jokester/ansible-playbooks
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
60694e0d6f
ansible-playbooks/roles/immich/tasks/main.yml
Clément Désiles 3ab48b93a6
feat: introduce immich
2025-11-14 00:23:03 +01:00

124 lines
3.5 KiB
YAML
Raw Blame History

---
- name: Validate required passwords are set
ansible.builtin.assert:
that:
- immich_postgres_password is defined
- immich_postgres_password | length >= 12
- immich_valkey_password is defined
- immich_valkey_password | length >= 12
fail_msg: |
immich_postgres_password and immich_valkey_password are required (min 12 chars).
See roles/immich/defaults/main.yml for configuration instructions.
success_msg: "Password validation passed"
- name: Create PostgreSQL database for Immich
community.postgresql.postgresql_db:
name: "{{ immich_postgres_db_name }}"
owner: "{{ immich_postgres_user }}"
state: present
become_user: "{{ postgres_admin_user }}"
- name: Create PostgreSQL user for Immich
community.postgresql.postgresql_user:
name: "{{ immich_postgres_user }}"
password: "{{ immich_postgres_password }}"
state: present
become_user: "{{ postgres_admin_user }}"
- name: Grant all privileges on database to Immich user
community.postgresql.postgresql_privs:
login_db: "{{ immich_postgres_db_name }}"
roles: "{{ immich_postgres_user }}"
type: database
privs: ALL
state: present
become_user: "{{ postgres_admin_user }}"
- name: Ensure Immich user has no superuser privileges
community.postgresql.postgresql_user:
name: "{{ immich_postgres_user }}"
role_attr_flags: NOSUPERUSER,NOCREATEDB,NOCREATEROLE
state: present
become_user: "{{ postgres_admin_user }}"
- name: Enable required PostgreSQL extensions in Immich database
community.postgresql.postgresql_ext:
name: "{{ item }}"
login_db: "{{ immich_postgres_db_name }}"
state: present
become_user: "{{ postgres_admin_user }}"
loop:
- cube
- earthdistance
- vector
- name: Grant schema permissions to Immich user
community.postgresql.postgresql_privs:
login_db: "{{ immich_postgres_db_name }}"
roles: "{{ immich_postgres_user }}"
type: schema
objs: public
privs: CREATE,USAGE
state: present
become_user: "{{ postgres_admin_user }}"
- name: Create Immich project directory
ansible.builtin.file:
path: "{{ podman_projects_dir }}/immich"
state: directory
owner: "{{ ansible_user }}"
group: "{{ ansible_user }}"
mode: "0755"
- name: Create Immich data directories
ansible.builtin.file:
path: "{{ item }}"
state: directory
owner: "{{ ansible_user }}"
group: "{{ ansible_user }}"
mode: "0755"
loop:
- "{{ immich_upload_location }}"
- name: Deploy docker-compose.yml for Immich
ansible.builtin.template:
src: docker-compose.yml.j2
dest: "{{ podman_projects_dir }}/immich/docker-compose.yml"
owner: "{{ ansible_user }}"
group: "{{ ansible_user }}"
mode: "0644"
notify: Restart Immich
- name: Create systemd service for Immich
ansible.builtin.template:
src: immich.service.j2
dest: /etc/systemd/system/immich.service
owner: root
group: root
mode: "0644"
notify: Reload systemd
- name: Enable and start Immich service
ansible.builtin.systemd:
name: immich
enabled: true
state: started
daemon_reload: true
- name: Deploy nginx vhost configuration for Immich
ansible.builtin.template:
src: nginx-vhost.conf.j2
dest: /etc/nginx/conf.d/immich.conf
owner: root
group: root
mode: "0644"
when: immich_nginx_enabled
notify: Reload nginx
- name: Remove nginx vhost configuration for Immich
ansible.builtin.file:
path: /etc/nginx/conf.d/immich.conf
state: absent
when: not immich_nginx_enabled
notify: Reload nginx
Reference in New Issue View Git Blame Copy Permalink