archy/apps/immich/manifest.yml

app:
  id: immich
  name: Immich
  version: "2.7.4"
  description: Self-hosted photo and video backup with mobile apps and search.

  # app_id "immich" = the user-facing launcher (matches the catalog entry's title
  # + icon). The container is named "immich_server" so it matches the runtime's
  # existing per-app container references (lifecycle/health/crash-recovery/ports);
  # `container_name` is a top-level app key (captured by serde(flatten) into
  # extensions, read by compute_container_name). It reaches its backends by their
  # underscore aliases on archy-net (DB_HOSTNAME / REDIS_HOSTNAME below).
  container_name: immich_server

  container:
    image: 146.59.87.168:3000/lfg2025/immich-server:release
    pull_policy: if-not-present
    network: archy-net
    secret_env:
      - key: DB_PASSWORD
        secret_file: immich-db-password

  dependencies:
    - app_id: immich-postgres
    - app_id: immich-redis
    - storage: 200Gi

  resources:
    memory_limit: 2Gi
    disk_limit: 200Gi

  security:
    capabilities: []
    readonly_root: false
    network_policy: isolated

  ports:
    - host: 2283
      container: 2283
      protocol: tcp

  volumes:
    - type: bind
      source: /var/lib/archipelago/immich
      target: /usr/src/app/upload
      options: [rw]

  environment:
    - DB_HOSTNAME=immich_postgres
    - DB_USERNAME=postgres
    - DB_DATABASE_NAME=immich
    - REDIS_HOSTNAME=immich_redis
    - UPLOAD_LOCATION=/usr/src/app/upload

  health_check:
    type: http
    endpoint: http://localhost:2283
    path: /api/server/ping
    interval: 30s
    timeout: 5s
    retries: 20

  interfaces:
    main:
      name: Web UI
      description: Immich photo library
      type: ui
      port: 2283
      protocol: http
      path: /

  metadata:
    launch:
      open_in_new_tab: true
feat(immich): scaffold registry manifests for postgres/redis/server (not yet live) immich becomes a manifest-driven stack (the legacy install_immich_stack — hardcoded podman run + sudo chown — is the anti-pattern being retired). Three image-only manifests modelled on the btcpay stack + the live .228 container config: - immich-postgres / immich-redis / immich-server on archy-net; container_name set to the underscore form (immich_postgres/_redis/_server) so the server's DB_HOSTNAME/REDIS_HOSTNAME aliases resolve. - generated_secrets: [immich-db-password] (idempotent — reuses the live secret on existing nodes; postgres is already initialised with it). - server depends on postgres+redis (install ordering); upload bind preserved. Inert for now: not added to the UI catalog and install_immich_stack still the default, so nothing installs these until the orchestrator wiring + on-node ownership (data_uid) validation lands. Schema validated by the all-manifests round-trip test. See docs/PRODUCTION-MASTER-PLAN.md §6. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> 2026-06-21 05:53:58 -04:00			`app:`
fix(immich): restore canonical app_id "immich" (title + icon) After the manifest migration the launcher installed as "immich-server" (app_id), which has no catalog entry → showed the raw id and no icon. Rename the server manifest app_id immich-server→immich so it matches the catalog/curated "immich" entry (title "Immich", icon immich.png) and is recognised as a known launcher app (APP_CATEGORY_MAP) → stays in My Apps. immich_stack_app_ids now installs [immich-postgres, immich-redis, immich]; orchestrator.install bypasses package routing so there's no recursion with the "immich"→stack-installer mapping. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> 2026-06-21 08:07:08 -04:00			`id: immich`
feat(immich): scaffold registry manifests for postgres/redis/server (not yet live) immich becomes a manifest-driven stack (the legacy install_immich_stack — hardcoded podman run + sudo chown — is the anti-pattern being retired). Three image-only manifests modelled on the btcpay stack + the live .228 container config: - immich-postgres / immich-redis / immich-server on archy-net; container_name set to the underscore form (immich_postgres/_redis/_server) so the server's DB_HOSTNAME/REDIS_HOSTNAME aliases resolve. - generated_secrets: [immich-db-password] (idempotent — reuses the live secret on existing nodes; postgres is already initialised with it). - server depends on postgres+redis (install ordering); upload bind preserved. Inert for now: not added to the UI catalog and install_immich_stack still the default, so nothing installs these until the orchestrator wiring + on-node ownership (data_uid) validation lands. Schema validated by the all-manifests round-trip test. See docs/PRODUCTION-MASTER-PLAN.md §6. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> 2026-06-21 05:53:58 -04:00			`name: Immich`
feat(immich): manifest-driven stack via orchestrator — live-migrated on .228 Completes the immich migration off the legacy hardcoded install_immich_stack (podman run + sudo chown) to the registry-manifest + orchestrator path. Validated live on .228 (clean single set, healthy v2.7.4, data dir ownership correct). - install_immich_stack now tries install_stack_via_orchestrator(immich_stack_app_ids) first; legacy remains only as the no-manifests fallback. - immich-{postgres,redis,server} manifests corrected from live findings: * named by app_id (dropped container_name override) — using container_name spawned DUPLICATE containers (app_id-named install vs name-override reconcile) on the same PGDATA, which corrupted a postgres cluster. Server reaches its siblings via app_id aliases (DB_HOSTNAME=immich-postgres, REDIS=immich-redis). * immich-postgres data_uid 100998:100998 (postgres drops to container 999 → host 100998 under rootless; verified the fresh dir is chowned correctly). * immich-server version "release"→"2.7.4" (manifest validation requires a digit; the bad version made the manifest silently skip → partial orchestrator install → legacy fallback → the duplicate corruption above). - HARDEN install_stack_via_orchestrator: only fall back to the legacy installer when NOTHING was installed yet. An "unknown app_id" AFTER a member is up now errors instead of double-creating containers on shared data (the corruption root cause). - Strict the all-manifests round-trip test: fail (not skip) on any invalid shipped manifest — this gap let the bad immich-server version through. Known follow-up (pre-existing, platform-wide): orchestrator-installed backends (immich, btcpay-db) run as podman --restart, not Quadlet, and podman-restart.service is disabled on .228 → reboot-survival gap independent of this migration. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> 2026-06-21 07:08:45 -04:00			`version: "2.7.4"`
feat(immich): scaffold registry manifests for postgres/redis/server (not yet live) immich becomes a manifest-driven stack (the legacy install_immich_stack — hardcoded podman run + sudo chown — is the anti-pattern being retired). Three image-only manifests modelled on the btcpay stack + the live .228 container config: - immich-postgres / immich-redis / immich-server on archy-net; container_name set to the underscore form (immich_postgres/_redis/_server) so the server's DB_HOSTNAME/REDIS_HOSTNAME aliases resolve. - generated_secrets: [immich-db-password] (idempotent — reuses the live secret on existing nodes; postgres is already initialised with it). - server depends on postgres+redis (install ordering); upload bind preserved. Inert for now: not added to the UI catalog and install_immich_stack still the default, so nothing installs these until the orchestrator wiring + on-node ownership (data_uid) validation lands. Schema validated by the all-manifests round-trip test. See docs/PRODUCTION-MASTER-PLAN.md §6. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> 2026-06-21 05:53:58 -04:00			`description: Self-hosted photo and video backup with mobile apps and search.`

fix(immich): restore canonical app_id "immich" (title + icon) After the manifest migration the launcher installed as "immich-server" (app_id), which has no catalog entry → showed the raw id and no icon. Rename the server manifest app_id immich-server→immich so it matches the catalog/curated "immich" entry (title "Immich", icon immich.png) and is recognised as a known launcher app (APP_CATEGORY_MAP) → stays in My Apps. immich_stack_app_ids now installs [immich-postgres, immich-redis, immich]; orchestrator.install bypasses package routing so there's no recursion with the "immich"→stack-installer mapping. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> 2026-06-21 08:07:08 -04:00			`# app_id "immich" = the user-facing launcher (matches the catalog entry's title`
fix(immich): name containers underscore to match runtime lifecycle code package.stop/start/restart broke ("no containers found" / "no such object immich_postgres") because the runtime hardcodes the immich stack's container names as immich_server/immich_postgres/immich_redis (underscore) across 8 files (lifecycle, health, crash-recovery, ports, config). The migration had named the containers by app_id (hyphen), mismatching all of it. Root cause of the earlier failed attempt: container_name was nested under an `extensions:` block, but `app.extensions` is serde(flatten) — container_name must be a TOP-LEVEL app key to be read by compute_container_name. Fixed: set container_name: immich_server / immich_postgres / immich_redis at top level, and point DB_HOSTNAME/REDIS_HOSTNAME at the underscore aliases. App ids stay hyphen (immich/immich-postgres/immich-redis) so the catalog identity (title+icon) holds. Manifest-only change — container names now match existing runtime references, no code edits to the 8 files. (Deriving stack containers from manifests instead of hardcoded lists remains a north-star follow-up.) Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> 2026-06-21 09:20:38 -04:00			`# + icon). The container is named "immich_server" so it matches the runtime's`
			`# existing per-app container references (lifecycle/health/crash-recovery/ports);`
			# `container_name` is a top-level app key (captured by serde(flatten) into
			`# extensions, read by compute_container_name). It reaches its backends by their`
			`# underscore aliases on archy-net (DB_HOSTNAME / REDIS_HOSTNAME below).`
			`container_name: immich_server`
feat(immich): scaffold registry manifests for postgres/redis/server (not yet live) immich becomes a manifest-driven stack (the legacy install_immich_stack — hardcoded podman run + sudo chown — is the anti-pattern being retired). Three image-only manifests modelled on the btcpay stack + the live .228 container config: - immich-postgres / immich-redis / immich-server on archy-net; container_name set to the underscore form (immich_postgres/_redis/_server) so the server's DB_HOSTNAME/REDIS_HOSTNAME aliases resolve. - generated_secrets: [immich-db-password] (idempotent — reuses the live secret on existing nodes; postgres is already initialised with it). - server depends on postgres+redis (install ordering); upload bind preserved. Inert for now: not added to the UI catalog and install_immich_stack still the default, so nothing installs these until the orchestrator wiring + on-node ownership (data_uid) validation lands. Schema validated by the all-manifests round-trip test. See docs/PRODUCTION-MASTER-PLAN.md §6. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> 2026-06-21 05:53:58 -04:00
			`container:`
			`image: 146.59.87.168:3000/lfg2025/immich-server:release`
			`pull_policy: if-not-present`
			`network: archy-net`
			`secret_env:`
			`- key: DB_PASSWORD`
			`secret_file: immich-db-password`

			`dependencies:`
			`- app_id: immich-postgres`
			`- app_id: immich-redis`
			`- storage: 200Gi`

			`resources:`
			`memory_limit: 2Gi`
			`disk_limit: 200Gi`

			`security:`
			`capabilities: []`
			`readonly_root: false`
			`network_policy: isolated`

			`ports:`
			`- host: 2283`
			`container: 2283`
			`protocol: tcp`

			`volumes:`
			`- type: bind`
			`source: /var/lib/archipelago/immich`
			`target: /usr/src/app/upload`
			`options: [rw]`

			`environment:`
fix(immich): name containers underscore to match runtime lifecycle code package.stop/start/restart broke ("no containers found" / "no such object immich_postgres") because the runtime hardcodes the immich stack's container names as immich_server/immich_postgres/immich_redis (underscore) across 8 files (lifecycle, health, crash-recovery, ports, config). The migration had named the containers by app_id (hyphen), mismatching all of it. Root cause of the earlier failed attempt: container_name was nested under an `extensions:` block, but `app.extensions` is serde(flatten) — container_name must be a TOP-LEVEL app key to be read by compute_container_name. Fixed: set container_name: immich_server / immich_postgres / immich_redis at top level, and point DB_HOSTNAME/REDIS_HOSTNAME at the underscore aliases. App ids stay hyphen (immich/immich-postgres/immich-redis) so the catalog identity (title+icon) holds. Manifest-only change — container names now match existing runtime references, no code edits to the 8 files. (Deriving stack containers from manifests instead of hardcoded lists remains a north-star follow-up.) Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> 2026-06-21 09:20:38 -04:00			`- DB_HOSTNAME=immich_postgres`
feat(immich): scaffold registry manifests for postgres/redis/server (not yet live) immich becomes a manifest-driven stack (the legacy install_immich_stack — hardcoded podman run + sudo chown — is the anti-pattern being retired). Three image-only manifests modelled on the btcpay stack + the live .228 container config: - immich-postgres / immich-redis / immich-server on archy-net; container_name set to the underscore form (immich_postgres/_redis/_server) so the server's DB_HOSTNAME/REDIS_HOSTNAME aliases resolve. - generated_secrets: [immich-db-password] (idempotent — reuses the live secret on existing nodes; postgres is already initialised with it). - server depends on postgres+redis (install ordering); upload bind preserved. Inert for now: not added to the UI catalog and install_immich_stack still the default, so nothing installs these until the orchestrator wiring + on-node ownership (data_uid) validation lands. Schema validated by the all-manifests round-trip test. See docs/PRODUCTION-MASTER-PLAN.md §6. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> 2026-06-21 05:53:58 -04:00			`- DB_USERNAME=postgres`
			`- DB_DATABASE_NAME=immich`
fix(immich): name containers underscore to match runtime lifecycle code package.stop/start/restart broke ("no containers found" / "no such object immich_postgres") because the runtime hardcodes the immich stack's container names as immich_server/immich_postgres/immich_redis (underscore) across 8 files (lifecycle, health, crash-recovery, ports, config). The migration had named the containers by app_id (hyphen), mismatching all of it. Root cause of the earlier failed attempt: container_name was nested under an `extensions:` block, but `app.extensions` is serde(flatten) — container_name must be a TOP-LEVEL app key to be read by compute_container_name. Fixed: set container_name: immich_server / immich_postgres / immich_redis at top level, and point DB_HOSTNAME/REDIS_HOSTNAME at the underscore aliases. App ids stay hyphen (immich/immich-postgres/immich-redis) so the catalog identity (title+icon) holds. Manifest-only change — container names now match existing runtime references, no code edits to the 8 files. (Deriving stack containers from manifests instead of hardcoded lists remains a north-star follow-up.) Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> 2026-06-21 09:20:38 -04:00			`- REDIS_HOSTNAME=immich_redis`
feat(immich): scaffold registry manifests for postgres/redis/server (not yet live) immich becomes a manifest-driven stack (the legacy install_immich_stack — hardcoded podman run + sudo chown — is the anti-pattern being retired). Three image-only manifests modelled on the btcpay stack + the live .228 container config: - immich-postgres / immich-redis / immich-server on archy-net; container_name set to the underscore form (immich_postgres/_redis/_server) so the server's DB_HOSTNAME/REDIS_HOSTNAME aliases resolve. - generated_secrets: [immich-db-password] (idempotent — reuses the live secret on existing nodes; postgres is already initialised with it). - server depends on postgres+redis (install ordering); upload bind preserved. Inert for now: not added to the UI catalog and install_immich_stack still the default, so nothing installs these until the orchestrator wiring + on-node ownership (data_uid) validation lands. Schema validated by the all-manifests round-trip test. See docs/PRODUCTION-MASTER-PLAN.md §6. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> 2026-06-21 05:53:58 -04:00			`- UPLOAD_LOCATION=/usr/src/app/upload`

			`health_check:`
			`type: http`
			`endpoint: http://localhost:2283`
			`path: /api/server/ping`
			`interval: 30s`
			`timeout: 5s`
			`retries: 20`

			`interfaces:`
			`main:`
			`name: Web UI`
			`description: Immich photo library`
			`type: ui`
			`port: 2283`
			`protocol: http`
			`path: /`

			`metadata:`
			`launch:`
			`open_in_new_tab: true`