app: id: immich-postgres name: Immich Postgres version: "14-vectorchord0.4.3-pgvectors0.2.0" description: Postgres (pgvecto.rs / vectorchord) backend for Immich. # No container_name override: the container is named by app_id (immich-postgres), # which is also its archy-net alias and the server's DB_HOSTNAME. (Overriding the # name diverges from the orchestrator's app_id-based naming and spawns duplicate # containers — mirror the btcpay stack, which names members by app_id.) container: image: 146.59.87.168:3000/lfg2025/immich-postgres:14-vectorchord0.4.3-pgvectors0.2.0 pull_policy: if-not-present network: archy-net # postgres drops to its own uid (container 999 → host 100998 under rootless), # so the data dir must be owned by that mapped uid — mirrors archy-btcpay-db. # Verified on .228: the live immich-db is owned 100998. Without this a FRESH # install's dir would be service-user-owned and postgres would EACCES. data_uid: "100998:100998" generated_secrets: - name: immich-db-password kind: hex32 secret_env: - key: POSTGRES_PASSWORD secret_file: immich-db-password dependencies: - storage: 40Gi resources: memory_limit: 2Gi disk_limit: 40Gi security: capabilities: [CHOWN, DAC_OVERRIDE, FOWNER, SETGID, SETUID] readonly_root: false network_policy: isolated ports: [] volumes: - type: bind source: /var/lib/archipelago/immich-db target: /var/lib/postgresql/data options: [rw] environment: - POSTGRES_USER=postgres - POSTGRES_DB=immich health_check: type: tcp endpoint: localhost:5432 interval: 30s timeout: 5s retries: 3