Periodic/system-config
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[immich] Adds but disabled Immich because it's crashing on start-up

Browse Source
This commit is contained in:
Drew Haven
2025-09-25 17:23:01 -07:00
parent 05c001081e
commit 3b8e38e702
5 changed files with 114 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
secrets/mcp.yaml
View File

@@ -23,6 +23,8 @@ matrix:
blazestar-registration-token: ENC[AES256_GCM,data:TB3bR+E4H4c2l9pRcEOAZr35+vBVaJUcuCs9K0Pjd0aW+M35x5LgZ8+F99Y=,iv:e28sie6LSI5UX41BPb+yN+3n+Yw9Ssfsqe4zppwbPkU=,tag:cQPgZcRFbYSiZnmPVtZxHg==,type:str] blazestar-registration-token: ENC[AES256_GCM,data:TB3bR+E4H4c2l9pRcEOAZr35+vBVaJUcuCs9K0Pjd0aW+M35x5LgZ8+F99Y=,iv:e28sie6LSI5UX41BPb+yN+3n+Yw9Ssfsqe4zppwbPkU=,tag:cQPgZcRFbYSiZnmPVtZxHg==,type:str]
tandoor: tandoor:
secret_key: ENC[AES256_GCM,data:nl7S2fS1wENrT5k2iZfLEAGc99lCUktgwR5L5KklF69BNVKQkW1rUgb3aIv50VpXZa+3OxV/vdPmG9NhKMy96I5+Dno=,iv:FFyGQBARz0B5zrONZELzUMsOIn8TWrDNTKGsAHPlS7w=,tag:/c4MnDfLXQpBZDqVxZ0DTg==,type:str] secret_key: ENC[AES256_GCM,data:nl7S2fS1wENrT5k2iZfLEAGc99lCUktgwR5L5KklF69BNVKQkW1rUgb3aIv50VpXZa+3OxV/vdPmG9NhKMy96I5+Dno=,iv:FFyGQBARz0B5zrONZELzUMsOIn8TWrDNTKGsAHPlS7w=,tag:/c4MnDfLXQpBZDqVxZ0DTg==,type:str]
immich:
database: ENC[AES256_GCM,data:1fjOQsLZcq/T+r+AkzomWwCQWw==,iv:c4pn2rC+3xkxLJ7uAdhnTE6zVTRQkfuKK3tjUyDhfAw=,tag:kvk7DOv6X/+RDxfPxVak7w==,type:str]
sops: sops:
age: age:
- recipient: age1yvdzvuvu5wqztcx6ll2xk6x547uuyqy735tjjdd7zftkz53jsf9qf5ahue - recipient: age1yvdzvuvu5wqztcx6ll2xk6x547uuyqy735tjjdd7zftkz53jsf9qf5ahue
@@ -43,7 +45,7 @@ sops:
by9aNFY4dXNxaWxnTXFTQS9reHhuQWMKh5rZ93nFtBV9EpFVRp+E+GXZ6xzVy2Jw by9aNFY4dXNxaWxnTXFTQS9reHhuQWMKh5rZ93nFtBV9EpFVRp+E+GXZ6xzVy2Jw
vFh4deGcAb60q4odSaeWfk1Dr7L9Ua69oK9omjbCNUt+P7Kwlfca7Q== vFh4deGcAb60q4odSaeWfk1Dr7L9Ua69oK9omjbCNUt+P7Kwlfca7Q==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2025-08-07T19:03:58Z" lastmodified: "2025-09-25T22:21:11Z"
mac: ENC[AES256_GCM,data:Rjb4uTow01fHFOcjKFBCvqpow+yAeSY0RymCoSFUNhavsE4HBqhw2acWsNkXqTQA1FxczJP5mtesYNzg7tQR2fN+a/T5jG7q5sC+RYQkDZPy5ECVxEv3J+BtXmMuKJS3YadiIy0iQTXiiwmYBo8cnKIDxQ75AQLoGCGxSr42NU8=,iv:aSevCC9kbYnTy9KuXcxjaeFmERa+qCn9E3ANCJ2CqoU=,tag:RC0H+lRWfBfOGX2VJoAfyg==,type:str] mac: ENC[AES256_GCM,data:1Ru10z/hiMNgzgbBpzuo6jNi5eF87nNMfryurO75k9PvYzsOX4iUwDQf/PppP/YP/g73HJdYaGGEzE8YxaSDtOnmf5qbQe1+5rZmHSO/iIZr/rfV3nkGfqxE4TpPlR/NXB5ktToe7GB6BF1AXwbVIbjWe6Ymsi6Dy2e56Ml1x7k=,iv:v3GV7TL2+BHWETD0mtUBpM/B6vIjNgLiNn45boBjNUg=,tag:a4MplFxRfBF10iwxVGVUOA==,type:str]
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.10.2 version: 3.10.2

2
system/hosts/mcp/containers/havenisms.com/default.nix
View File

@@ -2,6 +2,8 @@
{ {
imports = [ imports = [
./chat.nix ./chat.nix
# Currently disabled because it doesn't start up properly
# ./immich.nix
./storyden.nix ./storyden.nix
./tandoor.nix ./tandoor.nix
]; ];

73
system/hosts/mcp/containers/havenisms.com/immich.nix Normal file
View File

@@ -0,0 +1,73 @@
{ config, ... }:
let
inherit (import ../lib.nix config) havenisms mkPostgresContainer;
in
{
imports = [
(mkPostgresContainer {
# Immich wants a custom build of postgres with the vectors extensions.
image = "ghcr.io/immich-app/postgres:14-vectorchord0.4.3-pgvectors0.2.0@sha256:c44be5f2871c59362966d71eab4268170eb6f5653c0e6170184e72b38ffdf107";
name = "immich";
directory = "/tank/immich/db";
uid = config.users.users.immich.uid;
gid = config.users.groups.immich.gid;
passwordSecret = "immich/database";
})
];
sops.secrets = {
"immich/database" = {
restartUnits = [
"${config.local.container-backend}-immich-db.service"
];
mode = "0400";
owner = config.users.users.immich.name;
};
};
sops.templates."immich.env" = {
restartUnits = [ "${config.local.container-backend}-immich.service" ];
owner = config.users.users.immich.name;
content = ''
DB_HOSTNAME=immich-postgres
DB_PASSWORD=${config.sops.placeholder."immich/database"}
DB_USERNAME=immich
DB_DATABASE_NAME=immich
REDIS_HOSTNAME=immich-redis
IMMICH_LOG_LEVEL=verbose
'';
};
virtualisation.web-containers.containers.immich = {
image = "ghcr.io/immich-app/immich-server:release";
hostname = "immich";
domain = havenisms;
port = 2283;
volumes = [
"/tank/photos/immich:/data"
"/etc/localtime:/etc/localtime:ro"
];
dependsOn = [
"immich-redis"
"immich-postgres"
];
environmentFiles = [
"${config.sops.templates."immich.env".path}"
];
};
virtualisation.oci-containers.containers = {
"immich-redis" = {
image = "docker.io/valkey/valkey";
};
"immich-machine-learning" = {
image = "ghcr.io/immich-app/immich-machine-learning:release";
volumes = [
"model-cache:/cache"
];
environmentFiles = [
"${config.sops.templates."immich.env".path}"
];
};
};
}

6
system/hosts/mcp/containers/lib.nix
View File

@@ -70,8 +70,7 @@ in
extraOptions extraOptions
; ;
autoStart = true; autoStart = true;
labels = labels = {
{
"traefik.enable" = "true"; "traefik.enable" = "true";
"traefik.http.routers.${hostName}.rule" = "${routerRule}"; "traefik.http.routers.${hostName}.rule" = "${routerRule}";
"traefik.http.services.${hostName}.loadbalancer.server.port" = "${toString port}"; "traefik.http.services.${hostName}.loadbalancer.server.port" = "${toString port}";
@@ -127,11 +126,12 @@ in
containerName ? "${name}-postgres", containerName ? "${name}-postgres",
databaseName ? name, databaseName ? name,
username ? name, username ? name,
image ? "postgres",
}: }:
{ config, ... }: { config, ... }:
{ {
virtualisation.oci-containers.containers."${containerName}" = { virtualisation.oci-containers.containers."${containerName}" = {
image = "postgres"; inherit image;
autoStart = true; autoStart = true;
volumes = [ volumes = [
# Note that data must be mounted at this location to persist. # Note that data must be mounted at this location to persist.

31
system/hosts/mcp/containers/users.nix
View File

@@ -1,4 +1,5 @@
{ pkgs, ... }: let { pkgs, ... }:
let
systemUsers = { systemUsers = {
gitea = { gitea = {
uid = 2001; uid = 2001;
@@ -19,6 +20,7 @@
home = "/tank/web"; home = "/tank/web";
packages = [ pkgs.git ]; packages = [ pkgs.git ];
}; };
immich = 2009;
}; };
mkUser = name: value: { mkUser = name: value: {
@@ -27,25 +29,30 @@
description = "System User for ${name}"; description = "System User for ${name}";
group = "${name}"; group = "${name}";
shell = value.shell or null; shell = value.shell or null;
extraGroups = value.extraGroups or []; extraGroups = value.extraGroups or [ ];
openssh.authorizedKeys.keys = value.authorizedKeys or []; openssh.authorizedKeys.keys = value.authorizedKeys or [ ];
home = value.home or "/var/empty"; home = value.home or "/var/empty";
packages = value.packages or []; packages = value.packages or [ ];
}; };
mkGroup = name: value: let mkGroup =
name: value:
let
# 1. Value if int # 1. Value if int
# 2. "gid" if present # 2. "gid" if present
# 3. "uid" # 3. "uid"
gid = gid =
if builtins.isInt value if builtins.isInt value then
then value value
else if builtins.hasAttr "gid" value else if builtins.hasAttr "gid" value then
then value.gid value.gid
else value.uid; else
in { value.uid;
in
{
inherit gid; inherit gid;
}; };
in { in
{
users.users = builtins.mapAttrs mkUser systemUsers; users.users = builtins.mapAttrs mkUser systemUsers;
users.groups = (builtins.mapAttrs mkGroup systemUsers) // { users.groups = (builtins.mapAttrs mkGroup systemUsers) // {
# Legacy groups. # Legacy groups.