From 95a1a28e91fab753a09788771aeb4dbcb0b82289 Mon Sep 17 00:00:00 2001
From: Victor <victor@xirion.net>
Date: Fri, 19 May 2023 22:55:51 +0200
Subject: [PATCH] immich: wip

---
 flake.lock                                 | 42 ++++++-------
 nixos/hosts/hades/default.nix              |  5 +-
 nixos/hosts/hades/immich/configuration.nix | 68 ++++++++++++++++++++++
 nixos/hosts/hades/overseerr/sonarr.nix     |  2 +-
 4 files changed, 94 insertions(+), 23 deletions(-)
 create mode 100644 nixos/hosts/hades/immich/configuration.nix

diff --git a/flake.lock b/flake.lock
index 9a7d3f2..fc08d98 100644
--- a/flake.lock
+++ b/flake.lock
@@ -502,11 +502,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1684321175,
-        "narHash": "sha256-V4EbM+jK7pvjKBaj0dgAiW9ultzDE27Nz5fRyu/ceMk=",
+        "lastModified": 1684484967,
+        "narHash": "sha256-P3ftCqeJmDYS9LSr2gGC4XGGcp5vv8TOasJX6fVHWsw=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "59659243cd4ababda605e79b4a9c2e6d83e24c86",
+        "rev": "b9a52ad20e58ebd003444915e35e3dd2c18fc715",
         "type": "github"
       },
       "original": {
@@ -799,11 +799,11 @@
     },
     "nixpkgs_22-11": {
       "locked": {
-        "lastModified": 1684280442,
-        "narHash": "sha256-nC1/kfh6tpMQSLQalbNTNnireIlxvLLugrjZdasNh+I=",
+        "lastModified": 1684398685,
+        "narHash": "sha256-TRE62m91iZ5ArVMgA+uj22Yda8JoQuuhc9uwZ+NoX+0=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "6c591e7adc514090a77209f56c9d0c551ab8530d",
+        "rev": "628d4bb6e9f4f0c30cfd9b23d3c1cdcec9d3cb5c",
         "type": "github"
       },
       "original": {
@@ -815,11 +815,11 @@
     },
     "nixpkgs_3": {
       "locked": {
-        "lastModified": 1684398339,
-        "narHash": "sha256-Mrx9RW8e7dZRh6F+koFhKNKYhKk/GmCdsEpdYcQJ9rQ=",
+        "lastModified": 1684502756,
+        "narHash": "sha256-7ssIPaLW2ncTApmExLSoqomPBlubNyUWm/SZYVgKhpI=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "4105d3b66358485f1693c5650458bb8819efa8e7",
+        "rev": "a13191189f5d8a7e515155c24eb4e346aa4752f4",
         "type": "github"
       },
       "original": {
@@ -831,11 +831,11 @@
     },
     "nixpkgs_4": {
       "locked": {
-        "lastModified": 1684049129,
-        "narHash": "sha256-7WB9LpnPNAS8oI7hMoHeKLNhRX7k3CI9uWBRSfmOCCE=",
+        "lastModified": 1684385584,
+        "narHash": "sha256-O7y0gK8OLIDqz+LaHJJyeu09IGiXlZIS3+JgEzGmmJA=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "0470f36b02ef01d4f43c641bbf07020bcab71bf1",
+        "rev": "48a0fb7aab511df92a17cf239c37f2bd2ec9ae3a",
         "type": "github"
       },
       "original": {
@@ -931,11 +931,11 @@
         "pre-commit-hooks": "pre-commit-hooks"
       },
       "locked": {
-        "lastModified": 1684141492,
-        "narHash": "sha256-j2fWY7kbOETSNDtlX7whkq2APe44PijzgaCTWV8oE/I=",
+        "lastModified": 1684488481,
+        "narHash": "sha256-NLHSxDUxw/Epw8CRk2cDPt3Zaaw1Zvbgvr2axNGQHds=",
         "owner": "pta2002",
         "repo": "nixvim",
-        "rev": "3600698abad00756947eb3a3d837beedf1c2f551",
+        "rev": "1d478841f8bf84f3b69095984aa74c56abb86ffa",
         "type": "github"
       },
       "original": {
@@ -946,11 +946,11 @@
     },
     "nur": {
       "locked": {
-        "lastModified": 1684397671,
-        "narHash": "sha256-buTLC8raxk9o4qkoRYiwbOm+8+2CtZyNtEk7wMRm6Tw=",
+        "lastModified": 1684500955,
+        "narHash": "sha256-EJUdpm4lkMn+/HUl3NSHutK+jDLdOHvGBWgz8RlT6Ck=",
         "owner": "nix-community",
         "repo": "NUR",
-        "rev": "c27cba4712f8eb426f8e2e7e2842cef89e672872",
+        "rev": "98294130adb4c09ac5f66e83bf98d80b7853f1d3",
         "type": "github"
       },
       "original": {
@@ -1015,11 +1015,11 @@
         "nixpkgs-stable": "nixpkgs-stable"
       },
       "locked": {
-        "lastModified": 1682596858,
-        "narHash": "sha256-Hf9XVpqaGqe/4oDGr30W8HlsWvJXtMsEPHDqHZA6dDg=",
+        "lastModified": 1684195081,
+        "narHash": "sha256-IKnQUSBhQTChFERxW2AzuauVpY1HRgeVzAjNMAA4B6I=",
         "owner": "cachix",
         "repo": "pre-commit-hooks.nix",
-        "rev": "fb58866e20af98779017134319b5663b8215d912",
+        "rev": "96eabec58248ed8f4b0ad59e7ce9398018684fdc",
         "type": "github"
       },
       "original": {
diff --git a/nixos/hosts/hades/default.nix b/nixos/hosts/hades/default.nix
index b6af2da..bfc14d8 100644
--- a/nixos/hosts/hades/default.nix
+++ b/nixos/hosts/hades/default.nix
@@ -84,7 +84,10 @@
     mac = "00:50:56:91:0d:69";
     nix = false;
   };
-  # ip = "192.168.0.116";
+  "immich" = {
+    ip = "192.168.0.116";
+    mac = "06:8a:8e:3e:43:45";
+  };
   "thelounge" = {
     ip = "192.168.0.117";
     mac = "00:0c:29:2a:69:8f";
diff --git a/nixos/hosts/hades/immich/configuration.nix b/nixos/hosts/hades/immich/configuration.nix
new file mode 100644
index 0000000..97c6146
--- /dev/null
+++ b/nixos/hosts/hades/immich/configuration.nix
@@ -0,0 +1,68 @@
+# Edit this configuration file to define what should be installed on
+# your system.  Help is available in the configuration.nix(5) man page
+# and in the NixOS manual (accessible by running ‘nixos-help’).
+
+{ pkgs, config, lib, ... }:
+let
+  # https://github.com/immich-app/immich/releases
+  version = "1.55.1";
+  dataDir = "/var/lib/immich";
+in {
+  imports = [ ];
+
+  # This value determines the NixOS release from which the default
+  # settings for stateful data, like file locations and database versions
+  # on your system were taken. It‘s perfectly fine and recommended to leave
+  # this value at the release version of the first install of this system.
+  # Before changing this value read the documentation for this option
+  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+  system.stateVersion = "23.05"; # Did you read the comment?
+
+  # Additional packages
+  environment.systemPackages = with pkgs; [ ];
+
+  # TODO: https://github.com/suderman/nixos/tree/main/modules/nixos/immich
+
+  fileSystems."/mnt/storage" = {
+    device = "storage:/mnt/storage";
+    fsType = "nfs";
+  };
+
+  # Unused uid/gid snagged from this list:
+  # https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/misc/ids.nix
+  ids.uids.immich = 911;
+  ids.gids.immich = 911;
+
+  users.users.immich = {
+    isSystemUser = true;
+    group = "photos";
+    description = "Immich daemon user";
+    home = dataDir;
+    uid = config.ids.uids.immich;
+  };
+
+  users.groups.immich = { gid = config.ids.gids.immich; };
+
+  # Postgres database configuration
+  services.postgresql = {
+    enable = true;
+
+    package = pkgs.postgresql_15;
+
+    ensureUsers = [{
+      name = "immich";
+      ensurePermissions = { "DATABASE immich" = "ALL PRIVILEGES"; };
+    }];
+    ensureDatabases = [ "immich" ];
+
+    # Allow connections from any docker IP addresses
+    authentication = ''
+      host immich immich 172.16.0.0/12 md5
+      host all all 127.0.0.1/32 ident
+    '';
+
+  };
+
+  # Allow docker containers to connect
+  networking.firewall.allowedTCPPorts = [ config.services.postgresql.port ];
+}
diff --git a/nixos/hosts/hades/overseerr/sonarr.nix b/nixos/hosts/hades/overseerr/sonarr.nix
index 1bc05bf..1cf8f15 100644
--- a/nixos/hosts/hades/overseerr/sonarr.nix
+++ b/nixos/hosts/hades/overseerr/sonarr.nix
@@ -1,4 +1,4 @@
-{ ... }: {
+_: {
   services.sonarr = {
     enable = true;
     dataDir = "/var/lib/sonarr";