phfroidmont/self-hosting
1
0
Fork 0
mirror of https://github.com/phfroidmont/self-hosting.git synced 2025-12-25 05:36:59 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Add Immich

Browse source
This commit is contained in:
Paul-Henri Froidmont 2024-12-14 05:07:09 +01:00
parent a5637b3c07
commit 0facce0860
Signed by: phfroidmont
GPG key ID: BE948AFD7E7873BE
6 changed files with 70 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

1
modules/default.nix
View file

@ -22,5 +22,6 @@
./dokuwiki.nix
./postgresql.nix
./foundryvtt.nix
./immich.nix
];
}

43
modules/immich.nix Normal file
View file

@ -0,0 +1,43 @@
{ config, lib, ... }:
let
cfg = config.custom.services.immich;
externalDomain = "photos.${config.networking.domain}";
in
{
options.custom.services.immich = {
enable = lib.mkEnableOption "immich";
};
config = lib.mkIf cfg.enable {
sops.secrets.immichSecretsFile = {
owner = config.systemd.services.immich-server.serviceConfig.User;
key = "immich/secrets_file";
restartUnits = [ "immich-server.service" ];
};
services = {
immich = {
enable = true;
host = "127.0.0.1";
group = "nextcloud";
secretsFile = config.sops.secrets.immichSecretsFile.path;
database.host = "127.0.0.1";
settings = {
server.externalDomain = "https://${externalDomain}";
};
};
nginx = {
virtualHosts = {
${externalDomain} = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:${toString config.services.immich.port}";
proxyWebsockets = true;
};
};
};
};
};
};
}

11
modules/postgresql.nix
View file

@ -22,6 +22,7 @@ in
root_as_others root synapse
root_as_others root nextcloud
root_as_others root roundcube
root_as_others root immich
'';
authentication = ''
local all postgres peer
@ -46,6 +47,11 @@ in
key = "roundcube/db_password";
restartUnits = [ "postgresql-setup.service" ];
};
immichDbPasswordPg = {
owner = config.services.postgresql.superUser;
key = "immich/db_password";
restartUnits = [ "postgresql-setup.service" ];
};
};
systemd.services.postgresql-setup =
@ -69,14 +75,17 @@ in
PSQL -tAc "SELECT 1 FROM pg_roles WHERE rolname = 'synapse'" | grep -q 1 || PSQL -tAc 'CREATE ROLE "synapse"'
PSQL -tAc "SELECT 1 FROM pg_roles WHERE rolname = 'nextcloud'" | grep -q 1 || PSQL -tAc 'CREATE ROLE "nextcloud"'
PSQL -tAc "SELECT 1 FROM pg_roles WHERE rolname = 'roundcube'" | grep -q 1 || PSQL -tAc 'CREATE ROLE "roundcube"'
PSQL -tAc "SELECT 1 FROM pg_roles WHERE rolname = 'immich'" | grep -q 1 || PSQL -tAc 'CREATE ROLE "immich"'
PSQL -tAc "SELECT 1 FROM pg_database WHERE datname = 'synapse'" | grep -q 1 || PSQL -tAc 'CREATE DATABASE "synapse" OWNER "synapse" TEMPLATE template0 LC_COLLATE = "C" LC_CTYPE = "C"'
PSQL -tAc "SELECT 1 FROM pg_database WHERE datname = 'nextcloud'" | grep -q 1 || PSQL -tAc 'CREATE DATABASE "nextcloud" OWNER "nextcloud"'
PSQL -tAc "SELECT 1 FROM pg_database WHERE datname = 'roundcube'" | grep -q 1 || PSQL -tAc 'CREATE DATABASE "roundcube" OWNER "roundcube"'
PSQL -tAc "SELECT 1 FROM pg_database WHERE datname = 'immich'" | grep -q 1 || PSQL -tAc 'CREATE DATABASE "immich" OWNER "immich"'
PSQL -tAc "ALTER ROLE synapse LOGIN"
PSQL -tAc "ALTER ROLE nextcloud LOGIN"
PSQL -tAc "ALTER ROLE roundcube LOGIN"
PSQL -tAc "ALTER ROLE immich LOGIN"
synapse_password="$(<'${config.sops.secrets.synapseDbPasswordPg.path}')"
PSQL -tAc "ALTER ROLE synapse WITH PASSWORD '$synapse_password'"
@ -84,6 +93,8 @@ in
PSQL -tAc "ALTER ROLE nextcloud WITH PASSWORD '$nextcloud_password'"
roundcube_password="$(<'${config.sops.secrets.roundcubeDbPasswordPg.path}')"
PSQL -tAc "ALTER ROLE roundcube WITH PASSWORD '$roundcube_password'"
immich_password="$(<'${config.sops.secrets.immichDbPasswordPg.path}')"
PSQL -tAc "ALTER ROLE immich WITH PASSWORD '$immich_password'"
'';
serviceConfig = {