{ config, lib, pkgs, ... }: { options.zpha.websites."memories.zaphyra.eu".enable = lib.mkEnableOption ""; config = lib.mkIf config.zpha.websites."memories.zaphyra.eu".enable { dns.zones."zaphyra.eu".subdomains."memories".CNAME = [ "${config.networking.fqdn}." ]; sops.secrets = { "restic/immich/repositoryPassword" = { }; "restic/immich/sshPrivateKey" = { }; }; common = { configure.persist.system.dirs = [ "/var/lib/postgresql" { inherit (config.services.immich) user group; directory = config.services.immich.mediaLocation; mode = "0750"; } ]; services.resticBackup.immich = { inherit (config.services.immich) user; enable = true; targets = [ "restic-target.fc9f.de" "isodon.fc9f.de" ]; sshKeyFile = config.sops.secrets."restic/immich/sshPrivateKey".path; passwordFile = config.sops.secrets."restic/immich/repositoryPassword".path; postgresDatabases = [ config.services.immich.database.name ]; paths = [ config.services.immich.mediaLocation ]; }; }; services = { immich = { enable = true; package = pkgs.unstable.immich; host = "::1"; redis.enable = true; machine-learning.enable = true; settings = { server.externalDomain = "https://memories.zaphyra.eu"; backup.database.enabled = false; metadata.faces."import" = true; storageTemplate = { enabled = false; hashVerificationEnabled = true; template = "{{y}}/{{y}}{{MM}}/{{dd}}-{{filename}}"; }; }; }; nginx.virtualHosts."memories.zaphyra.eu" = { useACMEHost = "${config.networking.fqdn}"; forceSSL = true; kTLS = true; locations."/" = { proxyPass = "http://[${config.services.immich.host}]:${toString config.services.immich.port}"; proxyWebsockets = true; recommendedProxySettings = true; extraConfig = '' client_max_body_size 50000M; proxy_read_timeout 600s; proxy_send_timeout 600s; send_timeout 600s; ''; }; }; }; }; }