# Immich

Self-hosted photo and video management solution with AI-powered search and face recognition.

## Prerequisites

1. **NFS Share**: Create `/volume1/photos` on sifaka with NFS permissions for indri
2. **PostgreSQL**: The `immich-pg` cluster (with pgvecto.rs) must be healthy
3. **Secrets**: Create the database password secret

## Deployment Order

1. Sync `blumeops-pg` (to get CloudNativePG operator if not already running)
2. Wait for `immich-pg` cluster to be healthy
3. Create secrets (see below)
4. Sync `immich` (deploys all resources: storage, services, deployments)
5. Run `mise run provision-indri -- --tags caddy` to update Caddy config

## Components

| Component | Deployment | Service | Port |
|-----------|------------|---------|------|
| Server (web/API) | `immich-server` | `immich-server` | 2283 |
| Machine Learning | `immich-machine-learning` | `immich-machine-learning` | 3003 |
| Valkey (Redis) | `immich-valkey` | `immich-valkey` | 6379 |

## Secret Setup

The `immich-db` secret contains the database password, which is auto-generated by CloudNativePG
in the `immich-pg-app` secret. To create or regenerate the secret:

```bash
# Create namespace if needed
kubectl --context=minikube-indri create namespace immich

# Copy password from CNPG secret to immich namespace
kubectl --context=minikube-indri create secret generic immich-db -n immich \
  --from-literal=password="$(kubectl --context=minikube-indri -n databases get secret immich-pg-app -o jsonpath='{.data.password}' | base64 -d)"
```

Note: This secret is not managed by ExternalSecrets since the source of truth is the CNPG-generated secret.

## Access

- **URL**: https://photos.ops.eblu.me (after Caddy is updated)
- **Tailscale**: https://photos.tail8d86e.ts.net (direct)

## First-Time Setup

1. Navigate to https://photos.ops.eblu.me
2. Create an admin account
3. Configure external library (optional - for importing existing photos)

## External Library (iCloud Photos)

To import existing photos from iCloud sync on indri:

1. In Immich Admin > External Libraries, create a new library
2. Set the import path to the location where iCloud photos sync
3. Configure scan schedule or trigger manual scan

## Architecture

```
┌─────────────────┐     ┌─────────────────┐
│  immich-server  │────▶│  immich-pg      │
│  (web/api)      │     │  (PostgreSQL    │
└────────┬────────┘     │   + pgvecto.rs) │
         │              └─────────────────┘
         │
┌────────▼────────┐     ┌─────────────────┐
│  immich-ml      │     │  valkey         │
│  (ML inference) │     │  (Redis cache)  │
└─────────────────┘     └─────────────────┘
         │
┌────────▼────────┐
│  sifaka NFS     │
│  /volume1/photos│
└─────────────────┘
```

## Version Management

Image versions are controlled via `kustomization.yaml`:

```yaml
images:
  - name: ghcr.io/immich-app/immich-server
    newTag: v2.6.3
  - name: ghcr.io/immich-app/immich-machine-learning
    newTag: v2.6.3
  - name: docker.io/valkey/valkey
    newTag: "8.1-alpine"
```

To upgrade, update `newTag` values and sync via ArgoCD.

## Troubleshooting

```bash
# Check pods
kubectl --context=minikube-indri -n immich get pods

# Check immich-pg cluster
kubectl --context=minikube-indri -n databases get cluster immich-pg

# View server logs
kubectl --context=minikube-indri -n immich logs -l app=immich,component=server

# View ML logs
kubectl --context=minikube-indri -n immich logs -l app=immich,component=machine-learning

# Check PVC binding
kubectl --context=minikube-indri -n immich get pvc
```