2024-09-29 23:32:15 +05:30
|
|
|
{
|
|
|
|
config,
|
|
|
|
lib,
|
2024-09-30 11:14:57 +05:30
|
|
|
pkgs,
|
2024-09-29 23:32:15 +05:30
|
|
|
...
|
|
|
|
}: {
|
|
|
|
options.snowflake.services.immich = {
|
|
|
|
enable = lib.mkEnableOption "Enable immich service";
|
|
|
|
|
|
|
|
domain = lib.mkOption {
|
|
|
|
type = lib.types.str;
|
|
|
|
default = "";
|
|
|
|
description = "Configuration domain to use for the immich service";
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
config = let
|
|
|
|
cfg = config.snowflake.services.immich;
|
|
|
|
in
|
|
|
|
lib.mkIf cfg.enable {
|
|
|
|
services.immich = {
|
|
|
|
enable = true;
|
2024-09-30 11:14:57 +05:30
|
|
|
package = pkgs.immich;
|
2024-09-29 23:32:15 +05:30
|
|
|
mediaLocation = "/storage/media/immich-library";
|
|
|
|
port = 9121;
|
|
|
|
};
|
|
|
|
|
|
|
|
users.users.immich.extraGroups = ["media" "video" "render"];
|
|
|
|
|
|
|
|
# Requires services.nginx.enable.
|
|
|
|
services.nginx = {
|
|
|
|
virtualHosts = {
|
|
|
|
"${cfg.domain}" = {
|
|
|
|
serverName = "${cfg.domain}";
|
|
|
|
enableACME = true;
|
|
|
|
forceSSL = true;
|
|
|
|
locations."/" = {
|
|
|
|
proxyPass = "http://${config.services.immich.host}:${toString config.services.immich.port}/";
|
|
|
|
proxyWebsockets = true;
|
|
|
|
};
|
|
|
|
extraConfig = ''
|
|
|
|
client_max_body_size 0;
|
|
|
|
proxy_connect_timeout 600;
|
|
|
|
proxy_read_timeout 600;
|
|
|
|
proxy_send_timeout 600;
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
2024-10-05 21:00:53 +05:30
|
|
|
|
|
|
|
services.fail2ban.jails.immich = {
|
|
|
|
enabled = true;
|
|
|
|
filter = "immich";
|
|
|
|
};
|
|
|
|
|
|
|
|
environment.etc = {
|
|
|
|
immich = {
|
|
|
|
target = "fail2ban/filter.d/immich.conf";
|
|
|
|
text = ''
|
|
|
|
[INCLUDES]
|
|
|
|
before = common.conf
|
|
|
|
|
|
|
|
[Definition]
|
|
|
|
failregex = ^.*Username or password is incorrect\. Try again\. IP: <ADDR>\. Username:.*$
|
|
|
|
ignoreregex =
|
|
|
|
journalmatch = _SYSTEMD_UNIT=immich-server.service
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
};
|
2024-09-29 23:32:15 +05:30
|
|
|
};
|
|
|
|
}
|