immich/variables.yml

---

immich:

  # Name of this instance of immich
  instance: immich

  # Immich version
  version: v1.89.0

  # API server settings
  server:

    # Docker image to use
    image: ghcr.io/immich-app/immich-server:[[ .immich.version ]]

    # Additional env to set ni the container
    env:
      DB_URL: '{{ with secret "[[ .vault.prefix ]]database/creds/[[ .immich.instance ]]" }}postgres://{{ .Data.username }}:{{ urlquery .Data.password }}@localhost:5432/[[ .immich.instance ]]{{ end }}'
      TYPESENSE_API_KEY: '{{ with secret "[[ .vault.prefix ]]kv/service/[[ .immich.instance ]]" }}{{ .Data.data.typesense_api_key }}{{ end }}'
      NODE_OPTIONS: --max_old_space_size={{ env "NOMAD_MEMORY_LIMIT" | parseInt | divide 2 }}

    # Resource allocation
    resources:
      cpu: 300
      memory: 320

    # Wait for services to be ready before starting
    wait_for:
      - service: master.postgres[[ .consul.suffix ]]
      - service: '[[ .immich.instance ]]-ml[[ .consul.suffix ]]'

    consul:
      connect:
        # Connect to some services through the mesh
        upstreams:
          - destination_name: '[[ .immich.instance ]]-ml[[ .consul.suffix ]]'
            local_bind_port: 3003
          - destination_name: postgres[[ .consul.suffix ]]
            local_bind_port: 5432

    # The URL where Immich will be exposed to users
    public_url: https://immich.example.org

    # Controls how Traefik will expose the service
    traefik:
      enabled: true

      # Immich needs a specific CSP
      csp:
        default-src: "'self'"
        img-src: "'self' data: blob:"
        script-src: "'self' 'unsafe-inline' 'unsafe-eval'"
        style-src: "'self' 'unsafe-inline'"
        font-src: "'self' data:"
        worker-src: "'self' blob:"
        connect-src: "'self' https://maputnik.github.io https://*.cofractal.com https://fonts.openmaptiles.org"

      # Override the list of base middlewares as we need to remove csp-relaxed and rate-limits
      base_middlewares:
        - security-headers@file
        - hsts@file
        - compression@file
      middlewares: []

    # Use distinct Traefik settings for /share. This can be used for example to restrict the main app to trusted IP but allow /share from anywhere
    share:
      traefik:
        base_middlewares:
          - security-headers@file
          - hsts@file
          - compression@file
        middlewares: []

  # The microservices do the bulk of media handling (thumbnails etc.)
  microservices:

    # Docker image to use
    image: ghcr.io/immich-app/immich-server:[[ .immich.version ]]

    # Env vars to set in the container
    env:
      DB_URL: '{{ with secret "[[ .vault.prefix ]]database/creds/[[ .immich.instance ]]" }}postgres://{{ .Data.username }}:{{ urlquery .Data.password }}@localhost:5432/[[ .immich.instance ]]{{ end }}'
      TYPESENSE_API_KEY: '{{ with secret "[[ .vault.prefix ]]kv/service/[[ .immich.instance ]]" }}{{ .Data.data.typesense_api_key }}{{ end }}'
      NODE_OPTIONS: --max_old_space_size={{ env "NOMAD_MEMORY_LIMIT" | parseInt | divide 2 }}

    # Resource allocation
    resources:
      cpu: 500
      memory: 768

  # The machine learning
  machine_learning:

    # Machine learning is optional, and can be disabled
    enabled: true

    # The Docker image to use
    image: ghcr.io/immich-app/immich-machine-learning:[[ .immich.version ]]

    # Environment var to set in the container
    env: {}

    # Resource allocation
    resources:
      cpu: 1024
      memory: 1536

  # Typesense is a database for fast search result
  typesense:

    # Typesense is also an optional component and can be disabled
    enabled: true

    # DOcker image to use
    image: typesense/typesense:0.25.1

    # Environment var to set in the container
    env:
      TYPESENSE_API_KEY: '{{ with secret "[[ .vault.prefix ]]kv/service/[[ .immich.instance ]]" }}{{ .Data.data.typesense_api_key }}{{ end }}'

    # Resource allocation
    resources:
      cpu: 100
      memory: 512
      memory_max: 768

  # Redis task will use a common template
  # We just set custom resources allocation
  redis:
    resources:
      cpu: 20
      memory: 64

  # Volumes used for data persistance
  volumes:
    data:
      type: csi
      source: '[[ .immich.instance ]]-data'

    ml:
      type: csi
      source: '[[ .immich.instance ]]-ml'

    typesense:
      type: csi
      source: '[[ .immich.instance ]]-typesense'
Start working on immich (still WIP) 2023-11-25 22:04:47 +01:00			`---`

			`immich:`

Immich working now 2023-11-27 23:07:31 +01:00			`# Name of this instance of immich`
Start working on immich (still WIP) 2023-11-25 22:04:47 +01:00			`instance: immich`
Immich working now 2023-11-27 23:07:31 +01:00
			`# Immich version`
Update to 1.89.0 2023-11-29 21:38:09 +01:00			`version: v1.89.0`
Start working on immich (still WIP) 2023-11-25 22:04:47 +01:00
Immich working now 2023-11-27 23:07:31 +01:00			`# API server settings`
Start working on immich (still WIP) 2023-11-25 22:04:47 +01:00			`server:`
Immich working now 2023-11-27 23:07:31 +01:00
			`# Docker image to use`
Start working on immich (still WIP) 2023-11-25 22:04:47 +01:00			`image: ghcr.io/immich-app/immich-server:[[ .immich.version ]]`

Immich working now 2023-11-27 23:07:31 +01:00			`# Additional env to set ni the container`
Start working on immich (still WIP) 2023-11-25 22:04:47 +01:00			`env:`
			`DB_URL: '{{ with secret "[[ .vault.prefix ]]database/creds/[[ .immich.instance ]]" }}postgres://{{ .Data.username }}:{{ urlquery .Data.password }}@localhost:5432/[[ .immich.instance ]]{{ end }}'`
Immich working now 2023-11-27 23:07:31 +01:00			`TYPESENSE_API_KEY: '{{ with secret "[[ .vault.prefix ]]kv/service/[[ .immich.instance ]]" }}{{ .Data.data.typesense_api_key }}{{ end }}'`
More mem for typesense and redis 2023-11-30 20:45:32 +01:00			`NODE_OPTIONS: --max_old_space_size={{ env "NOMAD_MEMORY_LIMIT" \| parseInt \| divide 2 }}`
Start working on immich (still WIP) 2023-11-25 22:04:47 +01:00
Immich working now 2023-11-27 23:07:31 +01:00			`# Resource allocation`
Start working on immich (still WIP) 2023-11-25 22:04:47 +01:00			`resources:`
Immich working now 2023-11-27 23:07:31 +01:00			`cpu: 300`
			`memory: 320`
Start working on immich (still WIP) 2023-11-25 22:04:47 +01:00
Immich working now 2023-11-27 23:07:31 +01:00			`# Wait for services to be ready before starting`
Start working on immich (still WIP) 2023-11-25 22:04:47 +01:00			`wait_for:`
Immich working now 2023-11-27 23:07:31 +01:00			`- service: master.postgres[[ .consul.suffix ]]`
			`- service: '[[ .immich.instance ]]-ml[[ .consul.suffix ]]'`
Start working on immich (still WIP) 2023-11-25 22:04:47 +01:00
			`consul:`
			`connect:`
Immich working now 2023-11-27 23:07:31 +01:00			`# Connect to some services through the mesh`
Start working on immich (still WIP) 2023-11-25 22:04:47 +01:00			`upstreams:`
Immich working now 2023-11-27 23:07:31 +01:00			`- destination_name: '[[ .immich.instance ]]-ml[[ .consul.suffix ]]'`
			`local_bind_port: 3003`
Start working on immich (still WIP) 2023-11-25 22:04:47 +01:00			`- destination_name: postgres[[ .consul.suffix ]]`
			`local_bind_port: 5432`

Immich working now 2023-11-27 23:07:31 +01:00			`# The URL where Immich will be exposed to users`
			`public_url: https://immich.example.org`

			`# Controls how Traefik will expose the service`
Start working on immich (still WIP) 2023-11-25 22:04:47 +01:00			`traefik:`
			`enabled: true`

Immich working now 2023-11-27 23:07:31 +01:00			`# Immich needs a specific CSP`
			`csp:`
			`default-src: "'self'"`
			`img-src: "'self' data: blob:"`
			`script-src: "'self' 'unsafe-inline' 'unsafe-eval'"`
			`style-src: "'self' 'unsafe-inline'"`
			`font-src: "'self' data:"`
			`worker-src: "'self' blob:"`
			`connect-src: "'self' https://maputnik.github.io https://*.cofractal.com https://fonts.openmaptiles.org"`

			`# Override the list of base middlewares as we need to remove csp-relaxed and rate-limits`
			`base_middlewares:`
			`- security-headers@file`
			`- hsts@file`
			`- compression@file`
			`middlewares: []`

			`# Use distinct Traefik settings for /share. This can be used for example to restrict the main app to trusted IP but allow /share from anywhere`
			`share:`
			`traefik:`
			`base_middlewares:`
			`- security-headers@file`
			`- hsts@file`
			`- compression@file`
			`middlewares: []`

			`# The microservices do the bulk of media handling (thumbnails etc.)`
Start working on immich (still WIP) 2023-11-25 22:04:47 +01:00			`microservices:`

Immich working now 2023-11-27 23:07:31 +01:00			`# Docker image to use`
Start working on immich (still WIP) 2023-11-25 22:04:47 +01:00			`image: ghcr.io/immich-app/immich-server:[[ .immich.version ]]`

Immich working now 2023-11-27 23:07:31 +01:00			`# Env vars to set in the container`
Start working on immich (still WIP) 2023-11-25 22:04:47 +01:00			`env:`
			`DB_URL: '{{ with secret "[[ .vault.prefix ]]database/creds/[[ .immich.instance ]]" }}postgres://{{ .Data.username }}:{{ urlquery .Data.password }}@localhost:5432/[[ .immich.instance ]]{{ end }}'`
Immich working now 2023-11-27 23:07:31 +01:00			`TYPESENSE_API_KEY: '{{ with secret "[[ .vault.prefix ]]kv/service/[[ .immich.instance ]]" }}{{ .Data.data.typesense_api_key }}{{ end }}'`
More mem for typesense and redis 2023-11-30 20:45:32 +01:00			`NODE_OPTIONS: --max_old_space_size={{ env "NOMAD_MEMORY_LIMIT" \| parseInt \| divide 2 }}`
Start working on immich (still WIP) 2023-11-25 22:04:47 +01:00
Immich working now 2023-11-27 23:07:31 +01:00			`# Resource allocation`
Start working on immich (still WIP) 2023-11-25 22:04:47 +01:00			`resources:`
Immich working now 2023-11-27 23:07:31 +01:00			`cpu: 500`
Start working on immich (still WIP) 2023-11-25 22:04:47 +01:00			`memory: 768`

Immich working now 2023-11-27 23:07:31 +01:00			`# The machine learning`
Start working on immich (still WIP) 2023-11-25 22:04:47 +01:00			`machine_learning:`

Immich working now 2023-11-27 23:07:31 +01:00			`# Machine learning is optional, and can be disabled`
			`enabled: true`

			`# The Docker image to use`
Start working on immich (still WIP) 2023-11-25 22:04:47 +01:00			`image: ghcr.io/immich-app/immich-machine-learning:[[ .immich.version ]]`

Immich working now 2023-11-27 23:07:31 +01:00			`# Environment var to set in the container`
Start working on immich (still WIP) 2023-11-25 22:04:47 +01:00			`env: {}`

Immich working now 2023-11-27 23:07:31 +01:00			`# Resource allocation`
Start working on immich (still WIP) 2023-11-25 22:04:47 +01:00			`resources:`
Immich working now 2023-11-27 23:07:31 +01:00			`cpu: 1024`
			`memory: 1536`
Start working on immich (still WIP) 2023-11-25 22:04:47 +01:00
Immich working now 2023-11-27 23:07:31 +01:00			`# Typesense is a database for fast search result`
			`typesense:`
Start working on immich (still WIP) 2023-11-25 22:04:47 +01:00
Immich working now 2023-11-27 23:07:31 +01:00			`# Typesense is also an optional component and can be disabled`
			`enabled: true`
Start working on immich (still WIP) 2023-11-25 22:04:47 +01:00
Immich working now 2023-11-27 23:07:31 +01:00			`# DOcker image to use`
			`image: typesense/typesense:0.25.1`
Start working on immich (still WIP) 2023-11-25 22:04:47 +01:00
Immich working now 2023-11-27 23:07:31 +01:00			`# Environment var to set in the container`
			`env:`
			`TYPESENSE_API_KEY: '{{ with secret "[[ .vault.prefix ]]kv/service/[[ .immich.instance ]]" }}{{ .Data.data.typesense_api_key }}{{ end }}'`
Start working on immich (still WIP) 2023-11-25 22:04:47 +01:00
Immich working now 2023-11-27 23:07:31 +01:00			`# Resource allocation`
Start working on immich (still WIP) 2023-11-25 22:04:47 +01:00			`resources:`
			`cpu: 100`
More mem for typesense and redis 2023-11-30 20:45:32 +01:00			`memory: 512`
			`memory_max: 768`
Start working on immich (still WIP) 2023-11-25 22:04:47 +01:00
More mem for typesense and redis 2023-11-30 20:45:32 +01:00			`# Redis task will use a common template`
			`# We just set custom resources allocation`
			`redis:`
			`resources:`
			`cpu: 20`
			`memory: 64`

			`# Volumes used for data persistance`
Start working on immich (still WIP) 2023-11-25 22:04:47 +01:00			`volumes:`
			`data:`
			`type: csi`
			`source: '[[ .immich.instance ]]-data'`

			`ml:`
			`type: csi`
			`source: '[[ .immich.instance ]]-ml'`

			`typesense:`
			`type: csi`
			`source: '[[ .immich.instance ]]-typesense'`