set up immich to work with nvidia gpu

roles/any.software.immich-podman/defaults/main.yml

@@ -0,0 +1,16 @@
+# Immich version to deploy, used across all container images
+immich_version: "v2.5.6"
+
+# Hardware acceleration backend for the machine learning container.
+# Supported values: intel, nvidia
+immich_hw_accel: "intel"
+
+# Port the machine learning container listens on, published to host loopback.
+immich_ml_port: 3003
+
+# URL the immich server uses to reach the machine learning container.
+# Since the ML container runs as a system (root) container with Network=host,
+# it binds directly to the host network. From within the rootless pod, this
+# address may need to be the host's LAN IP or bridge IP rather than 127.0.0.1
+# depending on the rootless network backend in use (pasta/slirp4netns).
+immich_ml_url: "http://127.0.0.1:3003"

roles/any.software.immich-podman/handlers/main.yml

@@ -1,8 +1,19 @@
 ---
-- name: 'restart immich'
+- name: restart immich
   ansible.builtin.systemd_service:
-    name: 'immich-server'
+    name: immich-app
-    state: 'restarted'
+    state: restarted
-
+    scope: user
-    scope: 'user'
     daemon_reload: true
+
+- name: restart immich-ml
+  ansible.builtin.systemd_service:
+    name: immich-ml
+    state: restarted
+    daemon_reload: true
+  become: true
+
+- name: reload caddy
+  ansible.builtin.systemd_service:
+    name: caddy
+    state: reloaded

roles/any.software.immich-podman/tasks/main.yml

@@ -1,33 +1,66 @@
-- name: Ensure Quadlet files are present
+- name: Ensure immich directories have correct permissions
-  ansible.builtin.template:
+  ansible.builtin.file:
-    src: "{{ item }}.j2"
+    path: "{{ item }}"
-    dest: "/home/debian/.config/containers/systemd/{{ item }}"
+    state: directory
-    mode: '0755'
+    mode: "0755"
-    owner: 'debian'
+    owner: "debian"
-    group: 'debian'
+    group: "debian"
+  become: true
   loop:
-    - 'immich-app.container'
+    - "{{ immich_upload_dir }}"
-    - 'immich-postgres.container'
+    - "{{ immich_postgres_dir }}"
-  # notify: 'restart immich'
 
-- name: Ensure Quadlet files are present
+- name: Ensure system Quadlet directory is present
-  ansible.builtin.copy:
+  ansible.builtin.file:
-    src: "{{ item }}"
+    path: /etc/containers/systemd
-    dest: "/home/debian/.config/containers/systemd/{{ item }}"
+    state: directory
-    mode: '0755'
-    owner: 'debian'
-    group: 'debian'
-  loop:
-    - 'immich-redis.container'
-    - 'immich.pod'
-  # notify: 'restart immich'
-
-- name: Ensure Caddyfile is present
-  ansible.builtin.copy:
-    src: 'immich.Caddyfile'
-    dest: '/etc/caddy/immich.Caddyfile'
     owner: root
     group: root
-    mode: '0644'
+    mode: "0755"
   become: true
-  # notify: 'reload caddy'
+
+- name: Ensure ML container system Quadlet is present
+  ansible.builtin.template:
+    src: immich-ml.container.j2
+    dest: /etc/containers/systemd/immich-ml.container
+    owner: root
+    group: root
+    mode: "0644"
+  become: true
+  notify: restart immich-ml
+
+# - name: Ensure user Quadlet files are present (templates)
+#   ansible.builtin.template:
+#     src: "{{ item }}.j2"
+#     dest: "/home/debian/.config/containers/systemd/{{ item }}"
+#     mode: "0644"
+#     owner: "debian"
+#     group: "debian"
+#   become: true
+#   loop:
+#     - immich-app.container
+#     - immich-postgres.container
+#   notify: restart immich
+
+# - name: Ensure user Quadlet files are present (static)
+#   ansible.builtin.copy:
+#     src: "{{ item }}"
+#     dest: "/home/debian/.config/containers/systemd/{{ item }}"
+#     mode: "0644"
+#     owner: "debian"
+#     group: "debian"
+#   become: true
+#   loop:
+#     - immich-redis.container
+#     - immich.pod
+#   notify: restart immich
+
+# - name: Ensure Caddyfile is present
+#   ansible.builtin.copy:
+#     src: immich.Caddyfile
+#     dest: /etc/caddy/immich.Caddyfile
+#     owner: root
+#     group: root
+#     mode: "0644"
+#   become: true
+#   notify: reload caddy

roles/any.software.immich-podman/templates/immich-app.container.j2

@@ -4,7 +4,7 @@ Requires=immich-redis.service immich-postgres.service
 After=immich-redis.service immich-postgres.service
 
 [Container]
-Environment=IMMICH_VERSION=v2.5.6 DB_HOSTNAME=localhost DB_DATABASE_NAME=immich DB_USERNAME=immich DB_PASSWORD=immich REDIS_HOSTNAME=localhost
+Environment=IMMICH_VERSION=v2.5.6 DB_HOSTNAME=localhost DB_DATABASE_NAME=immich DB_USERNAME=immich DB_PASSWORD=immich REDIS_HOSTNAME=localhost MACHINE_LEARNING_URL={{ immich_ml_url }}
 Image=ghcr.io/immich-app/immich-server:v2.5.6
 Pod=immich.pod
 

roles/any.software.immich-podman/templates/immich-ml.container.j2

@@ -0,0 +1,36 @@
+# vim: ft=systemd
+[Unit]
+Description=Immich machine learning container
+After=network.target
+
+[Container]
+Environment=IMMICH_VERSION={{ immich_version }}
+{% if immich_hw_accel == 'nvidia' %}
+Image=ghcr.io/immich-app/immich-machine-learning:{{ immich_version }}-cuda
+{% elif immich_hw_accel == 'intel' %}
+Image=ghcr.io/immich-app/immich-machine-learning:{{ immich_version }}-openvino
+{% else %}
+Image=ghcr.io/immich-app/immich-machine-learning:{{ immich_version }}
+{% endif %}
+
+Volume={{ immich_model_cache_dir }}:/cache
+
+{% if immich_hw_accel == 'nvidia' %}
+# Nvidia GPU access via CDI - requires nvidia-container-toolkit with CDI configured:
+#   nvidia-ctk cdi generate --output=/etc/cdi/nvidia.yaml
+AddDevice=nvidia.com/gpu=all
+{% elif immich_hw_accel == 'intel' %}
+# Intel GPU and OpenVINO device access
+AddDevice=/dev/dri
+Volume=/dev/bus/usb:/dev/bus/usb
+{% endif %}
+
+PublishPort=0.0.0.0:8028:3003
+
+User=0
+
+[Service]
+Restart=always
+
+[Install]
+WantedBy=default.target