nomad
/
immich
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Support pgbouncer

This commit is contained in:
Daniel Berteaud 2024-01-09 11:32:44 +01:00
parent 0229b0b253
commit 057d8ec06d
3 changed files with 74 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
example/immich.nomad.hcl
View File

@ -76,7 +76,6 @@ job "immich" {
]
}
# Wait for external services to be ready before continuing
# wait for required services tp be ready before starting the main task
task "wait-for" {
@ -107,6 +106,7 @@ job "immich" {
# The main immich API server
task "server" {
driver = "docker"
@ -122,12 +122,14 @@ job "immich" {
pids_limit = 100
}
vault {
policies = ["immich"]
env = false
disable_file = true
}
env {
REDIS_HOSTNAME = "127.0.0.1"
IMMICH_MEDIA_LOCATION = "/data"
@ -137,7 +139,6 @@ job "immich" {
# Use a template block instead of env {} so we can fetch values from vault
template {
data = <<_EOT
DB_URL={{ with secret "database/creds/immich" }}postgres://{{ .Data.username }}:{{ urlquery .Data.password }}@localhost:5432/immich{{ end }}
LANG=fr_FR.utf8
NODE_OPTIONS=--max-old-space-size={{ env "NOMAD_MEMORY_LIMIT" }}
TZ=Europe/Paris
@ -148,6 +149,15 @@ _EOT
}
template {
data = <<_EOT
DB_URL=postgres://{{ with secret "database/creds/immich" }}{{ .Data.username }}{{ end }}:{{ with secret "database/creds/immich" }}{{ .Data.password }}{{ end }}@127.0.0.1:5432/immich
_EOT
destination = "secrets/.db.env"
perms = 400
env = true
}
volume_mount {
volume = "data"
destination = "/data"
@ -178,12 +188,14 @@ _EOT
pids_limit = 100
}
vault {
policies = ["immich"]
env = false
disable_file = true
}
env {
REDIS_HOSTNAME = "127.0.0.1"
IMMICH_MEDIA_LOCATION = "/data"
@ -193,7 +205,6 @@ _EOT
# Use a template block instead of env {} so we can fetch values from vault
template {
data = <<_EOT
DB_URL={{ with secret "database/creds/immich" }}postgres://{{ .Data.username }}:{{ urlquery .Data.password }}@localhost:5432/immich{{ end }}
LANG=fr_FR.utf8
NODE_OPTIONS=--max-old-space-size={{ env "NOMAD_MEMORY_LIMIT" }}
TZ=Europe/Paris
@ -204,6 +215,15 @@ _EOT
}
template {
data = <<_EOT
DB_URL=postgres://{{ with secret "database/creds/immich" }}{{ .Data.username }}{{ end }}:{{ with secret "database/creds/immich" }}{{ .Data.password }}{{ end }}@127.0.0.1:5432/immich
_EOT
destination = "secrets/.db.env"
perms = 400
env = true
}
volume_mount {
volume = "data"
destination = "/data"

53
immich.nomad.hcl
View File

@ -4,7 +4,7 @@ job [[ .instance | toJSON ]] {
[[ template "common/job_start" . ]]
[[ $c := merge .immich.server . -]]
[[ $c := merge .immich.server .immich . -]]
group "immich" {
@ -44,7 +44,7 @@ job [[ .instance | toJSON ]] {
"[[ $c.traefik.instance ]].http.middlewares.[[ .instance ]]-prefix[[ .consul.suffix ]].stripprefix.prefixes=[[ (urlParse .immich.public_url).Path ]]",
[[- end ]]
[[- $s := merge .immich.server.share . ]]
[[- $s := merge .immich.server.share .immich.server .immich . ]]
# We use a distinct routers for /share so we can apply different middlewares (eg, /share is public while everything else is private)
"[[ $s.traefik.instance ]].http.routers.[[ .instance ]]-share[[ .consul.suffix ]].rule=Host(`[[ (urlParse $c.public_url).Hostname ]]`) && PathPrefix(`[[ (urlParse $c.public_url).Path ]]/share/`)",
"[[ $c.traefik.instance ]].http.routers.[[ .instance ]]-share[[ .consul.suffix ]].entrypoints=[[ join $c.traefik.entrypoints "," ]]",
@ -66,10 +66,9 @@ job [[ .instance | toJSON ]] {
]
}
# Wait for external services to be ready before continuing
[[ template "common/task.wait_for" $c ]]
[[ template "common/task.pgbouncer" $c ]]
[[ $c := merge .immich.server . -]]
# The main immich API server
task "server" {
driver = [[ $c.nomad.driver | toJSON ]]
@ -85,11 +84,7 @@ job [[ .instance | toJSON ]] {
pids_limit = 100
}
vault {
policies = ["[[ .instance ]][[ .consul.suffix ]]"]
env = false
disable_file = true
}
[[ template "common/vault.policies" $c ]]
env {
REDIS_HOSTNAME = "127.0.0.1"
@ -98,6 +93,20 @@ job [[ .instance | toJSON ]] {
[[ template "common/file_env" $c.env ]]
template {
data =<<_EOT
DB_URL=postgres://
[[- if eq $c.postgres.pooler.engine "pgbouncer" -]]
[[ .instance ]]:{{ env "NOMAD_ALLOC_ID" }}@127.0.0.1:6432/[[ $c.postgres.database ]]
[[- else -]]
[[ $c.postgres.user ]]:[[ $c.postgres.password ]]@[[ $c.postgres.host ]]:[[ $c.postgres.port ]]/[[ $c.postgres.database ]]
[[- end ]]
_EOT
destination = "secrets/.db.env"
perms = 400
env = true
}
volume_mount {
volume = "data"
destination = "/data"
@ -107,7 +116,7 @@ job [[ .instance | toJSON ]] {
}
[[ $c := merge .immich.microservices . ]]
[[ $c := merge .immich.microservices .immich . ]]
# microservices is tha task worker, doing all the processing async
task "microservices" {
@ -123,11 +132,7 @@ job [[ .instance | toJSON ]] {
pids_limit = 100
}
vault {
policies = ["[[ .instance ]][[ .consul.suffix ]]"]
env = false
disable_file = true
}
[[ template "common/vault.policies" $c ]]
env {
REDIS_HOSTNAME = "127.0.0.1"
@ -136,6 +141,20 @@ job [[ .instance | toJSON ]] {
[[ template "common/file_env" $c.env ]]
template {
data =<<_EOT
DB_URL=postgres://
[[- if eq $c.postgres.pooler.engine "pgbouncer" -]]
[[ .instance ]]:{{ env "NOMAD_ALLOC_ID" }}@127.0.0.1:6432/[[ $c.postgres.database ]]
[[- else -]]
[[ $c.postgres.user ]]:[[ $c.postgres.password ]]@[[ $c.postgres.host ]]:[[ $c.postgres.port ]]/[[ $c.postgres.database ]]
[[- end ]]
_EOT
destination = "secrets/.db.env"
perms = 400
env = true
}
volume_mount {
volume = "data"
destination = "/data"
@ -149,7 +168,7 @@ job [[ .instance | toJSON ]] {
[[- if .immich.machine_learning.enabled ]]
[[- $c := merge .immich.machine_learning . ]]
[[- $c := merge .immich.machine_learning .immich . ]]
# Used for face recognition, tags etc.
group "machine-learning" {
@ -165,7 +184,7 @@ job [[ .instance | toJSON ]] {
[[ template "common/connect" $c ]]
}
[[ $c := merge .immich.machine_learning . ]]
[[ $c := merge .immich.machine_learning .immich . ]]
task "machine-learning" {
driver = [[ $c.nomad.driver | toJSON ]]
user = 3001

17
variables.yml
View File

@ -8,6 +8,11 @@ immich:
# Immich version
version: v1.92.1
postgres:
database: '[[ .instance ]]'
user: '{{ with secret "[[ .vault.prefix ]]database/creds/[[ .instance ]]" }}{{ .Data.username }}{{ end }}'
password: '{{ with secret "[[ .vault.prefix ]]database/creds/[[ .instance ]]" }}{{ .Data.password }}{{ end }}'
# API server settings
server:
@ -16,9 +21,13 @@ immich:
# Additional env to set ni the container
env:
DB_URL: '{{ with secret "[[ .vault.prefix ]]database/creds/[[ .instance ]]" }}postgres://{{ .Data.username }}:{{ urlquery .Data.password }}@localhost:5432/[[ .instance ]]{{ end }}'
#DB_URL: '{{ with secret "[[ .vault.prefix ]]database/creds/[[ .instance ]]" }}postgres://{{ .Data.username }}:{{ urlquery .Data.password }}@localhost:5432/[[ .instance ]]{{ end }}'
NODE_OPTIONS: --max-old-space-size={{ env "NOMAD_MEMORY_LIMIT" }}
vault:
policies:
- '[[ .instance ]][[ .consul.suffix ]]'
# Resource allocation
resources:
cpu: 300
@ -86,9 +95,13 @@ immich:
# Env vars to set in the container
env:
DB_URL: '{{ with secret "[[ .vault.prefix ]]database/creds/[[ .instance ]]" }}postgres://{{ .Data.username }}:{{ urlquery .Data.password }}@localhost:5432/[[ .instance ]]{{ end }}'
#DB_URL: '{{ with secret "[[ .vault.prefix ]]database/creds/[[ .instance ]]" }}postgres://{{ .Data.username }}:{{ urlquery .Data.password }}@localhost:5432/[[ .instance ]]{{ end }}'
NODE_OPTIONS: --max-old-space-size={{ env "NOMAD_MEMORY_LIMIT" }}
vault:
policies:
- '[[ .instance ]][[ .consul.suffix ]]'
# Resource allocation
resources:
cpu: 500