From 75b0494eaa7d70232bb9abb274bc73ca5a0b0615 Mon Sep 17 00:00:00 2001
From: Romain Paquet <rpqt@rpqt.fr>
Date: Fri, 31 Jan 2025 17:11:31 +0100
Subject: [PATCH] add immich on genepi

---
 hosts/genepi/default.nix     |  1 +
 hosts/genepi/dns.nix         | 10 ++++++++--
 hosts/genepi/immich.nix      | 28 ++++++++++++++++++++++++++++
 hosts/genepi/persistence.nix |  1 +
 4 files changed, 38 insertions(+), 2 deletions(-)
 create mode 100644 hosts/genepi/immich.nix

diff --git a/hosts/genepi/default.nix b/hosts/genepi/default.nix
index 1c8997f..349b1d9 100644
--- a/hosts/genepi/default.nix
+++ b/hosts/genepi/default.nix
@@ -14,6 +14,7 @@
     ./disk.nix
     ./dns.nix
     ./hardware.nix
+    ./immich.nix
     ./monitoring.nix
     ./network.nix
     ./nginx.nix
diff --git a/hosts/genepi/dns.nix b/hosts/genepi/dns.nix
index e5aca3e..f1de58f 100644
--- a/hosts/genepi/dns.nix
+++ b/hosts/genepi/dns.nix
@@ -14,8 +14,14 @@
         interface = [ "${config.services.tailscale.interfaceName}" ];
         access-control = [ "100.0.0.0/8 allow" ];
 
-        local-zone = [ ''"grafana.home.rpqt.fr." redirect'' ];
-        local-data = [ ''"grafana.home.rpqt.fr. IN A 100.83.123.79"'' ];
+        local-zone = [
+          ''"grafana.home.rpqt.fr." redirect''
+          ''"images.home.rpqt.fr" redirect''
+        ];
+        local-data = [
+          ''"grafana.home.rpqt.fr. IN A 100.83.123.79"''
+          ''"images.home.rpqt.fr. IN A 100.83.123.79"''
+        ];
       };
     };
   };
diff --git a/hosts/genepi/immich.nix b/hosts/genepi/immich.nix
new file mode 100644
index 0000000..a2ba896
--- /dev/null
+++ b/hosts/genepi/immich.nix
@@ -0,0 +1,28 @@
+{ config, ... }:
+let
+  domain = "home.rpqt.fr";
+  subdomain = "images.${domain}";
+in
+{
+  services.immich = {
+    enable = true;
+    settings = {
+      server.externalDomain = "https://${subdomain}";
+    };
+  };
+
+  services.nginx.virtualHosts.${subdomain} = {
+    forceSSL = true;
+    useACMEHost = "${domain}";
+    locations."/" = {
+      proxyPass = "http://${toString config.services.immich.host}:${toString config.services.immich.port}";
+      proxyWebsockets = true;
+      extraConfig = ''
+        client_max_body_size 50000M;
+        proxy_read_timeout 600s;
+        proxy_send_timeout 600s;
+        send_timeout 600s;
+      '';
+    };
+  };
+}
diff --git a/hosts/genepi/persistence.nix b/hosts/genepi/persistence.nix
index df7380a..d679912 100644
--- a/hosts/genepi/persistence.nix
+++ b/hosts/genepi/persistence.nix
@@ -6,6 +6,7 @@
       "/var/lib/nixos"
       "/var/lib/acme"
       "/var/lib/prometheus2"
+      "/var/lib/immich"
     ];
     files = [
       # so that systemd doesn't think each boot is the first