{ globals, config, lib, ... }: { options.immich.enable = lib.mkEnableOption "immich"; config = lib.mkIf config.immich.enable { kubernetes.resources = { secrets.immich.stringData.databasePassword = "ref+sops://secrets.yml#/immich/databasePassword"; deployments = { immich.spec = { selector.matchLabels = { app = "immich"; component = "server"; }; strategy = { type = "RollingUpdate"; rollingUpdate = { maxSurge = 0; maxUnavailable = 1; }; }; template = { metadata.labels = { app = "immich"; component = "server"; }; spec = { volumes.data.persistentVolumeClaim.claimName = "data"; enableServiceLinks = false; containers.immich = { image = globals.images.immich; imagePullPolicy = "IfNotPresent"; ports.web.containerPort = 2283; env = { TZ.value = "Europe/Amsterdam"; REDIS_HOSTNAME.value = "redis.immich.svc.cluster.local"; DB_HOSTNAME.value = "postgres.immich.svc.cluster.local"; DB_USERNAME.value = "postgres"; DB_DATABASE_NAME.value = "immich"; IMMICH_MACHINE_LEARNING_URL.value = "http://ml.immich.svc.cluster.local"; DB_PASSWORD.valueFrom.secretKeyRef = { name = "immich"; key = "databasePassword"; }; }; volumeMounts = [{ name = "data"; mountPath = "/usr/src/app/upload"; }]; }; }; }; }; ml.spec = { selector.matchLabels = { app = "immich"; component = "machine-learning"; }; strategy = { type = "RollingUpdate"; rollingUpdate = { maxSurge = 0; maxUnavailable = 1; }; }; template = { metadata.labels = { app = "immich"; component = "machine-learning"; }; spec = { volumes.cache.persistentVolumeClaim.claimName = "cache"; containers.machine-learning = { image = globals.images.immich-machine-learning; imagePullPolicy = "IfNotPresent"; ports.ml.containerPort = 3003; env.MACHINE_LEARNING_WORKER_TIMEOUT.value = "600"; volumeMounts = [{ name = "cache"; mountPath = "/cache"; }]; }; }; }; }; redis.spec = { selector.matchLabels = { app = "immich"; component = "redis"; }; strategy = { type = "RollingUpdate"; rollingUpdate = { maxSurge = 0; maxUnavailable = 1; }; }; template = { metadata.labels = { app = "immich"; component = "redis"; }; spec = { containers.redis = { image = globals.images.immich-redis; ports.redis.containerPort = 6379; imagePullPolicy = "IfNotPresent"; }; }; }; }; database.spec = { selector.matchLabels = { app = "immich"; component = "database"; }; strategy = { type = "RollingUpdate"; rollingUpdate = { maxSurge = 0; maxUnavailable = 1; }; }; template = { metadata.labels = { app = "immich"; component = "database"; }; spec = { volumes.data.persistentVolumeClaim.claimName = "database"; containers.postgres = { image = globals.images.immich-postgres; imagePullPolicy = "IfNotPresent"; command = [ "postgres" ]; args = [ "-c" "shared_preload_libraries=vectors.so" "-c" "search_path=\"$$user\", public, vectors" "-c" "logging_collector=on" "-c" "max_wal_size=2GB" "-c" "shared_buffers=512MB" "-c" "wal_compression=on" ]; ports.postgres.containerPort = 5432; securityContext.runAsUser = 999; securityContext.runAsGroup = 999; env = { POSTGRES_USER.value = "postgres"; POSTGRES_DB.value = "immich"; POSTGRES_INITDB_ARGS.value = "--data-checksums"; PGDATA.value = "/pgdata/data"; POSTGRES_PASSWORD.valueFrom.secretKeyRef = { name = "immich"; key = "databasePassword"; }; }; volumeMounts = [{ name = "data"; mountPath = "/pgdata"; }]; }; }; }; }; }; services = { server.spec = { type = "LoadBalancer"; loadBalancerIP = globals.immichIPv4; selector = { app = "immich"; component = "server"; }; ports.web = { port = 80; targetPort = "web"; }; }; redis.spec = { selector = { app = "immich"; component = "redis"; }; ports.redis = { port = 6379; targetPort = "redis"; }; }; ml.spec = { selector = { app = "immich"; component = "machine-learning"; }; ports.ml = { port = 80; targetPort = "ml"; }; }; postgres.spec = { selector = { app = "immich"; component = "database"; }; ports.postgres = { port = 5432; targetPort = "postgres"; }; }; }; persistentVolumeClaims.cache.spec = { accessModes = [ "ReadWriteOnce" ]; resources.requests.storage = "5Gi"; }; }; lab = { tailscaleIngresses.tailscale = { host = "immich"; service.name = "server"; }; longhorn.persistentVolumeClaim = { data = { volumeName = "immich"; storage = "50Gi"; }; database = { volumeName = "immich-db"; storage = "5Gi"; }; }; }; }; }