diff --git a/roles/any.software.immich-podman/defaults/main.yml b/roles/any.software.immich-podman/defaults/main.yml new file mode 100644 index 0000000..a849ca4 --- /dev/null +++ b/roles/any.software.immich-podman/defaults/main.yml @@ -0,0 +1,16 @@ +# Immich version to deploy, used across all container images +immich_version: "v2.5.6" + +# Hardware acceleration backend for the machine learning container. +# Supported values: intel, nvidia +immich_hw_accel: "intel" + +# Port the machine learning container listens on, published to host loopback. +immich_ml_port: 3003 + +# URL the immich server uses to reach the machine learning container. +# Since the ML container runs as a system (root) container with Network=host, +# it binds directly to the host network. From within the rootless pod, this +# address may need to be the host's LAN IP or bridge IP rather than 127.0.0.1 +# depending on the rootless network backend in use (pasta/slirp4netns). +immich_ml_url: "http://127.0.0.1:3003" diff --git a/roles/any.software.immich-podman/handlers/main.yml b/roles/any.software.immich-podman/handlers/main.yml index c9814e0..ef52207 100644 --- a/roles/any.software.immich-podman/handlers/main.yml +++ b/roles/any.software.immich-podman/handlers/main.yml @@ -1,8 +1,19 @@ --- -- name: 'restart immich' +- name: restart immich ansible.builtin.systemd_service: - name: 'immich-server' - state: 'restarted' - - scope: 'user' + name: immich-app + state: restarted + scope: user daemon_reload: true + +- name: restart immich-ml + ansible.builtin.systemd_service: + name: immich-ml + state: restarted + daemon_reload: true + become: true + +- name: reload caddy + ansible.builtin.systemd_service: + name: caddy + state: reloaded diff --git a/roles/any.software.immich-podman/tasks/main.yml b/roles/any.software.immich-podman/tasks/main.yml index 1a4c6e0..28ad95c 100644 --- a/roles/any.software.immich-podman/tasks/main.yml +++ b/roles/any.software.immich-podman/tasks/main.yml @@ -1,33 +1,66 @@ -- name: Ensure Quadlet files are present - ansible.builtin.template: - src: "{{ item }}.j2" - dest: "/home/debian/.config/containers/systemd/{{ item }}" - mode: '0755' - owner: 'debian' - group: 'debian' +- name: Ensure immich directories have correct permissions + ansible.builtin.file: + path: "{{ item }}" + state: directory + mode: "0755" + owner: "debian" + group: "debian" + become: true loop: - - 'immich-app.container' - - 'immich-postgres.container' - # notify: 'restart immich' + - "{{ immich_upload_dir }}" + - "{{ immich_postgres_dir }}" -- name: Ensure Quadlet files are present - ansible.builtin.copy: - src: "{{ item }}" - dest: "/home/debian/.config/containers/systemd/{{ item }}" - mode: '0755' - owner: 'debian' - group: 'debian' - loop: - - 'immich-redis.container' - - 'immich.pod' - # notify: 'restart immich' - -- name: Ensure Caddyfile is present - ansible.builtin.copy: - src: 'immich.Caddyfile' - dest: '/etc/caddy/immich.Caddyfile' +- name: Ensure system Quadlet directory is present + ansible.builtin.file: + path: /etc/containers/systemd + state: directory owner: root group: root - mode: '0644' + mode: "0755" become: true - # notify: 'reload caddy' + +- name: Ensure ML container system Quadlet is present + ansible.builtin.template: + src: immich-ml.container.j2 + dest: /etc/containers/systemd/immich-ml.container + owner: root + group: root + mode: "0644" + become: true + notify: restart immich-ml + +# - name: Ensure user Quadlet files are present (templates) +# ansible.builtin.template: +# src: "{{ item }}.j2" +# dest: "/home/debian/.config/containers/systemd/{{ item }}" +# mode: "0644" +# owner: "debian" +# group: "debian" +# become: true +# loop: +# - immich-app.container +# - immich-postgres.container +# notify: restart immich + +# - name: Ensure user Quadlet files are present (static) +# ansible.builtin.copy: +# src: "{{ item }}" +# dest: "/home/debian/.config/containers/systemd/{{ item }}" +# mode: "0644" +# owner: "debian" +# group: "debian" +# become: true +# loop: +# - immich-redis.container +# - immich.pod +# notify: restart immich + +# - name: Ensure Caddyfile is present +# ansible.builtin.copy: +# src: immich.Caddyfile +# dest: /etc/caddy/immich.Caddyfile +# owner: root +# group: root +# mode: "0644" +# become: true +# notify: reload caddy diff --git a/roles/any.software.immich-podman/templates/immich-app.container.j2 b/roles/any.software.immich-podman/templates/immich-app.container.j2 index f182e56..68020c6 100644 --- a/roles/any.software.immich-podman/templates/immich-app.container.j2 +++ b/roles/any.software.immich-podman/templates/immich-app.container.j2 @@ -4,7 +4,7 @@ Requires=immich-redis.service immich-postgres.service After=immich-redis.service immich-postgres.service [Container] -Environment=IMMICH_VERSION=v2.5.6 DB_HOSTNAME=localhost DB_DATABASE_NAME=immich DB_USERNAME=immich DB_PASSWORD=immich REDIS_HOSTNAME=localhost +Environment=IMMICH_VERSION=v2.5.6 DB_HOSTNAME=localhost DB_DATABASE_NAME=immich DB_USERNAME=immich DB_PASSWORD=immich REDIS_HOSTNAME=localhost MACHINE_LEARNING_URL={{ immich_ml_url }} Image=ghcr.io/immich-app/immich-server:v2.5.6 Pod=immich.pod diff --git a/roles/any.software.immich-podman/templates/immich-ml.container.j2 b/roles/any.software.immich-podman/templates/immich-ml.container.j2 new file mode 100644 index 0000000..3d79f11 --- /dev/null +++ b/roles/any.software.immich-podman/templates/immich-ml.container.j2 @@ -0,0 +1,36 @@ +# vim: ft=systemd +[Unit] +Description=Immich machine learning container +After=network.target + +[Container] +Environment=IMMICH_VERSION={{ immich_version }} +{% if immich_hw_accel == 'nvidia' %} +Image=ghcr.io/immich-app/immich-machine-learning:{{ immich_version }}-cuda +{% elif immich_hw_accel == 'intel' %} +Image=ghcr.io/immich-app/immich-machine-learning:{{ immich_version }}-openvino +{% else %} +Image=ghcr.io/immich-app/immich-machine-learning:{{ immich_version }} +{% endif %} + +Volume={{ immich_model_cache_dir }}:/cache + +{% if immich_hw_accel == 'nvidia' %} +# Nvidia GPU access via CDI - requires nvidia-container-toolkit with CDI configured: +# nvidia-ctk cdi generate --output=/etc/cdi/nvidia.yaml +AddDevice=nvidia.com/gpu=all +{% elif immich_hw_accel == 'intel' %} +# Intel GPU and OpenVINO device access +AddDevice=/dev/dri +Volume=/dev/bus/usb:/dev/bus/usb +{% endif %} + +PublishPort=0.0.0.0:8028:3003 + +User=0 + +[Service] +Restart=always + +[Install] +WantedBy=default.target