From f1035af13b5eb48c80b34f9504a47d704bce31ab Mon Sep 17 00:00:00 2001
From: niten <niten@fudo.org>
Date: Wed, 7 Feb 2024 15:11:07 -0800
Subject: [PATCH] Add env file

---
 immich-container.nix | 20 +++++++++++++++++++-
 1 file changed, 19 insertions(+), 1 deletion(-)

diff --git a/immich-container.nix b/immich-container.nix
index 9f77e9c..8524a2e 100644
--- a/immich-container.nix
+++ b/immich-container.nix
@@ -1,7 +1,16 @@
 { config, lib, pkgs, ... }:
 
 with lib;
-let cfg = config.services.immichContainer;
+let
+  cfg = config.services.immichContainer;
+  hostname = config.instance.hostname;
+
+  mkEnvFile = attrs:
+    concatStringsSep "\n" (mapAttrsToList (k: v: "${k}=${v}") attrs);
+
+  databasePassword = pkgs.lib.passwd.stablerandom-passwd-file "immich-db-passwd"
+    config.instance.build-seed;
+
 in {
   options.services.immichContainer = with types; {
     enable =
@@ -44,6 +53,15 @@ in {
   };
 
   config = {
+    fudo.secrets.host-secrets."${hostname}".immichEnv = {
+      source-file = mkEnvFile {
+        DB_USERNAME = "immich";
+        DB_DATABASE_NAME = "immich";
+        DB_PASSWORD = readFile databasePassword;
+      };
+      target-file = "/run/immich/env";
+    };
+
     systemd.tmpfiles.rules = [
       "d ${cfg.state-directory} 0750 root root - -"
       "d ${cfg.store-directory} 0750 root root - -"