Adds immich

2025-11-10 21:53:13 +01:00
parent 5fc4fbcef3
commit 7b21388adc
16 changed files with 151 additions and 14 deletions
--- a/files/install-additional-packages.service
+++ b/files/install-additional-packages.service
@@ -14,7 +14,7 @@ RemainAfterExit=yes
 # if the package is already installed. This is useful if the package is
 # added to the root image in a future Fedora CoreOS release as it will
 # prevent the service from failing.
-ExecStart=/usr/bin/rpm-ostree install -y --allow-inactive firewalld fail2ban fail2ban-firewalld setroubleshoot-server setools
+ExecStart=/usr/bin/rpm-ostree install -y --allow-inactive firewalld fail2ban fail2ban-firewalld setroubleshoot-server setools smartmontools
 ExecStart=/bin/touch /var/lib/additional-packages.stamp
 ExecStart=/bin/systemctl enable configure-firewalld.service enable-all-quadlets.service move-downloads-nextcloud.timer copy-music.timer
 ExecStart=semanage fcontext -a -t bin_t "/var/opt/bin(/.*)?"
--- a/files/smartd.conf
+++ b/files/smartd.conf
@@ -1,2 +1,3 @@
 /dev/disk/by-id/ata-WDC_WDS100T1R0B-68A4Z0_23133Y800481 -a -o on -S on -n standby,q -s (S/../.././12|L/../01/./08) -W 4,45,70 -m tga
 /dev/disk/by-id/ata-WDC_WD120EFBX-68B0EN0_5QKYB19B -a -o on -S on -n standby,q -s (S/../.././12|L/../01/./08) -W 4,45,60 -m tga
 /dev/disk/by-id/ata-WDC_WD120EFGX-68CPHN0_WD-B00K2ELD -a -o on -S on -n standby,q -s (S/../.././12|L/../01/./08) -W 4,45,60 -m tga
--- a/generate-config.sh
+++ b/generate-config.sh
@@ -41,7 +41,7 @@ files_template="
  files:
    - path: /var/lib/systemd/linger/__USER__
      mode: 0644"
-users=('arr' 'gitea' 'homeassistant' 'jdownloader' 'kiwix' 'komga' 'navidrome' 'nextcloud' 'nginx' 'pairdrop' 'paperless' 'pihole' 'qbittorrent' 'synapse' 'tga' 'wallabag')
+users=('arr' 'gitea' 'homeassistant' 'immich' 'jdownloader' 'kiwix' 'komga' 'navidrome' 'nextcloud' 'nginx' 'pairdrop' 'paperless' 'pihole' 'qbittorrent' 'synapse' 'tga' 'wallabag')
 mkdir -p users
 for user in "${users[@]}"; do
    user_butane="users/${user}.bu"
--- a/home/immich/.secrets
+++ b/home/immich/.secrets
@@ -0,0 +1 @@
 database-password=U6WKyoCU4fw8rfB8ezpXVZJQc3s3lcoe
--- a/init/enable-all-quadlets.sh
+++ b/init/enable-all-quadlets.sh
@@ -7,7 +7,7 @@ semanage fcontext -a -t container_file_t "/mnt/nas(/.*)?"
 #semanage fcontext -a -t container_file_t "/mnt/nas/containers/.*/storage/.*(/.*)?"
 restorecon -vR /mnt/nas
-users=("gitea" "homeassistant" "jdownloader" "kiwix" "komga" "navidrome" "nextcloud" "nginx" "pairdrop" "paperless" "pihole" "qbittorrent" "synapse" "wallabag")
+users=("gitea" "homeassistant" "immich" "jdownloader" "kiwix" "komga" "navidrome" "nextcloud" "nginx" "pairdrop" "paperless" "pihole" "qbittorrent" "synapse" "wallabag")
 for user in "${users[@]}"; do
  chown -R "${user}:${user}" "/var/home/${user}"
  secrets_file="/var/home/${user}/.secrets"
--- a/pi4.bu
+++ b/pi4.bu
@@ -57,6 +57,8 @@ storage:
        - defaults
        - noatime
        - nofail
        - autodefrag
        - compress=zstd:3
      with_mount_unit: true
  files:
    - path: /opt/bin/enable-all-quadlets.sh
--- a/quadlets/immich/immich-data.volume
+++ b/quadlets/immich/immich-data.volume
@@ -0,0 +1,7 @@
 [Volume]
 Copy=true
 Device=/var/mnt/nas/containers/immich/storage/data
 Driver=local
 Options=bind
 Type=none
 VolumeName=immich-data
--- a/quadlets/immich/immich-database.container
+++ b/quadlets/immich/immich-database.container
@@ -0,0 +1,28 @@
 [Unit]
 Description=Immich database container
 [Container]
 AutoUpdate=registry
 ContainerName=immich-database
 Environment=DB_STORAGE_TYPE=HDD
 Environment=POSTGRES_USER=postgres
 Environment=POSTGRES_DB=immich
 Environment=POSTGRES_INTIDB_ARGS=--data-checksums
 Environment=TZ=Europe/Zurich
 HealthCmd=pg_isready -U postgres
 HealthInterval=30s
 HealthTimeout=10s
 HealthRetries=5
 Image=ghcr.io/immich-app/postgres:14-vectorchord0.4.3-pgvectors0.2.0@sha256:bcf63357191b76a916ae5eb93464d65c07511da41e3bf7a8416db519b40b1c23
 Pod=immich.pod
 Secret=database-password,type=env,target=POSTGRES_PASSWORD
 ShmSize=128m
 StartWithPod=true
 Timezone=Europe/Zurich
 Volume=immich-database.volume:/var/lib/postgresql/data
 [Service]
 Restart=always
 [Install]
 WantedBy=default.target
--- a/quadlets/immich/immich-database.volume
+++ b/quadlets/immich/immich-database.volume
@@ -0,0 +1,7 @@
 [Volume]
 Copy=true
 Device=/var/mnt/nas/containers/immich/storage/database
 Driver=local
 Options=bind
 Type=none
 VolumeName=immich-database
--- a/quadlets/immich/immich-ml-cache.volume
+++ b/quadlets/immich/immich-ml-cache.volume
@@ -0,0 +1,7 @@
 [Volume]
 Copy=true
 Device=/var/mnt/nas/containers/immich/storage/ml-cache
 Driver=local
 Options=bind
 Type=none
 VolumeName=immich-ml-cache
--- a/quadlets/immich/immich-ml.container
+++ b/quadlets/immich/immich-ml.container
@@ -0,0 +1,24 @@
 [Unit]
 Description=Immich machine learning container
 [Container]
 AutoUpdate=registry
 ContainerName=immich-ml
 Environment=DB_DATA_LOCATION=./postgres
 Environment=DB_USERNAME=postgres
 Environment=DB_DATABASE_NAME=immich
 Environment=IMMICH_VERSION=v2
 Environment=TZ=Europe/Zurich
 Environment=UPLOAD_LOCATION=./library
 Image=ghcr.io/immich-app/immich-machine-learning:release
 Pod=immich.pod
 Secret=database-password,type=env,target=DB_PASSWORD
 StartWithPod=true
 Timezone=Europe/Zurich
 Volume=immich-ml-cache.volume:/cache
 [Service]
 Restart=always
 [Install]
 WantedBy=default.target
--- a/quadlets/immich/immich-redis.container
+++ b/quadlets/immich/immich-redis.container
@@ -0,0 +1,21 @@
 [Unit]
 Description=Immich redis container
 [Container]
 AutoUpdate=registry
 ContainerName=immich-redis
 Environment=TZ=Europe/Zurich
 HealthCmd=redis-cli ping || exit 1
 HealthInterval=30s
 HealthTimeout=10s
 HealthRetries=5
 Image=docker.io/valkey/valkey:8@sha256:81db6d39e1bba3b3ff32bd3a1b19a6d69690f94a3954ec131277b9a26b95b3aa
 Pod=immich.pod
 StartWithPod=true
 Timezone=Europe/Zurich
 [Service]
 Restart=always
 [Install]
 WantedBy=default.target
--- a/quadlets/immich/immich.container
+++ b/quadlets/immich/immich.container
@@ -0,0 +1,28 @@
 [Unit]
 Description=Immich container
 After=immich-database.container
 After=immich-redis.container
 Requires=immich-database.container
 Requires=immich-redis.container
 [Container]
 AutoUpdate=registry
 ContainerName=immich
 Environment=DB_DATA_LOCATION=./postgres
 Environment=DB_USERNAME=postgres
 Environment=DB_DATABASE_NAME=immich
 Environment=IMMICH_VERSION=v2
 Environment=TZ=Europe/Zurich
 Environment=UPLOAD_LOCATION=./library
 Image=ghcr.io/immich-app/immich-server:release
 Pod=immich.pod
 Secret=database-password,type=env,target=DB_PASSWORD
 StartWithPod=true
 Timezone=Europe/Zurich
 Volume=immich-data.volume:/data
 [Service]
 Restart=always
 [Install]
 WantedBy=default.target
--- a/quadlets/immich/immich.pod
+++ b/quadlets/immich/immich.pod
@@ -0,0 +1,3 @@
 [Pod]
 PodName=immich
 PublishPort=9008:2283
--- a/quadlets/wallabag/wallabag-data.volume
+++ b/quadlets/wallabag/wallabag-data.volume
@@ -0,0 +1,7 @@
 [Volume]
 Copy=true
 Device=/var/mnt/nas/containers/wallabag/storage/data
 Driver=local
 Options=bind
 Type=none
 VolumeName=wallabag-data
--- a/quadlets/wallabag/wallabag.container
+++ b/quadlets/wallabag/wallabag.container
@@ -30,6 +30,7 @@ Secret=database-root-password,type=env,target=MYSQL_ROOT_PASSWORD
 Secret=database-password,type=env,target=SYMFONY__ENV__DATABASE_PASSWORD
 StartWithPod=true
 Timezone=Europe/Zurich
 Volume=wallabag-data.volume:/var/www/wallabag/data
 Volume=wallabag-images.volume:/var/www/wallabag/web/assets/images
 [Service]
		`@@ -0,0 +1 @@`
							`database-password=U6WKyoCU4fw8rfB8ezpXVZJQc3s3lcoe`