hosts/marvin/services/immich.nix at main · pyrox.dev/nix

pyrox.dev / nix

My Nix Configuration

nix / hosts / marvin / services / immich.nix

at main 1.3 kB view raw

 1{
 2  self,
 3  config,
 4  lib,
 5  ...
 6}:
 7let
 8  d = self.lib.data.services.immich;
 9in
10{
11  services = {
12    immich = {
13      inherit (d) port;
14      enable = true;
15      host = "0.0.0.0";
16      redis.enable = true;
17      mediaLocation = "/var/media/photos/";
18      accelerationDevices = [ "/dev/dri/renderD128" ];
19      settings = lib.recursiveUpdate (builtins.fromJSON (builtins.readFile ./immich-config.json)) {
20        oauth.clientSecret._secret = config.age.secrets.immich-oauth-secret.path;
21        notifications.smtp.transport.password._secret = config.age.secrets.immich-mail-pw.path;
22        server.externalDomain = "https://${d.extUrl}";
23      };
24    };
25    immich-public-proxy = {
26      enable = true;
27      port = d.pubProxy;
28      immichUrl = "http://localhost:${toString d.port}";
29      settings.ipp = {
30        downloadedFilename = 1;
31      };
32    };
33  };
34  systemd.services.immich-public-proxy.environment.PUBLIC_BASE_URL = "https://${d.extUrl}";
35  users.users.immich.extraGroups = [
36    "video"
37    "render"
38  ];
39  age.secrets = {
40    immich-oauth-secret = {
41      file = ./secrets/immich/oauth-secret.age;
42      owner = "immich";
43      group = "immich";
44    };
45    immich-mail-pw = {
46      file = ./secrets/immich/mail-pw.age;
47      owner = "immich";
48      group = "immich";
49    };
50  };
51}