From 5ac307b7bc51f8f94b7a7c10ec978bc302e8b303 Mon Sep 17 00:00:00 2001
From: Mel <einebeere@gmail.com>
Date: Mon, 9 Dec 2024 02:37:40 +0100
Subject: Also expose raw Immich port to tailnet

Signed-off-by: Mel <einebeere@gmail.com>
---
 services/immich.nix | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

(limited to 'services/immich.nix')

diff --git a/services/immich.nix b/services/immich.nix
index b00f47c..d691a9b 100644
--- a/services/immich.nix
+++ b/services/immich.nix
@@ -1,4 +1,4 @@
-{ auxiliaryPkgs, ... }:
+{ me, auxiliaryPkgs, ... }:
 
 let
   inherit (auxiliaryPkgs) common;
@@ -54,7 +54,9 @@ in
         [ "/etc/localtime" "/etc/localtime:ro" ]
         [ "${immichDir}/upload" "/usr/src/app/upload" ]
       ];
-      ports = [ immichLocalPort ];
+      # expose through tailscale, so it can be accessed both through
+      # reverse proxy, and directly from a tailnet device.
+      ports = [ (common.tailnetPort me immichLocalPort) ];
     };
 
     db = {
@@ -96,7 +98,7 @@ in
       enableACME = true;
       forceSSL = true;
       locations."/" = {
-        proxyPass = "http://localhost:${toString immichLocalPort}";
+        proxyPass = "http://${me.tailscale.ip}:${toString immichLocalPort}";
         proxyWebsockets = true;
       };
     };
-- 
cgit 1.4.1