apiVersion: v1
kind: Pod
metadata:
  name: immich
  labels:
    app: immich
  annotations:
spec:

  ## Volume definitions
  volumes:
    - hostPath:
        ## Equivalent of UPLOAD_LOCATION in docker-compose
        path: /path/to/immich/data
        type: Directory
      name: immich-data-host
    - hostPath:
        path: /path/to/immich/model-cache
        type: Directory
      name: immich-model-cache-host
    - name: immich-psql
      persistentVolumeClaim:
        claimName: immich-psql
    - hostPath:
        path: /path/to/immich/redis
        type: Directory
      name: immich-redis-host
    - hostPath:
        path: /path/to/nextcloud/app/data/nc-user/files
        type: Directory
        readOnly: true
      name: nextcloud-nc-user

  ## Container definitions  
  containers:
    - name: server
      image: ghcr.io/immich-app/immich-server:v1.112.1
      env:
      - name: IMMICH_WORKERS_INCLUDE
        value: api
      envFrom:
      - configMapRef:
          name: immich-config
          optional: false
      securityContext:
        capabilities:
          drop:
          - CAP_MKNOD
          - CAP_NET_RAW
          - CAP_AUDIT_WRITE
      volumeMounts:
      - mountPath: /usr/src/app/upload
        name: immich-data-host
      - mountPath: /nextcloud/nc-user
        name: nextcloud-nc-user
        readOnly: true


    - name: microservices
      image: ghcr.io/immich-app/immich-server:v1.112.1
      env:
      - name: IMMICH_WORKERS_EXCLUDE
        value: api
      envFrom:
      - configMapRef:
          name: immich-config
          optional: false
      securityContext:
        capabilities:
          drop:
          - CAP_MKNOD
          - CAP_NET_RAW
          - CAP_AUDIT_WRITE
      volumeMounts:
      - mountPath: /usr/src/app/upload
        name: immich-data-host
      - mountPath: /nextcloud/nc-user
        name: nextcloud-nc-user
        readOnly: true

    - name: machine-learning
      image: ghcr.io/immich-app/immich-machine-learning:v1.112.1
      envFrom:
      - configMapRef:
          name: immich-config
          optional: false
      securityContext:
        capabilities:
          drop:
          - CAP_MKNOD
          - CAP_NET_RAW
          - CAP_AUDIT_WRITE
      volumeMounts:
      - mountPath: /usr/src/app/upload
        name: immich-data-host
      - mountPath: /cache
        name: immich-model-cache-host
      - mountPath: /nextcloud/nc-user
        name: nextcloud-nc-user
        readOnly: true
    
    - name: psql
      image: docker.io/tensorchord/pgvecto-rs:pg14-v0.2.0
      resource: {}
      securityContext:
        capabilities:
          drop:
          - CAP_MKNOD
          - CAP_NET_RAW
          - CAP_AUDIT_WRITE
      volumeMounts:
      - mountPath: /var/lib/postgresql/data
        name: immich-psql
      env:
      - name: POSTGRES_USER
        valueFrom:
          configMapKeyRef:
            name: immich-config
            key: DB_USERNAME
      - name: POSTGRES_PASSWORD
        valueFrom:
          configMapKeyRef:
            name: immich-config
            key: DB_PASSWORD
      - name: POSTGRES_DB
        valueFrom:
          configMapKeyRef:
            name: immich-config
            key: DB_DATABASE_NAME
      - name: POSTGRES_INITDB_ARGS
        value: "--data-checksums"
      args: ["-c" ,"shared_preload_libraries=vectors.so", "-c", 'search_path="$$user", public, vectors', "-c", "logging_collector=on", "-c", "max_wal_size=2GB", "-c", "shared_buffers=512MB", "-c", "wal_compression=on"]

    - name: redis
      image: docker.io/library/redis:6.2-alpine
      args:
      - redis-server
      - --save
      - 60
      - 1
      - --loglevel
      - warning
      resources: {}
      securityContext:
        capabilities:
          drop:
          - CAP_MKNOD
          - CAP_NET_RAW
          - CAP_AUDIT_WRITE
      volumeMounts:
      - mountPath: /data
        name: immich-redis-host

  restartPolicy: Always
status: {}