control
/
home


			
				
					
						
						
							12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667
							{ config, lib, ... }:
let
  cfg = config.services.immich;
  domain = "photos.t5.st";
in
{
  services.immich = {
    enable = true;
    host = "0.0.0.0";
    openFirewall = true;
    mediaLocation = "/mnt/storage/immich";
    group = "storage";
    accelerationDevices = [ "/dev/dri/renderD128" ];
    # environment = {
    #   INFO: Not needed but left for reference
    #   ENCODED_VIDEO_LOCATION = "/var/cache/immich/encoded-video";
    #   MPLCONFIGDIR = "/var/cache/immich/mpl";
    #   PROFILE_LOCATION = "/var/cache/immich/profile";
    #   THUMB_LOCATION = "/var/cache/immich/thumbs";
    # };
    settings = {
      metadata.faces.import = true;
      newVersionCheck.enabled = false;
      server.externalDomain = "https://${domain}";
      storageTemplate = {
        enabled = true;
        hashVerificationEnabled = true;
        template = "{{y}}/{{MM}}/{{dd}}/{{filename}}";
      };
      # TODO: add smtp authentication to environment
      # notifications.smtp.enabled = true;
      # notifications.smtp.from = "Odin Photos <[email protected]>";
    };
  };

  services.cloudflared.tunnels."71c89a7f-2467-444c-9fda-4864860dc8c4" = {
    credentialsFile =
      config.age.secrets."odin/services/cloudflared-tunnel".path;
    default = "http_status:404";
    ingress."${domain}".service =
      "http://${cfg.host}:${toString cfg.port}";
  };

  services.caddy.virtualHosts.immich = {
    hostName = "photos.odin.t5.st";
    extraConfig = ''
      encode gzip zstd
      reverse_proxy ${cfg.host}:${toString cfg.port}
    '';
  };

  systemd.tmpfiles = {
    settings.immich."${cfg.mediaLocation}".e.mode =
      lib.mkForce "0750";

    rules = [
      "d  /var/cache/immich 0750 immich storage - -"
      "d  /var/cache/immich/mpl 0750 immich storage - -"
      "d  /var/cache/immich/encoded-video 0750 immich storage - -"
      "d  /var/cache/immich/profile 0750 immich storage - -"
      "d  /var/cache/immich/thumbs 0750 immich storage - -"
      "L+ /var/cache/immich/encoded-video - - - - /mnt/storage/immich/encoded-video"
      "L+ /var/cache/immich/profile - - - - /mnt/storage/immich/profile"
      "L+ /var/cache/immich/thumbs - - - - /mnt/storage/immich/thumbs"
    ];
  };
}