44 lines
896 B
Nix
44 lines
896 B
Nix
|
{
|
|||
|
|
lib,
|
|||
|
|
pkgs,
|
|||
|
|
...
|
|||
|
|
}:
|
|||
|
|
{
|
|||
|
|
services.immich = {
|
|||
|
|
enable = true;
|
|||
|
|
port = 2283;
|
|||
|
|
host = "0.0.0.0";
|
|||
|
|
};
|
|||
|
|
|
|||
|
|
security.acme = {
|
|||
|
|
acceptTerms = true;
|
|||
|
|
defaults.email = "kellyl@sysrq.ca";
|
|||
|
|
};
|
|||
|
|
|
|||
|
|
services.caddy = {
|
|||
|
|
enable = true;
|
|||
|
|
|
|||
|
|
virtualHosts = {
|
|||
|
|
"immich.sysrq.ca" = {
|
|||
|
|
extraConfig = ''
|
|||
|
|
encode gzip
|
|||
|
|
|
|||
|
|
# Automatically handle HTTPS via Let’s Encrypt
|
|||
|
|
# Caddy will request and renew certs for immich.sysrq.ca
|
|||
|
|
|
|||
|
|
reverse_proxy http://192.168.0.60:2283 {
|
|||
|
|
# If Immich uses WebSockets, Caddy will proxy them automatically
|
|||
|
|
# Add headers if you want forward real client IP
|
|||
|
|
header_up X-Real-IP {remote_host}
|
|||
|
|
header_up X-Forwarded-For {remote_host}
|
|||
|
|
header_up Host {host}
|
|||
|
|
}
|
|||
|
|
'';
|
|||
|
|
};
|
|||
|
|
};
|
|||
|
|
};
|
|||
|
|
|
|||
|
|
networking.firewall.allowedTCPPorts = [ 80 443 2283 ];
|
|||
|
|
|
|||
|
|
}
|