From 4a5ad8d36bab53695888b060fdf0a979e4c7da05 Mon Sep 17 00:00:00 2001 From: Adrian Cowan Date: Mon, 13 Oct 2025 20:48:35 +1100 Subject: [PATCH] Setup storage of immich resouces and add tailscale access to allow uploading files too large to go over cloudflare (<100mb) See https://github.com/immich-app/immich/issues/17729 and https://github.com/immich-app/immich/pull/22385 --- 2-nomad-config/immich.nomad.hcl | 121 +++++++++++++++++++++++++++++--- 2-nomad-config/immich.tf | 82 +++++++++++++++++++++- 2-nomad-config/main.tf | 6 ++ 3 files changed, 199 insertions(+), 10 deletions(-) diff --git a/2-nomad-config/immich.nomad.hcl b/2-nomad-config/immich.nomad.hcl index 5d84161..3afdc69 100644 --- a/2-nomad-config/immich.nomad.hcl +++ b/2-nomad-config/immich.nomad.hcl @@ -35,13 +35,16 @@ job "immich" { tags = [ "traefik.enable=true", "traefik.http.routers.immich.middlewares=auth@file", + "traefik.http.routers.immich-token.rule=Host(`c3ll7nbevl5j4j8rcnfxnr95q48fuayz-immich.othrayte.one`)", ] - # Todo try GET /server/ping (https://api.immich.app/endpoints/server/pingServer) - # https://github.com/immich-app/immich-charts/blob/main/charts/immich/templates/server.yaml#L57 + # Use the Immich server ping endpoint + # See: https://api.immich.app/endpoints/server/pingServer check { name = "alive" - type = "tcp" + type = "http" + path = "/api/server/ping" + method = "GET" port = "http" interval = "10s" timeout = "2s" @@ -49,10 +52,11 @@ job "immich" { } env { - UPLOAD_LOCATION = "./library" - TZ = "Australia/Melbourne" - REDIS_HOSTNAME = "localhost" - DB_HOSTNAME = "localhost" + IMMICH_LOG_LEVEL = "log" + TZ = "Australia/Melbourne" + REDIS_HOSTNAME = "localhost" + DB_HOSTNAME = "localhost" + IMMICH_IGNORE_MOUNT_CHECK_ERRORS = "true" # Let immich start whilst we figure out what's wrong with the mount permissions } volume_mount { @@ -61,9 +65,28 @@ job "immich" { read_only = false } + volume_mount { + volume = "unraid_media_photosvideos" + destination = "/data/library" + read_only = false + } + + volume_mount { + volume = "unraid_media_immich_encodedvideo" + destination = "/data/encoded-video" + read_only = false + } + + volume_mount { + volume = "unraid_mediadump_photosvideos" + destination = "/data/upload" + read_only = false + } + resources { - cpu = 200 - memory = 1024 + cpu = 200 + memory = 512 + memory_max = 1500 } template { @@ -88,11 +111,53 @@ EOH } } + volume "unraid_media_photosvideos" { + type = "csi" + read_only = false + source = "unraid_media_photosvideos" + access_mode = "single-node-writer" + attachment_mode = "file-system" + + mount_options { + mount_flags = ["uid=1000", "gid=1000"] + } + } + + volume "unraid_media_immich_encodedvideo" { + type = "csi" + read_only = false + source = "unraid_media_immich_encodedvideo" + access_mode = "single-node-writer" + attachment_mode = "file-system" + + mount_options { + mount_flags = ["uid=1000", "gid=1000"] + } + } + + volume "unraid_mediadump_photosvideos" { + type = "csi" + read_only = false + source = "unraid_mediadump_photosvideos" + access_mode = "single-node-writer" + attachment_mode = "file-system" + + mount_options { + mount_flags = ["uid=1000", "gid=1000"] + } + } + task "immich-machine-learning" { driver = "docker" config { image = "ghcr.io/immich-app/immich-machine-learning:release" } + + resources { + cpu = 200 + memory = 500 + memory_max = 2000 + } } task "redis" { @@ -101,6 +166,44 @@ EOH config { image = "docker.io/valkey/valkey:8-bookworm@sha256:fea8b3e67b15729d4bb70589eb03367bab9ad1ee89c876f54327fc7c6e618571" } + + resources { + cpu = 30 + memory = 10 + memory_max = 50 + } + } + + task "tailscale" { + driver = "docker" + + config { + image = "tailscale/tailscale:latest" + } + + env = { + TS_HOSTNAME = "immich" + TS_EXTRA_ARGS = "--advertise-tags=tag:nomad" + } + + resources { + cpu = 100 + memory = 100 + memory_max = 300 + } + + lifecycle { + hook = "prestart" + sidecar = true + } + + template { + data = <