From 073127fcc069ffd7f66bf265e8e333d95e9c4334 Mon Sep 17 00:00:00 2001
From: Jef Roosens <roosensjef@gmail.com>
Date: Sun, 15 Feb 2026 22:59:33 +0100
Subject: [PATCH] any.software.immich-podman: add role

---
 plays/emma.yml                                | 24 ++++++++++++++
 .../files/immich-redis.container              |  8 +++++
 .../files/immich.Caddyfile                    |  5 +++
 .../files/immich.pod                          |  3 ++
 .../handlers/main.yml                         |  8 +++++
 .../any.software.immich-podman/meta/main.yml  |  4 +++
 .../any.software.immich-podman/tasks/main.yml | 33 +++++++++++++++++++
 .../templates/immich-app.container.j2         | 21 ++++++++++++
 .../templates/immich-postgres.container.j2    | 17 ++++++++++
 9 files changed, 123 insertions(+)
 create mode 100644 roles/any.software.immich-podman/files/immich-redis.container
 create mode 100644 roles/any.software.immich-podman/files/immich.Caddyfile
 create mode 100644 roles/any.software.immich-podman/files/immich.pod
 create mode 100644 roles/any.software.immich-podman/handlers/main.yml
 create mode 100644 roles/any.software.immich-podman/meta/main.yml
 create mode 100644 roles/any.software.immich-podman/tasks/main.yml
 create mode 100644 roles/any.software.immich-podman/templates/immich-app.container.j2
 create mode 100644 roles/any.software.immich-podman/templates/immich-postgres.container.j2

diff --git a/plays/emma.yml b/plays/emma.yml
index 66f5393..dd7fb3a 100644
--- a/plays/emma.yml
+++ b/plays/emma.yml
@@ -229,3 +229,27 @@
     - role: any.software.recipya-podman
       vars:
         data_dir: '/data/recipya/data'
+
+- name: Set up Immich
+  hosts: emma
+  tags: immich
+  roles:
+    - role: any.common.btrfs-subvolumes
+      vars:
+        subvolumes:
+          - filesystem_uuid: "{{ btrfs_nvme.uuid }}"
+            filesystem_path: "{{ btrfs_nvme.path }}"
+            name: "/@rootfs/data/immich/postgres"
+          - filesystem_uuid: "{{ btrfs_raid.uuid }}"
+            filesystem_path: "{{ btrfs_raid.path }}"
+            name: "/photos/immich-upload"
+      become: true
+    - role: any.software.immich-podman
+      vars:
+        immich_postgres_dir: '/data/immich/postgres'
+        immich_upload_dir: '/mnt/data1/photos/immich-upload'
+        immich_libraries:
+          - path: '/mnt/data1/photos/jef'
+            name: 'jef'
+          - path: '/mnt/data1/photos/lambroek'
+            name: 'lambroek'
diff --git a/roles/any.software.immich-podman/files/immich-redis.container b/roles/any.software.immich-podman/files/immich-redis.container
new file mode 100644
index 0000000..0e0a8e8
--- /dev/null
+++ b/roles/any.software.immich-podman/files/immich-redis.container
@@ -0,0 +1,8 @@
+# vim: ft=systemd
+[Container]
+HealthCmd=redis-cli ping || exit 1
+Image=docker.io/valkey/valkey:9@sha256:546304417feac0874c3dd576e0952c6bb8f06bb4093ea0c9ca303c73cf458f63
+Pod=immich.pod
+
+[Service]
+Restart=always
diff --git a/roles/any.software.immich-podman/files/immich.Caddyfile b/roles/any.software.immich-podman/files/immich.Caddyfile
new file mode 100644
index 0000000..bf4b0dc
--- /dev/null
+++ b/roles/any.software.immich-podman/files/immich.Caddyfile
@@ -0,0 +1,5 @@
+photos.roosens.me {
+    reverse_proxy localhost:8024 {
+        header_down +X-Robots-Tag "none"
+    }
+}
diff --git a/roles/any.software.immich-podman/files/immich.pod b/roles/any.software.immich-podman/files/immich.pod
new file mode 100644
index 0000000..3ef0c86
--- /dev/null
+++ b/roles/any.software.immich-podman/files/immich.pod
@@ -0,0 +1,3 @@
+# vim: ft=systemd
+[Pod]
+PublishPort=127.0.0.1:8024:2283
diff --git a/roles/any.software.immich-podman/handlers/main.yml b/roles/any.software.immich-podman/handlers/main.yml
new file mode 100644
index 0000000..c9814e0
--- /dev/null
+++ b/roles/any.software.immich-podman/handlers/main.yml
@@ -0,0 +1,8 @@
+---
+- name: 'restart immich'
+  ansible.builtin.systemd_service:
+    name: 'immich-server'
+    state: 'restarted'
+
+    scope: 'user'
+    daemon_reload: true
diff --git a/roles/any.software.immich-podman/meta/main.yml b/roles/any.software.immich-podman/meta/main.yml
new file mode 100644
index 0000000..32c83bc
--- /dev/null
+++ b/roles/any.software.immich-podman/meta/main.yml
@@ -0,0 +1,4 @@
+---
+dependencies:
+  - role: any.tools.caddy
+    become: true
diff --git a/roles/any.software.immich-podman/tasks/main.yml b/roles/any.software.immich-podman/tasks/main.yml
new file mode 100644
index 0000000..1a4c6e0
--- /dev/null
+++ b/roles/any.software.immich-podman/tasks/main.yml
@@ -0,0 +1,33 @@
+- name: Ensure Quadlet files are present
+  ansible.builtin.template:
+    src: "{{ item }}.j2"
+    dest: "/home/debian/.config/containers/systemd/{{ item }}"
+    mode: '0755'
+    owner: 'debian'
+    group: 'debian'
+  loop:
+    - 'immich-app.container'
+    - 'immich-postgres.container'
+  # notify: 'restart immich'
+
+- name: Ensure Quadlet files are present
+  ansible.builtin.copy:
+    src: "{{ item }}"
+    dest: "/home/debian/.config/containers/systemd/{{ item }}"
+    mode: '0755'
+    owner: 'debian'
+    group: 'debian'
+  loop:
+    - 'immich-redis.container'
+    - 'immich.pod'
+  # notify: 'restart immich'
+
+- name: Ensure Caddyfile is present
+  ansible.builtin.copy:
+    src: 'immich.Caddyfile'
+    dest: '/etc/caddy/immich.Caddyfile'
+    owner: root
+    group: root
+    mode: '0644'
+  become: true
+  # notify: 'reload caddy'
diff --git a/roles/any.software.immich-podman/templates/immich-app.container.j2 b/roles/any.software.immich-podman/templates/immich-app.container.j2
new file mode 100644
index 0000000..f182e56
--- /dev/null
+++ b/roles/any.software.immich-podman/templates/immich-app.container.j2
@@ -0,0 +1,21 @@
+# vim: ft=systemd
+[Unit]
+Requires=immich-redis.service immich-postgres.service
+After=immich-redis.service immich-postgres.service
+
+[Container]
+Environment=IMMICH_VERSION=v2.5.6 DB_HOSTNAME=localhost DB_DATABASE_NAME=immich DB_USERNAME=immich DB_PASSWORD=immich REDIS_HOSTNAME=localhost
+Image=ghcr.io/immich-app/immich-server:v2.5.6
+Pod=immich.pod
+
+Volume={{ immich_upload_dir }}:/data
+Volume=/etc/localtime:/etc/localtime:ro
+
+{% for library in immich_libraries %}
+Volume={{ library.path }}:/mnt/libraries/{{ library.name }}
+{% endfor %}
+
+User=0
+
+[Service]
+Restart=always
diff --git a/roles/any.software.immich-podman/templates/immich-postgres.container.j2 b/roles/any.software.immich-podman/templates/immich-postgres.container.j2
new file mode 100644
index 0000000..eacf444
--- /dev/null
+++ b/roles/any.software.immich-podman/templates/immich-postgres.container.j2
@@ -0,0 +1,17 @@
+# vim: ft=systemd
+[Container]
+Environment=POSTGRES_PASSWORD=immich POSTGRES_USER=immich POSTGRES_DB=immich POSTGRES_INITDB_ARGS=--data-checksums
+Image=ghcr.io/immich-app/postgres:14-vectorchord0.4.3-pgvectors0.2.0@sha256:bcf63357191b76a916ae5eb93464d65c07511da41e3bf7a8416db519b40b1c23
+Pod=immich.pod
+ShmSize=128mb
+
+Notify=healthy
+Volume={{ immich_postgres_dir }}:/var/lib/postgresql/data
+
+Environment=POSTGRES_USER=immich POSTGRES_PASSWORD=immich POSTGRES_DB=immich
+HealthCmd=["pg_isready","-U","immich"]
+HealthInterval=10s
+HealthStartPeriod=30s
+
+[Service]
+Restart=always