Compare commits
No commits in common. "c259a93c7aed09810233b4986602f6bc9e133972" and "292c7ab911c3c3429b9ab98cda5847320710e7e6" have entirely different histories.
c259a93c7a
...
292c7ab911
1 changed files with 66 additions and 69 deletions
|
|
@ -32,7 +32,7 @@ let
|
||||||
{
|
{
|
||||||
host = "${hostVarLibDir}/postgres";
|
host = "${hostVarLibDir}/postgres";
|
||||||
# Adjust based on container postgres data dir
|
# Adjust based on container postgres data dir
|
||||||
container = "/var/lib/postgresql/16";
|
container = "/var/lib/postgresql/17";
|
||||||
user = "postgres";
|
user = "postgres";
|
||||||
uid = config.ids.uids.postgres;
|
uid = config.ids.uids.postgres;
|
||||||
gid = config.ids.gids.postgres;
|
gid = config.ids.gids.postgres;
|
||||||
|
|
@ -149,84 +149,81 @@ in
|
||||||
...
|
...
|
||||||
}:
|
}:
|
||||||
{
|
{
|
||||||
config = lib.mkMerge [
|
config = {
|
||||||
{
|
system.stateVersion = "25.05";
|
||||||
system.stateVersion = "25.05";
|
|
||||||
|
|
||||||
networking = {
|
networking = {
|
||||||
firewall = {
|
firewall = {
|
||||||
enable = true;
|
|
||||||
allowedTCPPorts = [
|
|
||||||
2283
|
|
||||||
];
|
|
||||||
};
|
|
||||||
# Use systemd-resolved inside the container
|
|
||||||
# Workaround for bug https://github.com/NixOS/nixpkgs/issues/162686
|
|
||||||
useHostResolvConf = lib.mkForce false;
|
|
||||||
};
|
|
||||||
services.resolved.enable = true;
|
|
||||||
|
|
||||||
# Ensure users exist on container
|
|
||||||
inherit users;
|
|
||||||
|
|
||||||
services.postgresql = {
|
|
||||||
enable = true;
|
enable = true;
|
||||||
package = pkgs.postgresql_16.withPackages (ps: [ ps.pgvecto-rs ]);
|
allowedTCPPorts = [
|
||||||
enableJIT = true;
|
2283
|
||||||
authentication = ''
|
|
||||||
local all all trust
|
|
||||||
host all all 127.0.0.1/8 trust
|
|
||||||
host all all ::1/128 trust
|
|
||||||
host all all fc00::1/128 trust
|
|
||||||
'';
|
|
||||||
ensureDatabases = [ "immich" ];
|
|
||||||
ensureUsers = [
|
|
||||||
{
|
|
||||||
name = "immich";
|
|
||||||
ensureDBOwnership = true;
|
|
||||||
ensureClauses.login = true;
|
|
||||||
}
|
|
||||||
];
|
];
|
||||||
settings = {
|
|
||||||
shared_preload_libraries = [ "vectors.so" ];
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
|
# Use systemd-resolved inside the container
|
||||||
|
# Workaround for bug https://github.com/NixOS/nixpkgs/issues/162686
|
||||||
|
useHostResolvConf = lib.mkForce false;
|
||||||
|
};
|
||||||
|
services.resolved.enable = true;
|
||||||
|
|
||||||
# Backup database
|
# Ensure users exist on container
|
||||||
services.postgresqlBackup = {
|
inherit users;
|
||||||
enable = true;
|
|
||||||
};
|
|
||||||
|
|
||||||
services.immich = {
|
services.postgresql = {
|
||||||
enable = true;
|
enable = true;
|
||||||
host = "0.0.0.0";
|
package = pkgs.postgresql_17.withPackages (ps: [ ps.pgvecto-rs ]);
|
||||||
port = 2283;
|
enableJIT = true;
|
||||||
openFirewall = true;
|
authentication = ''
|
||||||
mediaLocation = "/var/lib/immich";
|
local all all trust
|
||||||
database = {
|
host all all 127.0.0.1/8 trust
|
||||||
enable = true;
|
host all all ::1/128 trust
|
||||||
createDB = false; # We create it manually above
|
host all all fc00::1/128 trust
|
||||||
|
'';
|
||||||
|
ensureDatabases = [ "immich" ];
|
||||||
|
ensureUsers = [
|
||||||
|
{
|
||||||
name = "immich";
|
name = "immich";
|
||||||
user = "immich";
|
ensureDBOwnership = true;
|
||||||
};
|
ensureClauses.login = true;
|
||||||
redis.enable = true;
|
}
|
||||||
machine-learning.enable = true;
|
];
|
||||||
settings = {
|
settings = {
|
||||||
server.externalDomain = "https://photos.joshuabell.xyz";
|
shared_preload_libraries = [ "vectors.so" ];
|
||||||
newVersionCheck.enabled = false;
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
|
};
|
||||||
|
|
||||||
systemd.services.immich-server = {
|
# Backup database
|
||||||
requires = [ "postgresql.service" ];
|
services.postgresqlBackup = {
|
||||||
after = [ "postgresql.service" ];
|
enable = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
services.immich = {
|
||||||
|
enable = true;
|
||||||
|
host = "0.0.0.0";
|
||||||
|
port = 2283;
|
||||||
|
openFirewall = true;
|
||||||
|
mediaLocation = "/var/lib/immich";
|
||||||
|
database = {
|
||||||
|
enable = true;
|
||||||
|
createDB = false; # We create it manually above
|
||||||
|
name = "immich";
|
||||||
|
user = "immich";
|
||||||
};
|
};
|
||||||
}
|
redis.enable = true;
|
||||||
{
|
machine-learning.enable = true;
|
||||||
# Allow Immich user to access the media directory for hardware transcoding
|
settings = {
|
||||||
users.users.immich.extraGroups = [ "video" "render" ];
|
server.externalDomain = "https://photos.joshuabell.xyz";
|
||||||
}
|
newVersionCheck.enabled = false;
|
||||||
];
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
systemd.services.immich-server = {
|
||||||
|
requires = [ "postgresql.service" ];
|
||||||
|
after = [ "postgresql.service" ];
|
||||||
|
};
|
||||||
|
|
||||||
|
# Allow Immich user to access the media directory
|
||||||
|
users.users.immich.extraGroups = [ "video" "render" ];
|
||||||
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue