hosts/poweredge/immich.nix


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78

{ pkgs, ... }: let
	onnxruntimeCuda = pkgs.onnxruntime.override { cudaSupport = true; };
in {
	containers.immich = {
		autoStart = true;
		privateNetwork = true;
		hostBridge = "br-lan0";
		localMacAddress = "02:00:00:00:00:01";

		# Host path
		bindMounts = {
			"/var/lib/immich" = {
				hostPath = "/media/ingens/immich";
				isReadOnly = false;
			};
		};

		# GPU
		allowedDevices = [
			{ node = "/dev/nvidia0";           modifier = "rw"; }
			{ node = "/dev/nvidiactl";         modifier = "rw"; }
			{ node = "/dev/nvidia-uvm";        modifier = "rw"; }
			{ node = "/dev/nvidia-uvm-tools";  modifier = "rw"; }
			{ node = "/dev/nvidia-modeset";    modifier = "rw"; }
		];

		bindMounts = {
			# NVENC/NVDEC - video transcoding
			"/dev/nvidia0"           = { hostPath = "/dev/nvidia0";           isReadOnly = false; };
			"/dev/nvidiactl"         = { hostPath = "/dev/nvidiactl";         isReadOnly = false; };
			# CUDA - required for ML inference
			"/dev/nvidia-uvm"        = { hostPath = "/dev/nvidia-uvm";        isReadOnly = false; };
			"/dev/nvidia-uvm-tools"  = { hostPath = "/dev/nvidia-uvm-tools";  isReadOnly = false; };
			# Modeset - needed by some driver paths
			"/dev/nvidia-modeset"    = { hostPath = "/dev/nvidia-modeset";    isReadOnly = false; };
		};

		config = { lib, pkgs, config, ... }: {
			imports = [ ./nvidia.nix ];

			# Network
			networking.interfaces.eth0.useDHCP = true;
			networking.firewall.allowedTCPPorts = [ 80 ];  # Caddy

			# Immich
			services.immich = {
				enable = true;
				accelerationDevices = [
					"/dev/nvidia0"
					"/dev/nvidiactl"
					"/dev/nvidia-uvm"
					"/dev/nvidia-uvm-tools"
					"/dev/nvidia-modeset"
				];

				# Tell immich-server to use NVENC for transcoding
				environment = {
					NVIDIA_VISIBLE_DEVICES = "all";
					NVIDIA_DRIVER_CAPABILITIES = "compute,video,utility";
				};

				# Enable the ML microservice with CUDA
				machine-learning.enable = true;
			};
			environment.systemPackages = with pkgs; [ immich immich-cli ];

			# Reverse proxy
			services.caddy = {
				enable = true;
				virtualHosts.":80".extraConfig = ''
					reverse_proxy localhost:2283
				'';
			};

			system.stateVersion = "25.11";
		};
	};
}