Add PostGIS init service for Dawarich and enable ACME/SSL for Immich

2026-02-08 23:11:04 -06:00 · 2026-02-08 23:11:04 -06:00 · 9e5e3cd4fa
commit 9e5e3cd4fa
parent dd66f172cd
2 changed files with 29 additions and 23 deletions
--- a/hosts/h001/containers/dawarich.nix
+++ b/hosts/h001/containers/dawarich.nix
@ -237,15 +237,23 @@ in
              };
            };
-            systemd.services.dawarich = {
+            # Ensure postgis extension exists before dawarich-init-db runs
-              requires = [
+            # (initialScript only runs on first cluster creation)
-                "postgresql.service"
+            systemd.services.dawarich-postgis-init = {
-                "redis-dawarich.service"
+              description = "Initialize PostGIS extension for Dawarich";
-              ];
+              requires = [ "postgresql.service" ];
-              after = [
+              after = [ "postgresql.service" ];
-                "postgresql.service"
+              before = [ "dawarich-init-db.service" ];
-                "redis-dawarich.service"
+              requiredBy = [ "dawarich-init-db.service" ];
-              ];
+              serviceConfig = {
                Type = "oneshot";
                RemainAfterExit = true;
                User = "postgres";
                Group = "postgres";
                ExecStart = pkgs.writeShellScript "dawarich-postgis-init" ''
                  ${config.services.postgresql.package}/bin/psql -d dawarich -c "CREATE EXTENSION IF NOT EXISTS postgis;"
                '';
              };
            };
          };
        };
--- a/hosts/h001/containers/immich.nix
+++ b/hosts/h001/containers/immich.nix
@ -91,20 +91,18 @@ in
 {
  options = { };
  config = {
-    services.nginx.virtualHosts."photos.joshuabell.xyz" = {
+    services.nginx.virtualHosts."photos.joshuabell.xyz" = lib.mkIf (hasSecret "linode_rw_domains") {
-      addSSL = true;
+      forceSSL = true;
-      sslCertificate = "/var/lib/acme/joshuabell.xyz/fullchain.pem";
+      useACMEHost = "joshuabell.xyz";
-      sslCertificateKey = "/var/lib/acme/joshuabell.xyz/key.pem";
+      extraConfig = ''
-      locations = {
+        client_max_body_size 50G;
-        "/" = {
+        proxy_read_timeout 600s;
-          proxyWebsockets = true;
+        proxy_send_timeout 600s;
-          recommendedProxySettings = true;
+        send_timeout 600s;
-          proxyPass = "http://${containerAddress}:2283";
+      '';
-          extraConfig = ''
+      locations."/" = {
-            proxy_set_header X-Forwarded-Proto https;
+        proxyWebsockets = true;
-            client_max_body_size 50G;
+        proxyPass = "http://${containerAddress}:2283";
          '';
        };
      };
    };