immich
Example
{config, lib, ...}: {
immich = {
enable = true;
oidc = {
enable = true;
clientSecretFile = config.sops.secrets."immich/authelia/client_secret".path;
clientSecretHash = "$pbkdf2-sha512$...";
};
db.passwordFile = config.sops.secrets."immich/db_password".path;
settings = {
oauth.autoLaunch = true;
passwordLogin.enabled = false;
};
};
}Stack Options
nps.stacks.immich.containers.immich
Alias of {option}services.podman.containers.immich.
nps.stacks.immich.containers.immich-db
Alias of {option}services.podman.containers.immich-db.
nps.stacks.immich.containers.immich-machine-learning
Alias of {option}services.podman.containers.immich-machine-learning.
nps.stacks.immich.containers.immich-redis
Alias of {option}services.podman.containers.immich-redis.
nps.stacks.immich.db.passwordFile
Path to the file containing the database password
nps.stacks.immich.enable
Whether to enable immich.
nps.stacks.immich.oidc.adminGroup
Users of this group will be assigned admin rights in Immich. The role is only used on user creation and not synchronized after that.
nps.stacks.immich.oidc.clientSecretFile
Path to the file containing that client secret that will be used to authenticate against Authelia.
nps.stacks.immich.oidc.clientSecretHash
The hashed client_secret. Will be set in the Authelia client config. For examples on how to generate a client secret, see
https://www.authelia.com/integration/openid-connect/frequently-asked-questions/#client-secret
nps.stacks.immich.oidc.enable
Whether to enable OIDC login with Authelia. This will register an OIDC client in Authelia and setup the necessary configuration in Immich.
For details, see:
nps.stacks.immich.oidc.userGroup
Users of this group will be able to log in to Immich
nps.stacks.immich.settings
Settings that will be written to the 'config.json' file.
If you want to configure settings through the UI, set this option to null.
In that case, no managed config.json will be provided.
For details to the config file see https://immich.app/docs/install/config-file/