Add PostGIS init service for Dawarich and enable ACME/SSL for Immich

2026-02-08 23:11:04 -06:00 · 2026-02-08 23:11:04 -06:00 · 9e5e3cd4fa
commit 9e5e3cd4fa
parent dd66f172cd
2 changed files with 29 additions and 23 deletions
--- a/hosts/h001/containers/dawarich.nix
+++ b/hosts/h001/containers/dawarich.nix
@ -237,15 +237,23 @@ in
              };
            };

-            systemd.services.dawarich = {
-              requires = [
-                "postgresql.service"
-                "redis-dawarich.service"
-              ];
-              after = [
-                "postgresql.service"
-                "redis-dawarich.service"
-              ];
+            # Ensure postgis extension exists before dawarich-init-db runs
+            # (initialScript only runs on first cluster creation)
+            systemd.services.dawarich-postgis-init = {
+              description = "Initialize PostGIS extension for Dawarich";
+              requires = [ "postgresql.service" ];
+              after = [ "postgresql.service" ];
+              before = [ "dawarich-init-db.service" ];
+              requiredBy = [ "dawarich-init-db.service" ];
+              serviceConfig = {
+                Type = "oneshot";
+                RemainAfterExit = true;
+                User = "postgres";
+                Group = "postgres";
+                ExecStart = pkgs.writeShellScript "dawarich-postgis-init" ''
+                  ${config.services.postgresql.package}/bin/psql -d dawarich -c "CREATE EXTENSION IF NOT EXISTS postgis;"
+                '';
+              };
            };
          };
        };
--- a/hosts/h001/containers/immich.nix
+++ b/hosts/h001/containers/immich.nix
@ -91,20 +91,18 @@ in
 {
  options = { };
  config = {
-    services.nginx.virtualHosts."photos.joshuabell.xyz" = {
-      addSSL = true;
-      sslCertificate = "/var/lib/acme/joshuabell.xyz/fullchain.pem";
-      sslCertificateKey = "/var/lib/acme/joshuabell.xyz/key.pem";
-      locations = {
-        "/" = {
-          proxyWebsockets = true;
-          recommendedProxySettings = true;
-          proxyPass = "http://${containerAddress}:2283";
+    services.nginx.virtualHosts."photos.joshuabell.xyz" = lib.mkIf (hasSecret "linode_rw_domains") {
+      forceSSL = true;
+      useACMEHost = "joshuabell.xyz";
      extraConfig = ''
-            proxy_set_header X-Forwarded-Proto https;
        client_max_body_size 50G;
+        proxy_read_timeout 600s;
+        proxy_send_timeout 600s;
+        send_timeout 600s;
      '';
-        };
+      locations."/" = {
+        proxyWebsockets = true;
+        proxyPass = "http://${containerAddress}:2283";
      };
    };