From 4fba5870aa29265e7504fb86c866776a83d964a9 Mon Sep 17 00:00:00 2001
From: jasmine <its.jassy@pm.me>
Date: Mon, 30 Sep 2024 09:20:16 +0800
Subject: [PATCH 1/2] update inputs

---
 flake.lock | 36 ++++++++++++++++++------------------
 1 file changed, 18 insertions(+), 18 deletions(-)

diff --git a/flake.lock b/flake.lock
index e4c6af8..959c5dc 100644
--- a/flake.lock
+++ b/flake.lock
@@ -31,11 +31,11 @@
         "pre-commit-hooks": "pre-commit-hooks"
       },
       "locked": {
-        "lastModified": 1726360516,
-        "narHash": "sha256-PcnbNb6SFg/y1zE36vRdhuWd50nLM4Hu2DKmtsrLHmA=",
+        "lastModified": 1727102360,
+        "narHash": "sha256-ZDqf33OAsr46TlP7TXbxmEf48xenYA3iSLs9441fYbQ=",
         "owner": "oddlama",
         "repo": "agenix-rekey",
-        "rev": "524425f44b1f9717bfabf483ec9c990c3712e6df",
+        "rev": "62da71e7eadf6b9b52e831d2e516937c30a5f712",
         "type": "github"
       },
       "original": {
@@ -394,11 +394,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1726592409,
-        "narHash": "sha256-2Y6CDvD/BD43WLS77PHu6dUHbdUfFhuzkY8oJAecD/U=",
+        "lastModified": 1726989464,
+        "narHash": "sha256-Vl+WVTJwutXkimwGprnEtXc/s/s8sMuXzqXaspIGlwM=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "2ab00f89dd3ecf8012f5090e6d7ca1a7ea30f594",
+        "rev": "2f23fa308a7c067e52dfcc30a0758f47043ec176",
         "type": "github"
       },
       "original": {
@@ -432,11 +432,11 @@
     },
     "impermanence": {
       "locked": {
-        "lastModified": 1725690722,
-        "narHash": "sha256-4qWg9sNh5g1qPGO6d/GV2ktY+eDikkBTbWSg5/iD2nY=",
+        "lastModified": 1727556076,
+        "narHash": "sha256-5Iplxbdn/7kQp4UYXMnUMFL2i2lyysOhRyzvvtPe1Qc=",
         "owner": "nix-community",
         "repo": "impermanence",
-        "rev": "63f4d0443e32b0dd7189001ee1894066765d18a5",
+        "rev": "fff0d95cf40609941769a443a001b25fb95b68ab",
         "type": "github"
       },
       "original": {
@@ -474,11 +474,11 @@
         "nixpkgs": "nixpkgs_2"
       },
       "locked": {
-        "lastModified": 1726623680,
-        "narHash": "sha256-Bs2e9TTkAyxvKGczPEYZpujdW1WtASenB/y4ML6OsRs=",
+        "lastModified": 1727574772,
+        "narHash": "sha256-bPoftKOe6oWR2o5jgLQjmaBNH2ke7+ooDGxlXXIjsBc=",
         "owner": "Infinidoge",
         "repo": "nix-minecraft",
-        "rev": "8777196210cdd759a05eefee3f6ec27a2a784403",
+        "rev": "5ce4fc09d6fcf0b9d801ff3c98da83c56d85e045",
         "type": "github"
       },
       "original": {
@@ -533,11 +533,11 @@
     },
     "nixpkgs-unstable": {
       "locked": {
-        "lastModified": 1726463316,
-        "narHash": "sha256-gI9kkaH0ZjakJOKrdjaI/VbaMEo9qBbSUl93DnU7f4c=",
+        "lastModified": 1727348695,
+        "narHash": "sha256-J+PeFKSDV+pHL7ukkfpVzCOO7mBSrrpJ3svwBFABbhI=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "99dc8785f6a0adac95f5e2ab05cc2e1bf666d172",
+        "rev": "1925c603f17fc89f4c8f6bf6f631a802ad85d784",
         "type": "github"
       },
       "original": {
@@ -565,11 +565,11 @@
     },
     "nixpkgs_3": {
       "locked": {
-        "lastModified": 1726447378,
-        "narHash": "sha256-2yV8nmYE1p9lfmLHhOCbYwQC/W8WYfGQABoGzJOb1JQ=",
+        "lastModified": 1727540905,
+        "narHash": "sha256-40J9tW7Y794J7Uw4GwcAKlMxlX2xISBl6IBigo83ih8=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "086b448a5d54fd117f4dc2dee55c9f0ff461bdc1",
+        "rev": "fbca5e745367ae7632731639de5c21f29c8744ed",
         "type": "github"
       },
       "original": {

From a98bb5989dcde55ebf77a19a6fda98e4fee69de8 Mon Sep 17 00:00:00 2001
From: jasmine <its.jassy@pm.me>
Date: Mon, 30 Sep 2024 09:22:07 +0800
Subject: [PATCH 2/2] setup immich

---
 home-manager/sajenim/fuchsia.nix              |  2 +
 ...b2f7c5775b24fc5abdfe7e653d77c5e-immich.age |  7 +++
 nixos/viridian/configuration.nix              |  1 +
 nixos/viridian/services/immich/default.nix    | 55 +++++++++++++++++++
 nixos/viridian/services/immich/secrets.age    |  9 +++
 5 files changed, 74 insertions(+)
 create mode 100644 nixos/common/global/secrets/rekeyed/viridian/2b2f7c5775b24fc5abdfe7e653d77c5e-immich.age
 create mode 100644 nixos/viridian/services/immich/default.nix
 create mode 100644 nixos/viridian/services/immich/secrets.age

diff --git a/home-manager/sajenim/fuchsia.nix b/home-manager/sajenim/fuchsia.nix
index efc1796..54ea37f 100644
--- a/home-manager/sajenim/fuchsia.nix
+++ b/home-manager/sajenim/fuchsia.nix
@@ -23,6 +23,8 @@
       jellyfin-media-player
       # Misc
       firefox
+      # Unstable
+      unstable.immich-go
     ];
   };
 }
diff --git a/nixos/common/global/secrets/rekeyed/viridian/2b2f7c5775b24fc5abdfe7e653d77c5e-immich.age b/nixos/common/global/secrets/rekeyed/viridian/2b2f7c5775b24fc5abdfe7e653d77c5e-immich.age
new file mode 100644
index 0000000..20121b3
--- /dev/null
+++ b/nixos/common/global/secrets/rekeyed/viridian/2b2f7c5775b24fc5abdfe7e653d77c5e-immich.age
@@ -0,0 +1,7 @@
+age-encryption.org/v1
+-> ssh-ed25519 KTkZog E+C2+Ayu6ytwYMXaK751u27olRZMRXKWoqkhNNmKsXA
+kb2Y5sEH+WzoJEaaC1n4eTrVM3MuTiaYy4eH/ufDcXM
+-> -3r7W;-grease X-W i?RxdY> oBU
+JyVJyP1apGU2dpk
+--- UidwwQcXd3p47fU89xxRLp1eppXtTIbJySxdQc1flh8
+©ÃÂÍ\+›SœÛµ=¨Iá¹fÑŠÈc"/ÇÍßhîrPöË›æC¹‹PÍ5Óüí÷ù
\ No newline at end of file
diff --git a/nixos/viridian/configuration.nix b/nixos/viridian/configuration.nix
index 8690b8a..31601ee 100644
--- a/nixos/viridian/configuration.nix
+++ b/nixos/viridian/configuration.nix
@@ -24,6 +24,7 @@
     ./services/crowdsec
     ./services/forgejo
     ./services/grafana
+    ./services/immich
     ./services/lighttpd
     ./services/minecraft
     ./services/mpd
diff --git a/nixos/viridian/services/immich/default.nix b/nixos/viridian/services/immich/default.nix
new file mode 100644
index 0000000..67dbea3
--- /dev/null
+++ b/nixos/viridian/services/immich/default.nix
@@ -0,0 +1,55 @@
+{
+  inputs,
+  pkgs,
+  config,
+  ...
+}: {
+  imports = [
+    "${inputs.nixpkgs-unstable}/nixos/modules/services/web-apps/immich.nix"
+  ];
+
+  age.secrets.immich = {
+    rekeyFile = ./secrets.age;
+    owner = "immich";
+    group = "immich";
+  };
+
+  services.immich = {
+    enable = true;
+    package = pkgs.unstable.immich;
+    port = 5489;
+    host = "0.0.0.0";
+    openFirewall = true;
+    mediaLocation = "/srv/services/immich/library";
+    secretsFile = config.age.secrets.immich.path;
+    database = {
+      enable = true;
+      user = "immich";
+      name = "immich";
+    };
+    environment = {
+      TZ = "Australia/Perth";
+      DB_USERNAME = "immich";
+      DB_DATABASE_NAME = "immich";
+    };
+  };
+
+  services.traefik.dynamicConfigOptions.http.routers = {
+    immich = {
+      rule = "Host(`photos.kanto.dev`)";
+      entryPoints = [
+        "websecure"
+      ];
+      middlewares = [
+        "internal"
+      ];
+      service = "immich";
+    };
+  };
+
+  services.traefik.dynamicConfigOptions.http.services = {
+    immich.loadBalancer.servers = [
+      {url = "http://127.0.0.1:${toString config.services.immich.port}";}
+    ];
+  };
+}
diff --git a/nixos/viridian/services/immich/secrets.age b/nixos/viridian/services/immich/secrets.age
new file mode 100644
index 0000000..dd2fe5a
--- /dev/null
+++ b/nixos/viridian/services/immich/secrets.age
@@ -0,0 +1,9 @@
+age-encryption.org/v1
+-> piv-p256 hdSnGw Ave/yX17ylsK6RI5ei/oxD58h8nzXisgLiNvs8p7PKd4
+eUz/WZTS3nQ8IyeBZd2/zzW4hjRexuYUuGAiLRFamb4
+-> C[:7-grease
+tVpdl3Ch
+--- wTWoOAjmo0FL1kNZ/6QIMSwA4IV6XQkZLbWobJjnlPY
+HÚ’#º-Øth­„î("ÎI
+t-FmšÔƒK•cÿ×F´SPdBÃ5–
+H%LOˆÅØ=½P‚Ìÿ
\ No newline at end of file