mirror of
https://github.com/oddlama/nix-config.git
synced 2025-10-10 23:00:39 +02:00
fix: enable nftables forward rule for immich; allow big uploads in immich through nginx
This commit is contained in:
parent
364073c197
commit
924645cafb
1 changed files with 10 additions and 3 deletions
|
@ -38,10 +38,14 @@
|
||||||
wantedBy = ["podman-compose-immich-root.target"];
|
wantedBy = ["podman-compose-immich-root.target"];
|
||||||
};
|
};
|
||||||
in {
|
in {
|
||||||
microvm.mem = 1024 * 8;
|
microvm.mem = 1024 * 12;
|
||||||
microvm.vcpu = 20;
|
microvm.vcpu = 16;
|
||||||
|
|
||||||
meta.wireguard-proxy.sentinel.allowedTCPPorts = [2283];
|
meta.wireguard-proxy.sentinel.allowedTCPPorts = [2283];
|
||||||
|
networking.nftables.chains.forward.into-immich-container = {
|
||||||
|
after = ["conntrack"];
|
||||||
|
rules = ["iifname proxy-sentinel ip saddr 10.43.0.29 tcp dport 3001 accept"];
|
||||||
|
};
|
||||||
|
|
||||||
nodes.sentinel = {
|
nodes.sentinel = {
|
||||||
networking.providedDomains.immich = immichDomain;
|
networking.providedDomains.immich = immichDomain;
|
||||||
|
@ -63,6 +67,9 @@ in {
|
||||||
proxyPass = "http://immich";
|
proxyPass = "http://immich";
|
||||||
proxyWebsockets = true;
|
proxyWebsockets = true;
|
||||||
};
|
};
|
||||||
|
extraConfig = ''
|
||||||
|
client_max_body_size 10G;
|
||||||
|
'';
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
@ -204,7 +211,7 @@ in {
|
||||||
ExecStop = "${pkgs.podman}/bin/podman network rm -f immich-default";
|
ExecStop = "${pkgs.podman}/bin/podman network rm -f immich-default";
|
||||||
};
|
};
|
||||||
script = ''
|
script = ''
|
||||||
podman network inspect immich-default || podman network create immich-default --opt isolate=true --subnet=10.89.0.0/24
|
podman network inspect immich-default || podman network create immich-default --opt isolate=true --subnet=10.89.0.0/24 --disable-dns
|
||||||
'';
|
'';
|
||||||
partOf = ["podman-compose-immich-root.target"];
|
partOf = ["podman-compose-immich-root.target"];
|
||||||
wantedBy = ["podman-compose-immich-root.target"];
|
wantedBy = ["podman-compose-immich-root.target"];
|
||||||
|
|
Loading…
Add table
Add a link
Reference in a new issue