From a98bb5989dcde55ebf77a19a6fda98e4fee69de8 Mon Sep 17 00:00:00 2001 From: jasmine Date: Mon, 30 Sep 2024 09:22:07 +0800 Subject: [PATCH] setup immich --- home-manager/sajenim/fuchsia.nix | 2 + ...b2f7c5775b24fc5abdfe7e653d77c5e-immich.age | 7 +++ nixos/viridian/configuration.nix | 1 + nixos/viridian/services/immich/default.nix | 55 +++++++++++++++++++ nixos/viridian/services/immich/secrets.age | 9 +++ 5 files changed, 74 insertions(+) create mode 100644 nixos/common/global/secrets/rekeyed/viridian/2b2f7c5775b24fc5abdfe7e653d77c5e-immich.age create mode 100644 nixos/viridian/services/immich/default.nix create mode 100644 nixos/viridian/services/immich/secrets.age diff --git a/home-manager/sajenim/fuchsia.nix b/home-manager/sajenim/fuchsia.nix index efc1796..54ea37f 100644 --- a/home-manager/sajenim/fuchsia.nix +++ b/home-manager/sajenim/fuchsia.nix @@ -23,6 +23,8 @@ jellyfin-media-player # Misc firefox + # Unstable + unstable.immich-go ]; }; } diff --git a/nixos/common/global/secrets/rekeyed/viridian/2b2f7c5775b24fc5abdfe7e653d77c5e-immich.age b/nixos/common/global/secrets/rekeyed/viridian/2b2f7c5775b24fc5abdfe7e653d77c5e-immich.age new file mode 100644 index 0000000..20121b3 --- /dev/null +++ b/nixos/common/global/secrets/rekeyed/viridian/2b2f7c5775b24fc5abdfe7e653d77c5e-immich.age @@ -0,0 +1,7 @@ +age-encryption.org/v1 +-> ssh-ed25519 KTkZog E+C2+Ayu6ytwYMXaK751u27olRZMRXKWoqkhNNmKsXA +kb2Y5sEH+WzoJEaaC1n4eTrVM3MuTiaYy4eH/ufDcXM +-> -3r7W;-grease X-W i?RxdY> oBU +JyVJyP1apGU2dpk +--- UidwwQcXd3p47fU89xxRLp1eppXtTIbJySxdQc1flh8 +\+S۵=I fъc"/hrP˛CP 5 \ No newline at end of file diff --git a/nixos/viridian/configuration.nix b/nixos/viridian/configuration.nix index 8690b8a..31601ee 100644 --- a/nixos/viridian/configuration.nix +++ b/nixos/viridian/configuration.nix @@ -24,6 +24,7 @@ ./services/crowdsec ./services/forgejo ./services/grafana + ./services/immich ./services/lighttpd ./services/minecraft ./services/mpd diff --git a/nixos/viridian/services/immich/default.nix b/nixos/viridian/services/immich/default.nix new file mode 100644 index 0000000..67dbea3 --- /dev/null +++ b/nixos/viridian/services/immich/default.nix @@ -0,0 +1,55 @@ +{ + inputs, + pkgs, + config, + ... +}: { + imports = [ + "${inputs.nixpkgs-unstable}/nixos/modules/services/web-apps/immich.nix" + ]; + + age.secrets.immich = { + rekeyFile = ./secrets.age; + owner = "immich"; + group = "immich"; + }; + + services.immich = { + enable = true; + package = pkgs.unstable.immich; + port = 5489; + host = "0.0.0.0"; + openFirewall = true; + mediaLocation = "/srv/services/immich/library"; + secretsFile = config.age.secrets.immich.path; + database = { + enable = true; + user = "immich"; + name = "immich"; + }; + environment = { + TZ = "Australia/Perth"; + DB_USERNAME = "immich"; + DB_DATABASE_NAME = "immich"; + }; + }; + + services.traefik.dynamicConfigOptions.http.routers = { + immich = { + rule = "Host(`photos.kanto.dev`)"; + entryPoints = [ + "websecure" + ]; + middlewares = [ + "internal" + ]; + service = "immich"; + }; + }; + + services.traefik.dynamicConfigOptions.http.services = { + immich.loadBalancer.servers = [ + {url = "http://127.0.0.1:${toString config.services.immich.port}";} + ]; + }; +} diff --git a/nixos/viridian/services/immich/secrets.age b/nixos/viridian/services/immich/secrets.age new file mode 100644 index 0000000..dd2fe5a --- /dev/null +++ b/nixos/viridian/services/immich/secrets.age @@ -0,0 +1,9 @@ +age-encryption.org/v1 +-> piv-p256 hdSnGw Ave/yX17ylsK6RI5ei/oxD58h8nzXisgLiNvs8p7PKd4 +eUz/WZTS3nQ8IyeBZd2/zzW4hjRexuYUuGAiLRFamb4 +-> C[:7-grease +tVpdl3Ch +--- wTWoOAjmo0FL1kNZ/6QIMSwA4IV6XQkZLbWobJjnlPY +Hڒ#-th ("I +t-FmԃKcF SPdB5 +H%LO=P \ No newline at end of file