Added Immich. Tweaked docker compose networks (frontend/backend).

2025-12-03 22:36:07 +01:00
parent 3f6d7cf43d
commit 3a5b786b36
9 changed files with 309 additions and 32 deletions
@@ -38,6 +38,10 @@ in
            # --- frigate devices --- #
            labels:
              - traefik.enable=true
+              - traefik.http.services.frigate.loadbalancer.server.port=8971
+              - traefik.http.services.frigate.loadbalancer.server.scheme=http
+              - traefik.http.routers.frigate-https.entrypoints=websecure
+              - traefik.http.routers.frigate-https.rule=Host(`cctv.$DOMAIN_NAME`)
              - traefik.http.routers.frigate-https.tls=true
              - traefik.http.routers.frigate-https.tls.certresolver=cloudflare
            restart: unless-stopped
@@ -47,12 +47,7 @@ in
        
        networks:
          hass_backend:
-            name: hass_backend
-            driver: bridge
-            ipam:
-              config:
-                - subnet: "172.16.4.0/24"
-                  gateway: "172.16.4.254"
+            external: true
          hass_frontend:
            external: true
      '';
@@ -0,0 +1,111 @@
+{ config, pkgs, ... }:
+
+let
+  container_name = "immich";
+  compose-dir = "docker-compose/immich";
+  config-dir = "/mnt/config-storage/docker-data/immich";
+in
+
+{
+  config = {
+    environment.etc."${compose-dir}/compose.yaml".text =
+      /*
+      yaml
+      */
+      ''
+        services:
+          immich-server:
+            image: ghcr.io/immich-app/immich-server:$IMMICH_VERSION
+            container_name: immich-server
+            networks:
+              immich_frontend:
+              immich_backend:
+            volumes:
+              - $UPLOAD_LOCATION:/data
+              - /etc/localtime:/etc/localtime:ro
+            # --- immich devices --- #
+            labels:
+              - traefik.enable=true
+              - traefik.http.services.immich.loadbalancer.server.port=2283
+              - traefik.http.services.immich.loadbalancer.server.scheme=http
+              - traefik.http.routers.immich-https.entrypoints=websecure
+              - traefik.http.routers.immich-https.rule=Host(`immich.$DOMAIN_NAME`)
+              - traefik.http.routers.immich-https.tls=true
+              - traefik.http.routers.immich-https.tls.certresolver=cloudflare
+            env_file:
+              - .env
+            depends_on:
+              - immich-redis
+              - immich-database
+            restart: always
+            healthcheck:
+              disable: false
+
+          immich-machine-learning:
+            container_name: immich-machine-learning
+            image: ghcr.io/immich-app/immich-machine-learning:$IMMICH_VERSION
+            networks:
+              immich_backend:
+            volumes:
+              - ${config-dir}/models:/cache
+            env_file:
+              - .env
+            restart: always
+            healthcheck:
+              disable: false
+
+          immich-redis:
+            container_name: immich-redis
+            image: docker.io/valkey/valkey:8-bookworm@sha256:a137a2b60aca1a75130022d6bb96af423fefae4eb55faf395732db3544803280
+            networks:
+              immich_backend:
+            healthcheck:
+              test: redis-cli ping || exit 1
+            restart: always
+
+          immich-database:
+            container_name: immich-database
+            image: ghcr.io/immich-app/postgres:14-vectorchord0.4.3-pgvectors0.2.0@sha256:32324a2f41df5de9efe1af166b7008c3f55646f8d0e00d9550c16c9822366b4a
+            networks:
+              immich_backend:
+            shm_size: 128mb
+            volumes:
+              # Do not edit the next line. If you want to change the database storage location on your system, edit the value of DB_DATA_LOCATION in the .env file
+              - $DB_DATA_LOCATION:/var/lib/postgresql/data
+            environment:
+              POSTGRES_PASSWORD: $DB_PASSWORD
+              POSTGRES_USER: $DB_USERNAME
+              POSTGRES_DB: $DB_DATABASE_NAME
+              POSTGRES_INITDB_ARGS: '--data-checksums'
+            restart: always
+            healthcheck:
+              disable: false
+
+        networks:
+          immich_backend:
+            external: true
+          immich_frontend:
+            external: true
+      '';
+
+    systemd.services.immich = {
+      description = "Docker container : ${container_name}";
+      after = [ "network.target" "docker.service" "docker.socket" "traefik.service" ];
+      requires = [ "docker.service" ];
+      wantedBy = ["multi-user.target"];
+      path = [ pkgs.docker ];
+
+      serviceConfig = {
+        Type = "exec";
+        # Pull the latest image before running
+        ExecStartPre = "${pkgs.docker}/bin/docker compose -f /etc/${compose-dir}/compose.yaml pull";
+        # Bring the service up
+        ExecStart = "${pkgs.docker}/bin/docker compose -f /etc/${compose-dir}/compose.yaml up --remove-orphans";
+        # Take it down gracefully
+        ExecStop = "${pkgs.docker}/bin/docker compose -f /etc/${compose-dir}/compose.yaml down";
+
+        Restart = "on-failure";
+      };
+    };
+  };
+}
@@ -13,20 +13,6 @@ in
      */
      ''
        services:
-          passbolt-database:
-            image: mariadb:11.3
-            container_name: passbolt-database
-            networks:
-              passbolt_backend:
-            volumes:
-              - passbolt-database:/var/lib/mysql
-            environment:
-              MYSQL_RANDOM_ROOT_PASSWORD: "true"
-              MYSQL_DATABASE: $PASSBOLT_MYSQL_DATABASE
-              MYSQL_USER: $PASSBOLT_MYSQL_USER
-              MYSQL_PASSWORD: $PASSBOLT_MYSQL_PASSWORD
-            restart: unless-stopped
-
          passbolt:
            image: passbolt/passbolt:latest-ce-non-root
            container_name: passbolt
@@ -72,14 +58,23 @@ in
              - passbolt-database
            restart: unless-stopped

+          passbolt-database:
+            image: mariadb:11.3
+            container_name: passbolt-database
+            networks:
+              passbolt_backend:
+            volumes:
+              - passbolt-database:/var/lib/mysql
+            environment:
+              MYSQL_RANDOM_ROOT_PASSWORD: "true"
+              MYSQL_DATABASE: $PASSBOLT_MYSQL_DATABASE
+              MYSQL_USER: $PASSBOLT_MYSQL_USER
+              MYSQL_PASSWORD: $PASSBOLT_MYSQL_PASSWORD
+            restart: unless-stopped
+
        networks:
          passbolt_backend:
-            name: passbolt_backend
-            driver: bridge
-            ipam:
-              config:
-                - subnet: "172.16.2.0/24"
-                  gateway: "172.16.2.254"
+            external: true
          passbolt_frontend:
            external: true

@@ -55,6 +55,13 @@ in
              config:
                - subnet: "172.16.1.0/24"
                  gateway: "172.16.1.254"
+          passbolt_backend:
+            name: passbolt_backend
+            driver: bridge
+            ipam:
+              config:
+                - subnet: "172.16.2.0/24"
+                  gateway: "172.16.2.254"
          passbolt_frontend:
            name: passbolt_frontend
            driver: bridge
@@ -69,6 +76,13 @@ in
              config:
                - subnet: "172.16.3.0/24"
                  gateway: "172.16.3.254"
+          hass_backend:
+            name: hass_backend
+            driver: bridge
+            ipam:
+              config:
+                - subnet: "172.16.4.0/24"
+                  gateway: "172.16.4.254"
          hass_frontend:
            name: hass_frontend
            driver: bridge
@@ -76,6 +90,13 @@ in
              config:
                - subnet: "172.16.40.0/24"
                  gateway: "172.16.40.254"
+          immich_backend:
+            name: immich_backend
+            driver: bridge
+            ipam:
+              config:
+                - subnet: "172.16.5.0/24"
+                  gateway: "172.16.5.254"
          immich_frontend:
            name: immich_frontend
            driver: bridge