2023-11-25 22:04:47 +01:00
|
|
|
[[ $c := merge .immich . -]]
|
|
|
|
|
2023-12-21 22:37:48 +01:00
|
|
|
job [[ .instance | toJSON ]] {
|
2023-11-25 22:04:47 +01:00
|
|
|
|
2023-12-15 22:00:56 +01:00
|
|
|
[[ template "common/job_start" . ]]
|
2023-11-25 22:04:47 +01:00
|
|
|
|
2024-01-09 11:32:44 +01:00
|
|
|
[[ $c := merge .immich.server .immich . -]]
|
2023-11-25 22:04:47 +01:00
|
|
|
|
|
|
|
group "immich" {
|
|
|
|
|
|
|
|
network {
|
|
|
|
mode = "bridge"
|
|
|
|
}
|
|
|
|
|
2023-12-15 22:00:56 +01:00
|
|
|
[[ template "common/volumes" $c.volumes ]]
|
2023-11-25 22:04:47 +01:00
|
|
|
|
|
|
|
service {
|
2023-12-21 22:37:48 +01:00
|
|
|
name = "[[ .instance ]][[ .consul.suffix ]]"
|
2023-11-27 23:07:31 +01:00
|
|
|
port = 3001
|
2023-11-25 22:04:47 +01:00
|
|
|
|
2023-12-15 22:00:56 +01:00
|
|
|
[[ template "common/connect" $c ]]
|
2023-11-25 22:04:47 +01:00
|
|
|
|
2023-11-27 23:07:31 +01:00
|
|
|
check {
|
|
|
|
type = "http"
|
|
|
|
path = "/api/server-info/ping"
|
|
|
|
expose = true
|
|
|
|
interval = "30s"
|
|
|
|
timeout = "15s"
|
|
|
|
check_restart {
|
|
|
|
limit = 10
|
|
|
|
grace = "300s"
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2023-11-25 22:04:47 +01:00
|
|
|
tags = [
|
2023-11-27 23:07:31 +01:00
|
|
|
"[[ $c.traefik.instance ]].enable=[[ $c.traefik.enabled ]]",
|
|
|
|
|
|
|
|
# Define a middleware to set custom CSP headers
|
2023-12-21 22:37:48 +01:00
|
|
|
"[[ $c.traefik.instance ]].http.middlewares.[[ .instance ]]-headers[[ .consul.suffix ]].headers.contentsecuritypolicy=[[ range $k, $v := $c.traefik.csp ]][[ $k ]] [[ $v ]];[[ end ]]",
|
|
|
|
"[[ $c.traefik.instance ]].http.middlewares.[[ .instance ]]-headers[[ .consul.suffix ]].headers.customrequestheaders.X-Forwarded-Proto=https",
|
2023-11-27 23:07:31 +01:00
|
|
|
|
|
|
|
[[- if not (regexp.Match "^/?$" (urlParse $c.public_url).Path) ]]
|
|
|
|
# Immich exposed by traefik on a subpath. Define a middleware to strip the prefix before passing the request to the backend
|
2023-12-21 22:37:48 +01:00
|
|
|
"[[ $c.traefik.instance ]].http.middlewares.[[ .instance ]]-prefix[[ .consul.suffix ]].stripprefix.prefixes=[[ (urlParse .immich.public_url).Path ]]",
|
2023-11-27 23:07:31 +01:00
|
|
|
[[- end ]]
|
|
|
|
|
2024-01-09 11:32:44 +01:00
|
|
|
[[- $s := merge .immich.server.share .immich.server .immich . ]]
|
2023-11-27 23:07:31 +01:00
|
|
|
# We use a distinct routers for /share so we can apply different middlewares (eg, /share is public while everything else is private)
|
2023-12-21 22:37:48 +01:00
|
|
|
"[[ $s.traefik.instance ]].http.routers.[[ .instance ]]-share[[ .consul.suffix ]].rule=Host(`[[ (urlParse $c.public_url).Hostname ]]`) && PathPrefix(`[[ (urlParse $c.public_url).Path ]]/share/`)",
|
|
|
|
"[[ $c.traefik.instance ]].http.routers.[[ .instance ]]-share[[ .consul.suffix ]].entrypoints=[[ join $c.traefik.entrypoints "," ]]",
|
2023-11-27 23:07:31 +01:00
|
|
|
[[- if not (regexp.Match "^/?$" (urlParse $c.public_url).Path) ]]
|
2023-12-21 22:37:48 +01:00
|
|
|
"[[ $s.traefik.instance ]].http.routers.[[ .instance ]]-share[[ .consul.suffix ]].middlewares=[[ .instance ]]-headers[[ .consul.suffix ]],[[ .instance ]]-prefix[[ $c.consul.suffix ]],[[ template "common/traefik_middlewares" $s.traefik ]]",
|
2023-11-27 23:07:31 +01:00
|
|
|
[[- else ]]
|
2023-12-21 22:37:48 +01:00
|
|
|
"[[ $s.traefik.instance ]].http.routers.[[ .instance ]]-share[[ .consul.suffix ]].middlewares=[[ .instance ]]-headers[[ .consul.suffix ]],[[ template "common/traefik_middlewares" $s.traefik ]]",
|
2023-11-27 23:07:31 +01:00
|
|
|
[[- end ]]
|
|
|
|
|
|
|
|
# Main app router
|
2023-12-21 22:37:48 +01:00
|
|
|
"[[ $c.traefik.instance ]].http.routers.[[ .instance ]][[ .consul.suffix ]].rule=Host(`[[ (urlParse $c.public_url).Hostname ]]`)
|
2023-11-27 23:07:31 +01:00
|
|
|
[[- if not (regexp.Match "^/?$" (urlParse $c.public_url).Path) ]] && PathPrefix(`[[ (urlParse $c.public_url).Path ]]`)[[ end ]]",
|
2023-12-21 22:37:48 +01:00
|
|
|
"[[ $c.traefik.instance ]].http.routers.[[ .instance ]][[ .consul.suffix ]].entrypoints=[[ join $c.traefik.entrypoints "," ]]",
|
2023-11-27 23:07:31 +01:00
|
|
|
[[- if not (regexp.Match "^/?$" (urlParse $c.public_url).Path) ]]
|
2023-12-21 22:37:48 +01:00
|
|
|
"[[ $c.traefik.instance ]].http.routers.[[ .instance ]][[ .consul.suffix ]].middlewares=[[ .instance ]]-headers[[ .consul.suffix ]],[[ .instance ]]-prefix[[ $c.consul.suffix ]],[[ template "common/traefik_middlewares" $c.traefik ]]",
|
2023-11-27 23:07:31 +01:00
|
|
|
[[- else ]]
|
2023-12-21 22:37:48 +01:00
|
|
|
"[[ $c.traefik.instance ]].http.routers.[[ .instance ]][[ .consul.suffix ]].middlewares=[[ .instance ]]-headers[[ .consul.suffix ]],[[ template "common/traefik_middlewares" $c.traefik ]]",
|
2023-11-27 23:07:31 +01:00
|
|
|
[[- end ]]
|
2023-11-25 22:04:47 +01:00
|
|
|
]
|
|
|
|
}
|
|
|
|
|
2023-12-15 22:00:56 +01:00
|
|
|
[[ template "common/task.wait_for" $c ]]
|
2024-01-15 17:05:33 +01:00
|
|
|
[[ template "common/task.pgpooler" $c ]]
|
2023-11-27 23:07:31 +01:00
|
|
|
|
|
|
|
# The main immich API server
|
2023-11-25 22:04:47 +01:00
|
|
|
task "server" {
|
|
|
|
driver = [[ $c.nomad.driver | toJSON ]]
|
|
|
|
leader = true
|
2023-11-27 23:07:31 +01:00
|
|
|
# Run as an unprivileged user
|
|
|
|
user = 3001
|
2023-11-25 22:04:47 +01:00
|
|
|
|
|
|
|
config {
|
2023-11-27 23:07:31 +01:00
|
|
|
image = [[ $c.image | toJSON ]]
|
|
|
|
readonly_rootfs = true
|
|
|
|
command = "start.sh"
|
|
|
|
args = ["immich"]
|
|
|
|
pids_limit = 100
|
2023-11-25 22:04:47 +01:00
|
|
|
}
|
|
|
|
|
2024-01-09 11:32:44 +01:00
|
|
|
[[ template "common/vault.policies" $c ]]
|
2023-11-25 22:04:47 +01:00
|
|
|
|
|
|
|
env {
|
2023-11-27 23:07:31 +01:00
|
|
|
REDIS_HOSTNAME = "127.0.0.1"
|
2023-11-25 22:04:47 +01:00
|
|
|
IMMICH_MEDIA_LOCATION = "/data"
|
|
|
|
}
|
|
|
|
|
2023-12-15 22:00:56 +01:00
|
|
|
[[ template "common/file_env" $c.env ]]
|
2023-11-25 22:04:47 +01:00
|
|
|
|
2024-01-09 11:32:44 +01:00
|
|
|
template {
|
|
|
|
data =<<_EOT
|
|
|
|
DB_URL=postgres://
|
2024-01-12 22:52:34 +01:00
|
|
|
[[- if ne $c.postgres.pooler.engine "none" -]]
|
2024-01-09 11:32:44 +01:00
|
|
|
[[ .instance ]]:{{ env "NOMAD_ALLOC_ID" }}@127.0.0.1:6432/[[ $c.postgres.database ]]
|
|
|
|
[[- else -]]
|
|
|
|
[[ $c.postgres.user ]]:[[ $c.postgres.password ]]@[[ $c.postgres.host ]]:[[ $c.postgres.port ]]/[[ $c.postgres.database ]]
|
|
|
|
[[- end ]]
|
|
|
|
_EOT
|
|
|
|
destination = "secrets/.db.env"
|
|
|
|
perms = 400
|
|
|
|
env = true
|
|
|
|
}
|
|
|
|
|
2023-11-25 22:04:47 +01:00
|
|
|
volume_mount {
|
|
|
|
volume = "data"
|
|
|
|
destination = "/data"
|
|
|
|
}
|
|
|
|
|
2023-12-15 22:00:56 +01:00
|
|
|
[[ template "common/resources" $c.resources ]]
|
2023-11-25 22:04:47 +01:00
|
|
|
|
|
|
|
}
|
|
|
|
|
2024-01-09 11:32:44 +01:00
|
|
|
[[ $c := merge .immich.microservices .immich . ]]
|
2023-11-27 23:07:31 +01:00
|
|
|
|
|
|
|
# microservices is tha task worker, doing all the processing async
|
2023-11-25 22:04:47 +01:00
|
|
|
task "microservices" {
|
|
|
|
driver = [[ $c.nomad.driver | toJSON ]]
|
2023-11-27 23:07:31 +01:00
|
|
|
# Run as an unpriviliged user
|
|
|
|
user = 3001
|
|
|
|
|
2023-11-25 22:04:47 +01:00
|
|
|
config {
|
2023-11-27 23:07:31 +01:00
|
|
|
image = [[ $c.image | toJSON ]]
|
|
|
|
readonly_rootfs = true
|
|
|
|
command = "start.sh"
|
|
|
|
args = ["microservices"]
|
|
|
|
pids_limit = 100
|
2023-11-25 22:04:47 +01:00
|
|
|
}
|
|
|
|
|
2024-01-09 11:32:44 +01:00
|
|
|
[[ template "common/vault.policies" $c ]]
|
2023-11-25 22:04:47 +01:00
|
|
|
|
|
|
|
env {
|
2023-11-27 23:07:31 +01:00
|
|
|
REDIS_HOSTNAME = "127.0.0.1"
|
2023-11-25 22:04:47 +01:00
|
|
|
IMMICH_MEDIA_LOCATION = "/data"
|
|
|
|
}
|
|
|
|
|
2023-12-15 22:00:56 +01:00
|
|
|
[[ template "common/file_env" $c.env ]]
|
2023-11-25 22:04:47 +01:00
|
|
|
|
2024-01-09 11:32:44 +01:00
|
|
|
template {
|
|
|
|
data =<<_EOT
|
|
|
|
DB_URL=postgres://
|
2024-01-12 22:52:34 +01:00
|
|
|
[[- if ne $c.postgres.pooler.engine "none" -]]
|
2024-01-09 11:32:44 +01:00
|
|
|
[[ .instance ]]:{{ env "NOMAD_ALLOC_ID" }}@127.0.0.1:6432/[[ $c.postgres.database ]]
|
|
|
|
[[- else -]]
|
|
|
|
[[ $c.postgres.user ]]:[[ $c.postgres.password ]]@[[ $c.postgres.host ]]:[[ $c.postgres.port ]]/[[ $c.postgres.database ]]
|
|
|
|
[[- end ]]
|
|
|
|
_EOT
|
|
|
|
destination = "secrets/.db.env"
|
|
|
|
perms = 400
|
|
|
|
env = true
|
|
|
|
}
|
|
|
|
|
2023-11-25 22:04:47 +01:00
|
|
|
volume_mount {
|
2023-11-27 23:07:31 +01:00
|
|
|
volume = "data"
|
2023-11-25 22:04:47 +01:00
|
|
|
destination = "/data"
|
|
|
|
}
|
|
|
|
|
2023-12-15 22:00:56 +01:00
|
|
|
[[ template "common/resources" $c.resources ]]
|
2023-11-25 22:04:47 +01:00
|
|
|
}
|
|
|
|
|
2023-12-15 22:00:56 +01:00
|
|
|
[[ template "common/task.redis" dict "resources" .immich.redis.resources ]]
|
2023-11-25 22:04:47 +01:00
|
|
|
}
|
2023-11-27 23:07:31 +01:00
|
|
|
|
|
|
|
[[- if .immich.machine_learning.enabled ]]
|
|
|
|
|
2024-01-09 11:32:44 +01:00
|
|
|
[[- $c := merge .immich.machine_learning .immich . ]]
|
2023-11-27 23:07:31 +01:00
|
|
|
# Used for face recognition, tags etc.
|
|
|
|
group "machine-learning" {
|
|
|
|
|
|
|
|
network {
|
|
|
|
mode = "bridge"
|
|
|
|
}
|
|
|
|
|
2023-12-15 22:00:56 +01:00
|
|
|
[[ template "common/volumes" $c.volumes ]]
|
2023-11-27 23:07:31 +01:00
|
|
|
|
|
|
|
service {
|
2023-12-21 22:37:48 +01:00
|
|
|
name = "[[ .instance ]]-ml[[ .consul.suffix ]]"
|
2023-11-27 23:07:31 +01:00
|
|
|
port = 3003
|
2023-12-15 22:00:56 +01:00
|
|
|
[[ template "common/connect" $c ]]
|
2023-11-27 23:07:31 +01:00
|
|
|
}
|
|
|
|
|
2024-01-09 11:32:44 +01:00
|
|
|
[[ $c := merge .immich.machine_learning .immich . ]]
|
2023-11-27 23:07:31 +01:00
|
|
|
task "machine-learning" {
|
|
|
|
driver = [[ $c.nomad.driver | toJSON ]]
|
|
|
|
user = 3001
|
|
|
|
|
|
|
|
config {
|
|
|
|
image = [[ $c.image | toJSON ]]
|
|
|
|
readonly_rootfs = true
|
|
|
|
pids_limit = 200
|
|
|
|
}
|
|
|
|
|
|
|
|
env {
|
|
|
|
TMPDIR = "/local"
|
|
|
|
MPLCONFIGDIR = "/local"
|
|
|
|
MACHINE_LEARNING_HOST = "127.0.0.1"
|
2023-12-15 22:00:56 +01:00
|
|
|
[[ template "common/proxy_env" $c ]]
|
2023-11-27 23:07:31 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
volume_mount {
|
|
|
|
volume = "ml"
|
|
|
|
destination = "/cache"
|
|
|
|
}
|
|
|
|
|
2023-12-15 22:00:56 +01:00
|
|
|
[[ template "common/resources" $c.resources ]]
|
2023-11-27 23:07:31 +01:00
|
|
|
}
|
|
|
|
}
|
|
|
|
[[- end ]]
|
2023-11-25 22:04:47 +01:00
|
|
|
}
|