From 062ff799eba6df9b3007187df47e1b7291149d94 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Felix=20Schr=C3=B6ter?= <dev@felschr.com>
Date: Sat, 17 May 2025 21:18:34 +0200
Subject: [PATCH] chore(services): remove immich
---
hosts/home-server/default.nix | 1 -
secrets/immich/db-password.age | Bin 605 -> 0 bytes
secrets/immich/env.age | 11 --
secrets/immich/typesense/env.age | 12 --
secrets/secrets.nix | 15 ---
services/immich.nix | 187 -------------------------------
6 files changed, 226 deletions(-)
delete mode 100644 secrets/immich/db-password.age
delete mode 100644 secrets/immich/env.age
delete mode 100644 secrets/immich/typesense/env.age
delete mode 100644 services/immich.nix
diff --git a/hosts/home-server/default.nix b/hosts/home-server/default.nix
index f3c7e0a..e8a4eda 100644
--- a/hosts/home-server/default.nix
+++ b/hosts/home-server/default.nix
@@ -40,7 +40,6 @@ in
../../services/wkd.nix
../../services/home-assistant
../../services/matrix
- ../../services/immich.nix
../../services/miniflux.nix
../../services/paperless.nix
../../services/nextcloud.nix
diff --git a/secrets/immich/db-password.age b/secrets/immich/db-password.age
deleted file mode 100644
index 951b3b6d7d9c1be598846baf32faa7c0fa0445e8..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 605
zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCUlcZ>?ma8#%)2+j@9
z_11RN4zzI0E-Wan@~$X~%+D`R@=Z0d49W{FsPc0y%M5o8^5jZ%&38{sGRh9~atbjv
zan%kCv~)N1%Fl5!OtmmJD=pA2@(U?5Oij)3$VRs<$1Bl0&ru;i-P}YwvphS=!zaif
zt;9Xi%`)82(JQL5%FiM!#H1jpFet~}G9|g7(v>Sq+dC-GDBr!*zt|`>JF=iMHOoRf
zyrd{2+_NYnDAzR0)yKojM?crV)dbx(bEC{G^Ku0bH&gSR%EY8{_ozTK1J`_G6YYXZ
zOVj)?ui(-|BTI|0sG<<x%F2?UN)s-lu)y%}+<>wSPp>q`LMKbVy!0^3vNAI>b1%b?
zfSe59s)~}pFtf;ra0`%ag)u(5=|!oD#i<I;A*lsPcK(_QX{FlLhTeG!*3PyOW_hk&
z3Pqv5c~M;6W+sNIE<s`brb(`@Zib~5N!|s;MHMDhi3VXom43+q`Vqkf{>7<omIjsi
z#vZ=mo>A%Mf#wA+ftiVp=7nBd0gld&eif!hj{Zg!QI-a|uG*2FT)Mit3W1)kC5|~o
z<^j$TmZn}gMoDggPL`PlP8k)E>H5YwsTl$JfdLin5l+62T*+0-B`y1J{mM+)cI)DH
zhV`f1)>YNSPG7QP!-TF&Z+A~}-eUOtX!IO$8ULuWn*TeGPOJUg*wEwdl)JsMO(*nj
PMDIRxt-U`Vdl>@&?b*&#
diff --git a/secrets/immich/env.age b/secrets/immich/env.age
deleted file mode 100644
index 718ba10..0000000
--- a/secrets/immich/env.age
+++ /dev/null
@@ -1,11 +0,0 @@
-age-encryption.org/v1
--> ssh-ed25519 OAZQhA inqJ3LPwmFLYYnfuawS0lgr98XC4l+VTmsGXzPfy1VM
-CHVm2Z8mVLazAQ1ymhfMqNrY/qlAYeSIsU2DwmIQca8
--> ssh-ed25519 lJaKnA LhTLdgpRsi3BmQspSqvdnr8J/4WybyBpu9Lvhtb1jyk
-XW51R8uatTy9niBELlJjkWXh3saNxRuIQVTBvCPGG9Y
--> ssh-ed25519 72ij7w 68Wzb9LtJPe7WcgViMVD1hhuki9dGmC2bFsvxxmkXmw
-NH03Fu3kJop0y4XiXY1Rm7WvFHg+sWI7oJvKnYttD4k
--> @U.p1-grease 9r? @v.; 1zLdC6u
-RJMgIa4ri2Dqq4S+dGTyDOA0MJlQvRcvmldt6CeweQ
---- FbkM4UZTqL5ZT0cRM1tMfYBULiV+h0YlAjC/8YdgFB8
-=�,~���슞�0+��F�x@�~U��i_M�2g<��'�+\�)� ?��/���D��s�e��е�=������;>�r�f>@Ą9*(���p����@�d'���.B��>
��wa�Pމ'�E<���X���Uɴ��yH��L�RσR���[.�F���qLy���ޥ �ʐ
\ No newline at end of file
diff --git a/secrets/immich/typesense/env.age b/secrets/immich/typesense/env.age
deleted file mode 100644
index 1e773d9..0000000
--- a/secrets/immich/typesense/env.age
+++ /dev/null
@@ -1,12 +0,0 @@
-age-encryption.org/v1
--> ssh-ed25519 OAZQhA wSU2o2QZ09JlsQ9fjqh8/wLvJi30tXHlrQ6UgcYotic
-o5UnLub9dUm7rVT5bcanOOQOd/+Laiqhe+CPtRLkz/o
--> ssh-ed25519 lJaKnA eOwn2JPKFv/8h/HEFUn+vnuJt8vQ0ynD7igtWUAqXkA
-eGaK6kV1TK03H9RBPB2qwTQXi3XeyhHnAjg73tqghHY
--> ssh-ed25519 72ij7w 3XiCOok7DkQVm48K01F4GtHQAZrqbFFA90lPr/h4hWo
-HckvW0PBNT1KJivCqfByz/H+xQJylA2y3OpKnnbdzlQ
--> %U)HsVtW-grease
-5L/0ySnJDDEC+gGBhnwVD9Hy8i2Xbb3Dyj4XZZvO77c5A2wQqBEO8lLCBTcPAB7h
-m9UOpo654UbPvb0KsA7J9Piw/SM2Wt3oZrBzO/BF5jotKtil5yMjGyHxGg
---- dnAuqgpzLdEXoTiv7hjOFZs2tY5u3/ILDoDJN9YjRes
-z���#t���6�����Fl*]����ѕ0��3:���1�����F�&2��U�ǎ�l����ߢY 0�k�����k��{�}&����Y��z ������
\ No newline at end of file
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 66943b6..84ab83f 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -67,21 +67,6 @@ in
home-pc
home-server
];
- "immich/env.age".publicKeys = [
- felschr
- home-pc
- home-server
- ];
- "immich/db-password.age".publicKeys = [
- felschr
- home-pc
- home-server
- ];
- "immich/typesense/env.age".publicKeys = [
- felschr
- home-pc
- home-server
- ];
"firefox/site-data-exceptions.toml.age".publicKeys = [
felschr
diff --git a/services/immich.nix b/services/immich.nix
deleted file mode 100644
index 1d65243..0000000
--- a/services/immich.nix
+++ /dev/null
@@ -1,187 +0,0 @@
-{ config, pkgs, ... }:
-
-let
- tag = "v1.88.2";
- dataDir = "/var/lib/immich";
- typesenseDataDir = "/var/lib/immich/typesense/data";
- uploadDir = "${dataDir}/upload";
- dbuser = "immich";
- dbname = "immich";
- dbPasswordFile = config.age.secrets.immich-db-password.path;
- ociBackend = config.virtualisation.oci-containers.backend;
- containersHost = "localhost";
- domain = "photos.felschr.com";
-
- inherit (config.users.users.immich) uid;
- inherit (config.users.groups.immich) gid;
-
- pgSuperUser = config.services.postgresql.superUser;
-
- immichBase = {
- user = "${toString uid}:${toString gid}";
- environment = {
- PUID = toString uid;
- PGID = toString gid;
- NODE_ENV = "production";
- DB_HOSTNAME = containersHost;
- DB_PORT = toString config.services.postgresql.settings.port;
- DB_USERNAME = dbuser;
- DB_DATABASE_NAME = dbname;
- REDIS_HOSTNAME = containersHost;
- REDIS_PORT = toString config.services.redis.servers.immich.port;
- TYPESENSE_HOST = "immich-typesense";
- };
- # only secrets need to be included, e.g. DB_PASSWORD, JWT_SECRET, MAPBOX_KEY
- environmentFiles = [
- config.age.secrets.immich-env.path
- config.age.secrets.immich-typesense-env.path
- ];
- extraOptions = [
- "--runtime-flag=network=host"
- "--uidmap=0:65534:1"
- "--gidmap=0:65534:1"
- "--uidmap=${toString uid}:${toString uid}:1"
- "--gidmap=${toString gid}:${toString gid}:1"
- "--network=host"
- "--add-host=immich-server:127.0.0.1"
- "--add-host=immich-microservices:127.0.0.1"
- "--add-host=immich-machine-learning:127.0.0.1"
- "--add-host=immich-typesense:127.0.0.1"
- "--label=io.containers.autoupdate=registry"
- ];
- };
-in
-{
- age.secrets.immich-env.file = ../secrets/immich/env.age;
- age.secrets.immich-db-password.file = ../secrets/immich/db-password.age;
- age.secrets.immich-typesense-env.file = ../secrets/immich/typesense/env.age;
-
- services.postgresql = {
- enable = true;
- enableTCPIP = true;
- ensureDatabases = [ dbname ];
- ensureUsers = [
- {
- name = dbuser;
- ensureDBOwnership = true;
- }
- ];
- };
-
- services.redis.servers.immich = {
- enable = true;
- port = 31640;
- };
-
- systemd.services.immich-init = {
- enable = true;
- description = "Set up paths & database access";
- requires = [ "postgresql.service" ];
- after = [ "postgresql.service" ];
- before = [
- "${ociBackend}-immich-server.service"
- "${ociBackend}-immich-microservices.service"
- "${ociBackend}-immich-machine-learning.service"
- "${ociBackend}-immich-typesense.service"
- ];
- wantedBy = [ "multi-user.target" ];
- serviceConfig = {
- Type = "oneshot";
- LoadCredential = [ "db_password:${dbPasswordFile}" ];
- };
- script = ''
- mkdir -p ${dataDir} ${uploadDir} ${typesenseDataDir}
- echo "Set immich postgres user password"
- db_password="$(<"$CREDENTIALS_DIRECTORY/db_password")"
- ${pkgs.sudo}/bin/sudo -u ${pgSuperUser} ${pkgs.postgresql}/bin/psql postgres \
- -c "alter user ${dbuser} with password '$db_password'"
- '';
- };
-
- virtualisation.oci-containers.containers = {
- immich-server = immichBase // {
- image = "ghcr.io/immich-app/immich-server:${tag}";
- ports = [ "3001:3001" ];
- entrypoint = "/bin/sh";
- cmd = [ "./start-server.sh" ];
- volumes = [ "${uploadDir}:/usr/src/app/upload" ];
- dependsOn = [ "immich-typesense" ];
- };
-
- immich-microservices = immichBase // {
- image = "ghcr.io/immich-app/immich-server:${tag}";
- entrypoint = "/bin/sh";
- cmd = [ "./start-microservices.sh" ];
- volumes = [ "${uploadDir}:/usr/src/app/upload" ];
- dependsOn = [ "immich-typesense" ];
- };
-
- immich-machine-learning = immichBase // {
- image = "ghcr.io/immich-app/immich-machine-learning:${tag}";
- volumes = [ "${uploadDir}:/usr/src/app/upload" ];
- };
-
- immich-typesense = {
- image = "docker.io/typesense/typesense:0.24.0";
- environment.TYPESENSE_DATA_DIR = "/data";
- environmentFiles = [ config.age.secrets.immich-typesense-env.path ];
- volumes = [ "${typesenseDataDir}:/data" ];
- extraOptions = [
- "--uidmap=0:${toString uid}:1"
- "--gidmap=0:${toString gid}:1"
- "--network=host"
- "--label=io.containers.autoupdate=registry"
- ];
- };
- };
-
- systemd.services = {
- "${ociBackend}-immich-server" = {
- requires = [
- "postgresql.service"
- "redis-immich.service"
- ];
- after = [
- "postgresql.service"
- "redis-immich.service"
- ];
- };
-
- "${ociBackend}-immich-microservices" = {
- requires = [
- "postgresql.service"
- "redis-immich.service"
- ];
- after = [
- "postgresql.service"
- "redis-immich.service"
- ];
- };
-
- "${ociBackend}-immich-machine-learning" = {
- requires = [ "postgresql.service" ];
- after = [ "postgresql.service" ];
- };
- };
-
- services.nginx.virtualHosts.${domain} = {
- enableACME = true;
- forceSSL = true;
- locations."/" = {
- proxyPass = "http://localhost:3001";
- extraConfig = ''
- client_max_body_size 50000M;
- '';
- };
- };
-
- users.users.immich = {
- isSystemUser = true;
- group = "immich";
- uid = 980;
- };
-
- users.groups.immich = {
- gid = 977;
- };
-}