-immich.env Normal file
View file

@ -0,0 +1,6 @@
sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvOS9jWCt6QlFLZ1dQQ1ZO\ncGxzckdaK3VHSXBjaDZWeS9hd1dudU5YNm5NCk05ZEsyUEJoTi83c3J1OE91ODZs\nUDNRRG5VZm1LaUhRLy9UZSs3SDNwQlEKLS0tIFpyZXJIbFZWaUlDckdFRFdySEls\nSlg1dGN5VmEwcTZBWGZVQkt1b2V4ZDQKFYi1xQUv25PkuO9PU1HQ4Y3EahhDoFVj\n7rsuVpfxe6Ci3ezlOqbzbA5EFEZBXhnAqGzABwSAdp7k2UsDbhw3Tg==\n-----END AGE ENCRYPTED FILE-----\n
sops_age__list_0__map_recipient=age132m0pg4utk3cjve2lgcjffvz7cevl0fq5krufu9sgud7wu2wgurqk49kgl
sops_lastmodified=2025-05-25T11:14:04Z
sops_mac=ENC[AES256_GCM,data:aQwqX1QC4EKkRhl3wTvxW2fCn6r5EN4a4rqsBpIIlMO4ZnIanqyhpL4xigIA5el2hw1SCQnj1v07FBt1g1qEPx6yGy7XPTufwXpMTwkm/gTYvRV7wyYs48QAU9c3h6+6ffQzpxvR8gijRzdsvYqKfYXc7dPq1hXrDFMy7e1hDkI=,iv:gDEuGnpJ9PQh3NFFqQzSoV8OAMgZhyXD364UbQkPWv4=,tag:vYyuDR7MYy1OFYDEBwm1hA==,type:str]
sops_unencrypted_suffix=_unencrypted
sops_version=3.10.2

View file

@ -59,6 +59,7 @@ with lib.${namespace};
linkwarden = enabled;
forgejo = enabled;
searxng = enabled;
immich = enabled;
};
#container.invidious = enabled;