diff --git a/config/nixos/docker/immich.nix b/config/nixos/docker/immich.nix new file mode 100644 index 0000000..984e2eb --- /dev/null +++ b/config/nixos/docker/immich.nix @@ -0,0 +1,22 @@ +{ config, pkgs, ... }: + +{ + environment.etc."docker/immich/docker-compose.yml".source = ./immich/docker-compose.yml; + environment.etc."docker/immich/.env".source = ./immich/.env; + environment.etc."docker/immich/hwaccel.ml.yml".source = ./immich/hwaccel.ml.yml; + environment.etc."docker/immich/hwaccel.transcoding.yml".source = ./immich/hwaccel.transcoding.yml; + + systemd.services.immich = { + description = "Immich Docker Compose Service"; + after = [ "network-online.target" ]; + wants = [ "network-online.target" ]; + serviceConfig = { + ExecStart = "${pkgs.docker-compose}/bin/docker-compose -f /etc/docker/immich/docker-compose.yml up"; + ExecStop = "${pkgs.docker-compose}/bin/docker-compose -f /etc/docker/immich/docker-compose.yml down"; + WorkingDirectory = "/etc/docker/immich"; + Restart = "always"; + RestartSec = 10; + }; + wantedBy = [ "multi-user.target" ]; + }; +} diff --git a/config/nixos/docker/immich/.env b/config/nixos/docker/immich/.env new file mode 100644 index 0000000..274c617 --- /dev/null +++ b/config/nixos/docker/immich/.env @@ -0,0 +1,21 @@ +# You can find documentation for all the supported env variables at https://immich.app/docs/install/environment-variables + +# The location where your uploaded files are stored +UPLOAD_LOCATION=/mnt/8tb/Photos/immich-library +# The location where your database files are stored +DB_DATA_LOCATION=./postgres + +# To set a timezone, uncomment the next line and change Etc/UTC to a TZ identifier from this list: https://en.wikipedia.org/wiki/List_of_tz_database_time_zones#List +TZ=Europe/Amsterdam + +# The Immich version to use. You can pin this to a specific version like "v1.71.0" +IMMICH_VERSION=release + +# Connection secret for postgres. You should change it to a random password +# Please use only the characters `A-Za-z0-9`, without special characters or spaces +DB_PASSWORD=postgres + +# The values below this line do not need to be changed +################################################################################### +DB_USERNAME=postgres +DB_DATABASE_NAME=immich diff --git a/config/nixos/docker/immich/docker-compose.yml b/config/nixos/docker/immich/docker-compose.yml new file mode 100644 index 0000000..f7c8ca9 --- /dev/null +++ b/config/nixos/docker/immich/docker-compose.yml @@ -0,0 +1,79 @@ +name: immich +services: + server: + image: ghcr.io/immich-app/immich-server:${IMMICH_VERSION:-release} + extends: + file: hwaccel.transcoding.yml + service: nvenc # set to one of [nvenc, quicksync, rkmpp, vaapi, vaapi-wsl] for accelerated transcoding + volumes: + - ${UPLOAD_LOCATION}:/usr/src/app/upload + - /etc/localtime:/etc/localtime:ro + env_file: + - .env + ports: + - '2283:2283' + depends_on: + - redis + - database + restart: always + healthcheck: + disable: false + + machine-learning: + # For hardware acceleration, add one of -[armnn, cuda, openvino] to the image tag. + # Example tag: ${IMMICH_VERSION:-release}-cuda + image: ghcr.io/immich-app/immich-machine-learning:${IMMICH_VERSION:-release}-cuda + extends: # uncomment this section for hardware acceleration - see https://immich.app/docs/features/ml-hardware-acceleration + file: hwaccel.ml.yml + service: cuda # set to one of [armnn, cuda, openvino, openvino-wsl] for accelerated inference - use the `-wsl` version for WSL2 where applicable + volumes: + - model-cache:/cache + env_file: + - .env + restart: always + healthcheck: + disable: false + + redis: + container_name: immich_redis + image: docker.io/redis:6.2-alpine@sha256:2ba50e1ac3a0ea17b736ce9db2b0a9f6f8b85d4c27d5f5accc6a416d8f42c6d5 + healthcheck: + test: redis-cli ping || exit 1 + restart: always + + database: + container_name: immich_postgres + image: docker.io/tensorchord/pgvecto-rs:pg14-v0.2.0@sha256:90724186f0a3517cf6914295b5ab410db9ce23190a2d9d0b9dd6463e3fa298f0 + environment: + POSTGRES_PASSWORD: ${DB_PASSWORD} + POSTGRES_USER: ${DB_USERNAME} + POSTGRES_DB: ${DB_DATABASE_NAME} + POSTGRES_INITDB_ARGS: '--data-checksums' + volumes: + # Do not edit the next line. If you want to change the database storage location on your system, edit the value of DB_DATA_LOCATION in the .env file + - ${DB_DATA_LOCATION}:/var/lib/postgresql/data + healthcheck: + test: pg_isready --dbname='${DB_DATABASE_NAME}' --username='${DB_USERNAME}' || exit 1; Chksum="$$(psql --dbname='${DB_DATABASE_NAME}' --username='${DB_USERNAME}' --tuples-only --no-align --command='SELECT COALESCE(SUM(checksum_failures), 0) FROM pg_stat_database')"; echo "checksum failure count is $$Chksum"; [ "$$Chksum" = '0' ] || exit 1 + interval: 5m + start_interval: 30s + start_period: 5m + command: + [ + 'postgres', + '-c', + 'shared_preload_libraries=vectors.so', + '-c', + 'search_path="$$user", public, vectors', + '-c', + 'logging_collector=on', + '-c', + 'max_wal_size=2GB', + '-c', + 'shared_buffers=512MB', + '-c', + 'wal_compression=on', + ] + restart: always + +volumes: + model-cache: diff --git a/config/nixos/docker/immich/hwaccel.ml.yml b/config/nixos/docker/immich/hwaccel.ml.yml new file mode 100644 index 0000000..8995c2e --- /dev/null +++ b/config/nixos/docker/immich/hwaccel.ml.yml @@ -0,0 +1,27 @@ +# Configurations for hardware-accelerated machine learning + +# If using Unraid or another platform that doesn't allow multiple Compose files, +# you can inline the config for a backend by copying its contents +# into the immich-machine-learning service in the docker-compose.yml file. + +# See https://immich.app/docs/features/ml-hardware-acceleration for info on usage. + +services: + armnn: + devices: + - /dev/mali0:/dev/mali0 + volumes: + - /lib/firmware/mali_csffw.bin:/lib/firmware/mali_csffw.bin:ro # Mali firmware for your chipset (not always required depending on the driver) + - /usr/lib/libmali.so:/usr/lib/libmali.so:ro # Mali driver for your chipset (always required) + + cpu: {} + + cuda: + deploy: + resources: + reservations: + devices: + - driver: nvidia + count: 1 + capabilities: + - gpu diff --git a/config/nixos/docker/immich/hwaccel.transcoding.yml b/config/nixos/docker/immich/hwaccel.transcoding.yml new file mode 100644 index 0000000..98961b4 --- /dev/null +++ b/config/nixos/docker/immich/hwaccel.transcoding.yml @@ -0,0 +1,43 @@ +# Configurations for hardware-accelerated transcoding + +# If using Unraid or another platform that doesn't allow multiple Compose files, +# you can inline the config for a backend by copying its contents +# into the immich-microservices service in the docker-compose.yml file. + +# See https://immich.app/docs/features/hardware-transcoding for more info on using hardware transcoding. + +services: + cpu: {} + + nvenc: + deploy: + resources: + reservations: + devices: + - driver: nvidia + count: 1 + capabilities: + - gpu + - compute + - video + + rkmpp: + security_opt: # enables full access to /sys and /proc, still far better than privileged: true + - systempaths=unconfined + - apparmor=unconfined + group_add: + - video + devices: + - /dev/rga:/dev/rga + - /dev/dri:/dev/dri + - /dev/dma_heap:/dev/dma_heap + - /dev/mpp_service:/dev/mpp_service + #- /dev/mali0:/dev/mali0 # only required to enable OpenCL-accelerated HDR -> SDR tonemapping + volumes: + #- /etc/OpenCL:/etc/OpenCL:ro # only required to enable OpenCL-accelerated HDR -> SDR tonemapping + #- /usr/lib/aarch64-linux-gnu/libmali.so.1:/usr/lib/aarch64-linux-gnu/libmali.so.1:ro # only required to enable OpenCL-accelerated HDR -> SDR tonemapping + + vaapi: + devices: + - /dev/dri:/dev/dri +