Add hetzner storage box to terraform and immich

.terraform.lock.hcl

@@ -2,22 +2,22 @@
 # Manual edits may be lost in future updates.
 
 provider "registry.opentofu.org/aminueza/minio" {
-  version     = "3.5.2"
+  version     = "3.5.4"
   constraints = "~> 3.5.2"
   hashes = [
-    "h1:3G/Q/dlf4ItE5tvE1zvSDUW4bYvwdCMVsHNAhMq9328=",
-    "zh:5513c7b20eac89b7bc27b1f762ff03058b4c75456523d5065c41be170fc1ce53",
-    "zh:597ec8ab8169ab4d044b7d442e65b03bbce2516c15f718510e8c80b5fc451be6",
-    "zh:608ff0eb5929b840c11efee1da0273b81d21a8149d8f2d259989597068b48253",
-    "zh:71bee58a6ba43d2a2aadd604c0e04f621fa67cb82ab3633fc5d1366689a5be6b",
-    "zh:9871556bcc3d5daab3cd8e302d1d07bc5693038e1abf8bd11aaf07a439d67a0b",
-    "zh:a3272fbb1ac7dff2481e778284709a5d8b85eda61f26239867eaed9ede57e90a",
-    "zh:a5048a378d5b075a6afac14197fc0fc57f97788cd697749621c07cec7156344c",
-    "zh:a8f28d070653cbd78ca85f9e54d9391a164828de598d481ed53d04882944dcb7",
-    "zh:cbf6895d80828f66fdaa234c6fcf87c329c41eb72391a6d29056b917bce65426",
-    "zh:cd48186b94cee7757a59f848dd6a2bd1d2faa76738a849261ca7cf14e7ca76c2",
-    "zh:cdefdf9bb591ab19c3176c7c8796762e2626ebde0d49971b49393f6bf28533ba",
-    "zh:ef16beff601be117a837cd47a1813be24ee0463d4f36a5d5f7e42a19d6c02b3d",
+    "h1:BEr/jQWkeM85C/CHQtv/EYFCFIszqH6eaRb6qmUk1fo=",
+    "zh:1972889fbe0d9722df9ebe4dd3fecb1f491cc8e0535a63f8a2c77b47d473339a",
+    "zh:352e6b0c4ceb2f9321e1995cb8eaf00356459fca9b877f04d18ccfaaeb6df904",
+    "zh:46923e0bc02097200963de3aa7c92592f2c94afeff8b2677b3d8f7464b03af38",
+    "zh:54183ba3513180719f0026e33c9b42fe45aba23bfcf0f88c0d94e3f4edd6f850",
+    "zh:882697b843bb52388625e0a7f200b7fbb8b0f28962291558aafdad3ce0b1394e",
+    "zh:8aa6c9fcea97bdb47b29944d8be0976337cbb595f0363583b62d77e2528e1ae1",
+    "zh:916007f13a307ff539fcc9fc73141260a109e6ae84762a3e5068aed7eb6e2078",
+    "zh:a7fda932b101ea92db3dfb722e54d63d2912e9daa61c8f05165ceb74c603a065",
+    "zh:a9ac1e454ddb9b5a521807371e03f5e1bee6a4e7cb6081a89bb7ae7f88cbe6b2",
+    "zh:b854c3b1fb2181714d568e09ac830705fb88c25971fdf3c127e37845df075c3b",
+    "zh:f82ad30fadba04678a4b2389d55b4f95b39aefd87da25fc66549b1e08172f8f1",
+    "zh:f9f789a1b727f2b965f0fcafed36f838163239971cf1e581b7e4461d2f6f25cc",
   ]
 }
 
@@ -46,7 +46,7 @@ provider "registry.opentofu.org/ansible/ansible" {
 
 provider "registry.opentofu.org/cyrilgdn/postgresql" {
   version     = "1.23.0"
-  constraints = "~> 1.23"
+  constraints = "~> 1.23.0"
   hashes = [
     "h1:LxsIoeIkUhmlyKUwhWKLsRBm6Ho4j/O4GdxgxjfOm0A=",
     "zh:0bea106d7ffc7058a9a03359d2d973dd2b10f357a751ad7ead34e919af963adc",
@@ -89,76 +89,92 @@ provider "registry.opentofu.org/goauthentik/authentik" {
 }
 
 provider "registry.opentofu.org/hashicorp/aws" {
-  version     = "5.95.0"
+  version     = "5.100.0"
   constraints = "~> 5.0"
   hashes = [
-    "h1:c+V47v2phTnnkEEEywpWQ/ygMfI3A29fhfX96D9xHw4=",
-    "zh:0df3b32ee89d8eded1548bf2866aee5d40aab2e23930bf9411e7e03bfd982045",
-    "zh:1995729fff2eb9ae68e37ad6bdb7eee041a71008d2b30fa187b2347131878926",
-    "zh:1e2f89a09f8ea80097bc692ffe4b80a74d1ff7852cd14233ca2826897f0834f7",
-    "zh:7ad851d4ef77963bd97ae0b2dc4ea24d76f520883285f8d0a96476ed3015b014",
-    "zh:85ad403fdc1950a066156cde836d130593efa714b9b8b836540f465eb3cc9b09",
-    "zh:9cf5b52172dd6f8bc8eab3d83353de3419faed71d4e8b5def9042e82d2fea5f8",
-    "zh:b0ef2c4f8dcfd0d2d9996b8560f32b48938fcd4178ab279b545531f8e0e2a9e8",
-    "zh:d0a14a77b75f9949205df22364974f37d2c3d34698e92fe3ddc454364ef3e339",
-    "zh:e3a28054088c05edd5f867c7e3bd9d4d01908600f862993f6c8bcae4ab2156ef",
-    "zh:fe058932d4fb479f691f015d672f1e6e29d9f507c874fabc3a6e8362e7d2b03b",
+    "h1:zef23ac/YWw9O2FepFWRs+my9iWWUkniL4dT4LnCKjU=",
+    "zh:1a41f3ee26720fee7a9a0a361890632a1701b5dc1cf5355dc651ddbe115682ff",
+    "zh:30457f36690c19307921885cc5e72b9dbeba369445815903acd5c39ac0e41e7a",
+    "zh:42c22674d5f23f6309eaf3ac3a4f1f8b66b566c1efe1dcb0dd2fb30c17ce1f78",
+    "zh:4cc271c795ff8ce6479ec2d11a8ba65a0a9ed6331def6693f4b9dccb6e662838",
+    "zh:60932aa376bb8c87cd1971240063d9d38ba6a55502c867fdbb9f5361dc93d003",
+    "zh:864e42784bde77b18393ebfcc0104cea9123da5f4392e8a059789e296952eefa",
+    "zh:9750423138bb01ecaa5cec1a6691664f7783d301fb1628d3b64a231b6b564e0e",
+    "zh:e5d30c4dec271ef9d6fe09f48237ec6cfea1036848f835b4e47f274b48bda5a7",
+    "zh:e62bd314ae97b43d782e0841b13e68a3f8ec85cc762004f973ce5ce7b6cdbfd0",
+    "zh:ea851a3c072528a4445ac6236ba2ce58ffc99ec466019b0bd0e4adde63a248e4",
+  ]
+}
+
+provider "registry.opentofu.org/hashicorp/external" {
+  version = "2.3.5"
+  hashes = [
+    "h1:jcVmeuuz74tdRt2kj0MpUG9AORdlAlRRQ3k61y0r5Vc=",
+    "zh:1fb9aca1f068374a09d438dba84c9d8ba5915d24934a72b6ef66ef6818329151",
+    "zh:3eab30e4fcc76369deffb185b4d225999fc82d2eaaa6484d3b3164a4ed0f7c49",
+    "zh:4f8b7a4832a68080f0bf4f155b56a691832d8a91ce8096dac0f13a90081abc50",
+    "zh:5ff1935612db62e48e4fe6cfb83dfac401b506a5b7b38342217616fbcab70ce0",
+    "zh:993192234d327ec86726041eb6d1efb001e41f32e4518ad8b9b162130b65ee9a",
+    "zh:ce445e68282a2c4b2d1f994a2730406df4ea47914c0932fb4a7eb040a7ec7061",
+    "zh:e305e17216840c54194141fb852839c2cedd6b41abd70cf8d606d6e88ed40e64",
+    "zh:edba65fb241d663c09aa2cbf75026c840e963d5195f27000f216829e49811437",
+    "zh:f306cc6f6ec9beaf75bdcefaadb7b77af320b1f9b56d8f50df5ebd2189a93148",
+    "zh:fb2ff9e1f86796fda87e1f122d40568912a904da51d477461b850d81a0105f3d",
   ]
 }
 
 provider "registry.opentofu.org/hashicorp/random" {
-  version = "3.7.1"
+  version = "3.7.2"
   hashes = [
-    "h1:v8+6umuoWwD1nKm+3tPcPO8rKHthran7ZSbm7J2xQEc=",
-    "zh:1011387a5127d46e2bf0bd5124a8469506272b2110613d9eb80d178f94bd67a9",
-    "zh:28785c36d6dc331d49e8bf6a30d4ba21ae4378f5d98c43c0aeb42f51efb2e42f",
-    "zh:50fc0e52f0255950404681455420344a16263f91622bd481954606e6e3be9eb2",
-    "zh:563f22c53f40e41cfffdcfac32a9292292c10582183c3f1dd85770cf806bfce9",
-    "zh:586a5615898d369374d4bd7d70bc013cffe7553d3e14638f169a3f745665fee1",
-    "zh:6275f6e5697993048ac088715484a9a5e919682651e098a5ac31e567216bf102",
-    "zh:95a44bb3f012da1e036936d60df2d08f5942a96cb912fc23432d2ee050857527",
-    "zh:a5fe6b0e586645a88d98738739fec40fd7ad83dbc63fe66ff6327aee2dc07f11",
-    "zh:ea57886899b6baf466f3ff978f4482d2fd7fa049c42509cc819431375cddd5bd",
-    "zh:f021cfbe23bdb32738f170c1ae736ffb769a2fa3dcafd0f9906155c2e21377e4",
+    "h1:yHMBbZOIHlXUuBQ8Mhioe0hwmhermuboq2eNNoCJaf8=",
+    "zh:2ffeb1058bd7b21a9e15a5301abb863053a2d42dffa3f6cf654a1667e10f4727",
+    "zh:519319ed8f4312ed76519652ad6cd9f98bc75cf4ec7990a5684c072cf5dd0a5d",
+    "zh:7371c2cc28c94deb9dba62fbac2685f7dde47f93019273a758dd5a2794f72919",
+    "zh:9b0ac4c1d8e36a86b59ced94fa517ae9b015b1d044b3455465cc6f0eab70915d",
+    "zh:c6336d7196f1318e1cbb120b3de8426ce43d4cacd2c75f45dba2dbdba666ce00",
+    "zh:c71f18b0cb5d55a103ea81e346fb56db15b144459123f1be1b0209cffc1deb4e",
+    "zh:d2dc49a6cac2d156e91b0506d6d756809e36bf390844a187f305094336d3e8d8",
+    "zh:d5b5fc881ccc41b268f952dae303501d6ec9f9d24ee11fe2fa56eed7478e15d0",
+    "zh:db9723eaca26d58c930e13fde221d93501529a5cd036b1f167ef8cff6f1a03cc",
+    "zh:fe3359f733f3ab518c6f85f3a9cd89322a7143463263f30321de0973a52d4ad8",
   ]
 }
 
 provider "registry.opentofu.org/hashicorp/time" {
-  version = "0.13.0"
+  version = "0.13.1"
   hashes = [
-    "h1:X8s0NRd/o8QrLCU/60vIgcicBmndwggB4znQrGpOT2E=",
-    "zh:0e0a5f820793f13d8553742fac6c234f76e65bd095703a81f8f9cad38361d6c6",
-    "zh:11f2d5b5076d17814986886164bd4a4ce6448129baa529c21f658e949687f06f",
-    "zh:1a59c8d7da0c8155a86dffb1716bb5f2884b221a13167d5e7bcffb2ac192ba3f",
-    "zh:1e7abd01ef573294c0f2f1e2b30190c05a98afb7815d7a309fc10193bff4b4dd",
-    "zh:3ca53edfae9adffe1ee9c040e83b076fde89d73e7b2e6dc2de19d408e3f52a40",
-    "zh:5beb2cd0abe5376ff5e76d4f93d20c4740b333c1abc5ca72083e1cc85ffb29dd",
-    "zh:a775d153ba932834401eb1d9151f462c1e49d47494152d282d3e6981b3e591c0",
-    "zh:aac6802f60bf708172f09ead7a13177ab6a47f5a3eca458e935f422ed409f4a6",
-    "zh:d4e5ad0041d752b94317093e8063e6b766982f647cfe3cc1a3f4a10930383357",
-    "zh:fef228471c7223a558a1b6054ec7e8837526dc9787ba9da5dc6fbfa1c762cd1b",
+    "h1:ueilLAoXlZPufdJYuPFeqznwP39ZwLsRcQtqow+NUiI=",
+    "zh:10f32af8b544a039f19abd546e345d056a55cb7bdd69d5bbd7322cbc86883848",
+    "zh:35dd5beb34a9f73de8d0fed332814c69acae69397c9c065ce63ccd8315442bef",
+    "zh:56545d1dd5f2e7262e0c0c124264974229ec9cc234d0d7a0e36e14b869590f4a",
+    "zh:8d7259c3f819fd3470ff933c904b6a549502a8351feb1b5c040a4560decaf7e0",
+    "zh:a40f26878826b142e26fe193f7e3e14fc97f615cd6af140e88ce5bc25f3fcf50",
+    "zh:b2e82f25fecff172a9a9e24ea37d37e4fc630ee9245617cb40b10e66a6b979c8",
+    "zh:d4b699850a40ed07ef83c6b827605d24050b2732646ee017bda278e4ddf01c91",
+    "zh:e4e6a5e5614b6a54557400aabb748ebd57e947cdbd21ad1c7602c51368a80559",
+    "zh:eb78fb97bca22931e730487a20a90f5a6221ddfb3138aaf070737ea2b7c9c885",
+    "zh:faba366a1352ee679bba2a5b09c073c6854721db94b191d49b620b60946a065f",
   ]
 }
 
 provider "registry.opentofu.org/hetznercloud/hcloud" {
-  version     = "1.45.0"
-  constraints = "~> 1.45.0"
+  version     = "1.57.0"
+  constraints = "~> 1.57.0"
   hashes = [
-    "h1:BEE0B6hv1ZAmTLIO12uqIm7s3oSjmGzZLm6OzudlxAw=",
-    "zh:1c4b44a698cfaca215bdbadaf92669dd23533210c3cbf32895fbf4ff7acf6c24",
-    "zh:2915f8385559694e5097d8d0df16358200e9f0d9efb80559e9ea0bd072d792b9",
-    "zh:3a6b37b0bba50d263bd3dba26185bde13c825e59b6b301ab3f9f45686a21456b",
-    "zh:3e3910fa22a3a8d73d1aed38cc479c3e1958e9168b5f4a7d0da6cf03c2dfc155",
-    "zh:3f8d7d09e5c93162a1e9e6c89acac0799fb55765b44b7d1d020763c814263c57",
-    "zh:40bc5e94bff495440e1b4f797165d7f0dcee2282a86a61b158f47fe4bc57e9fb",
-    "zh:473f51d464b897d0e8e3d5ca2eb175b37e2f7ce03c8b26f47cc35885cf620946",
-    "zh:6fdd4bf71c19cfad78d7e1d2336be873eb8567a139d53e672e78ebcbc36a4d7d",
-    "zh:9e08638cbfc90d69f1c21ee34191db077d58d040cf7a9eed07a1dc335d463e97",
-    "zh:b1ed5ea81bc6d2c88efdefaeb244322874508d90d8217ac2e3541445254bdadc",
-    "zh:ced05776c27d550d15d4a71360243740ecb4ea1e65e67229fb2273a27353b00c",
-    "zh:da79b8a1a982a1d365ea206a2654e8b5003aeba9ccdc9c8751bb6ee3f40d8c49",
-    "zh:fabbad25bab09dd74f2b819992ab99b939c642374d6ca080b18d6e2a91d8d487",
-    "zh:fb0e083d2925f289999dc561ef1c2f84a9e0ab11388c40162ca8b470f50f71f5",
+    "h1:Xk+Whn6wnhEJEeiO/mPII/mOL+buHLj05AKy4TbDz3U=",
+    "zh:016ecc39328f34f6c0ffa413598f354824f7878c89cd031f123edb4bc8a687a2",
+    "zh:10b362dc0847200c987214b129b5f85e2f7d8ad417261a1d2dd04ab74de15603",
+    "zh:194647d9a61dca4f411f44580316b88a11095d7a99679d445f9b0f2c1ba976c4",
+    "zh:1d8aafe2ce7890696385bb3a0c3286e7ee3020416d337f59935406e4c6f91de6",
+    "zh:594585616210fb232fad4ebda2387ecd3f483931e00eff988fca83add6ce7cfc",
+    "zh:65e50be33ffb85580546f119839e1293591cc6d4db729d809931d0408b6ae408",
+    "zh:7d4ed5bd8c477ec304142e2160203a76a0d09c93d224950bda253172b2571038",
+    "zh:90a70a70a266b78c8216903e711904e6969b3957d182602b5d788602ec9ef323",
+    "zh:abb8e28e96fb8de270995873de980896b7cb53cfc550f02c50eaa42884624ba9",
+    "zh:bbf34dca2de6e105ca7204222162a0402d8e9e9a28e1de5ffbaa2c0d6270a059",
+    "zh:c1a9edb693d632dcb5c3c9ee84c97138e08eadb9354e28592efd581f68ac0385",
+    "zh:dadbf1368fae314fe8dcb99ebefbc78409f3fc0e3808cd92ea573b8eee1cae98",
+    "zh:e713e00ca27348abd18da2eeff861905e84050e3e7e008f14a0c63c70ab2ff84",
   ]
 }
 

main.tf

@@ -11,7 +11,7 @@ terraform {
     }
     hcloud = {
       source = "hetznercloud/hcloud"
-      version = "~> 1.45.0"
+      version = "~> 1.57.0"
     }
     healthchecksio = {
       source = "kristofferahl/healthchecksio"

modules/infrastructure/hcloud.tf

@@ -97,3 +97,57 @@ resource "hcloud_firewall" "nodes_services" {
     }
   }
 }
+
+#########################
+### Storage Box Setup ###
+#########################
+
+resource "random_password" "hcloud_storage_box_password" {
+  length  = 32
+  override_special = "-_+="
+  min_lower = 4
+  min_numeric = 4
+  min_special = 4
+  min_upper = 4
+}
+
+resource "hcloud_storage_box" "box01" {
+  name             = "box01"
+  storage_box_type = "bx11"
+  location         = "fsn1"
+  password         = random_password.hcloud_storage_box_password.result
+
+  access_settings = {
+    reachable_externally = true
+    samba_enabled        = false
+    ssh_enabled          = false
+    webdav_enabled       = false
+    zfs_enabled          = true
+  }
+
+  delete_protection = true
+}
+
+resource "random_password" "hcloud_storage_box_sub_passwords" {
+  for_each = local.services_storage_box
+  length  = 32
+  override_special = "-_+"
+  min_lower = 4
+  min_numeric = 4
+  min_special = 4
+  min_upper = 4
+}
+
+resource "hcloud_storage_box_subaccount" "service_accounts" {
+  for_each = local.services_storage_box
+  storage_box_id = hcloud_storage_box.box01.id
+  home_directory = "${each.key}/"
+  password       = random_password.hcloud_storage_box_sub_passwords[each.key].result
+
+  access_settings = {
+    reachable_externally = true
+    webdav_enabled = true
+  }
+
+  description = each.key
+}

modules/infrastructure/main.tf

@@ -6,7 +6,7 @@ terraform {
     }
     hcloud = {
       source = "hetznercloud/hcloud"
-      version = "~> 1.45.0"
+      version = "~> 1.57.0"
     }
     healthchecksio = {
       source = "kristofferahl/healthchecksio"
@@ -33,4 +33,6 @@ locals {
   buckets_s3 = merge([for key, val in local.services_s3 : {for bucket in val : bucket => key}]...)
 
   hetzner_hosts = {for key, val in var.hosts : key => val if val.provider == "hetzner"}
+
+  services_storage_box = {for key, val in var.services : key => val if val.storage_box}
 }

modules/infrastructure/output.tf

@@ -27,6 +27,17 @@ output "hosts" {
   }
 }
 
+output "hcloud_storage_box_accounts" {
+  value = {
+    for key, value in hcloud_storage_box_subaccount.service_accounts : key => {
+      host = value.server
+      user = value.username
+      pass = value.password
+    }
+  }
+  sensitive = true
+}
+
 output "healthchecksio" {
   value = {
     backup = {

modules/infrastructure/variables.tf

@@ -38,6 +38,7 @@ variable "services" {
     s3 = optional(string)
     s3_buckets = optional(list(string))
     database = bool
+    storage_box = optional(bool, false)
   }))
 }
 

output.tf

@@ -12,6 +12,11 @@ output "authentik_data" {
   sensitive = true
 }
 
+output "hcloud_storage_box_accounts" {
+  value = module.infrastructure.hcloud_storage_box_accounts
+  sensitive = true
+}
+
 output "healthchecksio" {
   value = module.infrastructure.healthchecksio
   sensitive = true

playbooks/roles/immich/defaults/main.yml

@@ -4,13 +4,12 @@ immich_db_db: immich
 immich_db_user: "{{ vault_immich.db.user }}"
 immich_db_pass: "{{ vault_immich.db.pass }}"
 
-immich_docker_tag: v2.2.3
+immich_docker_tag: v2.3.1
 
 immich_svc:
   domain: "{{ all_services | service_get_domain(role_name) }}"
   port: 2283
 
-
 immich_env:
   TZ: "{{ timezone }}"
 
@@ -30,7 +29,7 @@ immich_compose:
   watchtower: monitor
   image: ghcr.io/immich-app/immich-server:{{ immich_docker_tag }}
   volumes:
-    - upload:/usr/src/app/upload
+    - immich_upload:/usr/src/app/upload
   file:
     services:
       app:
@@ -51,7 +50,7 @@ immich_compose:
         cpus: 1.0
         mem_limit: 1g
         volumes:
-          - upload:/usr/src/app/upload
+          - immich_upload:/usr/src/app/upload
         restart: always
         networks:
           default:
@@ -97,6 +96,7 @@ immich_compose:
           default:
 
     volumes:
-      upload: "{{ vault_immich.upload_volume_driver }}"
+      immich_upload:
+        external: true
       pgdata:
       model-cache:

playbooks/roles/immich/tasks/main.yml

@@ -8,5 +8,10 @@
     env: "{{ immich_env }}"
     compose: "{{ immich_compose }}"
   block:
+    - name: Import tasks to create docker rclone volume
+      ansible.builtin.import_tasks: tasks/create-docker-rclone-volume.yml
+      vars:
+        task_volume: immich_upload
+        task_rclone: "{{ opentofu.hcloud_storage_box_accounts.immich }}"
     - name: Import tasks to deploy common service
       ansible.builtin.import_tasks: tasks/deploy-common-service.yml

playbooks/roles/immich_worker/defaults/main.yml

@@ -4,7 +4,7 @@ immich_worker_db_db: immich
 immich_worker_db_user: "{{ vault_immich.db.user }}"
 immich_worker_db_pass: "{{ vault_immich.db.pass }}"
 
-immich_worker_docker_tag: v2.2.3
+immich_worker_docker_tag: v2.3.1
 
 immich_worker_env:
   # IMMICH_CONFIG_FILE: /immich.json
@@ -46,6 +46,16 @@ immich_worker_compose:
           default:
 
     volumes:
-      upload: "{{ vault_immich.upload_volume_driver }}"
+      upload:
+        driver: rclone
+        driver_opts:
+          type: sftp
+          sftp_host: "{{ opentofu.hcloud_storage_box_accounts.immich.host }}"
+          sftp_port: 23
+          sftp_user: "{{ opentofu.hcloud_storage_box_accounts.immich.user }}"
+          sftp_pass: "{{ opentofu.hcloud_storage_box_accounts.immich.pass_obscure }}"
+          allow_other: 'true'
+          vfs_cache_mode: minimal
+          poll_interval: 0
       pgdata:
       model-cache:

playbooks/tasks/create-docker-rclone-volume.yml

@@ -0,0 +1,27 @@
+- name: Get infos on volume
+  community.docker.docker_volume_info:
+    name: "{{ task_volume }}"
+  register: res_docker_volume
+
+- name: Create volume (block)
+  when: not res_docker_volume.exists
+  block:
+    - name: Obscure rclone password
+      ansible.builtin.command:
+        cmd: rclone obscure -
+        stdin: "{{ task_rclone.pass }}"
+      register: res_rclone_pass
+      delegate_to: localhost
+      changed_when: true
+
+    - name: Create volume
+      community.docker.docker_volume:
+        name: "{{ task_volume }}"
+        driver: rclone
+        driver_options:
+          type: webdav
+          webdav_url: "https://{{ task_rclone.host }}"
+          webdav_user: "{{ task_rclone.user }}"
+          webdav_pass: "{{ res_rclone_pass.stdout }}"
+          vfs_cache_mode: minimal
+          allow_other: 'true'

services.auto.tfvars

@@ -297,6 +297,7 @@ services = {
     auth = false
     auth_redirects = ["https://gallery.serguzim.me/auth/login"]
     database = false
+    storage_box = true
   },
 
   "immich_worker" = {

variables.tf

@@ -172,6 +172,7 @@ variable "services" {
     s3 = optional(string)
     s3_buckets = optional(list(string))
     database = bool
+    storage_box = optional(bool, false)
     mail = optional(string)
     mail_smtp = optional(bool, true)
     mail_imap = optional(bool, false)