Compare commits
3 commits
292c7ab911
...
c259a93c7a
| Author | SHA1 | Date | |
|---|---|---|---|
|
c259a93c7a | ||
|
|
7bf071d0a1 | ||
|
|
a162c71e78 |
1 changed files with 70 additions and 67 deletions
|
|
@ -32,7 +32,7 @@ let
|
||||||
{
|
{
|
||||||
host = "${hostVarLibDir}/postgres";
|
host = "${hostVarLibDir}/postgres";
|
||||||
# Adjust based on container postgres data dir
|
# Adjust based on container postgres data dir
|
||||||
container = "/var/lib/postgresql/17";
|
container = "/var/lib/postgresql/16";
|
||||||
user = "postgres";
|
user = "postgres";
|
||||||
uid = config.ids.uids.postgres;
|
uid = config.ids.uids.postgres;
|
||||||
gid = config.ids.gids.postgres;
|
gid = config.ids.gids.postgres;
|
||||||
|
|
@ -149,81 +149,84 @@ in
|
||||||
...
|
...
|
||||||
}:
|
}:
|
||||||
{
|
{
|
||||||
config = {
|
config = lib.mkMerge [
|
||||||
system.stateVersion = "25.05";
|
{
|
||||||
|
system.stateVersion = "25.05";
|
||||||
|
|
||||||
networking = {
|
networking = {
|
||||||
firewall = {
|
firewall = {
|
||||||
|
enable = true;
|
||||||
|
allowedTCPPorts = [
|
||||||
|
2283
|
||||||
|
];
|
||||||
|
};
|
||||||
|
# Use systemd-resolved inside the container
|
||||||
|
# Workaround for bug https://github.com/NixOS/nixpkgs/issues/162686
|
||||||
|
useHostResolvConf = lib.mkForce false;
|
||||||
|
};
|
||||||
|
services.resolved.enable = true;
|
||||||
|
|
||||||
|
# Ensure users exist on container
|
||||||
|
inherit users;
|
||||||
|
|
||||||
|
services.postgresql = {
|
||||||
enable = true;
|
enable = true;
|
||||||
allowedTCPPorts = [
|
package = pkgs.postgresql_16.withPackages (ps: [ ps.pgvecto-rs ]);
|
||||||
2283
|
enableJIT = true;
|
||||||
|
authentication = ''
|
||||||
|
local all all trust
|
||||||
|
host all all 127.0.0.1/8 trust
|
||||||
|
host all all ::1/128 trust
|
||||||
|
host all all fc00::1/128 trust
|
||||||
|
'';
|
||||||
|
ensureDatabases = [ "immich" ];
|
||||||
|
ensureUsers = [
|
||||||
|
{
|
||||||
|
name = "immich";
|
||||||
|
ensureDBOwnership = true;
|
||||||
|
ensureClauses.login = true;
|
||||||
|
}
|
||||||
];
|
];
|
||||||
|
settings = {
|
||||||
|
shared_preload_libraries = [ "vectors.so" ];
|
||||||
|
};
|
||||||
};
|
};
|
||||||
# Use systemd-resolved inside the container
|
|
||||||
# Workaround for bug https://github.com/NixOS/nixpkgs/issues/162686
|
|
||||||
useHostResolvConf = lib.mkForce false;
|
|
||||||
};
|
|
||||||
services.resolved.enable = true;
|
|
||||||
|
|
||||||
# Ensure users exist on container
|
# Backup database
|
||||||
inherit users;
|
services.postgresqlBackup = {
|
||||||
|
|
||||||
services.postgresql = {
|
|
||||||
enable = true;
|
|
||||||
package = pkgs.postgresql_17.withPackages (ps: [ ps.pgvecto-rs ]);
|
|
||||||
enableJIT = true;
|
|
||||||
authentication = ''
|
|
||||||
local all all trust
|
|
||||||
host all all 127.0.0.1/8 trust
|
|
||||||
host all all ::1/128 trust
|
|
||||||
host all all fc00::1/128 trust
|
|
||||||
'';
|
|
||||||
ensureDatabases = [ "immich" ];
|
|
||||||
ensureUsers = [
|
|
||||||
{
|
|
||||||
name = "immich";
|
|
||||||
ensureDBOwnership = true;
|
|
||||||
ensureClauses.login = true;
|
|
||||||
}
|
|
||||||
];
|
|
||||||
settings = {
|
|
||||||
shared_preload_libraries = [ "vectors.so" ];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
# Backup database
|
|
||||||
services.postgresqlBackup = {
|
|
||||||
enable = true;
|
|
||||||
};
|
|
||||||
|
|
||||||
services.immich = {
|
|
||||||
enable = true;
|
|
||||||
host = "0.0.0.0";
|
|
||||||
port = 2283;
|
|
||||||
openFirewall = true;
|
|
||||||
mediaLocation = "/var/lib/immich";
|
|
||||||
database = {
|
|
||||||
enable = true;
|
enable = true;
|
||||||
createDB = false; # We create it manually above
|
|
||||||
name = "immich";
|
|
||||||
user = "immich";
|
|
||||||
};
|
};
|
||||||
redis.enable = true;
|
|
||||||
machine-learning.enable = true;
|
services.immich = {
|
||||||
settings = {
|
enable = true;
|
||||||
server.externalDomain = "https://photos.joshuabell.xyz";
|
host = "0.0.0.0";
|
||||||
newVersionCheck.enabled = false;
|
port = 2283;
|
||||||
|
openFirewall = true;
|
||||||
|
mediaLocation = "/var/lib/immich";
|
||||||
|
database = {
|
||||||
|
enable = true;
|
||||||
|
createDB = false; # We create it manually above
|
||||||
|
name = "immich";
|
||||||
|
user = "immich";
|
||||||
|
};
|
||||||
|
redis.enable = true;
|
||||||
|
machine-learning.enable = true;
|
||||||
|
settings = {
|
||||||
|
server.externalDomain = "https://photos.joshuabell.xyz";
|
||||||
|
newVersionCheck.enabled = false;
|
||||||
|
};
|
||||||
};
|
};
|
||||||
};
|
|
||||||
|
|
||||||
systemd.services.immich-server = {
|
systemd.services.immich-server = {
|
||||||
requires = [ "postgresql.service" ];
|
requires = [ "postgresql.service" ];
|
||||||
after = [ "postgresql.service" ];
|
after = [ "postgresql.service" ];
|
||||||
};
|
};
|
||||||
|
}
|
||||||
# Allow Immich user to access the media directory
|
{
|
||||||
users.users.immich.extraGroups = [ "video" "render" ];
|
# Allow Immich user to access the media directory for hardware transcoding
|
||||||
};
|
users.users.immich.extraGroups = [ "video" "render" ];
|
||||||
|
}
|
||||||
|
];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue