From 3ec99b599bc3f022249c6a604f3793061f664865 Mon Sep 17 00:00:00 2001
From: Leyla Becker <git@jan-leila.com>
Date: Sun, 16 Mar 2025 21:00:44 -0500
Subject: [PATCH] created immich config

---
 .../nixos/defiant/configuration.nix           |  4 ++
 modules/nixos-modules/server/default.nix      |  1 +
 modules/nixos-modules/server/immich.nix       | 68 +++++++++++++++++++
 modules/nixos-modules/users.nix               | 32 ++++-----
 4 files changed, 89 insertions(+), 16 deletions(-)
 create mode 100644 modules/nixos-modules/server/immich.nix

diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix
index 3923715..0b7214b 100644
--- a/configurations/nixos/defiant/configuration.nix
+++ b/configurations/nixos/defiant/configuration.nix
@@ -114,6 +114,10 @@
     adguardhome = {
       enable = false;
     };
+    immich = {
+      enable = true;
+      subdomain = "photos";
+    };
     sync = {
       enable = true;
       folders = {
diff --git a/modules/nixos-modules/server/default.nix b/modules/nixos-modules/server/default.nix
index 8854936..956ad9e 100644
--- a/modules/nixos-modules/server/default.nix
+++ b/modules/nixos-modules/server/default.nix
@@ -10,5 +10,6 @@
     ./searx.nix
     ./home-assistant.nix
     ./adguardhome.nix
+    ./immich.nix
   ];
 }
diff --git a/modules/nixos-modules/server/immich.nix b/modules/nixos-modules/server/immich.nix
new file mode 100644
index 0000000..7dd3a0f
--- /dev/null
+++ b/modules/nixos-modules/server/immich.nix
@@ -0,0 +1,68 @@
+{
+  lib,
+  config,
+  ...
+}: let
+  mediaLocation = "/var/lib/immich";
+in {
+  options.host.immich = {
+    enable = lib.mkEnableOption "should immich be enabled on this computer";
+    subdomain = lib.mkOption {
+      type = lib.types.str;
+      description = "subdomain of base domain that immich will be hosted at";
+      default = "immich";
+    };
+  };
+
+  config = lib.mkIf config.host.immich.enable (lib.mkMerge [
+    {
+      host = {
+        reverse_proxy.subdomains.${config.host.immich.subdomain} = {
+          target = "http://localhost:${toString config.services.immich.port}";
+        };
+        postgres = {
+          enable = true;
+          extraUsers = {
+            ${config.services.immich.database.user} = {
+              isClient = true;
+            };
+          };
+        };
+      };
+
+      services.immich = {
+        enable = true;
+        port = 2283;
+        # redis.enable = false;
+      };
+
+      networking.firewall.interfaces.${config.services.tailscale.interfaceName} = {
+        allowedUDPPorts = [
+          config.services.immich.port
+        ];
+        allowedTCPPorts = [
+          config.services.immich.port
+        ];
+      };
+    }
+    (lib.mkIf config.host.impermanence.enable {
+      assertions = [
+        {
+          assertion = config.services.immich.mediaLocation == mediaLocation;
+          message = "immich media location does not match persistence";
+        }
+      ];
+      environment.persistence."/persist/system/root" = {
+        enable = true;
+        hideMounts = true;
+        directories = [
+          {
+            directory = mediaLocation;
+            user = "immich";
+            group = "immich";
+          }
+        ];
+      };
+    })
+  ]);
+}
diff --git a/modules/nixos-modules/users.nix b/modules/nixos-modules/users.nix
index 92f4016..7bdb3dd 100644
--- a/modules/nixos-modules/users.nix
+++ b/modules/nixos-modules/users.nix
@@ -19,10 +19,10 @@
     forgejo = 2002;
     adguardhome = 2003;
     hass = 2004;
-    headscale = 2005;
     syncthing = 2007;
     ollama = 2008;
     git = 2009;
+    immich = 2010;
   };
 
   gids = {
@@ -34,10 +34,10 @@
     forgejo = 2002;
     adguardhome = 2003;
     hass = 2004;
-    headscale = 2005;
     syncthing = 2007;
     ollama = 2008;
     git = 2009;
+    immich = 2010;
   };
 
   users = config.users.users;
@@ -135,12 +135,6 @@ in {
             group = config.users.users.hass.name;
           };
 
-          headscale = {
-            uid = lib.mkForce uids.headscale;
-            isSystemUser = true;
-            group = config.users.users.headscale.name;
-          };
-
           syncthing = {
             uid = lib.mkForce uids.syncthing;
             isSystemUser = true;
@@ -159,6 +153,12 @@ in {
             isNormalUser = config.services.forgejo.enable;
             group = config.users.users.git.name;
           };
+
+          immich = {
+            uid = lib.mkForce uids.immich;
+            isSystemUser = true;
+            group = config.users.users.immich.name;
+          };
         };
 
         groups = {
@@ -225,14 +225,6 @@ in {
             ];
           };
 
-          headscale = {
-            gid = lib.mkForce gids.headscale;
-            members = [
-              users.headscale.name
-              # leyla
-            ];
-          };
-
           syncthing = {
             gid = lib.mkForce gids.syncthing;
             members = [
@@ -255,6 +247,14 @@ in {
               users.git.name
             ];
           };
+
+          immich = {
+            gid = lib.mkForce gids.immich;
+            members = [
+              users.immich.name
+              # leyla
+            ];
+          };
         };
       };
     }