diff options
| author | Mathias Magnusson <mathias@magnusson.space> | 2025-11-23 22:41:12 +0100 |
|---|---|---|
| committer | Mathias Magnusson <mathias@magnusson.space> | 2025-11-24 00:17:07 +0100 |
| commit | 5754980e3456e036add38f516115971c6411e93b (patch) | |
| tree | 310c6f56a012a4867d6274a7642170c21c192f21 | |
| parent | cffd1ca1dee075becdf91dae1a6bafa0ee072964 (diff) | |
| download | oden-5754980e3456e036add38f516115971c6411e93b.tar.gz | |
add immich
| -rw-r--r-- | configuration.nix | 2 | ||||
| -rw-r--r-- | immich.nix | 30 | ||||
| -rw-r--r-- | postgresql.nix | 28 |
3 files changed, 60 insertions, 0 deletions
diff --git a/configuration.nix b/configuration.nix index 3ea4a3a..47ebf0d 100644 --- a/configuration.nix +++ b/configuration.nix @@ -10,6 +10,8 @@ ./disko.nix ./impermanence.nix ./router.nix + ./immich.nix + ./postgresql.nix ]; hardware.graphics.extraPackages = with pkgs; [ diff --git a/immich.nix b/immich.nix new file mode 100644 index 0000000..1bac19b --- /dev/null +++ b/immich.nix @@ -0,0 +1,30 @@ +{ config, ... }: +let + storageDir = "/media/draupner/immich-media"; +in +{ + services.immich = { + enable = true; + mediaLocation = storageDir; + accelerationDevices = [ "/dev/dri/renderD128" ]; + database = { + enableVectors = false; + enableVectorChord = true; + }; + # settings.server.externalDomain = "immich.0m.nu"; + }; + + systemd.tmpfiles.rules = [ "d ${storageDir} 750 immich immich" ]; + + services.nginx = { + enable = true; + virtualHosts."immich.oden.m" = { + locations."/" = { + proxyPass = "http://localhost:${toString config.services.immich.port}"; + }; + }; + }; + networking.firewall.allowedTCPPorts = [ 80 ]; + + # services.immich-public-proxy = { }; +} diff --git a/postgresql.nix b/postgresql.nix new file mode 100644 index 0000000..b11c832 --- /dev/null +++ b/postgresql.nix @@ -0,0 +1,28 @@ +{ config, ... }: +let + dataDir = "/media/draupner/postgresql/${config.services.postgresql.package.psqlSchema}"; +in +{ + services.postgresql = { + enable = true; + enableJIT = true; + inherit dataDir; + ensureUsers = [ + { + name = "mathias"; + ensureClauses.superuser = true; + ensureClauses.login = true; + } + ]; + authentication = '' + local all postgres peer + local all all peer map=m + ''; + identMap = '' + m mathias all + m /^(.*)$ \1 + ''; + }; + + systemd.tmpfiles.rules = [ "d ${dataDir} 750 postgres postgres" ]; +} |