{ config, lib, pkgs, ... }: with lib; let cfg = config.local.sys.immich; in { options.local.sys.immich = { enable = mkEnableOption "Immich photo/video management"; mediaLocation = mkOption { type = types.path; default = "/var/lib/immich"; description = "Directory for storing media files."; }; host = mkOption { type = types.str; default = "127.0.0.1"; description = "Address to listen on."; }; port = mkOption { type = types.port; default = 2283; description = "Port for the web interface."; }; machineLearning.enable = mkOption { type = types.bool; default = true; description = "Enable machine learning for smart features."; }; accelerationDevices = mkOption { type = with types; nullOr (listOf str); default = null; description = '' Device paths for hardware-accelerated video transcoding. null = allow all devices, [] = no acceleration. Example: [ "/dev/dri/renderD128" ] ''; }; group = mkOption { type = types.str; default = "photosgroup"; description = '' Group for shared access to external libraries. Files in external libraries should be owned by this group with group-read permission. To add permisions to current dir: `chgrp -R photosgroup . && chmod -R g+rX .` ''; }; users = mkOption { type = with types; listOf str; default = []; description = "Users to add to the photos group for managing external libraries."; }; }; config = mkIf cfg.enable { users.groups.${cfg.group} = {}; users.users = {immich.extraGroups = [cfg.group];} // genAttrs cfg.users (_: {extraGroups = [cfg.group];}); services.immich = { enable = true; host = cfg.host; port = cfg.port; mediaLocation = cfg.mediaLocation; openFirewall = false; machine-learning.enable = cfg.machineLearning.enable; accelerationDevices = cfg.accelerationDevices; }; }; }