62 lines
1.4 KiB
Nix
62 lines
1.4 KiB
Nix
{ lib, config, ... }:
|
|
|
|
let
|
|
immichDomain = lib.strings.fileContents ../../../../secrets/letsencrypt/mediaserver/immichdomain;
|
|
in
|
|
{
|
|
services.immich = {
|
|
enable = true;
|
|
port = 2283;
|
|
mediaLocation = "/storage/organized/photos";
|
|
|
|
## Enable hardware acceleration for video
|
|
# `null` will give access to all devices.
|
|
# You may want to restrict this by using something like `[ "/dev/dri/renderD128" ]`
|
|
accelerationDevices = null;
|
|
|
|
settings.server.externalDomain = "https://${immichDomain}";
|
|
};
|
|
|
|
hardware.graphics = {
|
|
enable = true;
|
|
# Maybe we need more here, hard to say...
|
|
};
|
|
|
|
users.users.immich.extraGroups = [ "video" "render" "multimedia"
|
|
# something strange here about remote file-system groups...
|
|
"jellyfin" ];
|
|
|
|
## Expose immich to "the world"
|
|
networking.firewall = {
|
|
allowedTCPPorts = [
|
|
#nginx
|
|
80
|
|
443
|
|
];
|
|
};
|
|
|
|
services.nginx = {
|
|
|
|
recommendedProxySettings = true;
|
|
recommendedGzipSettings = true;
|
|
recommendedOptimisation = true;
|
|
recommendedTlsSettings = true;
|
|
|
|
virtualHosts."${immichDomain}" = {
|
|
forceSSL = true;
|
|
enableACME = true;
|
|
extraConfig = ''
|
|
client_max_body_size 50000M;
|
|
proxy_read_timeout 600s;
|
|
proxy_send_timeout 600s;
|
|
send_timeout 600s;
|
|
'';
|
|
|
|
locations."/" = {
|
|
proxyPass = "http://[::1]:${toString config.services.immich.port}";
|
|
proxyWebsockets = true;
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|