From 9d5c5d40a0908381443efcf42678aabbb19a6ba3 Mon Sep 17 00:00:00 2001
From: autonomic-bot <autonomic-bot@git.autonomic.zone>
Date: Tue, 9 Jun 2026 17:09:18 +0000
Subject: [PATCH] chore: upgrade to 1.7.0+v2.7.5

Confirms immich-server at the latest v2.7.5 + holds the DB pin immich v2.7.5 ships
(14-vectorchord0.4.3-pgvectors0.2.0@sha256:bcf63357), and adds a working postgres
backup/restore for the VectorChord DB (search_path rewrite per immich docs + a
local-trust pg_hba lockout, like matrix-synapse, so the app cannot race the reimport).
---
 abra.sh      |  1 +
 compose.yml  | 17 +++++++++++++-
 pg_backup.sh | 62 ++++++++++++++++++++++++++++++++++++++++++++++++++++
 3 files changed, 79 insertions(+), 1 deletion(-)
 create mode 100644 abra.sh
 create mode 100755 pg_backup.sh

diff --git a/abra.sh b/abra.sh
new file mode 100644
index 0000000..0975f1e
--- /dev/null
+++ b/abra.sh
@@ -0,0 +1 @@
+export PG_BACKUP_VERSION=v1
diff --git a/compose.yml b/compose.yml
index a308f36..420e723 100644
--- a/compose.yml
+++ b/compose.yml
@@ -30,7 +30,7 @@ services:
         - "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`${EXTRA_DOMAINS})"
         - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
         - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
-        - "coop-cloud.${STACK_NAME}.version=1.6.0+v2.7.5"
+        - "coop-cloud.${STACK_NAME}.version=1.7.0+v2.7.5"
         - "backupbot.backup=${ENABLE_BACKUPS:-true}"
         - "backupbot.volumes.model-cache=false"
         - "backupbot.volumes.uploads=false"
@@ -67,6 +67,21 @@ services:
       - postgres:/var/lib/postgresql/data
     networks:
       - backend
+    deploy:
+      labels:
+        backupbot.backup: "${ENABLE_BACKUPS:-true}"
+        backupbot.backup.pre-hook: "/pg_backup.sh backup"
+        backupbot.backup.volumes.postgres.path: "backup.sql"
+        backupbot.restore.post-hook: "/pg_backup.sh restore"
+    configs:
+      - source: pg_backup
+        target: /pg_backup.sh
+        mode: 0555
+
+configs:
+  pg_backup:
+    name: ${STACK_NAME}_pg_backup_${PG_BACKUP_VERSION}
+    file: pg_backup.sh
 
 secrets:
   db_password:
diff --git a/pg_backup.sh b/pg_backup.sh
new file mode 100755
index 0000000..3d81167
--- /dev/null
+++ b/pg_backup.sh
@@ -0,0 +1,62 @@
+#!/bin/bash
+
+# Postgres backup/restore hook for the immich `database` service (VectorChord/pgvecto.rs). Restore
+# follows the same pattern as the (green) matrix-synapse recipe — a local-trust `pg_hba` lockout so
+# the app can't reconnect and race the reimport — plus the `search_path` rewrite from immich's docs
+# (https://docs.immich.app/administration/backup-and-restore) so the vector/vchord types resolve.
+
+set -e
+
+BACKUP_FILE='/var/lib/postgresql/data/backup.sql'
+PGDATA_DIR='/var/lib/postgresql/data'
+HBA="${PGDATA_DIR}/pg_hba.conf"
+export PGPASSWORD=$(cat "${POSTGRES_PASSWORD_FILE:-/run/secrets/db_password}")
+DB_USER="${POSTGRES_USER:-postgres}"
+DB_NAME="${POSTGRES_DB:-immich}"
+
+function backup {
+  pg_dump -U "$DB_USER" "$DB_NAME" | gzip > "$BACKUP_FILE"
+}
+
+function restore {
+  # Reload pg_hba WITHOUT depending on a client connection — SIGHUP the postmaster directly. This is
+  # what guarantees the app is re-admitted at the end even if a psql connection isn't available.
+  reload_pg() {
+    local pid
+    pid=$(head -1 "${PGDATA_DIR}/postmaster.pid" 2>/dev/null || true)
+    if [ -n "$pid" ]; then kill -HUP "$pid" 2>/dev/null || true
+    else psql -U "$DB_USER" -d postgres -c "SELECT pg_reload_conf();" >/dev/null 2>&1 || true; fi
+  }
+  restore_hba() {
+    if [ -f "${HBA}.ccci.bak" ]; then
+      cat "${HBA}.ccci.bak" > "$HBA"
+      rm -f "${HBA}.ccci.bak"
+      reload_pg
+    fi
+  }
+  # Always re-admit the app, even if any step below fails or the hook is signalled.
+  trap restore_hba EXIT INT TERM
+
+  # Lock the networked app out for the duration of the restore: a local-trust-only pg_hba + reload
+  # makes postgres reject every TCP connection, so immich-server can't reconnect and re-run its own
+  # migrations concurrently with (and conflicting with) the import. Then terminate the connections it
+  # already holds so DROP DATABASE can proceed.
+  cp "$HBA" "${HBA}.ccci.bak"
+  printf 'local all all trust\n' > "$HBA"
+  reload_pg
+  psql -U "$DB_USER" -d postgres -c \
+    "SELECT pg_terminate_backend(pid) FROM pg_stat_activity WHERE datname='${DB_NAME}' AND pid<>pg_backend_pid();" >/dev/null
+
+  psql -U "$DB_USER" -d postgres -c "DROP DATABASE ${DB_NAME} WITH (FORCE);" >/dev/null
+  createdb -U "$DB_USER" "$DB_NAME"
+  # Rewrite the empty search_path the VectorChord dump sets so vector/vchord type + operator
+  # references resolve during the import (immich upstream restore procedure), then import alone.
+  gunzip -c "$BACKUP_FILE" \
+    | sed "s/SELECT pg_catalog.set_config('search_path', '', false);/SELECT pg_catalog.set_config('search_path', 'public, pg_catalog', true);/g" \
+    | psql -U "$DB_USER" -d "$DB_NAME" --single-transaction --set ON_ERROR_STOP=on >/dev/null
+
+  restore_hba
+  trap - EXIT INT TERM
+}
+
+$@