Add Immich

modules/immich.nix

@@ -0,0 +1,43 @@
+{ config, lib, ... }:
+let
+  cfg = config.custom.services.immich;
+  externalDomain = "photos.${config.networking.domain}";
+in
+{
+  options.custom.services.immich = {
+    enable = lib.mkEnableOption "immich";
+  };
+
+  config = lib.mkIf cfg.enable {
+    sops.secrets.immichSecretsFile = {
+      owner = config.systemd.services.immich-server.serviceConfig.User;
+      key = "immich/secrets_file";
+      restartUnits = [ "immich-server.service" ];
+    };
+
+    services = {
+      immich = {
+        enable = true;
+        host = "127.0.0.1";
+        group = "nextcloud";
+        secretsFile = config.sops.secrets.immichSecretsFile.path;
+        database.host = "127.0.0.1";
+        settings = {
+          server.externalDomain = "https://${externalDomain}";
+        };
+      };
+      nginx = {
+        virtualHosts = {
+          ${externalDomain} = {
+            enableACME = true;
+            forceSSL = true;
+            locations."/" = {
+              proxyPass = "http://127.0.0.1:${toString config.services.immich.port}";
+              proxyWebsockets = true;
+            };
+          };
+        };
+      };
+    };
+  };
+}