There is a closed discussion on immich repo immich-app/immich#14815
Until immich supports better security, below method can be used to template a file with secrets on ramdisk. Circumventing the nixpkgs config generation parts, and pointing immich systemd service to this templated file.
{ config, ... }:
let
domain = config.networking.domain;
| import cats.effect.{ConcurrentEffect, ContextShift, Timer} | |
| import com.typesafe.scalalogging.StrictLogging | |
| import fs2.concurrent.Queue | |
| import fs2.{Pipe, Stream} | |
| import io.lemonlabs.uri.AbsoluteUrl | |
| import scodec.Codec | |
| import spinoco.fs2.http.HttpClient | |
| import spinoco.fs2.http.websocket.{Frame, WebSocketRequest} | |
| class WSChannelFactory[F[_]: ConcurrentEffect: ContextShift: Timer](client: HttpClient[F]) { |
| /** | |
| * Measures given view and runs the action provided after that | |
| * @param view to be measured | |
| * @param action to be performed | |
| */ | |
| public static void measure(View view, ViewMeasurer action) { | |
| ViewTreeObserver vto = view.getViewTreeObserver(); | |
| if (vto.isAlive()) { | |
| vto.addOnPreDrawListener(new ViewTreeObserver.OnPreDrawListener() { | |
| @Override |