Add immich

rhoriguchi · Sep 29, 2024 · 208814f · 208814f
1 parent 18ff1f3
commit 208814f
Show file tree

Hide file tree

Showing 6 changed files with 86 additions and 2 deletions.
diff --git a/configuration/devices/headless/router/adguardhome.nix b/configuration/devices/headless/router/adguardhome.nix
@@ -129,6 +129,7 @@ in {
           "esphome.00a.ch"
           "grafana.00a.ch"
           "home-assistant.00a.ch"
+          "immich.00a.ch"
           "monitoring.00a.ch"
           "prowlarr.00a.ch"
           "sonarr.00a.ch"

diff --git a/configuration/devices/headless/server/backup.nix b/configuration/devices/headless/server/backup.nix
@@ -20,6 +20,7 @@ in {
 
           config.services.deluge.config.torrentfiles_location
           config.services.grafana.dataDir
+          config.services.immich.mediaLocation
           config.services.loki.dataDir
           config.services.plex.dataDir
           config.services.prowlarr.dataDir

diff --git a/configuration/devices/headless/server/default.nix b/configuration/devices/headless/server/default.nix
@@ -5,6 +5,7 @@
     ./backup.nix
     ./fancontrol.nix
     ./home-assistant
+    ./immich.nix
     ./libvirtd
     ./log-management.nix
     ./monitoring.nix

diff --git a/configuration/devices/headless/server/immich.nix b/configuration/devices/headless/server/immich.nix
@@ -0,0 +1,41 @@
+{ config, secrets, ... }: {
+  services = {
+    infomaniak = {
+      enable = true;
+
+      username = secrets.infomaniak.username;
+      password = secrets.infomaniak.password;
+      hostnames = [ "immich.00a.ch" ];
+    };
+
+    nginx = {
+      enable = true;
+
+      virtualHosts."immich.00a.ch" = {
+        enableACME = true;
+        forceSSL = true;
+
+        locations."/" = {
+          proxyPass = "http://127.0.0.1:${toString config.services.immich.port}";
+          proxyWebsockets = true;
+
+          extraConfig = ''
+            proxy_buffering off;
+
+            client_max_body_size 50000M;
+          '';
+        };
+      };
+    };
+
+    immich = {
+      enable = true;
+
+      host = "127.0.0.1";
+      group = if config.services.resilio.enable then "rslsync" else "immich";
+    };
+  };
+
+  # TODO remove when https://github.com/NixOS/nixpkgs/issues/344738 fixed
+  users.groups.immich = { };
+}
diff --git a/modules/default/immich.nix b/modules/default/immich.nix
@@ -0,0 +1,18 @@
+# TODO remove when merged https://nixpk.gs/pr-tracker.html?pr=324127
+
+let
+  src = let
+    owner = "NixOS";
+    repo = "nixpkgs";
+    rev = "9d834dc4ecd42965a4357a96813780f587664d56";
+    sha256 = "sha256:17kjrr1x4n5zmrlcmad89slz7s9nv0ghn8c9iasx282chpawp46k";
+  in builtins.fetchTarball {
+    name = "nixpkgs";
+    url = "https://github.com/${owner}/${repo}/archive/${rev}.tar.gz";
+    inherit sha256;
+  };
+in {
+  imports = [ "${src}/nixos/modules/services/web-apps/immich.nix" ];
+
+  nixpkgs.overlays = [ (_: super: { immich = super.callPackage "${src}/pkgs/by-name/im/immich/package.nix" { }; }) ];
+}
diff --git a/modules/default/monitoring.nix b/modules/default/monitoring.nix
@@ -86,6 +86,8 @@ in {
 
       promtail.configuration.server.register_instrumentation = true;
 
+      immich.environment.IMMICH_METRICS = "true";
+
       netdata = {
         enable = true;
 
@@ -205,6 +207,13 @@ in {
               hosts = [ (import ./wireguard-network/ips.nix).${config.services.wireguard-network.serverHostname} ];
             };
           };
+        } // {
+          "go.d/redis.conf" = pkgs.writers.writeYAML "redis.conf" {
+            jobs = lib.optional config.services.immich.enable {
+              name = "Immich";
+              address = "unix://@${config.services.redis.servers.immich.unixSocket}";
+            };
+          };
         } // {
           "go.d/smartctl.conf" = pkgs.writers.writeYAML "smartctl.conf" { jobs = [{ name = "local"; }]; };
         } // {
@@ -225,7 +234,16 @@ in {
             } ++ lib.optional config.services.grafana.enable {
               name = "Grafana";
               url = "http://127.0.0.1:${toString config.services.grafana.settings.server.http_port}/metrics";
-            } ++ lib.optional config.services.loki.enable {
+            } ++ lib.optionals config.services.immich.enable [
+              {
+                name = "Immich server";
+                url = "http://127.0.0.1:8081/metrics";
+              }
+              {
+                name = "Immich microservice";
+                url = "http://127.0.0.1:8082/metrics";
+              }
+            ] ++ lib.optional config.services.loki.enable {
               name = "Loki";
               url = "http://127.0.0.1:${toString config.services.loki.configuration.server.http_listen_port}/metrics";
             } ++ lib.optional config.services.promtail.enable {
@@ -273,8 +291,12 @@ in {
     };
 
     users.users.${config.services.netdata.user}.extraGroups =
+      # Redis collector
+      # this has to be user since redis will use the configured user as group
+      lib.optional config.services.immich.enable config.services.immich.user
+
       # Web server collector
-      lib.optional config.services.nginx.enable config.services.nginx.group
+      ++ lib.optional config.services.nginx.enable config.services.nginx.group
 
       # X.509 certificate collector
       ++ (let acmeGroups = lib.unique (map (acme: acme.group) (lib.attrValues config.security.acme.certs));