commit 5417fb25cc0babeac3a8424ea63d863c957c937c · pyrox.dev/nix

+234

hosts/marvin/services/immich-config.json

···

       1
       +
       {

     

       2
       +
         "backup": {

     

       3
       +
           "database": {

     

       4
       +
             "cronExpression": "0 02 * * *",

     

       5
       +
             "enabled": true,

     

       6
       +
             "keepLastAmount": 14

     

       7
       +
           }

     

       8
       +
         },

     

       9
       +
         "ffmpeg": {

     

       10
       +
           "accel": "vaapi",

     

       11
       +
           "accelDecode": true,

     

       12
       +
           "acceptedAudioCodecs": [

     

       13
       +
             "aac",

     

       14
       +
             "mp3",

     

       15
       +
             "libopus"

     

       16
       +
           ],

     

       17
       +
           "acceptedContainers": [

     

       18
       +
             "mov",

     

       19
       +
             "ogg",

     

       20
       +
             "webm"

     

       21
       +
           ],

     

       22
       +
           "acceptedVideoCodecs": [

     

       23
       +
             "h264"

     

       24
       +
           ],

     

       25
       +
           "bframes": -1,

     

       26
       +
           "cqMode": "auto",

     

       27
       +
           "crf": 23,

     

       28
       +
           "gopSize": 0,

     

       29
       +
           "maxBitrate": "0",

     

       30
       +
           "preferredHwDevice": "auto",

     

       31
       +
           "preset": "ultrafast",

     

       32
       +
           "refs": 0,

     

       33
       +
           "targetAudioCodec": "aac",

     

       34
       +
           "targetResolution": "720",

     

       35
       +
           "targetVideoCodec": "h264",

     

       36
       +
           "temporalAQ": false,

     

       37
       +
           "threads": 0,

     

       38
       +
           "tonemap": "hable",

     

       39
       +
           "transcode": "required",

     

       40
       +
           "twoPass": false

     

       41
       +
         },

     

       42
       +
         "image": {

     

       43
       +
           "colorspace": "p3",

     

       44
       +
           "extractEmbedded": false,

     

       45
       +
           "fullsize": {

     

       46
       +
             "enabled": false,

     

       47
       +
             "format": "jpeg",

     

       48
       +
             "quality": 80

     

       49
       +
           },

     

       50
       +
           "preview": {

     

       51
       +
             "format": "jpeg",

     

       52
       +
             "quality": 80,

     

       53
       +
             "size": 1440

     

       54
       +
           },

     

       55
       +
           "thumbnail": {

     

       56
       +
             "format": "webp",

     

       57
       +
             "quality": 80,

     

       58
       +
             "size": 250

     

       59
       +
           }

     

       60
       +
         },

     

       61
       +
         "job": {

     

       62
       +
           "backgroundTask": {

     

       63
       +
             "concurrency": 5

     

       64
       +
           },

     

       65
       +
           "faceDetection": {

     

       66
       +
             "concurrency": 2

     

       67
       +
           },

     

       68
       +
           "library": {

     

       69
       +
             "concurrency": 5

     

       70
       +
           },

     

       71
       +
           "metadataExtraction": {

     

       72
       +
             "concurrency": 5

     

       73
       +
           },

     

       74
       +
           "migration": {

     

       75
       +
             "concurrency": 5

     

       76
       +
           },

     

       77
       +
           "notifications": {

     

       78
       +
             "concurrency": 5

     

       79
       +
           },

     

       80
       +
           "ocr": {

     

       81
       +
             "concurrency": 1

     

       82
       +
           },

     

       83
       +
           "search": {

     

       84
       +
             "concurrency": 5

     

       85
       +
           },

     

       86
       +
           "sidecar": {

     

       87
       +
             "concurrency": 5

     

       88
       +
           },

     

       89
       +
           "smartSearch": {

     

       90
       +
             "concurrency": 2

     

       91
       +
           },

     

       92
       +
           "thumbnailGeneration": {

     

       93
       +
             "concurrency": 3

     

       94
       +
           },

     

       95
       +
           "videoConversion": {

     

       96
       +
             "concurrency": 1

     

       97
       +
           },

     

       98
       +
           "workflow": {

     

       99
       +
             "concurrency": 5

     

       100
       +
           }

     

       101
       +
         },

     

       102
       +
         "library": {

     

       103
       +
           "scan": {

     

       104
       +
             "cronExpression": "0 0 * * *",

     

       105
       +
             "enabled": true

     

       106
       +
           },

     

       107
       +
           "watch": {

     

       108
       +
             "enabled": false

     

       109
       +
           }

     

       110
       +
         },

     

       111
       +
         "logging": {

     

       112
       +
           "enabled": true,

     

       113
       +
           "level": "log"

     

       114
       +
         },

     

       115
       +
         "machineLearning": {

     

       116
       +
           "availabilityChecks": {

     

       117
       +
             "enabled": true,

     

       118
       +
             "interval": 30000,

     

       119
       +
             "timeout": 2000

     

       120
       +
           },

     

       121
       +
           "clip": {

     

       122
       +
             "enabled": true,

     

       123
       +
             "modelName": "ViT-B-32__openai"

     

       124
       +
           },

     

       125
       +
           "duplicateDetection": {

     

       126
       +
             "enabled": true,

     

       127
       +
             "maxDistance": 0.01

     

       128
       +
           },

     

       129
       +
           "enabled": true,

     

       130
       +
           "facialRecognition": {

     

       131
       +
             "enabled": true,

     

       132
       +
             "maxDistance": 0.5,

     

       133
       +
             "minFaces": 3,

     

       134
       +
             "minScore": 0.7,

     

       135
       +
             "modelName": "buffalo_l"

     

       136
       +
           },

     

       137
       +
           "ocr": {

     

       138
       +
             "enabled": true,

     

       139
       +
             "maxResolution": 736,

     

       140
       +
             "minDetectionScore": 0.5,

     

       141
       +
             "minRecognitionScore": 0.8,

     

       142
       +
             "modelName": "PP-OCRv5_mobile"

     

       143
       +
           },

     

       144
       +
           "urls": [

     

       145
       +
             "http://localhost:3003"

     

       146
       +
           ]

     

       147
       +
         },

     

       148
       +
         "map": {

     

       149
       +
           "darkStyle": "https://tiles.immich.cloud/v1/style/dark.json",

     

       150
       +
           "enabled": true,

     

       151
       +
           "lightStyle": "https://tiles.immich.cloud/v1/style/light.json"

     

       152
       +
         },

     

       153
       +
         "metadata": {

     

       154
       +
           "faces": {

     

       155
       +
             "import": false

     

       156
       +
           }

     

       157
       +
         },

     

       158
       +
         "newVersionCheck": {

     

       159
       +
           "enabled": false

     

       160
       +
         },

     

       161
       +
         "nightlyTasks": {

     

       162
       +
           "clusterNewFaces": true,

     

       163
       +
           "databaseCleanup": true,

     

       164
       +
           "generateMemories": true,

     

       165
       +
           "missingThumbnails": true,

     

       166
       +
           "startTime": "00:00",

     

       167
       +
           "syncQuotaUsage": true

     

       168
       +
         },

     

       169
       +
         "notifications": {

     

       170
       +
           "smtp": {

     

       171
       +
             "enabled": true,

     

       172
       +
             "from": "dishNet Photos <immich@pyrox.dev>",

     

       173
       +
             "transport": {

     

       174
       +
               "host": "mail.pyrox.dev",

     

       175
       +
               "ignoreCert": false,

     

       176
       +
               "port": 587,

     

       177
       +
               "secure": true,

     

       178
       +
               "username": "immich@pyrox.dev"

     

       179
       +
             }

     

       180
       +
           }

     

       181
       +
         },

     

       182
       +
         "oauth": {

     

       183
       +
           "autoLaunch": false,

     

       184
       +
           "autoRegister": true,

     

       185
       +
           "buttonText": "dishNet Auth",

     

       186
       +
           "clientId": "f1312240-d9fc-4336-aca6-b98316867848",

     

       187
       +
           "defaultStorageQuota": null,

     

       188
       +
           "enabled": true,

     

       189
       +
           "issuerUrl": "https://auth.pyrox.dev",

     

       190
       +
           "mobileOverrideEnabled": false,

     

       191
       +
           "mobileRedirectUri": "",

     

       192
       +
           "profileSigningAlgorithm": "none",

     

       193
       +
           "roleClaim": "admins",

     

       194
       +
           "scope": "openid email profile",

     

       195
       +
           "signingAlgorithm": "RS256",

     

       196
       +
           "storageLabelClaim": "preferred_username",

     

       197
       +
           "storageQuotaClaim": "immich_quota",

     

       198
       +
           "timeout": 30000,

     

       199
       +
           "tokenEndpointAuthMethod": "client_secret_post"

     

       200
       +
         },

     

       201
       +
         "passwordLogin": {

     

       202
       +
           "enabled": true

     

       203
       +
         },

     

       204
       +
         "reverseGeocoding": {

     

       205
       +
           "enabled": true

     

       206
       +
         },

     

       207
       +
         "server": {

     

       208
       +
           "externalDomain": "https://img.pyrox.dev",

     

       209
       +
           "loginPageMessage": "",

     

       210
       +
           "publicUsers": true

     

       211
       +
         },

     

       212
       +
         "storageTemplate": {

     

       213
       +
           "enabled": false,

     

       214
       +
           "hashVerificationEnabled": true,

     

       215
       +
           "template": "{{y}}/{{y}}-{{MM}}-{{dd}}/{{filename}}"

     

       216
       +
         },

     

       217
       +
         "templates": {

     

       218
       +
           "email": {

     

       219
       +
             "albumInviteTemplate": "",

     

       220
       +
             "albumUpdateTemplate": "",

     

       221
       +
             "welcomeTemplate": ""

     

       222
       +
           }

     

       223
       +
         },

     

       224
       +
         "theme": {

     

       225
       +
           "customCss": ""

     

       226
       +
         },

     

       227
       +
         "trash": {

     

       228
       +
           "days": 30,

     

       229
       +
           "enabled": true

     

       230
       +
         },

     

       231
       +
         "user": {

     

       232
       +
           "deleteDelay": 7

     

       233
       +
         }

     

       234
       +
       }

+16 -1

hosts/marvin/services/immich.nix

···

       11
        
             redis.enable = true;

     

       12
        
             mediaLocation = "/var/media/photos/";

     

       13
        
             accelerationDevices = [ "/dev/dri/renderD128" ];

     

       14
       -
             settings = null;

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       15
        
           };

     

       16
        
           immich-public-proxy = {

     

       17
        
             enable = true;

     
···

       26
        
           "video"

     

       27
        
           "render"

     

       28
        
         ];

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       29
        
       }

···

       11
        
             redis.enable = true;

     

       12
        
             mediaLocation = "/var/media/photos/";

     

       13
        
             accelerationDevices = [ "/dev/dri/renderD128" ];

     

       14
       +
             settings = (builtins.fromJSON (builtins.readFile ./immich-config.json)) // {

     

       15
       +
               oauth.clientSecret._secret = config.age.secrets.immich-oauth-secret.path;

     

       16
       +
               notifications.smtp.password._secret = config.age.secrets.immich-mail-pw.path;

     

       17
       +
             };

     

       18
        
           };

     

       19
        
           immich-public-proxy = {

     

       20
        
             enable = true;

     
···

       29
        
           "video"

     

       30
        
           "render"

     

       31
        
         ];

     

       32
       +
         age.secrets = {

     

       33
       +
           immich-oauth-secret = {

     

       34
       +
             file = ./secrets/immich/oauth-secret.age;

     

       35
       +
             owner = "immich";

     

       36
       +
             group = "immich";

     

       37
       +
           };

     

       38
       +
           immich-mail-pw = {

     

       39
       +
             file = ./secrets/immich/mail-pw.age;

     

       40
       +
             owner = "immich";

     

       41
       +
             group = "immich";

     

       42
       +
           };

     

       43
       +
         };

     

       44
        
       }

+19

hosts/marvin/services/secrets/immich/mail-pw.age

···

       1
       +
       age-encryption.org/v1

     

       2
       +
       -> ssh-ed25519 iqBxIA 3PVJMF6BgxuDxN9NAEYqcZaYEUhK9TB5XprRyW13Kx0

     

       3
       +
       AIQQG+4/9SVPcfq9ZtL/JsWDmLvW03UiAJaJ1nHSckQ

     

       4
       +
       -> ssh-rsa fFaiTA

     

       5
       +
       ZPBI1w2a48Md+Rt92ssVcfxN26zTLCEalT+jG8SJBv07ouOzd4ibPq65m6uOQU/+

     

       6
       +
       EEgHe23fGsPP4oISWDUgVFxesLA3wjsTWmbVrkrBzGQNeNnevIRMcJu7vWDtby/+

     

       7
       +
       dVxPQIoXH0jPlcDQCm2lwOGD+du+Nb4PnVseRPDaXRypKKmx+J057FQemYBk4OWx

     

       8
       +
       yUfbKV2gHHcuRTVUQG6XAQwWvhh4e25fyc+MzKZNPUK4c/SVibjAsUH+Edd+NaV5

     

       9
       +
       yxku5k4TFZkU69sl2zCdgWfYVTowTGYGyf4Kf+I/kl9m13zIk9vRpocgt4APaJnv

     

       10
       +
       p+KxJvbYRiprWl+IzZg6TwXY5mA1IbvlppR4aak1pwaIE76CgF5mGNDGkviGndtP

     

       11
       +
       +eCMIocp6lk2U0dJEYkBtmjNbxFh3dxOcirgdNDypYPlZTSGvSRGhpL4nUJRsR+l

     

       12
       +
       A7rJ5aHH2B4Vi93zgSV0PWiWSA7899bzgN1kQKKIgYln6Tl8UxQSNt5L3L4VajuW

     

       13
       +
       3UqCltyGWt/926BMS+GrDZSWCEtVsDs5XQqDKEx6D+iviHZJXniI+RhH/eM7FLjp

     

       14
       +
       iXgCRkBIALo2lOiScpr2rtfGDViq3Nh64cIslEPiewjVFTCxkxH+LuQ1stukrNki

     

       15
       +
       IF0+pZ65rgatMAdnZRFXfRxmywKD99z4WRHAxvYloXc

     

       16
       +
       -> ssh-ed25519 wpmdHA SQlzD3yqbnoF0JHqPFFDUugbm8jlBsdntLzF/WlJbjo

     

       17
       +
       FggpB1k5xbq62QNlwkocwjiWhEqNjHAxR/GwoPhXbC8

     

       18
       +
       --- 1g4f2OQbS5iXm/cqBamEWuapvZHorxfX7wHizfPcYsc

     

       19
       +
       �z�92�LN=9���$O���fP���E���~�.��}7�eڰq��y�N�I�L����"%�V�lz'�أ�

+19

hosts/marvin/services/secrets/immich/oauth-secret.age

···

       1
       +
       age-encryption.org/v1

     

       2
       +
       -> ssh-ed25519 iqBxIA 4osfKV5/wFT7mCdc4TjP7pJHdD8wzV7VKKiBSGRqImk

     

       3
       +
       wU6RSxJh8SBbXbiwCl4lXD/m1THoAg5n1Y7pyKFPiec

     

       4
       +
       -> ssh-rsa fFaiTA

     

       5
       +
       RTHaBLsBWbDEmY80LktVL/C6CeFinLm3/4t/hoWmbzLLoElBL86EGVdrE5ovjUYl

     

       6
       +
       j5+ZacmqahwjCtF/ZGBt8MFkWOK9u90YDfLp+kb2ILVy/E+CcQ3xPpH9bf83pPl/

     

       7
       +
       aZmttaRlhnhSDYVXB0lHx3u/cCrYhTf6TjEoVGZ/XrLW0BRmO6GSwcmTrachZzdJ

     

       8
       +
       je+pf2ug//mnAJR0y4MxjGlNPD/Vaj/UiaFQjPT+7ZvUUSkbv/QpPqyhhosFA11e

     

       9
       +
       1EGp21ppwUnJSNdYh2vulpQGurB5bPlv6Y8FpcFKivq/qKmA4ydyER3NcCca5Ly+

     

       10
       +
       01jQ1HRqWylYJj7K4hnxSjnNlOXCrJATuPJYoNdt2U1DnolUAqL6JIP/qNmYx8Fb

     

       11
       +
       ZrfFINBmPsNc9XJn14T4J+VB6e68ODBOvZdbzoBQOWAObnP5OH+zLYCB3II+aLPp

     

       12
       +
       Zo5WsNBBdZih4EbO0Y9PNWBjyCzxqs7zXPg1PjjDVHN/tIpSGnqoCqCPGuePhgRV

     

       13
       +
       h1gnP/lqOW2U1oL004hi3etsUsk3kXHjr35GXMVBeay+3uGXkZqhNYYSluQnJSrs

     

       14
       +
       rzahZZ8/q0FDdlUixWHb2uQjL1XMTqUcw8wPsUak8shkx8s7GPKNxtEKFcK46jk4

     

       15
       +
       ac9TCyee4HzPC/SWkLGFl0bt9s9lGTBSNQrVzogY/sg

     

       16
       +
       -> ssh-ed25519 wpmdHA C6npqn5aqimGJlo+UlvYOoqXSu/hW1JVNAmBPP1Vvjk

     

       17
       +
       gWzXqL92jI83iqSr3dydJo+UAz5OGBo6kw6QC4KRWgM

     

       18
       +
       --- ltHFDmeAbJsQtyY4CKFEz8OGAkPkue/8upHNOOQgn5I

     

       19
       +
       ��O�ӌ#&`���P�IZ�#�[��+�tdeG�ui�����?n"��(��b� ]s�	y줔���

hosts/marvin/services/secrets/secrets.nix

···

       27
        
         "golink-authkey.age".publicKeys = marvinDefault;

     

       28
        
         "grafana-admin-password.age".publicKeys = marvinDefault;

     

       29
        
         "grafana-smtp-password.age".publicKeys = marvinDefault;

     

       0
        
       
     

       0
        
       
     

       30
        
         "jellyfin-exporter-config.age".publicKeys = marvinDefault;

     

       31
        
         "minio-root.age".publicKeys = marvinDefault;

     

       32
        
         "miniflux-admin.age".publicKeys = marvinDefault;

···

       27
        
         "golink-authkey.age".publicKeys = marvinDefault;

     

       28
        
         "grafana-admin-password.age".publicKeys = marvinDefault;

     

       29
        
         "grafana-smtp-password.age".publicKeys = marvinDefault;

     

       30
       +
         "immich/oauth-secret.age".publicKeys = marvinDefault;

     

       31
       +
         "immich/mail-pw.age".publicKeys = marvinDefault;

     

       32
        
         "jellyfin-exporter-config.age".publicKeys = marvinDefault;

     

       33
        
         "minio-root.age".publicKeys = marvinDefault;

     

       34
        
         "miniflux-admin.age".publicKeys = marvinDefault;