From 7b21388adcd0ac4976a3af8ea008422f3f55a808 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Guillaume=20T=C3=A2che?= Date: Mon, 10 Nov 2025 21:53:13 +0100 Subject: [PATCH] Adds immich --- files/install-additional-packages.service | 2 +- files/smartd.conf | 1 + generate-config.sh | 2 +- home/immich/.secrets | 1 + init/enable-all-quadlets.sh | 2 +- pi4.bu | 24 ++++++++++--------- quadlets/immich/immich-data.volume | 7 ++++++ quadlets/immich/immich-database.container | 28 +++++++++++++++++++++++ quadlets/immich/immich-database.volume | 7 ++++++ quadlets/immich/immich-ml-cache.volume | 7 ++++++ quadlets/immich/immich-ml.container | 24 +++++++++++++++++++ quadlets/immich/immich-redis.container | 21 +++++++++++++++++ quadlets/immich/immich.container | 28 +++++++++++++++++++++++ quadlets/immich/immich.pod | 3 +++ quadlets/wallabag/wallabag-data.volume | 7 ++++++ quadlets/wallabag/wallabag.container | 1 + 16 files changed, 151 insertions(+), 14 deletions(-) create mode 100644 home/immich/.secrets create mode 100644 quadlets/immich/immich-data.volume create mode 100644 quadlets/immich/immich-database.container create mode 100644 quadlets/immich/immich-database.volume create mode 100644 quadlets/immich/immich-ml-cache.volume create mode 100644 quadlets/immich/immich-ml.container create mode 100644 quadlets/immich/immich-redis.container create mode 100644 quadlets/immich/immich.container create mode 100644 quadlets/immich/immich.pod create mode 100644 quadlets/wallabag/wallabag-data.volume diff --git a/files/install-additional-packages.service b/files/install-additional-packages.service index 6295a89..68e61b7 100644 --- a/files/install-additional-packages.service +++ b/files/install-additional-packages.service @@ -14,7 +14,7 @@ RemainAfterExit=yes # if the package is already installed. This is useful if the package is # added to the root image in a future Fedora CoreOS release as it will # prevent the service from failing. -ExecStart=/usr/bin/rpm-ostree install -y --allow-inactive firewalld fail2ban fail2ban-firewalld setroubleshoot-server setools +ExecStart=/usr/bin/rpm-ostree install -y --allow-inactive firewalld fail2ban fail2ban-firewalld setroubleshoot-server setools smartmontools ExecStart=/bin/touch /var/lib/additional-packages.stamp ExecStart=/bin/systemctl enable configure-firewalld.service enable-all-quadlets.service move-downloads-nextcloud.timer copy-music.timer ExecStart=semanage fcontext -a -t bin_t "/var/opt/bin(/.*)?" diff --git a/files/smartd.conf b/files/smartd.conf index 9bc342c..6927a26 100644 --- a/files/smartd.conf +++ b/files/smartd.conf @@ -1,2 +1,3 @@ +/dev/disk/by-id/ata-WDC_WDS100T1R0B-68A4Z0_23133Y800481 -a -o on -S on -n standby,q -s (S/../.././12|L/../01/./08) -W 4,45,70 -m tga /dev/disk/by-id/ata-WDC_WD120EFBX-68B0EN0_5QKYB19B -a -o on -S on -n standby,q -s (S/../.././12|L/../01/./08) -W 4,45,60 -m tga /dev/disk/by-id/ata-WDC_WD120EFGX-68CPHN0_WD-B00K2ELD -a -o on -S on -n standby,q -s (S/../.././12|L/../01/./08) -W 4,45,60 -m tga diff --git a/generate-config.sh b/generate-config.sh index fa6d321..afe7874 100755 --- a/generate-config.sh +++ b/generate-config.sh @@ -41,7 +41,7 @@ files_template=" files: - path: /var/lib/systemd/linger/__USER__ mode: 0644" -users=('arr' 'gitea' 'homeassistant' 'jdownloader' 'kiwix' 'komga' 'navidrome' 'nextcloud' 'nginx' 'pairdrop' 'paperless' 'pihole' 'qbittorrent' 'synapse' 'tga' 'wallabag') +users=('arr' 'gitea' 'homeassistant' 'immich' 'jdownloader' 'kiwix' 'komga' 'navidrome' 'nextcloud' 'nginx' 'pairdrop' 'paperless' 'pihole' 'qbittorrent' 'synapse' 'tga' 'wallabag') mkdir -p users for user in "${users[@]}"; do user_butane="users/${user}.bu" diff --git a/home/immich/.secrets b/home/immich/.secrets new file mode 100644 index 0000000..adb9946 --- /dev/null +++ b/home/immich/.secrets @@ -0,0 +1 @@ +database-password=U6WKyoCU4fw8rfB8ezpXVZJQc3s3lcoe diff --git a/init/enable-all-quadlets.sh b/init/enable-all-quadlets.sh index f903cc0..befee5c 100644 --- a/init/enable-all-quadlets.sh +++ b/init/enable-all-quadlets.sh @@ -7,7 +7,7 @@ semanage fcontext -a -t container_file_t "/mnt/nas(/.*)?" #semanage fcontext -a -t container_file_t "/mnt/nas/containers/.*/storage/.*(/.*)?" restorecon -vR /mnt/nas -users=("gitea" "homeassistant" "jdownloader" "kiwix" "komga" "navidrome" "nextcloud" "nginx" "pairdrop" "paperless" "pihole" "qbittorrent" "synapse" "wallabag") +users=("gitea" "homeassistant" "immich" "jdownloader" "kiwix" "komga" "navidrome" "nextcloud" "nginx" "pairdrop" "paperless" "pihole" "qbittorrent" "synapse" "wallabag") for user in "${users[@]}"; do chown -R "${user}:${user}" "/var/home/${user}" secrets_file="/var/home/${user}/.secrets" diff --git a/pi4.bu b/pi4.bu index 11f1e1f..9edebc5 100644 --- a/pi4.bu +++ b/pi4.bu @@ -33,19 +33,19 @@ storage: - device: /dev/disk/by-id/ata-WDC_WD120EFBX-68B0EN0_5QKYB19B wipe_table: false partitions: - - number: 1 - start_mib: 0 - wipe_partition_entry: false - should_exist: true - resize: false - - device : /dev/disk/by-id/ata-WDC_WD120EFGX-68CPHN0_WD-B00K2ELD + - number: 1 + start_mib: 0 + wipe_partition_entry: false + should_exist: true + resize: false + - device: /dev/disk/by-id/ata-WDC_WD120EFGX-68CPHN0_WD-B00K2ELD wipe_table: false partitions: - - number: 1 - start_mib: 0 - wipe_partition_entry: false - should_exist: true - resize: false + - number: 1 + start_mib: 0 + wipe_partition_entry: false + should_exist: true + resize: false filesystems: - device: /dev/disk/by-label/nas format: btrfs @@ -57,6 +57,8 @@ storage: - defaults - noatime - nofail + - autodefrag + - compress=zstd:3 with_mount_unit: true files: - path: /opt/bin/enable-all-quadlets.sh diff --git a/quadlets/immich/immich-data.volume b/quadlets/immich/immich-data.volume new file mode 100644 index 0000000..b6f843d --- /dev/null +++ b/quadlets/immich/immich-data.volume @@ -0,0 +1,7 @@ +[Volume] +Copy=true +Device=/var/mnt/nas/containers/immich/storage/data +Driver=local +Options=bind +Type=none +VolumeName=immich-data diff --git a/quadlets/immich/immich-database.container b/quadlets/immich/immich-database.container new file mode 100644 index 0000000..e438160 --- /dev/null +++ b/quadlets/immich/immich-database.container @@ -0,0 +1,28 @@ +[Unit] +Description=Immich database container + +[Container] +AutoUpdate=registry +ContainerName=immich-database +Environment=DB_STORAGE_TYPE=HDD +Environment=POSTGRES_USER=postgres +Environment=POSTGRES_DB=immich +Environment=POSTGRES_INTIDB_ARGS=--data-checksums +Environment=TZ=Europe/Zurich +HealthCmd=pg_isready -U postgres +HealthInterval=30s +HealthTimeout=10s +HealthRetries=5 +Image=ghcr.io/immich-app/postgres:14-vectorchord0.4.3-pgvectors0.2.0@sha256:bcf63357191b76a916ae5eb93464d65c07511da41e3bf7a8416db519b40b1c23 +Pod=immich.pod +Secret=database-password,type=env,target=POSTGRES_PASSWORD +ShmSize=128m +StartWithPod=true +Timezone=Europe/Zurich +Volume=immich-database.volume:/var/lib/postgresql/data + +[Service] +Restart=always + +[Install] +WantedBy=default.target diff --git a/quadlets/immich/immich-database.volume b/quadlets/immich/immich-database.volume new file mode 100644 index 0000000..ee46e23 --- /dev/null +++ b/quadlets/immich/immich-database.volume @@ -0,0 +1,7 @@ +[Volume] +Copy=true +Device=/var/mnt/nas/containers/immich/storage/database +Driver=local +Options=bind +Type=none +VolumeName=immich-database diff --git a/quadlets/immich/immich-ml-cache.volume b/quadlets/immich/immich-ml-cache.volume new file mode 100644 index 0000000..e2c3e2e --- /dev/null +++ b/quadlets/immich/immich-ml-cache.volume @@ -0,0 +1,7 @@ +[Volume] +Copy=true +Device=/var/mnt/nas/containers/immich/storage/ml-cache +Driver=local +Options=bind +Type=none +VolumeName=immich-ml-cache diff --git a/quadlets/immich/immich-ml.container b/quadlets/immich/immich-ml.container new file mode 100644 index 0000000..3504988 --- /dev/null +++ b/quadlets/immich/immich-ml.container @@ -0,0 +1,24 @@ +[Unit] +Description=Immich machine learning container + +[Container] +AutoUpdate=registry +ContainerName=immich-ml +Environment=DB_DATA_LOCATION=./postgres +Environment=DB_USERNAME=postgres +Environment=DB_DATABASE_NAME=immich +Environment=IMMICH_VERSION=v2 +Environment=TZ=Europe/Zurich +Environment=UPLOAD_LOCATION=./library +Image=ghcr.io/immich-app/immich-machine-learning:release +Pod=immich.pod +Secret=database-password,type=env,target=DB_PASSWORD +StartWithPod=true +Timezone=Europe/Zurich +Volume=immich-ml-cache.volume:/cache + +[Service] +Restart=always + +[Install] +WantedBy=default.target diff --git a/quadlets/immich/immich-redis.container b/quadlets/immich/immich-redis.container new file mode 100644 index 0000000..3ab4e1c --- /dev/null +++ b/quadlets/immich/immich-redis.container @@ -0,0 +1,21 @@ +[Unit] +Description=Immich redis container + +[Container] +AutoUpdate=registry +ContainerName=immich-redis +Environment=TZ=Europe/Zurich +HealthCmd=redis-cli ping || exit 1 +HealthInterval=30s +HealthTimeout=10s +HealthRetries=5 +Image=docker.io/valkey/valkey:8@sha256:81db6d39e1bba3b3ff32bd3a1b19a6d69690f94a3954ec131277b9a26b95b3aa +Pod=immich.pod +StartWithPod=true +Timezone=Europe/Zurich + +[Service] +Restart=always + +[Install] +WantedBy=default.target diff --git a/quadlets/immich/immich.container b/quadlets/immich/immich.container new file mode 100644 index 0000000..a74a87f --- /dev/null +++ b/quadlets/immich/immich.container @@ -0,0 +1,28 @@ +[Unit] +Description=Immich container +After=immich-database.container +After=immich-redis.container +Requires=immich-database.container +Requires=immich-redis.container + +[Container] +AutoUpdate=registry +ContainerName=immich +Environment=DB_DATA_LOCATION=./postgres +Environment=DB_USERNAME=postgres +Environment=DB_DATABASE_NAME=immich +Environment=IMMICH_VERSION=v2 +Environment=TZ=Europe/Zurich +Environment=UPLOAD_LOCATION=./library +Image=ghcr.io/immich-app/immich-server:release +Pod=immich.pod +Secret=database-password,type=env,target=DB_PASSWORD +StartWithPod=true +Timezone=Europe/Zurich +Volume=immich-data.volume:/data + +[Service] +Restart=always + +[Install] +WantedBy=default.target diff --git a/quadlets/immich/immich.pod b/quadlets/immich/immich.pod new file mode 100644 index 0000000..22c2eaf --- /dev/null +++ b/quadlets/immich/immich.pod @@ -0,0 +1,3 @@ +[Pod] +PodName=immich +PublishPort=9008:2283 diff --git a/quadlets/wallabag/wallabag-data.volume b/quadlets/wallabag/wallabag-data.volume new file mode 100644 index 0000000..c889135 --- /dev/null +++ b/quadlets/wallabag/wallabag-data.volume @@ -0,0 +1,7 @@ +[Volume] +Copy=true +Device=/var/mnt/nas/containers/wallabag/storage/data +Driver=local +Options=bind +Type=none +VolumeName=wallabag-data diff --git a/quadlets/wallabag/wallabag.container b/quadlets/wallabag/wallabag.container index 0c137d4..f68f308 100644 --- a/quadlets/wallabag/wallabag.container +++ b/quadlets/wallabag/wallabag.container @@ -30,6 +30,7 @@ Secret=database-root-password,type=env,target=MYSQL_ROOT_PASSWORD Secret=database-password,type=env,target=SYMFONY__ENV__DATABASE_PASSWORD StartWithPod=true Timezone=Europe/Zurich +Volume=wallabag-data.volume:/var/www/wallabag/data Volume=wallabag-images.volume:/var/www/wallabag/web/assets/images [Service]