sprechtl/dotfiles
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat: immich sso

Browse source
This commit is contained in:
s-prechtl 2026-03-24 12:12:50 +01:00
parent 2631d1243b
commit 7a7ef55522
3 changed files with 21 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

21
hosts/hitsugibune/immich.nix
View file

@ -3,11 +3,30 @@ let
domain = "immich.sprechtl.me"; domain = "immich.sprechtl.me";
in in
{ {
age.secrets.immich = {
file = ../../secrets/immich.age;
owner = "immich";
group = "immich";
mode = "0400";
};
services.immich = { services.immich = {
enable = true; enable = true;
database.host = "/run/postgresql"; database.host = "/run/postgresql";
port = 2283; # default port = 2283; # default
settings.externalDomain = domain; settings = {
externalDomain = domain;
oauth = {
enabled = true;
issuerUrl = "https://auth.sprechtl.me/application/o/immich/.well-known/openid-configuration";
clientId = "EXMPaB2SoZYSSWu56ebB6CYV8W1hQS2eTwLdFBDw";
# clientSecret = ""; saved in secrets file
scope = "openid email profile";
buttonText = "Login with Authentik";
autoRegister = true;
autoLaunch = false; # set true to skip local login page entirely
};
};
secretsFile = config.age.secrets.immich.path;
mediaLocation = "/data/immich/"; mediaLocation = "/data/immich/";
}; };

BIN
secrets/immich.age Normal file
View file

Binary file not shown.

1
secrets/secrets.nix
View file

@ -20,4 +20,5 @@ in {
"authentik.age".publicKeys = [hitsugibune key]; "authentik.age".publicKeys = [hitsugibune key];
"vaultwarden.age".publicKeys = [hitsugibune key]; "vaultwarden.age".publicKeys = [hitsugibune key];
"forgejo-mailer-password.age".publicKeys = [hitsugibune key]; "forgejo-mailer-password.age".publicKeys = [hitsugibune key];
"immich.age".publicKeys = [hitsugibune key];
} }