Add hetzner storage box to terraform and immich

playbooks/roles/immich/defaults/main.yml

@@ -4,13 +4,12 @@ immich_db_db: immich
 immich_db_user: "{{ vault_immich.db.user }}"
 immich_db_pass: "{{ vault_immich.db.pass }}"
 
-immich_docker_tag: v2.2.3
+immich_docker_tag: v2.3.1
 
 immich_svc:
   domain: "{{ all_services | service_get_domain(role_name) }}"
   port: 2283
 
-
 immich_env:
   TZ: "{{ timezone }}"
 
@@ -30,7 +29,7 @@ immich_compose:
   watchtower: monitor
   image: ghcr.io/immich-app/immich-server:{{ immich_docker_tag }}
   volumes:
-    - upload:/usr/src/app/upload
+    - immich_upload:/usr/src/app/upload
   file:
     services:
       app:
@@ -51,7 +50,7 @@ immich_compose:
         cpus: 1.0
         mem_limit: 1g
         volumes:
-          - upload:/usr/src/app/upload
+          - immich_upload:/usr/src/app/upload
         restart: always
         networks:
           default:
@@ -97,6 +96,7 @@ immich_compose:
           default:
 
     volumes:
-      upload: "{{ vault_immich.upload_volume_driver }}"
+      immich_upload:
+        external: true
       pgdata:
       model-cache:

playbooks/roles/immich/tasks/main.yml

@@ -8,5 +8,10 @@
     env: "{{ immich_env }}"
     compose: "{{ immich_compose }}"
   block:
+    - name: Import tasks to create docker rclone volume
+      ansible.builtin.import_tasks: tasks/create-docker-rclone-volume.yml
+      vars:
+        task_volume: immich_upload
+        task_rclone: "{{ opentofu.hcloud_storage_box_accounts.immich }}"
     - name: Import tasks to deploy common service
       ansible.builtin.import_tasks: tasks/deploy-common-service.yml

playbooks/roles/immich_worker/defaults/main.yml

@@ -4,7 +4,7 @@ immich_worker_db_db: immich
 immich_worker_db_user: "{{ vault_immich.db.user }}"
 immich_worker_db_pass: "{{ vault_immich.db.pass }}"
 
-immich_worker_docker_tag: v2.2.3
+immich_worker_docker_tag: v2.3.1
 
 immich_worker_env:
   # IMMICH_CONFIG_FILE: /immich.json
@@ -46,6 +46,16 @@ immich_worker_compose:
           default:
 
     volumes:
-      upload: "{{ vault_immich.upload_volume_driver }}"
+      upload:
+        driver: rclone
+        driver_opts:
+          type: sftp
+          sftp_host: "{{ opentofu.hcloud_storage_box_accounts.immich.host }}"
+          sftp_port: 23
+          sftp_user: "{{ opentofu.hcloud_storage_box_accounts.immich.user }}"
+          sftp_pass: "{{ opentofu.hcloud_storage_box_accounts.immich.pass_obscure }}"
+          allow_other: 'true'
+          vfs_cache_mode: minimal
+          poll_interval: 0
       pgdata:
       model-cache:

playbooks/tasks/create-docker-rclone-volume.yml

@@ -0,0 +1,27 @@
+- name: Get infos on volume
+  community.docker.docker_volume_info:
+    name: "{{ task_volume }}"
+  register: res_docker_volume
+
+- name: Create volume (block)
+  when: not res_docker_volume.exists
+  block:
+    - name: Obscure rclone password
+      ansible.builtin.command:
+        cmd: rclone obscure -
+        stdin: "{{ task_rclone.pass }}"
+      register: res_rclone_pass
+      delegate_to: localhost
+      changed_when: true
+
+    - name: Create volume
+      community.docker.docker_volume:
+        name: "{{ task_volume }}"
+        driver: rclone
+        driver_options:
+          type: webdav
+          webdav_url: "https://{{ task_rclone.host }}"
+          webdav_user: "{{ task_rclone.user }}"
+          webdav_pass: "{{ res_rclone_pass.stdout }}"
+          vfs_cache_mode: minimal
+          allow_other: 'true'