fix: user systemd

roles/immich/README.md

@@ -9,6 +9,7 @@ See `defaults/main.yml` for all available variables and their default values.
 ### Required Passwords
 
 Both passwords must be set in your inventory (min 12 characters):
+
 - `immich_postgres_password` - PostgreSQL database password
 - `immich_valkey_password` - Valkey/Redis password
 
@@ -17,6 +18,7 @@ Both passwords must be set in your inventory (min 12 characters):
 ### Valkey ACL Issues
 
 **Test Immich user credentials:**
+
 ```bash
 valkey-cli
 AUTH immich <immich_valkey_password>

roles/immich/handlers/main.yml

@@ -3,11 +3,15 @@
   ansible.builtin.systemd:
     daemon_reload: true
 
+- name: Reload systemd user
+  ansible.builtin.command: "systemctl --user daemon-reload"
+  become: true
+  become_user: "{{ ansible_user }}"
+
 - name: Restart Immich
-  ansible.builtin.systemd:
-    name: immich
-    state: restarted
-    daemon_reload: true
+  ansible.builtin.command: "systemctl --user restart immich.service"
+  become: true
+  become_user: "{{ ansible_user }}"
 
 - name: Reload nginx
   ansible.builtin.systemd:

roles/immich/tasks/main.yml

@@ -89,21 +89,39 @@
     mode: "0644"
   notify: Restart Immich
 
-- name: Create systemd service for Immich
+- name: Get home directory for {{ ansible_user }}
+  ansible.builtin.getent:
+    database: passwd
+    key: "{{ ansible_user }}"
+
+- name: Set user home directory fact
+  ansible.builtin.set_fact:
+    user_home_dir: "{{ getent_passwd[ansible_user][4] }}"
+
+- name: Create systemd user directory for Immich
+  ansible.builtin.file:
+    path: "{{ user_home_dir }}/.config/systemd/user"
+    state: directory
+    owner: "{{ ansible_user }}"
+    group: "{{ ansible_user }}"
+    mode: "0755"
+
+- name: Create systemd service for Immich (user scope)
   ansible.builtin.template:
     src: immich.service.j2
-    dest: /etc/systemd/system/immich.service
-    owner: root
-    group: root
+    dest: "{{ user_home_dir }}/.config/systemd/user/immich.service"
+    owner: "{{ ansible_user }}"
+    group: "{{ ansible_user }}"
     mode: "0644"
-  notify: Reload systemd
+  notify: Reload systemd user
 
-- name: Enable and start Immich service
-  ansible.builtin.systemd:
-    name: immich
-    enabled: true
-    state: started
-    daemon_reload: true
+- name: Enable lingering for user {{ ansible_user }}
+  ansible.builtin.command: "loginctl enable-linger {{ ansible_user }}"
+  when: ansible_user != 'root'
+
+- name: Enable and start Immich service (user scope)
+  ansible.builtin.command: "systemctl --user enable --now immich.service"
+  become_user: "{{ ansible_user }}"
 
 - name: Deploy nginx vhost configuration for Immich
   ansible.builtin.template:

roles/immich/templates/immich.service.j2

@@ -1,13 +1,9 @@
 [Unit]
 Description=Immich Media Server
-Requires=network-online.target
-After=network-online.target
 
 [Service]
 Type=oneshot
 RemainAfterExit=true
-User={{ ansible_user }}
-Group={{ ansible_user }}
 WorkingDirectory={{ podman_projects_dir | default('/opt/podman') }}/immich
 ExecStart=/usr/bin/podman play kube --replace immich.yaml
 ExecStop=/usr/bin/podman play kube --down immich.yaml
@@ -15,4 +11,4 @@ Restart=on-failure
 RestartSec=10
 
 [Install]
-WantedBy=multi-user.target
+WantedBy=default.target