add(immich)
This commit is contained in:
parent
93cab840a8
commit
e0b3e33582
GPG key ID:
9EBD8439AFBAB750
4 changed files with 91 additions and 0 deletions
|
|
@ -25,3 +25,7 @@ creation_rules:
|
|||
key_groups:
|
||||
- age:
|
||||
- *primary
|
||||
- path_regex: secrets/blarm-immich.env
|
||||
key_groups:
|
||||
- age:
|
||||
- *primary
|
||||
|
|
|
|||
80
modules/nixos/services/immich/default.nix
Normal file
80
modules/nixos/services/immich/default.nix
Normal file
|
|
@ -0,0 +1,80 @@
|
|||
{
|
||||
lib,
|
||||
config,
|
||||
namespace,
|
||||
...
|
||||
}:
|
||||
with lib;
|
||||
with lib.${namespace};
|
||||
let
|
||||
cfg = config.${namespace}.services.immich;
|
||||
in
|
||||
{
|
||||
options.${namespace}.services.immich = {
|
||||
enable = mkBoolOpt false "Immich";
|
||||
|
||||
nginx = {
|
||||
enable = mkEnableOption "Enable nginx for this service." // {
|
||||
default = true;
|
||||
};
|
||||
};
|
||||
|
||||
domain = mkOption {
|
||||
description = "The domain to serve Immich on.";
|
||||
type = types.nullOr types.str;
|
||||
default = "immich.stahl.sh";
|
||||
};
|
||||
|
||||
port = mkOption {
|
||||
type = types.port;
|
||||
default = 2283;
|
||||
description = "The port that Immich will listen on.";
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
|
||||
services.immich = {
|
||||
enable = true;
|
||||
mediaLocation = "/data/immich";
|
||||
host = "0.0.0.0";
|
||||
port = cfg.port;
|
||||
secretsFile = "/run/secrets/immich";
|
||||
redis.enable = true;
|
||||
machine-learning.enable = true;
|
||||
database = {
|
||||
enable = true;
|
||||
createDB = false;
|
||||
};
|
||||
};
|
||||
|
||||
services.postgresql.extensions = ps: with ps; [ pgvector ]; # Ensure pgvector is available
|
||||
|
||||
networking.firewall.allowedTCPPorts = mkIf cfg.nginx.enable [
|
||||
cfg.port
|
||||
80
|
||||
443
|
||||
];
|
||||
|
||||
awesome-flake.services.acme.enable = mkIf cfg.nginx.enable true;
|
||||
|
||||
services.nginx = mkIf cfg.nginx.enable {
|
||||
enable = true;
|
||||
|
||||
virtualHosts."${cfg.domain}" = {
|
||||
forceSSL = true;
|
||||
useACMEHost = "stahl.sh";
|
||||
locations."/" = {
|
||||
proxyPass = "http://127.0.0.1:${builtins.toString cfg.port}";
|
||||
proxyWebsockets = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
sops.secrets.immich = {
|
||||
format = "dotenv";
|
||||
sopsFile = ../../../../secrets/blarm-immich.env;
|
||||
};
|
||||
};
|
||||
|
||||
}
|
||||
6
secrets/blarm-immich.env
Normal file
6
secrets/blarm-immich.env
Normal file
|
|
@ -0,0 +1,6 @@
|
|||
sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvOS9jWCt6QlFLZ1dQQ1ZO\ncGxzckdaK3VHSXBjaDZWeS9hd1dudU5YNm5NCk05ZEsyUEJoTi83c3J1OE91ODZs\nUDNRRG5VZm1LaUhRLy9UZSs3SDNwQlEKLS0tIFpyZXJIbFZWaUlDckdFRFdySEls\nSlg1dGN5VmEwcTZBWGZVQkt1b2V4ZDQKFYi1xQUv25PkuO9PU1HQ4Y3EahhDoFVj\n7rsuVpfxe6Ci3ezlOqbzbA5EFEZBXhnAqGzABwSAdp7k2UsDbhw3Tg==\n-----END AGE ENCRYPTED FILE-----\n
|
||||
sops_age__list_0__map_recipient=age132m0pg4utk3cjve2lgcjffvz7cevl0fq5krufu9sgud7wu2wgurqk49kgl
|
||||
sops_lastmodified=2025-05-25T11:14:04Z
|
||||
sops_mac=ENC[AES256_GCM,data:aQwqX1QC4EKkRhl3wTvxW2fCn6r5EN4a4rqsBpIIlMO4ZnIanqyhpL4xigIA5el2hw1SCQnj1v07FBt1g1qEPx6yGy7XPTufwXpMTwkm/gTYvRV7wyYs48QAU9c3h6+6ffQzpxvR8gijRzdsvYqKfYXc7dPq1hXrDFMy7e1hDkI=,iv:gDEuGnpJ9PQh3NFFqQzSoV8OAMgZhyXD364UbQkPWv4=,tag:vYyuDR7MYy1OFYDEBwm1hA==,type:str]
|
||||
sops_unencrypted_suffix=_unencrypted
|
||||
sops_version=3.10.2
|
||||
|
|
@ -59,6 +59,7 @@ with lib.${namespace};
|
|||
linkwarden = enabled;
|
||||
forgejo = enabled;
|
||||
searxng = enabled;
|
||||
immich = enabled;
|
||||
};
|
||||
|
||||
#container.invidious = enabled;
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue