{ pkgs, ... }: let onnxruntimeCuda = pkgs.onnxruntime.override { cudaSupport = true; }; in { containers.immich = { autoStart = true; privateNetwork = true; hostBridge = "br-lan0"; localMacAddress = "02:00:00:00:00:01"; # Host path bindMounts = { "/var/lib/immich" = { hostPath = "/media/ingens/immich"; isReadOnly = false; }; }; # GPU allowedDevices = [ { node = "/dev/nvidia0"; modifier = "rw"; } { node = "/dev/nvidiactl"; modifier = "rw"; } { node = "/dev/nvidia-uvm"; modifier = "rw"; } { node = "/dev/nvidia-uvm-tools"; modifier = "rw"; } { node = "/dev/nvidia-modeset"; modifier = "rw"; } ]; bindMounts = { # NVENC/NVDEC - video transcoding "/dev/nvidia0" = { hostPath = "/dev/nvidia0"; isReadOnly = false; }; "/dev/nvidiactl" = { hostPath = "/dev/nvidiactl"; isReadOnly = false; }; # CUDA - required for ML inference "/dev/nvidia-uvm" = { hostPath = "/dev/nvidia-uvm"; isReadOnly = false; }; "/dev/nvidia-uvm-tools" = { hostPath = "/dev/nvidia-uvm-tools"; isReadOnly = false; }; # Modeset - needed by some driver paths "/dev/nvidia-modeset" = { hostPath = "/dev/nvidia-modeset"; isReadOnly = false; }; }; config = { lib, pkgs, config, ... }: { imports = [ ./nvidia.nix ]; # Network networking.interfaces.eth0.useDHCP = true; networking.firewall.allowedTCPPorts = [ 80 ]; # Caddy # Immich services.immich = { enable = true; accelerationDevices = [ "/dev/nvidia0" "/dev/nvidiactl" "/dev/nvidia-uvm" "/dev/nvidia-uvm-tools" "/dev/nvidia-modeset" ]; # Tell immich-server to use NVENC for transcoding environment = { NVIDIA_VISIBLE_DEVICES = "all"; NVIDIA_DRIVER_CAPABILITIES = "compute,video,utility"; }; # Enable the ML microservice with CUDA machine-learning.enable = true; }; environment.systemPackages = with pkgs; [ immich immich-cli ]; # Reverse proxy services.caddy = { enable = true; virtualHosts.":80".extraConfig = '' reverse_proxy localhost:2283 ''; }; system.stateVersion = "25.11"; }; }; }