immich becomes a manifest-driven stack (the legacy install_immich_stack — hardcoded podman run + sudo chown — is the anti-pattern being retired). Three image-only manifests modelled on the btcpay stack + the live .228 container config: - immich-postgres / immich-redis / immich-server on archy-net; container_name set to the underscore form (immich_postgres/_redis/_server) so the server's DB_HOSTNAME/REDIS_HOSTNAME aliases resolve. - generated_secrets: [immich-db-password] (idempotent — reuses the live secret on existing nodes; postgres is already initialised with it). - server depends on postgres+redis (install ordering); upload bind preserved. Inert for now: not added to the UI catalog and install_immich_stack still the default, so nothing installs these until the orchestrator wiring + on-node ownership (data_uid) validation lands. Schema validated by the all-manifests round-trip test. See docs/PRODUCTION-MASTER-PLAN.md §6. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
53 lines
1.2 KiB
YAML
53 lines
1.2 KiB
YAML
app:
|
|
id: immich-postgres
|
|
name: Immich Postgres
|
|
version: "14-vectorchord0.4.3-pgvectors0.2.0"
|
|
description: Postgres (pgvecto.rs / vectorchord) backend for Immich.
|
|
|
|
# The Immich server connects via DB_HOSTNAME=immich_postgres, so the container
|
|
# name (and thus its archy-net alias) must be the underscore form.
|
|
extensions:
|
|
container_name: immich_postgres
|
|
|
|
container:
|
|
image: 146.59.87.168:3000/lfg2025/immich-postgres:14-vectorchord0.4.3-pgvectors0.2.0
|
|
pull_policy: if-not-present
|
|
network: archy-net
|
|
generated_secrets:
|
|
- name: immich-db-password
|
|
kind: hex32
|
|
secret_env:
|
|
- key: POSTGRES_PASSWORD
|
|
secret_file: immich-db-password
|
|
|
|
dependencies:
|
|
- storage: 40Gi
|
|
|
|
resources:
|
|
memory_limit: 2Gi
|
|
disk_limit: 40Gi
|
|
|
|
security:
|
|
capabilities: [CHOWN, DAC_OVERRIDE, FOWNER, SETGID, SETUID]
|
|
readonly_root: false
|
|
network_policy: isolated
|
|
|
|
ports: []
|
|
|
|
volumes:
|
|
- type: bind
|
|
source: /var/lib/archipelago/immich-db
|
|
target: /var/lib/postgresql/data
|
|
options: [rw]
|
|
|
|
environment:
|
|
- POSTGRES_USER=postgres
|
|
- POSTGRES_DB=immich
|
|
|
|
health_check:
|
|
type: tcp
|
|
endpoint: localhost:5432
|
|
interval: 30s
|
|
timeout: 5s
|
|
retries: 3
|