add immich service

1 files changed, 60 insertions, 0 deletions

diff --git a/hosts/poweredge/immich.nix b/hosts/poweredge/immich.nix
new file mode 100644
index 0000000..a98595e
--- /dev/null
+++ b/hosts/poweredge/immich.nix
@@ -0,0 +1,60 @@
+{
+	containers.immich = {
+		autoStart = true;
+		privateNetwork = true;
+		extraVeths.vb-immich = {
+			hostBridge = "br-lan0";
+			#localMacAddress = "02:00:00:00:00:01";  # TODO update to 26.05
+		};
+
+		# Host path
+		bindMounts = {
+			"/var/lib/immich" = {
+				hostPath = "/media/ingens/immich";
+				isReadOnly = false;
+			};
+		};
+
+		# GPU
+		#allowedDevices = [
+		#	{ node = "/dev/dri/card1"; modifier = "rw"; }
+		#	{ node = "/dev/dri/renderD128"; modifier = "rw"; }
+		#];
+
+		#bindMounts = {
+		#	"/dev/dri/card1" = {
+		#		hostPath = "/dev/dri/card1";
+		#		isReadOnly = false;
+		#	};
+		#	"/dev/dri/renderD128" = {
+		#		hostPath = "/dev/dri/renderD128";
+		#		isReadOnly = false;
+		#	};
+		#};
+
+		config = { lib, pkgs, config, ... }: {
+			# Network
+			networking.interfaces.vb-immich.useDHCP = true;
+			networking.firewall.allowedTCPPorts = [ 80 ];  # Caddy
+
+			# Immich
+			services.immich = {
+				enable = true;
+				host = "0.0.0.0";
+				openFirewall = true;
+			};
+
+			environment.systemPackages = with pkgs; [ immich immich-cli ];
+
+			# Reverse proxy
+			services.caddy = {
+				enable = true;
+				virtualHosts.":80".extraConfig = ''
+					reverse_proxy localhost:2283
+				'';
+			};
+
+			system.stateVersion = "25.11";
+		};
+	};
+}