feat(immich): scaffold registry manifests for postgres/redis/server (not yet live)
immich becomes a manifest-driven stack (the legacy install_immich_stack — hardcoded podman run + sudo chown — is the anti-pattern being retired). Three image-only manifests modelled on the btcpay stack + the live .228 container config: - immich-postgres / immich-redis / immich-server on archy-net; container_name set to the underscore form (immich_postgres/_redis/_server) so the server's DB_HOSTNAME/REDIS_HOSTNAME aliases resolve. - generated_secrets: [immich-db-password] (idempotent — reuses the live secret on existing nodes; postgres is already initialised with it). - server depends on postgres+redis (install ordering); upload bind preserved. Inert for now: not added to the UI catalog and install_immich_stack still the default, so nothing installs these until the orchestrator wiring + on-node ownership (data_uid) validation lands. Schema validated by the all-manifests round-trip test. See docs/PRODUCTION-MASTER-PLAN.md §6. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
parent
7bfbe8fe40
commit
011081d180
52
apps/immich-postgres/manifest.yml
Normal file
52
apps/immich-postgres/manifest.yml
Normal file
@ -0,0 +1,52 @@
|
||||
app:
|
||||
id: immich-postgres
|
||||
name: Immich Postgres
|
||||
version: "14-vectorchord0.4.3-pgvectors0.2.0"
|
||||
description: Postgres (pgvecto.rs / vectorchord) backend for Immich.
|
||||
|
||||
# The Immich server connects via DB_HOSTNAME=immich_postgres, so the container
|
||||
# name (and thus its archy-net alias) must be the underscore form.
|
||||
extensions:
|
||||
container_name: immich_postgres
|
||||
|
||||
container:
|
||||
image: 146.59.87.168:3000/lfg2025/immich-postgres:14-vectorchord0.4.3-pgvectors0.2.0
|
||||
pull_policy: if-not-present
|
||||
network: archy-net
|
||||
generated_secrets:
|
||||
- name: immich-db-password
|
||||
kind: hex32
|
||||
secret_env:
|
||||
- key: POSTGRES_PASSWORD
|
||||
secret_file: immich-db-password
|
||||
|
||||
dependencies:
|
||||
- storage: 40Gi
|
||||
|
||||
resources:
|
||||
memory_limit: 2Gi
|
||||
disk_limit: 40Gi
|
||||
|
||||
security:
|
||||
capabilities: [CHOWN, DAC_OVERRIDE, FOWNER, SETGID, SETUID]
|
||||
readonly_root: false
|
||||
network_policy: isolated
|
||||
|
||||
ports: []
|
||||
|
||||
volumes:
|
||||
- type: bind
|
||||
source: /var/lib/archipelago/immich-db
|
||||
target: /var/lib/postgresql/data
|
||||
options: [rw]
|
||||
|
||||
environment:
|
||||
- POSTGRES_USER=postgres
|
||||
- POSTGRES_DB=immich
|
||||
|
||||
health_check:
|
||||
type: tcp
|
||||
endpoint: localhost:5432
|
||||
interval: 30s
|
||||
timeout: 5s
|
||||
retries: 3
|
||||
37
apps/immich-redis/manifest.yml
Normal file
37
apps/immich-redis/manifest.yml
Normal file
@ -0,0 +1,37 @@
|
||||
app:
|
||||
id: immich-redis
|
||||
name: Immich Redis
|
||||
version: "7-alpine"
|
||||
description: Valkey (Redis-compatible) cache for Immich.
|
||||
|
||||
# Immich server connects via REDIS_HOSTNAME=immich_redis — alias must match.
|
||||
extensions:
|
||||
container_name: immich_redis
|
||||
|
||||
container:
|
||||
image: 146.59.87.168:3000/lfg2025/valkey:7-alpine
|
||||
pull_policy: if-not-present
|
||||
network: archy-net
|
||||
|
||||
dependencies: []
|
||||
|
||||
resources:
|
||||
memory_limit: 128Mi
|
||||
|
||||
security:
|
||||
capabilities: [SETGID, SETUID]
|
||||
readonly_root: false
|
||||
network_policy: isolated
|
||||
|
||||
ports: []
|
||||
|
||||
volumes: []
|
||||
|
||||
environment: []
|
||||
|
||||
health_check:
|
||||
type: tcp
|
||||
endpoint: localhost:6379
|
||||
interval: 30s
|
||||
timeout: 5s
|
||||
retries: 3
|
||||
69
apps/immich-server/manifest.yml
Normal file
69
apps/immich-server/manifest.yml
Normal file
@ -0,0 +1,69 @@
|
||||
app:
|
||||
id: immich-server
|
||||
name: Immich
|
||||
version: "release"
|
||||
description: Self-hosted photo and video backup with mobile apps and search.
|
||||
|
||||
extensions:
|
||||
container_name: immich_server
|
||||
|
||||
container:
|
||||
image: 146.59.87.168:3000/lfg2025/immich-server:release
|
||||
pull_policy: if-not-present
|
||||
network: archy-net
|
||||
secret_env:
|
||||
- key: DB_PASSWORD
|
||||
secret_file: immich-db-password
|
||||
|
||||
dependencies:
|
||||
- app_id: immich-postgres
|
||||
- app_id: immich-redis
|
||||
- storage: 200Gi
|
||||
|
||||
resources:
|
||||
memory_limit: 2Gi
|
||||
disk_limit: 200Gi
|
||||
|
||||
security:
|
||||
capabilities: []
|
||||
readonly_root: false
|
||||
network_policy: isolated
|
||||
|
||||
ports:
|
||||
- host: 2283
|
||||
container: 2283
|
||||
protocol: tcp
|
||||
|
||||
volumes:
|
||||
- type: bind
|
||||
source: /var/lib/archipelago/immich
|
||||
target: /usr/src/app/upload
|
||||
options: [rw]
|
||||
|
||||
environment:
|
||||
- DB_HOSTNAME=immich_postgres
|
||||
- DB_USERNAME=postgres
|
||||
- DB_DATABASE_NAME=immich
|
||||
- REDIS_HOSTNAME=immich_redis
|
||||
- UPLOAD_LOCATION=/usr/src/app/upload
|
||||
|
||||
health_check:
|
||||
type: http
|
||||
endpoint: http://localhost:2283
|
||||
path: /api/server/ping
|
||||
interval: 30s
|
||||
timeout: 5s
|
||||
retries: 20
|
||||
|
||||
interfaces:
|
||||
main:
|
||||
name: Web UI
|
||||
description: Immich photo library
|
||||
type: ui
|
||||
port: 2283
|
||||
protocol: http
|
||||
path: /
|
||||
|
||||
metadata:
|
||||
launch:
|
||||
open_in_new_tab: true
|
||||
Loading…
x
Reference in New Issue
Block a user