immich

bootstrap/helmrepositories/helmrepository-immich.yaml

@@ -0,0 +1,8 @@
+apiVersion: source.toolkit.fluxcd.io/v1beta2
+kind: HelmRepository
+metadata:
+  name: immich
+  namespace: flux-system
+spec:
+  interval: 15m
+  url: https://immich-app.github.io/immich-charts

bootstrap/kustomizations/kustomization-immich.yaml

@@ -0,0 +1,18 @@
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: immich
+  namespace: flux-system
+spec:
+  interval: 15m
+  path: ./immich
+  prune: true # remove any elements later removed from the above path
+  timeout: 2m # if not set, this defaults to interval duration, which is 1h
+  sourceRef:
+    kind: GitRepository
+    name: flux-system
+  healthChecks:
+    - apiVersion: helm.toolkit.fluxcd.io/v2beta1
+      kind: HelmRelease
+      name: immich
+      namespace: immich

bootstrap/namespaces/namespace-immich.yaml

@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: immich

immich/dns-endpoint.yaml

@@ -0,0 +1,12 @@
+apiVersion: externaldns.k8s.io/v1alpha1
+kind: DNSEndpoint
+metadata:
+  name: immich.michaelthomson.dev
+  namespace: immich
+spec:
+  endpoints:
+  - dnsName: immich.michaelthomson.dev
+    recordTTL: 180
+    recordType: CNAME
+    targets:
+    - server.michaelthomson.dev

immich/helmrelease-immich.yaml

@@ -0,0 +1,116 @@
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+  name: immich
+  namespace: immich
+spec:
+  chart:
+    spec:
+      chart: immich
+      version: 0.3.x
+      sourceRef:
+        kind: HelmRepository
+        name: immich
+        namespace: flux-system
+  interval: 15m
+  timeout: 5m
+  releaseName: immich
+  values:
+    ## This chart relies on the common library chart from bjw-s
+    ## You can find it at https://github.com/bjw-s/helm-charts/tree/main/charts/library/common
+    ## Refer there for more detail about the supported values
+
+    # These entries are shared between all the Immich components
+
+    env:
+      REDIS_HOSTNAME: '{{ printf "%s-redis-master" .Release.Name }}'
+      DB_HOSTNAME: "{{ .Release.Name }}-postgresql"
+      DB_USERNAME: "{{ .Values.postgresql.global.postgresql.auth.username }}"
+      DB_DATABASE_NAME: "{{ .Values.postgresql.global.postgresql.auth.database }}"
+      # -- You should provide your own secret outside of this helm-chart and use `postgresql.global.postgresql.auth.existingSecret` to provide credentials to the postgresql instance
+      DB_PASSWORD: "{{ .Values.postgresql.global.postgresql.auth.password }}"
+      IMMICH_MACHINE_LEARNING_URL: '{{ printf "http://%s-machine-learning:3003" .Release.Name }}'
+
+    image:
+      tag: v1.91.4
+
+    immich:
+      persistence:
+        # Main data store for all photos shared between different components.
+        library:
+          # Automatically creating the library volume is not supported by this chart
+          # You have to specify an existing PVC to use
+          existingClaim: immich-data
+
+    # Dependencies
+
+    postgresql:
+      enabled: true
+      image:
+        repository: tensorchord/pgvecto-rs
+        tag: pg14-v0.1.11
+      global:
+        postgresql:
+          auth:
+            username: immich
+            database: immich
+            password: immich
+      primary:
+        initdb:
+          scripts:
+            create-extensions.sql: |
+              CREATE EXTENSION cube;
+              CREATE EXTENSION earthdistance;
+              CREATE EXTENSION vectors;
+
+    redis:
+      enabled: true
+      architecture: standalone
+      auth:
+        enabled: false
+
+    # Immich components
+
+    server:
+      enabled: true
+      image:
+        repository: ghcr.io/immich-app/immich-server
+        pullPolicy: IfNotPresent
+      
+      ingress:
+        main:
+          enabled: true
+          annotations:
+            traefik.ingress.kubernetes.io/router.entrypoints: websecure
+            # traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd
+            traefik.ingress.kubernetes.io/router.tls: "true"
+          hosts:
+            - host: immich.michaelthomson.dev
+              paths:
+                - path: "/"
+          tls:
+            - hosts:
+                - immich.michaelthomson.dev
+              secretName: letsencrypt-wildcard-cert-michaelthomson.dev
+
+    microservices:
+      enabled: true
+      image:
+        repository: ghcr.io/immich-app/immich-server
+        pullPolicy: IfNotPresent
+
+    machine-learning:
+      enabled: false
+      image:
+        repository: ghcr.io/immich-app/immich-machine-learning
+        pullPolicy: IfNotPresent
+      env:
+        TRANSFORMERS_CACHE: /cache
+      persistence:
+        cache:
+          enabled: true
+          size: 10Gi
+          # Optional: Set this to pvc to avoid downloading the ML models every start.
+          type: emptyDir
+          accessMode: ReadWriteMany
+          # storageClass: your-class

immich/pvc-data.yaml

@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: immich-data
+  namespace: immich
+spec:
+  accessModes:
+    - ReadWriteOnce
+  storageClassName: nfs-client
+  resources:
+    requests:
+      storage: 1Ti