imterah/nix-infra
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions

feature: Add Immich support

Browse source
This commit is contained in:
Tera << 8 2025-05-07 23:27:05 -04:00
parent 1a40c48be8
commit 5faea30ad2
Signed by: imterah
GPG key ID: 8FA7DD57BA6CEA37
5 changed files with 232 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

6
README.md
View file

@ -20,9 +20,9 @@ This is a work-in-progress and currently is not production ready. Please check b
- [x] Install Forgejo
- [x] Install Personal Website
- [x] Install mCaptcha
- [ ] Install Passbolt
- [ ] Install Pterodactyl Panel
- [ ] Install Immich
- [x] Install Passbolt
- [x] Install Pterodactyl Panel
- [x] Install Immich
- [ ] Restore Forgejo
- [ ] Restore Passbolt
- [ ] Restore Pterodactyl Panel

6
hosts/andromeda/configuration.nix
View file

@ -16,14 +16,18 @@
../../system/i18n.nix
# Docker stacks
## Bootstrap
./stacks/traefik/docker-compose.nix
./stacks/caddy/docker-compose.nix
## Internal
./stacks/portainer/docker-compose.nix
./stacks/passbolt/docker-compose.nix
./stacks/pterodactyl/docker-compose.nix
./stacks/immich/docker-compose.nix
## Public
./stacks/terah.dev/docker-compose.nix
./stacks/mcaptcha/docker-compose.nix
./stacks/forgejo/docker-compose.nix
./stacks/terah.dev/docker-compose.nix
];
users.mutableUsers = false;

221
hosts/andromeda/stacks/immich/docker-compose.nix Normal file
View file

@ -0,0 +1,221 @@
# Auto-generated using compose2nix v0.3.1.
{ config, pkgs, lib, ... }:
{
imports = [
../../../../system/sops.nix
];
# Containers
virtualisation.oci-containers.containers."immich_machine_learning" = {
image = "ghcr.io/immich-app/immich-machine-learning:release";
volumes = [
"immich_model-cache:/cache:rw"
];
log-driver = "journald";
extraOptions = [
"--network-alias=immich-machine-learning"
"--network=immich_default"
];
};
systemd.services."docker-immich_machine_learning" = {
serviceConfig = {
Restart = lib.mkOverride 90 "always";
RestartMaxDelaySec = lib.mkOverride 90 "1m";
RestartSec = lib.mkOverride 90 "100ms";
RestartSteps = lib.mkOverride 90 9;
};
after = [
"docker-network-immich_default.service"
"docker-volume-immich_model-cache.service"
];
requires = [
"docker-network-immich_default.service"
"docker-volume-immich_model-cache.service"
];
partOf = [
"docker-compose-immich-root.target"
];
wantedBy = [
"docker-compose-immich-root.target"
];
};
virtualisation.oci-containers.containers."immich_postgres" = {
image = "docker.io/tensorchord/pgvecto-rs:pg14-v0.2.0@sha256:739cdd626151ff1f796dc95a6591b55a714f341c737e27f045019ceabf8e8c52";
environmentFiles = [ config.sops.secrets.immich_db_docker_env.path ];
environment = {
"POSTGRES_DB" = "immich";
"POSTGRES_INITDB_ARGS" = "--data-checksums";
"POSTGRES_PASSWORD" = "pgpass";
"POSTGRES_USER" = "postgres";
};
volumes = [
"immich_db:/var/lib/postgresql/data:rw"
];
cmd = [ "postgres" "-c" "shared_preload_libraries=vectors.so" "-c" "search_path=\"$user\", public, vectors" "-c" "logging_collector=on" "-c" "max_wal_size=2GB" "-c" "shared_buffers=512MB" "-c" "wal_compression=on" ];
log-driver = "journald";
extraOptions = [
"--health-cmd=pg_isready --dbname=\"immich\" --username=\"postgres\" || exit 1; Chksum=\"$(psql --dbname=\"immich\" --username=\"postgress\" --tuples-only --no-align --command='SELECT COALESCE(SUM(checksum_failures), 0) FROM pg_stat_database')\"; echo \"checksum failure count is $Chksum\"; [ \"$Chksum\" = '0' ] || exit 1"
"--health-interval=5m0s"
"--health-start-interval=30s"
"--health-start-period=5m0s"
"--network-alias=database"
"--network=immich_default"
];
};
systemd.services."docker-immich_postgres" = {
serviceConfig = {
Restart = lib.mkOverride 90 "always";
RestartMaxDelaySec = lib.mkOverride 90 "1m";
RestartSec = lib.mkOverride 90 "100ms";
RestartSteps = lib.mkOverride 90 9;
};
after = [
"docker-network-immich_default.service"
"docker-volume-immich_db.service"
];
requires = [
"docker-network-immich_default.service"
"docker-volume-immich_db.service"
];
partOf = [
"docker-compose-immich-root.target"
];
wantedBy = [
"docker-compose-immich-root.target"
];
};
virtualisation.oci-containers.containers."immich_redis" = {
image = "docker.io/valkey/valkey:8-bookworm@sha256:42cba146593a5ea9a622002c1b7cba5da7be248650cbb64ecb9c6c33d29794b1";
log-driver = "journald";
extraOptions = [
"--health-cmd=redis-cli ping || exit 1"
"--network-alias=redis"
"--network=immich_default"
];
};
systemd.services."docker-immich_redis" = {
serviceConfig = {
Restart = lib.mkOverride 90 "always";
RestartMaxDelaySec = lib.mkOverride 90 "1m";
RestartSec = lib.mkOverride 90 "100ms";
RestartSteps = lib.mkOverride 90 9;
};
after = [
"docker-network-immich_default.service"
];
requires = [
"docker-network-immich_default.service"
];
partOf = [
"docker-compose-immich-root.target"
];
wantedBy = [
"docker-compose-immich-root.target"
];
};
virtualisation.oci-containers.containers."immich_server" = {
image = "ghcr.io/immich-app/immich-server:release";
environmentFiles = [ config.sops.secrets.immich_immich_docker_env.path ];
environment = {
"TZ" = "America/Indiana/Indianapolis";
"DB_DATABASE_NAME" = "immich";
"DB_USERNAME" = "postgres";
};
volumes = [
"/etc/localtime:/etc/localtime:ro"
"/mnt/NASBox/immich/uploads:/usr/src/app/upload:rw"
];
labels = {
"traefik.http.routers.pterodactyl.rule" = "Host(`immich.hofers.cloud`)";
};
dependsOn = [
"immich_postgres"
"immich_redis"
];
log-driver = "journald";
extraOptions = [
"--network-alias=immich-server"
"--network=immich_default"
];
};
systemd.services."docker-immich_server" = {
serviceConfig = {
Restart = lib.mkOverride 90 "always";
RestartMaxDelaySec = lib.mkOverride 90 "1m";
RestartSec = lib.mkOverride 90 "100ms";
RestartSteps = lib.mkOverride 90 9;
};
after = [
"docker-network-immich_default.service"
];
requires = [
"docker-network-immich_default.service"
];
partOf = [
"docker-compose-immich-root.target"
];
wantedBy = [
"docker-compose-immich-root.target"
];
};
# Networks
systemd.services."docker-network-immich_default" = {
path = [ pkgs.docker ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
ExecStop = "docker network rm -f immich_default";
};
script = ''
docker network inspect immich_default || docker network create immich_default
'';
partOf = [ "docker-compose-immich-root.target" ];
wantedBy = [ "docker-compose-immich-root.target" ];
};
# Volumes
systemd.services."docker-volume-immich_db" = {
path = [ pkgs.docker ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
};
script = ''
docker volume inspect immich_db || docker volume create immich_db
'';
partOf = [ "docker-compose-immich-root.target" ];
wantedBy = [ "docker-compose-immich-root.target" ];
};
systemd.services."docker-volume-immich_model-cache" = {
path = [ pkgs.docker ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
};
script = ''
docker volume inspect immich_model-cache || docker volume create immich_model-cache
'';
partOf = [ "docker-compose-immich-root.target" ];
wantedBy = [ "docker-compose-immich-root.target" ];
};
# Root service
# When started, this will automatically create all resources and start
# the containers. When stopped, this will teardown all resources.
systemd.targets."docker-compose-immich-root" = {
unitConfig = {
Description = "Root target generated by compose2nix.";
};
wantedBy = [ "multi-user.target" ];
};
}

2
secrets

@ -1 +1 @@
Subproject commit 6784f0a795b318b75bf8f816900ee2b927f4df83
Subproject commit 4cc9a1c088cd9c651b485e340eac6fdb26912d14

2
system/sops.nix
View file

@ -31,6 +31,8 @@ in
passbolt_passbolt_docker_env = {};
pterodactyl_db_docker_env = {};
pterodactyl_pterodactyl_docker_env = {};
immich_db_docker_env = {};
immich_immich_docker_env = {};
};
};
}