Adds immich

files/install-additional-packages.service

@@ -14,7 +14,7 @@ RemainAfterExit=yes
 # if the package is already installed. This is useful if the package is
 # added to the root image in a future Fedora CoreOS release as it will
 # prevent the service from failing.
-ExecStart=/usr/bin/rpm-ostree install -y --allow-inactive firewalld fail2ban fail2ban-firewalld setroubleshoot-server setools
+ExecStart=/usr/bin/rpm-ostree install -y --allow-inactive firewalld fail2ban fail2ban-firewalld setroubleshoot-server setools smartmontools
 ExecStart=/bin/touch /var/lib/additional-packages.stamp
 ExecStart=/bin/systemctl enable configure-firewalld.service enable-all-quadlets.service move-downloads-nextcloud.timer copy-music.timer
 ExecStart=semanage fcontext -a -t bin_t "/var/opt/bin(/.*)?"

files/smartd.conf

@@ -1,2 +1,3 @@
+/dev/disk/by-id/ata-WDC_WDS100T1R0B-68A4Z0_23133Y800481 -a -o on -S on -n standby,q -s (S/../.././12|L/../01/./08) -W 4,45,70 -m tga
 /dev/disk/by-id/ata-WDC_WD120EFBX-68B0EN0_5QKYB19B -a -o on -S on -n standby,q -s (S/../.././12|L/../01/./08) -W 4,45,60 -m tga
 /dev/disk/by-id/ata-WDC_WD120EFGX-68CPHN0_WD-B00K2ELD -a -o on -S on -n standby,q -s (S/../.././12|L/../01/./08) -W 4,45,60 -m tga

generate-config.sh

@@ -41,7 +41,7 @@ files_template="
   files:
     - path: /var/lib/systemd/linger/__USER__
       mode: 0644"
-users=('arr' 'gitea' 'homeassistant' 'jdownloader' 'kiwix' 'komga' 'navidrome' 'nextcloud' 'nginx' 'pairdrop' 'paperless' 'pihole' 'qbittorrent' 'synapse' 'tga' 'wallabag')
+users=('arr' 'gitea' 'homeassistant' 'immich' 'jdownloader' 'kiwix' 'komga' 'navidrome' 'nextcloud' 'nginx' 'pairdrop' 'paperless' 'pihole' 'qbittorrent' 'synapse' 'tga' 'wallabag')
 mkdir -p users
 for user in "${users[@]}"; do
     user_butane="users/${user}.bu"

home/immich/.secrets

@@ -0,0 +1 @@
+database-password=U6WKyoCU4fw8rfB8ezpXVZJQc3s3lcoe

init/enable-all-quadlets.sh

@@ -7,7 +7,7 @@ semanage fcontext -a -t container_file_t "/mnt/nas(/.*)?"
 #semanage fcontext -a -t container_file_t "/mnt/nas/containers/.*/storage/.*(/.*)?"
 restorecon -vR /mnt/nas
 
-users=("gitea" "homeassistant" "jdownloader" "kiwix" "komga" "navidrome" "nextcloud" "nginx" "pairdrop" "paperless" "pihole" "qbittorrent" "synapse" "wallabag")
+users=("gitea" "homeassistant" "immich" "jdownloader" "kiwix" "komga" "navidrome" "nextcloud" "nginx" "pairdrop" "paperless" "pihole" "qbittorrent" "synapse" "wallabag")
 for user in "${users[@]}"; do
   chown -R "${user}:${user}" "/var/home/${user}"
   secrets_file="/var/home/${user}/.secrets"

pi4.bu

@@ -33,19 +33,19 @@ storage:
     - device: /dev/disk/by-id/ata-WDC_WD120EFBX-68B0EN0_5QKYB19B
       wipe_table: false
       partitions:
-      - number: 1
-        start_mib: 0
-        wipe_partition_entry: false
-        should_exist: true
-        resize: false
-    - device : /dev/disk/by-id/ata-WDC_WD120EFGX-68CPHN0_WD-B00K2ELD
+        - number: 1
+          start_mib: 0
+          wipe_partition_entry: false
+          should_exist: true
+          resize: false
+    - device: /dev/disk/by-id/ata-WDC_WD120EFGX-68CPHN0_WD-B00K2ELD
       wipe_table: false
       partitions:
-      - number: 1
-        start_mib: 0
-        wipe_partition_entry: false
-        should_exist: true
-        resize: false
+        - number: 1
+          start_mib: 0
+          wipe_partition_entry: false
+          should_exist: true
+          resize: false
   filesystems:
     - device: /dev/disk/by-label/nas
       format: btrfs
@@ -57,6 +57,8 @@ storage:
         - defaults
         - noatime
         - nofail
+        - autodefrag
+        - compress=zstd:3
       with_mount_unit: true
   files:
     - path: /opt/bin/enable-all-quadlets.sh

quadlets/immich/immich-data.volume

@@ -0,0 +1,7 @@
+[Volume]
+Copy=true
+Device=/var/mnt/nas/containers/immich/storage/data
+Driver=local
+Options=bind
+Type=none
+VolumeName=immich-data

quadlets/immich/immich-database.container

@@ -0,0 +1,28 @@
+[Unit]
+Description=Immich database container
+
+[Container]
+AutoUpdate=registry
+ContainerName=immich-database
+Environment=DB_STORAGE_TYPE=HDD
+Environment=POSTGRES_USER=postgres
+Environment=POSTGRES_DB=immich
+Environment=POSTGRES_INTIDB_ARGS=--data-checksums
+Environment=TZ=Europe/Zurich
+HealthCmd=pg_isready -U postgres
+HealthInterval=30s
+HealthTimeout=10s
+HealthRetries=5
+Image=ghcr.io/immich-app/postgres:14-vectorchord0.4.3-pgvectors0.2.0@sha256:bcf63357191b76a916ae5eb93464d65c07511da41e3bf7a8416db519b40b1c23
+Pod=immich.pod
+Secret=database-password,type=env,target=POSTGRES_PASSWORD
+ShmSize=128m
+StartWithPod=true
+Timezone=Europe/Zurich
+Volume=immich-database.volume:/var/lib/postgresql/data
+
+[Service]
+Restart=always
+
+[Install]
+WantedBy=default.target

quadlets/immich/immich-database.volume

@@ -0,0 +1,7 @@
+[Volume]
+Copy=true
+Device=/var/mnt/nas/containers/immich/storage/database
+Driver=local
+Options=bind
+Type=none
+VolumeName=immich-database

quadlets/immich/immich-ml-cache.volume

@@ -0,0 +1,7 @@
+[Volume]
+Copy=true
+Device=/var/mnt/nas/containers/immich/storage/ml-cache
+Driver=local
+Options=bind
+Type=none
+VolumeName=immich-ml-cache

quadlets/immich/immich-ml.container

@@ -0,0 +1,24 @@
+[Unit]
+Description=Immich machine learning container
+
+[Container]
+AutoUpdate=registry
+ContainerName=immich-ml
+Environment=DB_DATA_LOCATION=./postgres
+Environment=DB_USERNAME=postgres
+Environment=DB_DATABASE_NAME=immich
+Environment=IMMICH_VERSION=v2
+Environment=TZ=Europe/Zurich
+Environment=UPLOAD_LOCATION=./library
+Image=ghcr.io/immich-app/immich-machine-learning:release
+Pod=immich.pod
+Secret=database-password,type=env,target=DB_PASSWORD
+StartWithPod=true
+Timezone=Europe/Zurich
+Volume=immich-ml-cache.volume:/cache
+
+[Service]
+Restart=always
+
+[Install]
+WantedBy=default.target

quadlets/immich/immich-redis.container

@@ -0,0 +1,21 @@
+[Unit]
+Description=Immich redis container
+
+[Container]
+AutoUpdate=registry
+ContainerName=immich-redis
+Environment=TZ=Europe/Zurich
+HealthCmd=redis-cli ping || exit 1
+HealthInterval=30s
+HealthTimeout=10s
+HealthRetries=5
+Image=docker.io/valkey/valkey:8@sha256:81db6d39e1bba3b3ff32bd3a1b19a6d69690f94a3954ec131277b9a26b95b3aa
+Pod=immich.pod
+StartWithPod=true
+Timezone=Europe/Zurich
+
+[Service]
+Restart=always
+
+[Install]
+WantedBy=default.target

quadlets/immich/immich.container

@@ -0,0 +1,28 @@
+[Unit]
+Description=Immich container
+After=immich-database.container
+After=immich-redis.container
+Requires=immich-database.container
+Requires=immich-redis.container
+
+[Container]
+AutoUpdate=registry
+ContainerName=immich
+Environment=DB_DATA_LOCATION=./postgres
+Environment=DB_USERNAME=postgres
+Environment=DB_DATABASE_NAME=immich
+Environment=IMMICH_VERSION=v2
+Environment=TZ=Europe/Zurich
+Environment=UPLOAD_LOCATION=./library
+Image=ghcr.io/immich-app/immich-server:release
+Pod=immich.pod
+Secret=database-password,type=env,target=DB_PASSWORD
+StartWithPod=true
+Timezone=Europe/Zurich
+Volume=immich-data.volume:/data
+
+[Service]
+Restart=always
+
+[Install]
+WantedBy=default.target

quadlets/immich/immich.pod

@@ -0,0 +1,3 @@
+[Pod]
+PodName=immich
+PublishPort=9008:2283

quadlets/wallabag/wallabag-data.volume

@@ -0,0 +1,7 @@
+[Volume]
+Copy=true
+Device=/var/mnt/nas/containers/wallabag/storage/data
+Driver=local
+Options=bind
+Type=none
+VolumeName=wallabag-data

quadlets/wallabag/wallabag.container

@@ -30,6 +30,7 @@ Secret=database-root-password,type=env,target=MYSQL_ROOT_PASSWORD
 Secret=database-password,type=env,target=SYMFONY__ENV__DATABASE_PASSWORD
 StartWithPod=true
 Timezone=Europe/Zurich
+Volume=wallabag-data.volume:/var/www/wallabag/data
 Volume=wallabag-images.volume:/var/www/wallabag/web/assets/images
 
 [Service]