autonomic-bot
f283a371bb
Sanitized single-commit public mirror of recipe-maintainer. - Removed test-ssh/.testenv (live creds); added test-ssh/.testenv.example placeholders. - Removed plans/ and planned-updates/ (deployment-planning docs) so no client/ deployment domains appear in the public repo. - All other secret stores were already gitignored. - docs.coopcloud.tech retained as a submodule (public upstream).
39 lines
1.2 KiB
Markdown
39 lines
1.2 KiB
Markdown
# Immich — First-Time Setup
|
|
|
|
## Prerequisites
|
|
|
|
- DNS: `immich.<domain_suffix>` must resolve to the server
|
|
- **Authentik** must be deployed and running (dependency)
|
|
|
|
## Steps
|
|
|
|
1. **Create the app:**
|
|
```bash
|
|
abra app new immich --server <SERVER> --domain immich.<DOMAIN_SUFFIX> --no-input
|
|
```
|
|
|
|
2. **Generate secrets:**
|
|
```bash
|
|
abra app secret generate immich.<DOMAIN_SUFFIX> --all -m --no-input
|
|
```
|
|
Save output to `recipe-info/testsecrets/immich.<DOMAIN_SUFFIX>`.
|
|
|
|
3. **Deploy:**
|
|
```bash
|
|
abra app deploy immich.<DOMAIN_SUFFIX> --chaos --force --no-input
|
|
```
|
|
|
|
4. **Authentik SSO integration:**
|
|
```bash
|
|
python3 recipe-info/immich/setup_authentik_integration.py
|
|
```
|
|
This creates an OAuth2 provider and application in Authentik, creates a test user, creates an Immich admin account via the API, and configures Immich's OAuth settings via the Immich system API.
|
|
|
|
5. **Verify:** curl `https://immich.<DOMAIN_SUFFIX>` returns HTTP 200.
|
|
|
|
## Notes
|
|
|
|
- Credentials are saved to `recipe-info/immich/authentik-test-credentials.<DOMAIN_SUFFIX>.toml`.
|
|
- Unlike other recipes, Immich's OAuth is configured via its admin API (not env vars), so no redeploy is needed after SSO setup.
|
|
- OIDC test user: `testuser` / `testpass123`.
|