Add immich-sync ansible role for photo library sync (#63)

## Summary - Add `immich_sync` role that syncs macOS Photos Library to Immich - Uses osxphotos to export photos with metadata to staging directory - Uses immich-cli (via Docker) to upload to Immich server - LaunchAgent schedules hourly syncs following mcquack pattern - API key fetched from 1Password in playbook pre_tasks ## Architecture ``` Photos Library → osxphotos export → ~/Pictures/immich-export/ → immich-cli upload → Immich ``` ## Prerequisites (manual) - Install osxphotos on indri: Add `"pipx:osxphotos" = "latest"` to `~/.config/mise/config.toml`, run `mise install` - Docker is already installed on indri ## Deployment and Testing - [ ] Dry run: `mise run provision-indri -- --tags immich_sync --check --diff` - [ ] Deploy: `mise run provision-indri -- --tags immich_sync` - [ ] Verify LaunchAgent: `ssh indri 'launchctl list | grep immich'` - [ ] Test manual sync: `ssh indri '~/bin/immich-sync.sh'` - [ ] Check logs: `ssh indri 'tail -50 ~/Library/Logs/mcquack.immich-sync.out.log'` - [ ] Verify photos in Immich at https://photos.ops.eblu.me 🤖 Generated with [Claude Code](https://claude.com/claude-code) Reviewed-on: https://forge.ops.eblu.me/eblume/blumeops/pulls/63
2026-01-26 12:38:38 -08:00 · 2026-01-26 12:38:38 -08:00 · 54945be0e3
commit 54945be0e3
parent 8621996343
6 changed files with 280 additions and 0 deletions
--- a/ansible/playbooks/indri.yml
+++ b/ansible/playbooks/indri.yml
@ -78,6 +78,23 @@
      no_log: true
      tags: [caddy]

+    # Immich API key for photo sync
+    - name: Fetch Immich API key
+      ansible.builtin.command:
+        cmd: op --vault vg6xf6vvfmoh5hqjjhlhbeoaie item get ifcuzuceejqcjx7k7zd2gdsjem --fields api_key --reveal
+      delegate_to: localhost
+      register: _immich_api_key
+      changed_when: false
+      no_log: true
+      check_mode: false
+      tags: [immich_sync]
+
+    - name: Set Immich API key fact
+      ansible.builtin.set_fact:
+        immich_sync_api_key: "{{ _immich_api_key.stdout }}"
+      no_log: true
+      tags: [immich_sync]
+
  roles:
    - role: alloy
      tags: alloy
@ -99,3 +116,5 @@
      tags: plex_metrics
    - role: caddy
      tags: caddy
+    - role: immich_sync
+      tags: immich_sync