feat(immich): Add immich service

2025-05-23 11:40:19 +08:00 · 2025-05-23 11:40:19 +08:00 · 913944cff3
commit 913944cff3
parent 8d0be61483
3 changed files with 71 additions and 0 deletions
--- a/configuration/default.nix
+++ b/configuration/default.nix
@ -19,6 +19,7 @@
    ./services/crowdsec.nix
    ./services/foundryvtt.nix
    ./services/gitea.nix
+    ./services/immich.nix
    ./services/metrics
    ./services/nextcloud.nix
    ./services/webserver.nix
--- a/configuration/services/immich.nix
+++ b/configuration/services/immich.nix
@ -0,0 +1,65 @@
+{
+  pkgs,
+  config,
+  lib,
+  ...
+}:
+let
+  hostName = "immich.${config.services.nginx.domain}";
+in
+{
+  services.immich = {
+    enable = true;
+    settings.server.externalDomain = "https://${hostName}";
+
+    environment.IMMICH_TELEMETRY_INCLUDE = "all";
+  };
+
+  services.nginx.virtualHosts.${hostName} =
+    let
+      local = "http://${config.services.immich.host}:${toString config.services.immich.port}";
+    in
+    {
+      forceSSL = true;
+      useACMEHost = "tlater.net";
+      enableHSTS = true;
+
+      locations."/" = {
+        proxyPass = local;
+        proxyWebsockets = true;
+      };
+      locations."/metrics" = {
+        extraConfig = ''
+          access_log off;
+          allow 127.0.0.1;
+          ${lib.optionalString config.networking.enableIPv6 "allow ::1;"}
+          deny all;
+        '';
+      };
+    };
+
+  backups.immich =
+    let
+      db-dump = "${config.services.immich.mediaLocation}/immich-db.sql";
+    in
+    {
+      user = "immich";
+      paths = [ config.services.immich.mediaLocation ];
+
+      preparation = {
+        packages = [ config.services.postgresql.package ];
+        text = ''
+          pg_dump ${config.services.immich.database.name} --clean --if-exists --file=${db-dump}
+        '';
+      };
+
+      cleanup = {
+        packages = [ pkgs.coreutils ];
+        text = "rm ${db-dump}";
+      };
+      pauseServices = [
+        "immich-server.service"
+        "immich-machine-learning.service"
+      ];
+    };
+}
--- a/configuration/services/metrics/victoriametrics.nix
+++ b/configuration/services/metrics/victoriametrics.nix
@ -84,6 +84,11 @@ in
        in
        [ "${address}:${toString port}" ];

+      immich.targets = [
+        "127.0.0.1:8081"
+        "127.0.0.1:8082"
+      ];
+
      # Configured in the hookshot listeners, but it's hard to filter
      # the correct values out of that config.
      matrixHookshot.targets = [ "127.0.0.1:9001" ];