diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix
index 3923715..0b7214b 100644
--- a/configurations/nixos/defiant/configuration.nix
+++ b/configurations/nixos/defiant/configuration.nix
@@ -114,6 +114,10 @@
adguardhome = {
enable = false;
};
+ immich = {
+ enable = true;
+ subdomain = "photos";
+ };
sync = {
enable = true;
folders = {
diff --git a/modules/nixos-modules/server/default.nix b/modules/nixos-modules/server/default.nix
index 8854936..956ad9e 100644
--- a/modules/nixos-modules/server/default.nix
+++ b/modules/nixos-modules/server/default.nix
@@ -10,5 +10,6 @@
./searx.nix
./home-assistant.nix
./adguardhome.nix
+ ./immich.nix
];
}
diff --git a/modules/nixos-modules/server/immich.nix b/modules/nixos-modules/server/immich.nix
new file mode 100644
index 0000000..7dd3a0f
--- /dev/null
+++ b/modules/nixos-modules/server/immich.nix
@@ -0,0 +1,68 @@
+{
+ lib,
+ config,
+ ...
+}: let
+ mediaLocation = "/var/lib/immich";
+in {
+ options.host.immich = {
+ enable = lib.mkEnableOption "should immich be enabled on this computer";
+ subdomain = lib.mkOption {
+ type = lib.types.str;
+ description = "subdomain of base domain that immich will be hosted at";
+ default = "immich";
+ };
+ };
+
+ config = lib.mkIf config.host.immich.enable (lib.mkMerge [
+ {
+ host = {
+ reverse_proxy.subdomains.${config.host.immich.subdomain} = {
+ target = "http://localhost:${toString config.services.immich.port}";
+ };
+ postgres = {
+ enable = true;
+ extraUsers = {
+ ${config.services.immich.database.user} = {
+ isClient = true;
+ };
+ };
+ };
+ };
+
+ services.immich = {
+ enable = true;
+ port = 2283;
+ # redis.enable = false;
+ };
+
+ networking.firewall.interfaces.${config.services.tailscale.interfaceName} = {
+ allowedUDPPorts = [
+ config.services.immich.port
+ ];
+ allowedTCPPorts = [
+ config.services.immich.port
+ ];
+ };
+ }
+ (lib.mkIf config.host.impermanence.enable {
+ assertions = [
+ {
+ assertion = config.services.immich.mediaLocation == mediaLocation;
+ message = "immich media location does not match persistence";
+ }
+ ];
+ environment.persistence."/persist/system/root" = {
+ enable = true;
+ hideMounts = true;
+ directories = [
+ {
+ directory = mediaLocation;
+ user = "immich";
+ group = "immich";
+ }
+ ];
+ };
+ })
+ ]);
+}
diff --git a/modules/nixos-modules/users.nix b/modules/nixos-modules/users.nix
index 92f4016..7bdb3dd 100644
--- a/modules/nixos-modules/users.nix
+++ b/modules/nixos-modules/users.nix
@@ -19,10 +19,10 @@
forgejo = 2002;
adguardhome = 2003;
hass = 2004;
- headscale = 2005;
syncthing = 2007;
ollama = 2008;
git = 2009;
+ immich = 2010;
};
gids = {
@@ -34,10 +34,10 @@
forgejo = 2002;
adguardhome = 2003;
hass = 2004;
- headscale = 2005;
syncthing = 2007;
ollama = 2008;
git = 2009;
+ immich = 2010;
};
users = config.users.users;
@@ -135,12 +135,6 @@ in {
group = config.users.users.hass.name;
};
- headscale = {
- uid = lib.mkForce uids.headscale;
- isSystemUser = true;
- group = config.users.users.headscale.name;
- };
-
syncthing = {
uid = lib.mkForce uids.syncthing;
isSystemUser = true;
@@ -159,6 +153,12 @@ in {
isNormalUser = config.services.forgejo.enable;
group = config.users.users.git.name;
};
+
+ immich = {
+ uid = lib.mkForce uids.immich;
+ isSystemUser = true;
+ group = config.users.users.immich.name;
+ };
};
groups = {
@@ -225,14 +225,6 @@ in {
];
};
- headscale = {
- gid = lib.mkForce gids.headscale;
- members = [
- users.headscale.name
- # leyla
- ];
- };
-
syncthing = {
gid = lib.mkForce gids.syncthing;
members = [
@@ -255,6 +247,14 @@ in {
users.git.name
];
};
+
+ immich = {
+ gid = lib.mkForce gids.immich;
+ members = [
+ users.immich.name
+ # leyla
+ ];
+ };
};
};
}