recipe-maintainers/recipe-maintainer
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
460eba090ba6765b05a929d32d16ca984cf66e5a
recipe-maintainer/recipe-info/immich/setup.md
autonomic-bot f283a371bb recipe-maintainer: public snapshot (secrets + deployment plans removed, single commit) 
Sanitized single-commit public mirror of recipe-maintainer.
- Removed test-ssh/.testenv (live creds); added test-ssh/.testenv.example placeholders.
- Removed plans/ and planned-updates/ (deployment-planning docs) so no client/
  deployment domains appear in the public repo.
- All other secret stores were already gitignored.
- docs.coopcloud.tech retained as a submodule (public upstream).
2026-06-16 20:18:24 +00:00

1.2 KiB
Raw Blame History

Immich — First-Time Setup

Prerequisites

  • DNS: immich.<domain_suffix> must resolve to the server
  • Authentik must be deployed and running (dependency)

Steps

  1. Create the app:

    abra app new immich --server <SERVER> --domain immich.<DOMAIN_SUFFIX> --no-input

  2. Generate secrets:

    abra app secret generate immich.<DOMAIN_SUFFIX> --all -m --no-input

    Save output to recipe-info/testsecrets/immich.<DOMAIN_SUFFIX>.

  3. Deploy:

    abra app deploy immich.<DOMAIN_SUFFIX> --chaos --force --no-input

  4. Authentik SSO integration:

    python3 recipe-info/immich/setup_authentik_integration.py

    This creates an OAuth2 provider and application in Authentik, creates a test user, creates an Immich admin account via the API, and configures Immich's OAuth settings via the Immich system API.

  5. Verify: curl https://immich.<DOMAIN_SUFFIX> returns HTTP 200.

Notes

  • Credentials are saved to recipe-info/immich/authentik-test-credentials.<DOMAIN_SUFFIX>.toml.
  • Unlike other recipes, Immich's OAuth is configured via its admin API (not env vars), so no redeploy is needed after SSO setup.
  • OIDC test user: testuser / testpass123.