1{
 2  libx,
 3  globals,
 4  lib,
 5  pkgs,
 6  ...
 7}:
 8{
 9  users.users.vincent.linger = true;
10
11  services = {
12    wireguard = {
13      enable = true;
14      ips = libx.wg-ips globals.machines.aion.net.vpn.ips;
15      endpoint = "${globals.net.vpn.endpoint}";
16      endpointPublicKey = "${globals.machines.kerkouane.net.vpn.pubkey}";
17    };
18
19    immich = {
20      enable = true;
21      user = "vincent";
22      group = "users";
23      mediaLocation = "/neo/pictures/photos";
24    };
25
26    postgresql = {
27      ensureDatabases = [ "immich" ];
28      ensureUsers = [
29        {
30          name = "vincent";
31        }
32      ];
33    };
34  };
35
36  # Grant vincent ownership of the immich database and schemas
37  systemd.services.postgresql.postStart = lib.mkAfter ''
38    $PSQL -tAc "SELECT 1 FROM pg_roles WHERE rolname = 'vincent'" | grep -q 1 || $PSQL -tAc "CREATE ROLE vincent WITH LOGIN"
39    $PSQL -tAc "ALTER DATABASE immich OWNER TO vincent"
40    $PSQL immich -tAc "ALTER SCHEMA public OWNER TO vincent"
41    $PSQL immich -tAc "ALTER SCHEMA vectors OWNER TO vincent" || true
42    $PSQL immich -tAc "GRANT ALL PRIVILEGES ON SCHEMA public TO vincent"
43    $PSQL immich -tAc "GRANT ALL PRIVILEGES ON SCHEMA vectors TO vincent" || true
44    $PSQL immich -tAc "GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO vincent"
45    $PSQL immich -tAc "GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA public TO vincent"
46    $PSQL immich -tAc "GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA vectors TO vincent" || true
47    $PSQL immich -tAc "ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT ALL ON TABLES TO vincent"
48    $PSQL immich -tAc "ALTER DEFAULT PRIVILEGES IN SCHEMA vectors GRANT ALL ON TABLES TO vincent" || true
49  '';
50
51  networking.useDHCP = lib.mkDefault true;
52
53  environment.systemPackages = with pkgs; [
54    lm_sensors
55    gnumake
56  ];
57
58}