diff --git a/roles/immich/README.md b/roles/immich/README.md
index 2322c3d..7ec80c6 100644
--- a/roles/immich/README.md
+++ b/roles/immich/README.md
@@ -13,6 +13,13 @@ Both passwords must be set in your inventory (min 12 characters):
 - `immich_postgres_password` - PostgreSQL database password
 - `immich_valkey_password` - Valkey/Redis password
 
+## External Libraries
+
+Mount host paths read-only into the server container via `immich_external_libraries`,
+then add the in-container `mount_path` in the Immich UI
+(Administration → External Libraries). The `{{ ansible_user }}` running the rootless
+pod must have read access on the host path.
+
 ## Troubleshooting
 
 ### Valkey ACL Issues
diff --git a/roles/immich/defaults/main.yml b/roles/immich/defaults/main.yml
index 827e758..00369eb 100644
--- a/roles/immich/defaults/main.yml
+++ b/roles/immich/defaults/main.yml
@@ -5,6 +5,15 @@ immich_version: release
 # Storage location (@see https://docs.immich.app/install/environment-variables/)
 immich_upload_location: "{{ podman_projects_dir }}/immich/data/upload"
 
+# External libraries (read-only host paths exposed to the server container)
+# Use the in-container `mount_path` when registering the library in the Immich UI.
+# Example:
+#   immich_external_libraries:
+#     - name: clement-photos
+#       host_path: /mnt/andromeda/clement-photos
+#       mount_path: /mnt/external/clement-photos
+immich_external_libraries: []
+
 # PostgreSQL configuration (REQUIRED password - must be set explicitly)
 immich_postgres_db_name: immich
 immich_postgres_user: immich
diff --git a/roles/immich/templates/immich.yaml.j2 b/roles/immich/templates/immich.yaml.j2
index 4065970..227406a 100644
--- a/roles/immich/templates/immich.yaml.j2
+++ b/roles/immich/templates/immich.yaml.j2
@@ -45,6 +45,11 @@ spec:
           readOnly: true
         - name: immich-data
           mountPath: /data
+{% for lib in immich_external_libraries %}
+        - name: ext-{{ lib.name }}
+          mountPath: {{ lib.mount_path }}
+          readOnly: true
+{% endfor %}
       livenessProbe:
         httpGet:
           path: /api/server/ping
@@ -83,6 +88,12 @@ spec:
       hostPath:
         path: {{ immich_upload_location }}
         type: Directory
+{% for lib in immich_external_libraries %}
+    - name: ext-{{ lib.name }}
+      hostPath:
+        path: {{ lib.host_path }}
+        type: Directory
+{% endfor %}
     - name: model-cache
       persistentVolumeClaim:
         claimName: immich-model-cache