From 7bc40779713c3bd8d3825faa2c46de6489e8ff88 Mon Sep 17 00:00:00 2001
From: Jake Howard <git@theorangeone.net>
Date: Sun, 6 Apr 2025 09:01:13 +0100
Subject: [PATCH] Deploy immich public proxy

---
 ansible/roles/immich/files/docker-compose.yml | 23 +++++++++++++++----
 ansible/roles/immich/files/ipp-config.json    |  6 +++++
 ansible/roles/immich/tasks/main.yml           |  8 +++++++
 terraform/jakehoward.tech.tf                  |  8 +++++++
 4 files changed, 41 insertions(+), 4 deletions(-)
 create mode 100644 ansible/roles/immich/files/ipp-config.json

diff --git a/ansible/roles/immich/files/docker-compose.yml b/ansible/roles/immich/files/docker-compose.yml
index 9c8e265..da98cf0 100644
--- a/ansible/roles/immich/files/docker-compose.yml
+++ b/ansible/roles/immich/files/docker-compose.yml
@@ -1,5 +1,3 @@
-
-
 services:
   immich-server:
     container_name: immich_server
@@ -58,11 +56,28 @@ services:
       POSTGRES_PASSWORD: postgres
       POSTGRES_USER: postgres
       POSTGRES_DB: immich
-      POSTGRES_INITDB_ARGS: '--data-checksums'
+      POSTGRES_INITDB_ARGS: --data-checksums
     volumes:
       - /mnt/speed/dbs/postgres/immich:/var/lib/postgresql/data
     restart: unless-stopped
-    command: ["postgres", "-c" ,"shared_preload_libraries=vectors.so", "-c", 'search_path="$$user", public, vectors', "-c", "logging_collector=on", "-c", "max_wal_size=2GB", "-c", "shared_buffers=512MB", "-c", "wal_compression=on"]
+    # yamllint disable-line rule:quoted-strings rule:line-length
+    command: [postgres, -c, shared_preload_libraries=vectors.so, -c, 'search_path="$$user", public, vectors', -c, logging_collector=on, -c, max_wal_size=2GB, -c, shared_buffers=512MB, -c, wal_compression=on]
+
+  immich-public-proxy:
+    image: alangrainger/immich-public-proxy:latest
+    user: "{{ docker_user.id }}"
+    restart: unless-stopped
+    environment:
+      - IMMICH_URL=http://immich-server:2283
+    volumes:
+      - ./ipp-config.json:/app/config.json:ro
+    labels:
+      - traefik.enable=true
+      - traefik.http.routers.immich-public-proxy.rule=Host(`photos.jakehoward.tech`)
+      - traefik.http.services.immich-public-proxy-immich.loadbalancer.server.port=3000
+    networks:
+      - default
+      - traefik
 
 networks:
   traefik:
diff --git a/ansible/roles/immich/files/ipp-config.json b/ansible/roles/immich/files/ipp-config.json
new file mode 100644
index 0000000..c03adc0
--- /dev/null
+++ b/ansible/roles/immich/files/ipp-config.json
@@ -0,0 +1,6 @@
+{
+  "ipp": {
+    "showHomePage": false,
+    "allowDownloadAll": 1
+  }
+}
diff --git a/ansible/roles/immich/tasks/main.yml b/ansible/roles/immich/tasks/main.yml
index 5f9cc2f..b0eb94e 100644
--- a/ansible/roles/immich/tasks/main.yml
+++ b/ansible/roles/immich/tasks/main.yml
@@ -13,3 +13,11 @@
     owner: "{{ docker_user.name }}"
     validate: docker-compose -f %s config
   notify: restart immich
+
+- name: Install IPP config
+  template:
+    src: files/ipp-config.json
+    dest: /opt/immich/ipp-config.json
+    mode: "{{ docker_compose_file_mask }}"
+    owner: "{{ docker_user.name }}"
+  notify: restart immich
diff --git a/terraform/jakehoward.tech.tf b/terraform/jakehoward.tech.tf
index 34a34f3..2132c3b 100644
--- a/terraform/jakehoward.tech.tf
+++ b/terraform/jakehoward.tech.tf
@@ -285,6 +285,14 @@ resource "cloudflare_record" "jakehowardtech_immich" {
   ttl     = 1
 }
 
+resource "cloudflare_record" "jakehowardtech_photos" {
+  zone_id = cloudflare_zone.jakehowardtech.id
+  name    = "photos"
+  value   = cloudflare_record.sys_domain_pve.hostname
+  type    = "CNAME"
+  ttl     = 1
+}
+
 resource "cloudflare_record" "jakehowardtech_caa" {
   zone_id = cloudflare_zone.jakehowardtech.id
   name    = "@"