{
globals,
config,
lib,
...
}: {
options.immich.enable = lib.mkEnableOption "immich";
config = lib.mkIf config.immich.enable {
kubernetes.resources = {
secrets.immich.stringData.databasePassword = "ref+sops://secrets.yml#/immich/databasePassword";
deployments = {
immich.spec = {
selector.matchLabels = {
app = "immich";
component = "server";
};
strategy = {
type = "RollingUpdate";
rollingUpdate = {
maxSurge = 0;
maxUnavailable = 1;
};
};
template = {
metadata.labels = {
app = "immich";
component = "server";
};
spec = {
volumes.data.persistentVolumeClaim.claimName = "data";
enableServiceLinks = false;
containers.immich = {
image = globals.images.immich;
imagePullPolicy = "IfNotPresent";
ports.web.containerPort = 2283;
env = {
TZ.value = "Europe/Amsterdam";
REDIS_HOSTNAME.value = "redis.immich.svc.cluster.local";
DB_HOSTNAME.value = "postgres.immich.svc.cluster.local";
DB_USERNAME.value = "postgres";
DB_DATABASE_NAME.value = "immich";
IMMICH_MACHINE_LEARNING_URL.value = "http://ml.immich.svc.cluster.local";
DB_PASSWORD.valueFrom.secretKeyRef = {
name = "immich";
key = "databasePassword";
};
};
volumeMounts = [
{
name = "data";
mountPath = "/usr/src/app/upload";
}
];
};
};
};
};
ml.spec = {
selector.matchLabels = {
app = "immich";
component = "machine-learning";
};
strategy = {
type = "RollingUpdate";
rollingUpdate = {
maxSurge = 0;
maxUnavailable = 1;
};
};
template = {
metadata.labels = {
app = "immich";
component = "machine-learning";
};
spec = {
volumes.cache.persistentVolumeClaim.claimName = "cache";
containers.machine-learning = {
image = globals.images.immich-machine-learning;
imagePullPolicy = "IfNotPresent";
ports.ml.containerPort = 3003;
env.MACHINE_LEARNING_WORKER_TIMEOUT.value = "600";
volumeMounts = [
{
name = "cache";
mountPath = "/cache";
}
];
};
};
};
};
redis.spec = {
selector.matchLabels = {
app = "immich";
component = "redis";
};
strategy = {
type = "RollingUpdate";
rollingUpdate = {
maxSurge = 0;
maxUnavailable = 1;
};
};
template = {
metadata.labels = {
app = "immich";
component = "redis";
};
spec = {
containers.redis = {
image = globals.images.immich-redis;
ports.redis.containerPort = 6379;
imagePullPolicy = "IfNotPresent";
};
};
};
};
database.spec = {
selector.matchLabels = {
app = "immich";
component = "database";
};
strategy = {
type = "RollingUpdate";
rollingUpdate = {
maxSurge = 0;
maxUnavailable = 1;
};
};
template = {
metadata.labels = {
app = "immich";
component = "database";
};
spec = {
volumes.data.persistentVolumeClaim.claimName = "database";
containers.postgres = {
image = globals.images.immich-postgres;
imagePullPolicy = "IfNotPresent";
command = ["postgres"];
args = ["-c" "shared_preload_libraries=vectors.so" "-c" "search_path=\"$$user\", public, vectors" "-c" "logging_collector=on" "-c" "max_wal_size=2GB" "-c" "shared_buffers=512MB" "-c" "wal_compression=on"];
ports.postgres.containerPort = 5432;
securityContext.runAsUser = 999;
securityContext.runAsGroup = 999;
env = {
POSTGRES_USER.value = "postgres";
POSTGRES_DB.value = "immich";
POSTGRES_INITDB_ARGS.value = "--data-checksums";
PGDATA.value = "/pgdata/data";
POSTGRES_PASSWORD.valueFrom.secretKeyRef = {
name = "immich";
key = "databasePassword";
};
};
volumeMounts = [
{
name = "data";
mountPath = "/pgdata";
}
];
};
};
};
};
};
services = {
server.spec = {
type = "LoadBalancer";
loadBalancerIP = globals.immichIPv4;
selector = {
app = "immich";
component = "server";
};
ports.web = {
port = 80;
targetPort = "web";
};
};
redis.spec = {
selector = {
app = "immich";
component = "redis";
};
ports.redis = {
port = 6379;
targetPort = "redis";
};
};
ml.spec = {
selector = {
app = "immich";
component = "machine-learning";
};
ports.ml = {
port = 80;
targetPort = "ml";
};
};
postgres.spec = {
selector = {
app = "immich";
component = "database";
};
ports.postgres = {
port = 5432;
targetPort = "postgres";
};
};
};
persistentVolumeClaims.cache.spec = {
accessModes = ["ReadWriteOnce"];
resources.requests.storage = "5Gi";
};
};
lab = {
tailscaleIngresses.tailscale = {
host = "immich";
service.name = "server";
};
longhorn.persistentVolumeClaim = {
data = {
volumeName = "immich";
storage = "50Gi";
};
database = {
volumeName = "immich-db";
storage = "5Gi";
};
};
};
};
}