diff --git a/modules/immich/default.nix b/modules/immich/default.nix index be7e905..ffa5968 100644 --- a/modules/immich/default.nix +++ b/modules/immich/default.nix @@ -1,20 +1,99 @@ +{ ... }: +let + vars = { + serviceConfigRoot = "/mnt/hd/immich/state"; + mainArray = "/mnt/hd/immich/"; + domainName = "photos.aciceri.dev"; + }; + directories = [ + "${vars.serviceConfigRoot}/immich" + "${vars.serviceConfigRoot}/immich/postgresql" + "${vars.serviceConfigRoot}/immich/postgresql/data" + "${vars.serviceConfigRoot}/immich/config" + "${vars.serviceConfigRoot}/immich/machine-learning" + "${vars.mainArray}/Photos" + "${vars.mainArray}/Photos/Immich" + "${vars.mainArray}/Photos/S10m" + ]; +in { - containers.immich = { - nixpkgs = builtins.getFlake "github:NixOS/nixpkgs/51296fce6f2b33717f710788af4e134aa7ff0e58"; - autoStart = true; - privateNetwork = true; - # hostAddress = "192.168.100.10"; - # localAddress = "192.168.100.11"; - # hostAddress6 = "fc00::1"; - # localAddress6 = "fc00::2"; - config = - { - ... - }: - { - services.immich = { - enable = true; - }; + systemd.tmpfiles.rules = map (x: "d ${x} 0775 root root - -") directories; + systemd.services = { + podman-immich = { + requires = [ + "podman-immich-redis.service" + "podman-immich-postgres.service" + ]; + after = [ + "podman-immich-redis.service" + "podman-immich-postgres.service" + ]; + }; + podman-immich-postgres = { + requires = [ "podman-immich-redis.service" ]; + after = [ "podman-immich-redis.service" ]; + }; + }; + + virtualisation.oci-containers.containers = { + immich = { + autoStart = true; + image = "ghcr.io/imagegenius/immich:latest"; + volumes = [ + "${vars.serviceConfigRoot}/immich/config:/config" + "${vars.mainArray}/Photos/Immich:/photos" + "${vars.mainArray}/Photos/S10m:/import:ro" + "${vars.serviceConfigRoot}/immich/machine-learning:/config/machine-learning" + ]; + # environmentFiles = [ config.age.secrets.ariaImmichDatabase.path ]; + environment = { + PUID = "994"; + PGID = "993"; + TZ = "Europe/Rome"; + DB_HOSTNAME = "immich-postgres"; + DB_USERNAME = "immich"; + DB_DATABASE_NAME = "immich"; + REDIS_HOSTNAME = "immich-redis"; + DB_PASSWORD = "password"; }; + extraOptions = [ + "--pull=newer" + "--network=container:immich-redis" + ]; + }; + + immich-redis = { + autoStart = true; + image = "redis"; + extraOptions = [ + "--pull=newer" + "-l=traefik.enable=true" + "-l=traefik.http.routers.immich.rule=Host(`photos.${vars.domainName}`)" + "-l=traefik.http.routers.immich.service=immich" + "-l=traefik.http.services.immich.loadbalancer.server.port=8080" + ]; + ports = [ + "8080:8080" + ]; + }; + + immich-postgres = { + autoStart = true; + image = "tensorchord/pgvecto-rs:pg14-v0.2.1"; + volumes = [ + "${vars.serviceConfigRoot}/immich/postgresql/data:/var/lib/postgresql/data" + ]; + # environmentFiles = [ config.age.secrets.ariaImmichDatabase.path ]; + environment = { + POSTGRES_USER = "immich"; + POSTGRES_DB = "immich"; + POSTGRES_HOST_AUTH_METHOD = "trust"; + POSTGRES_PASSWORD = "password"; + }; + extraOptions = [ + "--pull=newer" + "--network=container:immich-redis" + ]; + }; }; } diff --git a/modules/restic/default.nix b/modules/restic/default.nix index 0d082b3..3edb52d 100644 --- a/modules/restic/default.nix +++ b/modules/restic/default.nix @@ -26,13 +26,22 @@ in }".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIICf9svRenC/PLKIL9nk6K/pxQgoiFC41wTNvoIncOxs"; services.restic.backups.sisko = { - paths = [ "/persist" ]; + paths = [ + "/persist" + "/mnt/hd/immich" + ]; + exclude = [ " /persist/var/lib/containers" ]; passwordFile = config.age.secrets.SISKO_RESTIC_PASSWORD.path; extraOptions = [ "sftp.command='${lib.getExe pkgs.sshpass} -f ${config.age.secrets.HETZNER_STORAGE_BOX_SISKO_SSH_PASSWORD.path} ssh -p${port} ${user}@${host} -s sftp'" ]; repository = "sftp://${user}@${host}:${port}/"; initialize = true; + pruneOpts = [ + "--keep-yearly 1" + "--keep-monthly 2" + "--keep-daily 7" + ]; timerConfig.OnCalendar = "daily"; timerConfig.RandomizedDelaySec = "1h"; };