jokester/ansible-playbooks
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
8d3db69172
ansible-playbooks/roles/immich/tasks/main.yml
Clément Désiles c79c445a23
chore: ansible-lint review (almost done)
2026-01-04 11:21:15 +01:00

153 lines
4.6 KiB
YAML
Raw Blame History

---
- name: Validate required passwords are set
ansible.builtin.assert:
that:
- immich_postgres_password is defined
- immich_postgres_password | length >= 12
- immich_valkey_password is defined
- immich_valkey_password | length >= 12
fail_msg: |
immich_postgres_password and immich_valkey_password are required (min 12 chars).
See roles/immich/defaults/main.yml for configuration instructions.
success_msg: "Password validation passed"
- name: Create PostgreSQL database for Immich
community.postgresql.postgresql_db:
name: "{{ immich_postgres_db_name }}"
owner: "{{ immich_postgres_user }}"
state: present
become: false
become_user: "{{ postgres_admin_user | default('postgres') }}"
- name: Create PostgreSQL user for Immich
community.postgresql.postgresql_user:
name: "{{ immich_postgres_user }}"
password: "{{ immich_postgres_password }}"
state: present
become: false
become_user: "{{ postgres_admin_user | default('postgres') }}"
- name: Grant all privileges on database to Immich user
community.postgresql.postgresql_privs:
login_db: "{{ immich_postgres_db_name }}"
roles: "{{ immich_postgres_user }}"
type: database
privs: ALL
state: present
become: false
become_user: "{{ postgres_admin_user | default('postgres') }}"
- name: Ensure Immich user has no superuser privileges
community.postgresql.postgresql_user:
name: "{{ immich_postgres_user }}"
role_attr_flags: NOSUPERUSER,NOCREATEDB,NOCREATEROLE
state: present
become: false
become_user: "{{ postgres_admin_user | default('postgres') }}"
- name: Enable required PostgreSQL extensions in Immich database
community.postgresql.postgresql_ext:
name: "{{ item }}"
login_db: "{{ immich_postgres_db_name }}"
state: present
become: false
become_user: "{{ postgres_admin_user | default('postgres') }}"
loop:
- cube
- earthdistance
- vector
- name: Grant schema permissions to Immich user
community.postgresql.postgresql_privs:
login_db: "{{ immich_postgres_db_name }}"
roles: "{{ immich_postgres_user }}"
type: schema
objs: public
privs: CREATE,USAGE
state: present
become: false
become_user: "{{ postgres_admin_user | default('postgres') }}"
- name: Create Immich project directory
ansible.builtin.file:
path: "{{ podman_projects_dir | default('/opt/podman') }}/immich"
state: directory
owner: "{{ ansible_user }}"
group: "{{ ansible_user }}"
mode: "0755"
- name: Create Immich data directories
ansible.builtin.file:
path: "{{ item }}"
state: directory
owner: "{{ ansible_user }}"
group: "{{ ansible_user }}"
mode: "0755"
loop:
- "{{ immich_upload_location }}"
- name: Deploy Kubernetes YAML for Immich
ansible.builtin.template:
src: immich.yaml.j2
dest: "{{ podman_projects_dir | default('/opt/podman') }}/immich/immich.yaml"
owner: "{{ ansible_user }}"
group: "{{ ansible_user }}"
mode: "0644"
notify: Restart Immich
- name: Get home directory for {{ ansible_user }}
ansible.builtin.getent:
database: passwd
key: "{{ ansible_user }}"
- name: Set user home directory fact
ansible.builtin.set_fact:
user_home_dir: "{{ getent_passwd[ansible_user][4] }}"
- name: Create systemd user directory for Immich
ansible.builtin.file:
path: "{{ user_home_dir }}/.config/systemd/user"
state: directory
owner: "{{ ansible_user }}"
group: "{{ ansible_user }}"
mode: "0755"
- name: Create systemd service for Immich (user scope)
ansible.builtin.template:
src: immich.service.j2
dest: "{{ user_home_dir }}/.config/systemd/user/immich.service"
owner: "{{ ansible_user }}"
group: "{{ ansible_user }}"
mode: "0644"
notify: Reload systemd user
- name: Enable lingering for user {{ ansible_user }}
ansible.builtin.command: "loginctl enable-linger {{ ansible_user }}"
when: ansible_user != 'root'
- name: Enable and start Immich service (user scope)
ansible.builtin.systemd:
name: immich.service
enabled: true
state: started
scope: user
become: false
become_user: "{{ ansible_user }}"
- name: Deploy nginx vhost configuration for Immich
ansible.builtin.template:
src: nginx-vhost.conf.j2
dest: "{{ nginx_conf_dir | default('/etc/nginx/conf.d') }}/immich.conf"
owner: root
group: root
mode: "0644"
when: immich_nginx_enabled
notify: Reload nginx
- name: Remove nginx vhost configuration for Immich
ansible.builtin.file:
path: "{{ nginx_conf_dir | default('/etc/nginx/conf.d') }}/immich.conf"
state: absent
when: not immich_nginx_enabled
notify: Reload nginx
Reference in New Issue View Git Blame Copy Permalink