From 63359803f926a2aa62ae3e26a5801f603686ae91 Mon Sep 17 00:00:00 2001 From: Patrick Date: Sat, 27 Jul 2024 22:01:18 +0200 Subject: [PATCH] chore(immich): add mailer config --- config/optional/steam.nix | 1 + config/services/immich.nix | 39 +++++++++++++++---- .../secrets/immich/generated/maddyPasswd.age | 16 ++++++++ 3 files changed, 49 insertions(+), 7 deletions(-) create mode 100644 hosts/elisabeth/secrets/immich/generated/maddyPasswd.age diff --git a/config/optional/steam.nix b/config/optional/steam.nix index 618fad2..23a455b 100644 --- a/config/optional/steam.nix +++ b/config/optional/steam.nix @@ -5,6 +5,7 @@ ... }: lib.optionalAttrs (!minimal) { + programs.gpu-screen-recorder.enable = true; programs.steam = { enable = true; package = pkgs.steam.override { diff --git a/config/services/immich.nix b/config/services/immich.nix index f67c7a5..f9df2ce 100644 --- a/config/services/immich.nix +++ b/config/services/immich.nix @@ -55,6 +55,15 @@ let enabled = true; level = "log"; }; + notifications.smtp = { + enabled = true; + from = "immich@${config.secrets.secrets.global.domains.mail_public}"; + transport = { + username = "immich@${config.secrets.secrets.global.domains.mail_public}"; + host = "smtp.${config.secrets.secrets.global.domains.mail_public}"; + port = 465; + }; + }; machineLearning = { clip = { enabled = true; @@ -104,12 +113,6 @@ let template = "{{y}}/{{MM}}/{{filename}}"; }; theme.customCss = ""; - thumbnail = { - colorspace = "p3"; - jpegSize = 1440; - quality = 80; - webpSize = 250; - }; trash = { days = 30; enabled = true; @@ -145,6 +148,23 @@ let processedConfigFile = "/run/agenix/immich.config.json"; in { + age.secrets.maddyPasswd = { + generator.script = "alnum"; + mode = "440"; + group = "root"; + }; + + nodes.maddy = { + age.secrets.immichPasswd = { + inherit (config.age.secrets.maddyPasswd) rekeyFile; + inherit (nodes.maddy.config.services.maddy) group; + mode = "640"; + }; + services.maddy.ensureCredentials = { + "immich@${config.secrets.secrets.global.domains.mail_public}".passwordFile = + nodes.maddy.config.age.secrets.immichPasswd.path; + }; + }; age.secrets.resticpasswd = { generator.script = "alnum"; }; @@ -203,7 +223,12 @@ in deps = [ "agenix" ]; text = '' immichClientSecret=$(< ${config.age.secrets.immich-oauth2-client-secret.path}) - ${pkgs.jq}/bin/jq --arg immichClientSecret "$immichClientSecret" '.oauth.clientSecret = $immichClientSecret' ${configFile} > ${processedConfigFile} + immichEmailSecret=$(< ${config.age.secrets.maddyPasswd.path}) + ${pkgs.jq}/bin/jq \ + --arg immichClientSecret "$immichClientSecret" \ + --arg immichEmailSecret "$immichEmailSecret" \ + '.oauth.clientSecret = $immichClientSecret | .notifications.smtp.transport.password = $immichEmailSecret' \ + ${configFile} > ${processedConfigFile} chmod 444 ${processedConfigFile} ''; }; diff --git a/hosts/elisabeth/secrets/immich/generated/maddyPasswd.age b/hosts/elisabeth/secrets/immich/generated/maddyPasswd.age new file mode 100644 index 0000000..7c30180 --- /dev/null +++ b/hosts/elisabeth/secrets/immich/generated/maddyPasswd.age @@ -0,0 +1,16 @@ +age-encryption.org/v1 +-> X25519 26LQ7M/ohpGhCF5KSGOKGPleQS14YEUbLX3TkuJhA1c +molDQC1NjtUmgR4awiPa6s3Ps9FidC6ztupTCcaW7vY +-> piv-p256 ZFgiIw AsgqJFOJqktxrbSJRXASEB/drg6GMy5Ugg7wDc4zy8MI +2LRO6PpWRJ48WK6e/zWnfSgu7W4TKiXZHm/KxGw8dro +-> piv-p256 XTQkUA A2rw+YxP75H2isyxzWfofyBkV+PQsU5GQjv/Yf/CDdRQ +BCgHzAzkV6yICyq1Qeb7rXrBDhGwda0cXRCC4SfIsJ0 +-> piv-p256 ZFgiIw Alc99i8iND+M1dgqWyW829TiYZbCkYF9RQ9ZS/jbjSV7 +7TePYT/aGOAekGSbL62SeDUAycMFC1/+K14UmBWRwyE +-> piv-p256 5vmPtQ AgeVBqU8vdbgsJ5im3cDvXPCUsp/iGm9JwZ190fLZnuF +8S+xFyUGrLfXc+rmAHy4Mvk9QvybOk0EozTj46aCUW0 +-> 5-grease %",T b5 +lhY8pdELxc7fr1hpxyTC9Cxn6QxiDmvxsKaVpwxC6g9aBTl0g1cdGoF3QdLvRkZj +F4fkyUTP0R9CrzBICabil1EzEw +--- plFbkh1yLnDN0yTuS+g0RuYlA0OLW4UUL4B2G5aDA+k +žôå“c]XuWæö(”Õ){¡a<Þ¡ÉP#e´~H˜žÆûGZ'L¯ˆ0iûo\ŒÈE%û”¹ýžGP=ìronë(*[Ÿð;þ aB5y™ \ No newline at end of file