1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
{
config,
lib,
pkgs,
...
}:
{
options.zpha.websites."memories.zaphyra.eu".enable = lib.mkEnableOption "";
config = lib.mkIf config.zpha.websites."memories.zaphyra.eu".enable {
dns.zones."zaphyra.eu".subdomains."memories".CNAME = [ "${config.networking.fqdn}." ];
sops.secrets = {
"restic/immich/repositoryPassword" = { };
"restic/immich/sshPrivateKey" = { };
};
common = {
configure.persist.system.dirs = [
"/var/lib/postgresql"
{
inherit (config.services.immich) user group;
directory = config.services.immich.mediaLocation;
mode = "0750";
}
];
services.resticBackup.immich = {
inherit (config.services.immich) user;
enable = true;
targets = [
"restic-target.fc9f.de"
"isodon.fc9f.de"
];
sshKeyFile = config.sops.secrets."restic/immich/sshPrivateKey".path;
passwordFile = config.sops.secrets."restic/immich/repositoryPassword".path;
postgresDatabases = [ config.services.immich.database.name ];
paths = [ config.services.immich.mediaLocation ];
};
};
services = {
immich = {
enable = true;
package = pkgs.unstable.immich;
host = "::1";
redis.enable = true;
machine-learning.enable = true;
settings = {
server.externalDomain = "https://memories.zaphyra.eu";
backup.database.enabled = false;
metadata.faces."import" = true;
storageTemplate = {
enabled = false;
hashVerificationEnabled = true;
template = "{{y}}/{{y}}{{MM}}/{{dd}}-{{filename}}";
};
};
};
nginx.virtualHosts."memories.zaphyra.eu" = {
useACMEHost = "${config.networking.fqdn}";
forceSSL = true;
kTLS = true;
locations."/" = {
proxyPass = "http://[${config.services.immich.host}]:${toString config.services.immich.port}";
proxyWebsockets = true;
recommendedProxySettings = true;
extraConfig = ''
client_max_body_size 50000M;
proxy_read_timeout 600s;
proxy_send_timeout 600s;
send_timeout 600s;
'';
};
};
};
};
}