From eb09394470a06baee2bf67153852c1f9cf918b76 Mon Sep 17 00:00:00 2001
From: Andrea Ciceri <andrea.ciceri@autistici.org>
Date: Thu, 10 Oct 2024 17:06:33 +0200
Subject: [PATCH] Install `restic` on `sisko`

---
 modules/immich/default.nix | 111 +++++++++++++++++++++++++++++++------
 modules/restic/default.nix |  11 +++-
 2 files changed, 105 insertions(+), 17 deletions(-)

diff --git a/modules/immich/default.nix b/modules/immich/default.nix
index be7e905..ffa5968 100644
--- a/modules/immich/default.nix
+++ b/modules/immich/default.nix
@@ -1,20 +1,99 @@
+{ ... }:
+let
+  vars = {
+    serviceConfigRoot = "/mnt/hd/immich/state";
+    mainArray = "/mnt/hd/immich/";
+    domainName = "photos.aciceri.dev";
+  };
+  directories = [
+    "${vars.serviceConfigRoot}/immich"
+    "${vars.serviceConfigRoot}/immich/postgresql"
+    "${vars.serviceConfigRoot}/immich/postgresql/data"
+    "${vars.serviceConfigRoot}/immich/config"
+    "${vars.serviceConfigRoot}/immich/machine-learning"
+    "${vars.mainArray}/Photos"
+    "${vars.mainArray}/Photos/Immich"
+    "${vars.mainArray}/Photos/S10m"
+  ];
+in
 {
-  containers.immich = {
-    nixpkgs = builtins.getFlake "github:NixOS/nixpkgs/51296fce6f2b33717f710788af4e134aa7ff0e58";
-    autoStart = true;
-    privateNetwork = true;
-    # hostAddress = "192.168.100.10";
-    # localAddress = "192.168.100.11";
-    # hostAddress6 = "fc00::1";
-    # localAddress6 = "fc00::2";
-    config =
-      {
-        ...
-      }:
-      {
-        services.immich = {
-          enable = true;
-        };
+  systemd.tmpfiles.rules = map (x: "d ${x} 0775 root root - -") directories;
+  systemd.services = {
+    podman-immich = {
+      requires = [
+        "podman-immich-redis.service"
+        "podman-immich-postgres.service"
+      ];
+      after = [
+        "podman-immich-redis.service"
+        "podman-immich-postgres.service"
+      ];
+    };
+    podman-immich-postgres = {
+      requires = [ "podman-immich-redis.service" ];
+      after = [ "podman-immich-redis.service" ];
+    };
+  };
+
+  virtualisation.oci-containers.containers = {
+    immich = {
+      autoStart = true;
+      image = "ghcr.io/imagegenius/immich:latest";
+      volumes = [
+        "${vars.serviceConfigRoot}/immich/config:/config"
+        "${vars.mainArray}/Photos/Immich:/photos"
+        "${vars.mainArray}/Photos/S10m:/import:ro"
+        "${vars.serviceConfigRoot}/immich/machine-learning:/config/machine-learning"
+      ];
+      # environmentFiles = [ config.age.secrets.ariaImmichDatabase.path ];
+      environment = {
+        PUID = "994";
+        PGID = "993";
+        TZ = "Europe/Rome";
+        DB_HOSTNAME = "immich-postgres";
+        DB_USERNAME = "immich";
+        DB_DATABASE_NAME = "immich";
+        REDIS_HOSTNAME = "immich-redis";
+        DB_PASSWORD = "password";
       };
+      extraOptions = [
+        "--pull=newer"
+        "--network=container:immich-redis"
+      ];
+    };
+
+    immich-redis = {
+      autoStart = true;
+      image = "redis";
+      extraOptions = [
+        "--pull=newer"
+        "-l=traefik.enable=true"
+        "-l=traefik.http.routers.immich.rule=Host(`photos.${vars.domainName}`)"
+        "-l=traefik.http.routers.immich.service=immich"
+        "-l=traefik.http.services.immich.loadbalancer.server.port=8080"
+      ];
+      ports = [
+        "8080:8080"
+      ];
+    };
+
+    immich-postgres = {
+      autoStart = true;
+      image = "tensorchord/pgvecto-rs:pg14-v0.2.1";
+      volumes = [
+        "${vars.serviceConfigRoot}/immich/postgresql/data:/var/lib/postgresql/data"
+      ];
+      # environmentFiles = [ config.age.secrets.ariaImmichDatabase.path ];
+      environment = {
+        POSTGRES_USER = "immich";
+        POSTGRES_DB = "immich";
+        POSTGRES_HOST_AUTH_METHOD = "trust";
+        POSTGRES_PASSWORD = "password";
+      };
+      extraOptions = [
+        "--pull=newer"
+        "--network=container:immich-redis"
+      ];
+    };
   };
 }
diff --git a/modules/restic/default.nix b/modules/restic/default.nix
index 0d082b3..3edb52d 100644
--- a/modules/restic/default.nix
+++ b/modules/restic/default.nix
@@ -26,13 +26,22 @@ in
   }".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIICf9svRenC/PLKIL9nk6K/pxQgoiFC41wTNvoIncOxs";
 
   services.restic.backups.sisko = {
-    paths = [ "/persist" ];
+    paths = [
+      "/persist"
+      "/mnt/hd/immich"
+    ];
+    exclude = [ " /persist/var/lib/containers" ];
     passwordFile = config.age.secrets.SISKO_RESTIC_PASSWORD.path;
     extraOptions = [
       "sftp.command='${lib.getExe pkgs.sshpass} -f ${config.age.secrets.HETZNER_STORAGE_BOX_SISKO_SSH_PASSWORD.path} ssh -p${port} ${user}@${host} -s sftp'"
     ];
     repository = "sftp://${user}@${host}:${port}/";
     initialize = true;
+    pruneOpts = [
+      "--keep-yearly 1"
+      "--keep-monthly 2"
+      "--keep-daily 7"
+    ];
     timerConfig.OnCalendar = "daily";
     timerConfig.RandomizedDelaySec = "1h";
   };