51 lines
1.2 KiB
Nix
51 lines
1.2 KiB
Nix
{
|
|
service_configs,
|
|
pkgs,
|
|
config,
|
|
lib,
|
|
...
|
|
}:
|
|
{
|
|
imports = [
|
|
(lib.serviceMountWithZpool "immich-server" service_configs.zpool_ssds [
|
|
config.services.immich.mediaLocation
|
|
])
|
|
(lib.serviceMountWithZpool "immich-machine-learning" service_configs.zpool_ssds [
|
|
config.services.immich.mediaLocation
|
|
])
|
|
(lib.serviceFilePerms "immich-server" [
|
|
"Z ${config.services.immich.mediaLocation} 0770 ${config.services.immich.user} ${config.services.immich.group}"
|
|
])
|
|
(lib.mkCaddyReverseProxy {
|
|
subdomain = "immich";
|
|
port = service_configs.ports.private.immich.port;
|
|
})
|
|
(lib.mkFail2banJail {
|
|
name = "immich";
|
|
unitName = "immich-server.service";
|
|
failregex = "^.*Failed login attempt for user .* from ip address <HOST>.*$";
|
|
})
|
|
];
|
|
|
|
services.immich = {
|
|
enable = true;
|
|
mediaLocation = service_configs.immich.dir;
|
|
port = service_configs.ports.private.immich.port;
|
|
# openFirewall = true;
|
|
host = "0.0.0.0";
|
|
database = {
|
|
createDB = false;
|
|
};
|
|
};
|
|
|
|
environment.systemPackages = with pkgs; [
|
|
immich-go
|
|
];
|
|
|
|
users.users.${config.services.immich.user}.extraGroups = [
|
|
"video"
|
|
"render"
|
|
];
|
|
|
|
}
|