control
/
home


			
				
					
						
						
							1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374
							{ config, ... }:
let
  cfg = config.services.immich;
  domain = "photos.t5.st";
in
{
  services.immich = {
    enable = true;
    host = "127.0.0.1";
    mediaLocation = "/mnt/storage/immich";
    group = "storage";
    accelerationDevices = [ "/dev/dri/renderD128" ];
    # environment = {
    #   INFO: Not needed but left for reference
    #   ENCODED_VIDEO_LOCATION = "/var/cache/immich/encoded-video";
    #   MPLCONFIGDIR = "/var/cache/immich/mpl";
    #   PROFILE_LOCATION = "/var/cache/immich/profile";
    #   THUMB_LOCATION = "/var/cache/immich/thumbs";
    # };
    settings = {
      metadata.faces.import = true;
      newVersionCheck.enabled = false;
      server.externalDomain = "https://${domain}";
      storageTemplate = {
        enabled = true;
        hashVerificationEnabled = true;
        template = "{{y}}/{{MM}}/{{dd}}/{{filename}}";
      };
      # TODO: add smtp authentication to environment
      # notifications.smtp.enabled = true;
      # notifications.smtp.from = "Odin Photos <[email protected]>";
    };
  };

  services.cloudflared.tunnels."71c89a7f-2467-444c-9fda-4864860dc8c4" = {
    credentialsFile =
      config.age.secrets."odin/services/cloudflared-tunnel".path;
    default = "http_status:404";
    ingress."${domain}".service =
      "http://${cfg.host}:${toString cfg.port}";
  };

  services.caddy.virtualHosts.immich = {
    hostName = "photos.{$DOMAIN}";
    extraConfig = ''
      encode gzip zstd
      reverse_proxy ${cfg.host}:${toString cfg.port}
    '';
  };

  systemd.tmpfiles.rules = [
    "d /mnt/storage/immich 0770 immich storage - -"
    "d /var/cache/immich/mpl 0700 immich storage - -"
    "d /var/cache/immich/encoded-video 0700 immich storage - -"
    "d /var/cache/immich/profile 0700 immich storage - -"
    "d /var/cache/immich/thumbs 0700 immich storage - -"
  ];

  system.activationScripts.createSymlink = ''
    ln -sf /mnt/storage/immich/encoded-video /var/cache/immich/encoded-video
    ln -sf /mnt/storage/immich/profile /var/cache/immich/profile
    ln -sf /mnt/storage/immich/thumbs /var/cache/immich/thumbs
  '';

  services.samba.settings = {
    christine-photos = {
      "path" = "/mnt/storage/immich/library/3aaaf0a1-011e-450d-a47c-4a320deb93e5";
      "browseable" = "yes";
      "read only" = "yes";
      "valid users" = "christine";
      "force user" = "immich";
    };
  };
}