helix: host photos.sealight.xyz

hosts/helix/configuration.nix

@@ -21,7 +21,6 @@
 
   # Enable the OpenSSH daemon.
   services.openssh.enable = true;
-  sound.enable = false;
 
   # Define a user account. Don't forget to set a password with ‘passwd’.
   # This value determines the NixOS release with which your system is to be

hosts/helix/default.nix

@@ -30,6 +30,22 @@
     privateKeyFile = "/run/agenix/helix-wg";
   };
 
+  # Reverse proxy for immich
+  services.nginx.virtualHosts."photos.sealight.xyz" = {
+    enableACME = true;
+    forceSSL = true;
+
+    locations."/" = {
+      extraConfig = ''
+        proxy_pass http://10.0.69.4:8567;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+      '';
+    };
+  };
+
   services.postgresql.package = pkgs.postgresql_15;
   services.postgresqlBackup = {
     # TODO needs working wireguard to box