[Quadlet]
DefaultDependencies=false

[Unit]
Description=Immich

After=redis_immich.service
Wants=redis_immich.service

[Container]
Image=ghcr.io/immich-app/immich-server:{{ version['containers']['immich'] }}

ContainerName=immich
HostName=immich

PublishPort={{ services['immich']['ports']['http'] }}:2283

# iGPU access
AddDevice=/dev/dri:/dev/dri
PodmanArgs=--group-add keep-groups

# Volumes
Volume=%h/data/containers/immich:/data:rw
Volume=%h/containers/immich/ssl:/etc/ssl/immich:ro

# Environment
Environment="TZ=Asia/Seoul"
Environment="REDIS_HOSTNAME=host.containers.internal"
Environment="REDIS_PORT={{ services['immich']['ports']['redis'] }}"
Environment="REDIS_DBINDEX=0"

# Database
Environment="DB_HOSTNAME={{ services['postgresql']['domain'] }}.{{ domain['internal'] }}"
Environment="DB_PORT={{ services['postgresql']['ports']['tcp'] }}"
Environment="DB_USERNAME=immich"
Environment="DB_DATABASE_NAME=immich_db"
Environment="DB_PASSWORD_FILE=/run/secrets/DB_PASSWORD"
Environment="DB_SSL_MODE=verify-full"
Environment="NODE_EXTRA_CA_CERTS=/etc/ssl/immich/{{ root_cert_filename }}"
Secret=IMMICH_DB_PASSWORD,target=/run/secrets/DB_PASSWORD

[Service]
ExecStartPre=/usr/bin/nc -zv {{ services['postgresql']['domain'] }}.{{ domain['internal'] }} {{ services['postgresql']['ports']['tcp'] }}
Restart=always
RestartSec=10s
TimeoutStopSec=120

[Install]
WantedBy=default.target