ingress

2026-05-26 17:21:03 +02:00
parent af81ce3df8
commit 34d8d82dbf
14 changed files with 309 additions and 38 deletions
@@ -0,0 +1,17 @@
+[Unit]
+Description=Immich Postgres
+
+[Container]
+ContainerName=immich-db
+Image=ghcr.io/immich-app/postgres:14-vectorchord0.4.3
+Network=immich.network
+Volume=immich-pgdata.volume:/var/lib/postgresql/data
+Environment=POSTGRES_USER=immich
+Environment=POSTGRES_PASSWORD={{ pico_db_password }}
+Environment=POSTGRES_DB=immich
+
+[Service]
+Restart=on-failure
+
+[Install]
+WantedBy=default.target
@@ -0,0 +1,13 @@
+[Unit]
+Description=Immich Redis
+
+[Container]
+ContainerName=immich-redis
+Image=docker.io/redis:6.2-alpine
+Network=immich.network
+
+[Service]
+Restart=on-failure
+
+[Install]
+WantedBy=default.target
@@ -0,0 +1,22 @@
+[Unit]
+Description=Immich Server
+Requires=immich-db.service immich-redis.service
+After=immich-db.service immich-redis.service
+
+[Container]
+ContainerName=immich-server
+Image=ghcr.io/immich-app/immich-server:release
+Network=immich.network
+PublishPort=127.0.0.1:2283:2283
+Volume=immich-upload.volume:/usr/src/app/upload
+Environment=DB_HOSTNAME=immich-db
+Environment=DB_USERNAME=immich
+Environment=DB_PASSWORD={{ pico_db_password }}
+Environment=DB_DATABASE_NAME=immich
+Environment=REDIS_HOSTNAME=immich-redis
+
+[Service]
+Restart=on-failure
+
+[Install]
+WantedBy=default.target
@@ -0,0 +1,103 @@
+- name: Immich
+  hosts: pi
+  become: true
+  vars:
+    immich_user: immich
+    immich_home: /home/immich
+    quadlet_dir: "{{ immich_home }}/.config/containers/systemd"
+    pico_db_password: !vault |
+              $ANSIBLE_VAULT;1.1;AES256
+              64666332336435616365303563636634373333346537643336626235316432643336303665646463
+              3735653065653561643635376237393666313137303661370a336664623937623061313663303835
+              37623866383831623433366132346232663862653566653139323630356466653134363035363836
+              3061376330316365310a393961343065633937336534306265663733653665383233383030326439
+              30633861353033656264663439623264383536376664613665613138623262623261
+
+  tasks:
+    - name: Install podman
+      ansible.builtin.apt:
+        name: podman
+        state: present
+
+    - name: Create immich user
+      ansible.builtin.user:
+        name: "{{ immich_user }}"
+        home: "{{ immich_home }}"
+        shell: /usr/sbin/nologin
+        create_home: true
+      register: immich_user_info
+
+    - name: Enable linger
+      ansible.builtin.command:
+        cmd: "loginctl enable-linger {{ immich_user }}"
+        creates: "/var/lib/systemd/linger/{{ immich_user }}"
+
+    - name: Create quadlet directory
+      ansible.builtin.file:
+        path: "{{ quadlet_dir }}"
+        state: directory
+        owner: "{{ immich_user }}"
+        group: "{{ immich_user }}"
+        mode: '0755'
+
+    - name: Deploy network
+      ansible.builtin.copy:
+        dest: "{{ quadlet_dir }}/immich.network"
+        content: "[Network]\n"
+        owner: "{{ immich_user }}"
+        group: "{{ immich_user }}"
+        mode: '0644'
+
+    - name: Deploy volumes
+      ansible.builtin.copy:
+        dest: "{{ quadlet_dir }}/{{ item }}.volume"
+        content: "[Volume]\n"
+        owner: "{{ immich_user }}"
+        group: "{{ immich_user }}"
+        mode: '0644'
+      loop:
+        - immich-pgdata
+        - immich-upload
+
+    - name: Deploy db quadlet
+      ansible.builtin.template:
+        src: immich-db.container.j2
+        dest: "{{ quadlet_dir }}/immich-db.container"
+        owner: "{{ immich_user }}"
+        group: "{{ immich_user }}"
+        mode: '0644'
+
+    - name: Deploy redis quadlet
+      ansible.builtin.copy:
+        src: immich-redis.container
+        dest: "{{ quadlet_dir }}/immich-redis.container"
+        owner: "{{ immich_user }}"
+        group: "{{ immich_user }}"
+        mode: '0644'
+
+    - name: Deploy server quadlet
+      ansible.builtin.template:
+        src: immich-server.container.j2
+        dest: "{{ quadlet_dir }}/immich-server.container"
+        owner: "{{ immich_user }}"
+        group: "{{ immich_user }}"
+        mode: '0644'
+
+    - name: Reload user systemd
+      become_user: "{{ immich_user }}"
+      environment:
+        XDG_RUNTIME_DIR: "/run/user/{{ immich_user_info.uid }}"
+        DBUS_SESSION_BUS_ADDRESS: "unix:path=/run/user/{{ immich_user_info.uid }}/bus"
+      ansible.builtin.systemd:
+        daemon_reload: true
+        scope: user
+
+    - name: Start immich-server
+      become_user: "{{ immich_user }}"
+      environment:
+        XDG_RUNTIME_DIR: "/run/user/{{ immich_user_info.uid }}"
+        DBUS_SESSION_BUS_ADDRESS: "unix:path=/run/user/{{ immich_user_info.uid }}/bus"
+      ansible.builtin.systemd:
+        name: immich-server.service
+        state: started
+        scope: user