From d64c7db4aef46eb306ac7187388359e01d81b814 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Felix=20Schr=C3=B6ter?= Date: Tue, 11 Apr 2023 19:30:32 +0200 Subject: [PATCH] fix(immich): fix & improve immich --- secrets/immich/typesense/.env.age | 12 ++++++++++ secrets/secrets.nix | 1 + services/immich.nix | 40 ++++++++++++++++++++----------- 3 files changed, 39 insertions(+), 14 deletions(-) create mode 100644 secrets/immich/typesense/.env.age diff --git a/secrets/immich/typesense/.env.age b/secrets/immich/typesense/.env.age new file mode 100644 index 0000000..1e773d9 --- /dev/null +++ b/secrets/immich/typesense/.env.age @@ -0,0 +1,12 @@ +age-encryption.org/v1 +-> ssh-ed25519 OAZQhA wSU2o2QZ09JlsQ9fjqh8/wLvJi30tXHlrQ6UgcYotic +o5UnLub9dUm7rVT5bcanOOQOd/+Laiqhe+CPtRLkz/o +-> ssh-ed25519 lJaKnA eOwn2JPKFv/8h/HEFUn+vnuJt8vQ0ynD7igtWUAqXkA +eGaK6kV1TK03H9RBPB2qwTQXi3XeyhHnAjg73tqghHY +-> ssh-ed25519 72ij7w 3XiCOok7DkQVm48K01F4GtHQAZrqbFFA90lPr/h4hWo +HckvW0PBNT1KJivCqfByz/H+xQJylA2y3OpKnnbdzlQ +-> %U)HsVtW-grease +5L/0ySnJDDEC+gGBhnwVD9Hy8i2Xbb3Dyj4XZZvO77c5A2wQqBEO8lLCBTcPAB7h +m9UOpo654UbPvb0KsA7J9Piw/SM2Wt3oZrBzO/BF5jotKtil5yMjGyHxGg +--- dnAuqgpzLdEXoTiv7hjOFZs2tY5u3/ILDoDJN9YjRes +z#t6Fl*]ѕ03:1F&2UǎlߢY 0kk{}&Yz \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 0330a3a..2ff8196 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -26,6 +26,7 @@ in { "nextcloud/admin.age".publicKeys = [ felschr home-pc home-server ]; "immich/.env.age".publicKeys = [ felschr home-pc home-server ]; "immich/db-password.age".publicKeys = [ felschr home-pc home-server ]; + "immich/typesense/.env.age".publicKeys = [ felschr home-pc home-server ]; # home-server "home-server/hostKey.age".publicKeys = [ felschr home-server ]; diff --git a/services/immich.nix b/services/immich.nix index c0a0bd9..c94e7ee 100644 --- a/services/immich.nix +++ b/services/immich.nix @@ -2,6 +2,7 @@ let dataDir = "/var/lib/immich"; + typesenseDataDir = "/var/lib/typesense/data"; uploadDir = "${dataDir}/upload"; dbuser = "immich"; dbname = "immich"; @@ -23,18 +24,23 @@ let REDIS_PORT = toString config.services.redis.servers.immich.port; }; # only secrets need to be included, e.g. DB_PASSWORD, JWT_SECRET, MAPBOX_KEY - environmentFiles = [ config.age.secrets.immich-env.path ]; + environmentFiles = [ + config.age.secrets.immich-env.path + config.age.secrets.immich-typesense-env.path + ]; extraOptions = [ "--network=host" "--add-host=immich-server:127.0.0.1" "--add-host=immich-microservices:127.0.0.1" "--add-host=immich-machine-learning:127.0.0.1" "--add-host=immich-web:127.0.0.1" + "--add-host=typesense:127.0.0.1" ]; }; in { age.secrets.immich-env.file = ../secrets/immich/.env.age; age.secrets.immich-db-password.file = ../secrets/immich/db-password.age; + age.secrets.immich-typesense-env.file = ../secrets/immich/typesense/.env.age; services.postgresql = { enable = true; @@ -61,7 +67,7 @@ in { "${ociBackend}-immich-microservices.service" "${ociBackend}-immich-machine-learning.service" "${ociBackend}-immich-web.service" - "${ociBackend}-immich-proxy.service" + "${ociBackend}-typesense.service" ]; wantedBy = [ "multi-user.target" ]; serviceConfig = { @@ -69,7 +75,7 @@ in { LoadCredential = [ "db_password:${dbPasswordFile}" ]; }; script = '' - mkdir -p ${dataDir} ${uploadDir} + mkdir -p ${dataDir} ${uploadDir} ${typesenseDataDir} echo "Set immich postgres user password" db_password="$(<"$CREDENTIALS_DIRECTORY/db_password")" ${pkgs.sudo}/bin/sudo -u ${pgSuperUser} ${pkgs.postgresql}/bin/psql postgres \ @@ -79,35 +85,41 @@ in { virtualisation.oci-containers.containers = { immich-server = immichBase // { - image = "altran1502/immich-server:release"; + image = "ghcr.io/immich-app/immich-server:release"; ports = [ "3001:3001" ]; entrypoint = "/bin/sh"; cmd = [ "./start-server.sh" ]; volumes = [ "${uploadDir}:/usr/src/app/upload" ]; + dependsOn = [ "typesense" ]; }; immich-microservices = immichBase // { - image = "altran1502/immich-server:release"; + image = "ghcr.io/immich-app/immich-server:release"; entrypoint = "/bin/sh"; cmd = [ "./start-microservices.sh" ]; volumes = [ "${uploadDir}:/usr/src/app/upload" ]; + dependsOn = [ "typesense" ]; }; - # TODO not working atm - /* immich-machine-learning = immichBase // { - image = "altran1502/immich-machine-learning:release"; - entrypoint = "/bin/sh"; - cmd = [ "./entrypoint.sh" ]; - volumes = [ "${uploadDir}:/usr/src/app/upload" ]; - }; - */ + immich-machine-learning = immichBase // { + image = "ghcr.io/immich-app/immich-machine-learning:release"; + volumes = [ "${uploadDir}:/usr/src/app/upload" ]; + }; immich-web = immichBase // { - image = "altran1502/immich-web:release"; + image = "ghcr.io/immich-app/immich-web:release"; ports = [ "3000:3000" ]; entrypoint = "/bin/sh"; cmd = [ "./entrypoint.sh" ]; }; + + typesense = { + image = "typesense/typesense:0.24.0"; + environment.TYPESENSE_DATA_DIR = "/data"; + environmentFiles = [ config.age.secrets.immich-typesense-env.path ]; + volumes = [ "${typesenseDataDir}:/data" ]; + extraOptions = [ "--network=host" ]; + }; }; systemd.services = {