2024-09-14 08:33:01 +00:00
|
|
|
{
|
|
|
|
|
config,
|
|
|
|
|
lib,
|
|
|
|
|
pkgs,
|
|
|
|
|
utils,
|
|
|
|
|
...
|
|
|
|
|
}:
|
|
|
|
|
let
|
|
|
|
|
cfg = config.custom.immich;
|
|
|
|
|
upstreamCfg = config.services.immich;
|
|
|
|
|
settingsFormat = pkgs.formats.json { };
|
|
|
|
|
user = config.systemd.services.immich-server.serviceConfig.User;
|
|
|
|
|
group = config.systemd.services.immich-server.serviceConfig.Group;
|
|
|
|
|
in
|
|
|
|
|
{
|
|
|
|
|
options = {
|
|
|
|
|
custom.immich.jsonSettings = lib.mkOption {
|
|
|
|
|
type = lib.types.submodule {
|
|
|
|
|
freeformType = settingsFormat.type;
|
|
|
|
|
};
|
|
|
|
|
default = { };
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
config = {
|
|
|
|
|
/*
|
|
|
|
|
LoadCredential happens before preStart. We need to ensure the
|
|
|
|
|
configuration file exist, otherwise LoadCredential will fail.
|
|
|
|
|
*/
|
|
|
|
|
systemd.tmpfiles.settings = lib.mkIf upstreamCfg.enable {
|
|
|
|
|
"10-etc-immich" = {
|
|
|
|
|
"/etc/immich" = {
|
|
|
|
|
d = {
|
|
|
|
|
inherit user group;
|
2024-09-14 08:41:22 +00:00
|
|
|
mode = "0700";
|
2024-09-14 08:33:01 +00:00
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
"/etc/immich/config.json" = {
|
|
|
|
|
"f+" = {
|
|
|
|
|
inherit user group;
|
|
|
|
|
mode = "0600";
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
systemd.services.immich-server = {
|
|
|
|
|
preStart = ''
|
|
|
|
|
umask 0077
|
|
|
|
|
${utils.genJqSecretsReplacementSnippet cfg.jsonSettings "/etc/immich/config.json"}
|
|
|
|
|
'';
|
|
|
|
|
serviceConfig = {
|
|
|
|
|
LoadCredential = "config:/etc/immich/config.json";
|
|
|
|
|
Environment = "IMMICH_CONFIG_FILE=%d/config";
|
|
|
|
|
};
|
|
|
|
|
};
|
2024-09-14 08:41:22 +00:00
|
|
|
|
|
|
|
|
# https://github.com/NixOS/nixpkgs/pull/324127/files#r1723763510
|
|
|
|
|
services.immich.redis.host = "/run/redis-immich/redis.sock";
|
2024-09-14 08:33:01 +00:00
|
|
|
};
|
|
|
|
|
}
|
