nomad
/
immich
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Start working on immich (still WIP)

This commit is contained in:
Daniel Berteaud 2023-11-25 22:04:47 +01:00
parent 782e479552
commit acca7358f1
6 changed files with 273 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
bundles.yml Normal file
View File

@ -0,0 +1,4 @@
---
dependencies:
- url: ../common.git

146
immich.nomad.hcl Normal file
View File

@ -0,0 +1,146 @@
[[ $c := merge .immich . -]]
job [[ .immich.instance | toJSON ]] {
[[ template "common/job_start.tpl" . ]]
[[ $c := merge .immich.server . -]]
group "immich" {
network {
mode = "bridge"
}
volume "data" {
type = [[ .immich.volumes.data.type | toJSON ]]
source = [[ .immich.volumes.data.source | toJSON ]]
[[- if ne .immich.volumes.data.type "host" ]]
access_mode = "single-node-writer"
attachment_mode = "file-system"
[[- end ]]
}
# volume "ml" {
# type = [[ .immich.volumes.ml.type | toJSON ]]
# source = [[ .immich.volumes.ml.source | toJSON ]]
#[[- if ne .immich.volumes.ml.type "host" ]]
# access_mode = "single-node-writer"
# attachment_mode = "file-system"
#[[- end ]]
# }
# volume "typesense" {
# type = [[ .immich.volumes.typesense.type | toJSON ]]
# source = [[ .immich.volumes.typesense.source | toJSON ]]
#[[- if ne .immich.volumes.typesense.type "host" ]]
# access_mode = "single-node-writer"
# attachment_mode = "file-system"
#[[- end ]]
# }
service {
name = "[[ .immich.instance ]][[ .consul.suffix ]]"
port = 8080
[[ template "common/connect.tpl" $c ]]
tags = [
"[[ $c.traefik.instance ]].enable=[[ $c.traefik.enabled ]]"
]
}
[[ $c := merge .immich.server . -]]
task "server" {
driver = [[ $c.nomad.driver | toJSON ]]
leader = true
config {
image = [[ $c.image | toJSON ]]
#readonly_rootfs = true
command = "start.sh"
args = ["immich"]
}
vault {
policies = ["[[ .immich.instance ]][[ .consul.suffix ]]"]
env = false
disable_file = true
}
env {
REDIS_HOSTNAME = "localhost"
TYPESENSE_HOST = "localhost"
IMMICH_MEDIA_LOCATION = "/data"
TYPESENSE_ENABLED = "false"
}
[[ template "common/file_env.tpl" $c.env ]]
volume_mount {
volume = "data"
destination = "/data"
}
[[ template "common/resources.tpl" $c.resources ]]
}
[[ $c := merge .immich.microservices . ]]
task "microservices" {
driver = [[ $c.nomad.driver | toJSON ]]
config {
image = [[ $c.image | toJSON ]]
#readonly_rootfs = true
command = "start.sh"
args = ["microservices"]
}
vault {
policies = ["[[ .immich.instance ]][[ .consul.suffix ]]"]
env = false
disable_file = true
}
env {
REDIS_HOSTNAME = "localhost"
TYPESENSE_HOST = "localhost"
IMMICH_MEDIA_LOCATION = "/data"
TYPESENSE_ENABLED = "false"
}
[[ template "common/file_env.tpl" $c.env ]]
volume_mount {
volume = "data"
destination = "/data"
}
[[ template "common/resources.tpl" $c.resources ]]
}
#[[ $c := merge .immich.machine_learning . ]]
# task "machine-learning" {
# driver = [[ $c.nomad.driver | toJSON ]]
#
# config {
# image = [[ $c.image | toJSON ]]
# readonly_rootfs = true
# }
#
# env {
# MACHINE_LEARNING_HOST = "127.0.0.1"
# }
#
#
# volume_mount {
# volume = "ml"
# destination = "/cache"
# }
#
# }
[[ template "common/task.redis.tpl" ]]
}
}

8
init/vault-database Executable file
View File

@ -0,0 +1,8 @@
#!/bin/sh
set -euo pipefail
[[- template "common/vault.mkpgrole.sh.tpl"
dict "ctx" .
"config" (dict "role" .immich.instance "database" "postgres")
]]

31
templates/nginx.conf.tpl Normal file
View File

@ -0,0 +1,31 @@
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server {
listen 127.0.0.1:3005;
server_name _;
server_tokens off;
root /usr/share/html;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header Host $host;
proxy_socket_keepalive on;
client_max_body_size 100m;
set_real_ip_from 127.0.0.1;
real_ip_header X-Forwarded-For;
real_ip_recursive on;
# Inform endpoint
location ~ ^/(inform|dl/firmware-cached).* {
if ($request_method !~ ^(GET|HEAD|POST)$ ) {
return 405;
}
proxy_pass http://localhost:8080;
}
}

81
variables.yml Normal file
View File

@ -0,0 +1,81 @@
---
immich:
instance: immich
version: v1.88.2
server:
image: ghcr.io/immich-app/immich-server:[[ .immich.version ]]
env:
DB_URL: '{{ with secret "[[ .vault.prefix ]]database/creds/[[ .immich.instance ]]" }}postgres://{{ .Data.username }}:{{ urlquery .Data.password }}@localhost:5432/[[ .immich.instance ]]{{ end }}'
resources:
cpu: 200
memory: 256
wait_for:
- service: master.[[ .consul.suffix ]]
consul:
connect:
upstreams:
- destination_name: postgres[[ .consul.suffix ]]
local_bind_port: 5432
traefik:
enabled: true
microservices:
image: ghcr.io/immich-app/immich-server:[[ .immich.version ]]
env:
DB_URL: '{{ with secret "[[ .vault.prefix ]]database/creds/[[ .immich.instance ]]" }}postgres://{{ .Data.username }}:{{ urlquery .Data.password }}@localhost:5432/[[ .immich.instance ]]{{ end }}'
resources:
cpu: 300
memory: 768
machine_learning:
image: ghcr.io/immich-app/immich-machine-learning:[[ .immich.version ]]
env: {}
resources:
cpu: 100
memory: 256
web:
image: ghcr.io/immich-app/immich-web:[[ .immich.version ]]
env: {}
resources:
cpu: 50
memory: 128
typesense:
image: typesense/typesense:latest
env: {}
resources:
cpu: 100
memory: 256
volumes:
data:
type: csi
source: '[[ .immich.instance ]]-data'
ml:
type: csi
source: '[[ .immich.instance ]]-ml'
typesense:
type: csi
source: '[[ .immich.instance ]]-typesense'

3
vault/policies/immich.hcl Normal file
View File

@ -0,0 +1,3 @@
path "[[ .vault.prefix ]]database/creds/[[ .immich.instance ]]" {
capabilities = ["read"]
}