From ac1350aa3b570b008ba2bc227d2f545e295ecb1e Mon Sep 17 00:00:00 2001
From: Grant <5445379+grantdhunter@users.noreply.github.com>
Date: Mon, 17 Mar 2025 12:18:39 -0600
Subject: [PATCH] Add immich

---
 README.md                 |  7 ++++++-
 helmfile.lock             |  7 +++++--
 helmfile.yaml             |  7 +++++++
 immich/pvc.yaml           | 11 +++++++++++
 immich/values.yaml.gotmpl | 28 ++++++++++++++++++++++++++++
 postgres/values.yaml      | 10 +++++++---
 6 files changed, 64 insertions(+), 6 deletions(-)
 create mode 100644 immich/pvc.yaml
 create mode 100644 immich/values.yaml.gotmpl

diff --git a/README.md b/README.md
index ce1d89c..8542ada 100644
--- a/README.md
+++ b/README.md
@@ -103,7 +103,7 @@ kubectl -n datastore exec -it "$PRIMARY_POD" -- createdb --encoding=UTF8 --local
 ```
 
 #### gitea
-copy secret from datastore over to goatchat namespace
+copy secret from datastore over to gitea namespace
 ```sh
 kubectl get secrets -n datastore postgres-pguser-gitea -o json | jq 'del(.metadata.resourceVersion,.metadata.uid,.metadata.ownerReferences) | .metadata.creationTimestamp=null,.metadata.namespace="gitea"' | kubectl apply -f -
 ```
@@ -124,6 +124,11 @@ allow priviledge pods
 ```sh
 kubectl label namespace gitea pod-security.kubernetes.io/enforce=privileged
 ```
+#### Immich
+copy secret from datastore over to immich namespace
+```sh
+kubectl get secrets -n datastore postgres-pguser-immich -o json | jq 'del(.metadata.resourceVersion,.metadata.uid,.metadata.ownerReferences) | .metadata.creationTimestamp=null,.metadata.namespace="immich"' | kubectl apply -f -
+```
 
 #### Ghost Blogs
 I got tired of fighting the docker container so I manually overrode the `config.production.json`
diff --git a/helmfile.lock b/helmfile.lock
index 326dcb2..8c59e18 100644
--- a/helmfile.lock
+++ b/helmfile.lock
@@ -15,6 +15,9 @@ dependencies:
 - name: grafana
   repository: https://grafana.github.io/helm-charts
   version: 8.10.4
+- name: immich
+  repository: https://immich-app.github.io/immich-charts
+  version: 0.9.1
 - name: k8up
   repository: https://k8up-io.github.io/k8up
   version: 4.8.4
@@ -51,5 +54,5 @@ dependencies:
 - name: traefik
   repository: https://traefik.github.io/charts
   version: 34.4.1
-digest: sha256:256e38bc7feb044a2b643abcc7f3fa2efbdfc7bad65647543be1917abde8b709
-generated: "2025-03-16T18:36:00.677364313-06:00"
+digest: sha256:d9f95a5155811ec4c166a0d351902b6a4d69cecbb9e466aca3b31721fd0fa7c9
+generated: "2025-03-16T22:05:07.757175164-06:00"
diff --git a/helmfile.yaml b/helmfile.yaml
index ff45b91..3ddfa07 100644
--- a/helmfile.yaml
+++ b/helmfile.yaml
@@ -148,6 +148,13 @@ releases:
       - name: adminApiSharedSecret
         value: {{ requiredEnv "GOATCHAT_REGISTRATION_ADMIN_API_SHARE_SECRET"}}
 
+  - name: immich
+    namespace: immich
+    createNamespace: true
+    chart: immich/immich
+    values:
+      - immich/values.yaml.gotmpl
+      
   # website
   - name: incngrnt-web
     namespace: incngrnt-web
diff --git a/immich/pvc.yaml b/immich/pvc.yaml
new file mode 100644
index 0000000..3323c4d
--- /dev/null
+++ b/immich/pvc.yaml
@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: immich-data
+spec:
+  accessModes:
+  - ReadWriteOnce
+  resources:
+    requests:
+      storage: 50Gi
+
diff --git a/immich/values.yaml.gotmpl b/immich/values.yaml.gotmpl
new file mode 100644
index 0000000..f68fc2d
--- /dev/null
+++ b/immich/values.yaml.gotmpl
@@ -0,0 +1,28 @@
+env:
+  DB_HOSTNAME: {{ exec "kubectl" (list "get" "secrets" "postgres-pguser-immich" "-ogo-template='{{.data.host | base64decode }}'") }}
+  DB_USERNAME: {{ exec "kubectl" (list "get" "secrets" "postgres-pguser-immich" "-ogo-template='{{.data.user | base64decode }}'") }}
+  DB_DATABASE_NAME: {{ exec "kubectl" (list "get" "secrets" "postgres-pguser-immich" "-ogo-template='{{.data.dbname | base64decode }}'") }}
+  DB_PASSWORD: {{ exec "kubectl" (list "get" "secrets" "postgres-pguser-immich" "-ogo-template='{{.data.password | base64decode }}'") }}
+  DB_VECTOR_EXTENSION: pgvector
+
+immich:
+  persistence:
+    library: 
+      existingClaim: immich-data
+  
+redis:
+  enabled: true
+
+
+server:
+  ingress:
+    main:
+      enabled: true
+      annotations:
+        "traefik.ingress.kubernetes.io/router.tls.certresolver": "letsencrypt"
+      hosts:
+        - host: photos.incngrnt.ca
+          paths:
+            - path: "/"
+              pathType: Prefix
+    
diff --git a/postgres/values.yaml b/postgres/values.yaml
index 7de284c..5d43334 100644
--- a/postgres/values.yaml
+++ b/postgres/values.yaml
@@ -6,13 +6,14 @@ patroni:
     postgresql:
       pg_hba:
         - "host all all all scram-sha-256"
-
+    shared_preload_libraries: pgvector
 users:
   - name: grant
     databases:
       - postgres
       - synapse
-      - gitea     
+      - gitea
+      - immich
     options: "SUPERUSER LOGIN"
   - name: synapse
     databases:
@@ -22,6 +23,9 @@ users:
     databases:
       - gitea
     options: "LOGIN"      
-    
+  - name: immich
+    databases:
+      - immich
+    options: "LOGIN"