From ec2c4be857cf81bd33f0ee7bd287fc2c08a1ddb8 Mon Sep 17 00:00:00 2001
From: Remy Moll <me@moll.re>
Date: Tue, 28 Nov 2023 18:41:20 +0100
Subject: [PATCH] update immich

---
 apps/immich/kustomization.yaml                |  1 +
 apps/immich/postgres.sealedsecret.yaml        | 23 +++++++++++++
 apps/immich/pvc.yaml                          |  1 -
 apps/immich/values.yaml                       | 32 +++++++++++--------
 infrastructure/postgres/adding.md             |  2 +-
 .../postgres-password.sealedsecret.yaml       |  2 +-
 6 files changed, 45 insertions(+), 16 deletions(-)
 create mode 100644 apps/immich/postgres.sealedsecret.yaml

diff --git a/apps/immich/kustomization.yaml b/apps/immich/kustomization.yaml
index ed21e63..1a74730 100644
--- a/apps/immich/kustomization.yaml
+++ b/apps/immich/kustomization.yaml
@@ -4,6 +4,7 @@ resources:
 - namespace.yaml
 - ingress.yaml
 - pvc.yaml
+- postgres.sealedsecret.yaml
 
 namespace: immich
 
diff --git a/apps/immich/postgres.sealedsecret.yaml b/apps/immich/postgres.sealedsecret.yaml
new file mode 100644
index 0000000..b93dfae
--- /dev/null
+++ b/apps/immich/postgres.sealedsecret.yaml
@@ -0,0 +1,23 @@
+{
+  "kind": "SealedSecret",
+  "apiVersion": "bitnami.com/v1alpha1",
+  "metadata": {
+    "name": "postgres-password",
+    "namespace": "default",
+    "creationTimestamp": null
+  },
+  "spec": {
+    "template": {
+      "metadata": {
+        "name": "postgres-password",
+        "namespace": "default",
+        "creationTimestamp": null
+      }
+    },
+    "encryptedData": {
+      "database": "AgBPY1A/N01GWvNrJATbOa5Cbjf0NlgaUk7meQq8OSpIzF3aFnrqu1OOJGf6snn0yuDIcpawKdtizqsNwKiJ6/2jZmfyV37JszAoCK+Lvcz6pYN56TIY7eBctWLMgr3l4XS2vzF7yGJaEx66qwk/+tERkIP4Qt9FeQAkzHEcmjkSiMODA7/eWCoEk3ug4eXvFLpREklBrtcVp8ZHsPKoMc8Cx4DdlTEAVJ+iVCRVCLd1Tgg85NWnqbxtV0SAXUi3K/gsNEUjbV1TVucCIr08dXmid/HZYRCcYXPGhBV4rFFKugQ/dXS4YHJHZS8xpVt0v7RK1rItu3RcoDXVI6tNW8onyv/gN6vLlk25h7CL80Si/FaGTl1inpbVlx1ej1gOckQP7cJim6F598HAUlAeX22Q+O0//dPzrmXCoBe1WxsEHvEOagEAfpQOND8ayTp0GIjZtGIuYfxsY1lsEHqSuwNcJxjoee2qRcra9DBzik2rRHUG/mdoVFClLuzGm7D0YIINkEh+fpTH+TMsxikew2+IB/9BSuB79shLVpt0ZxkcR2RGmvX+kfTrdr5RiWJyR9C3895H5JQ/9oXK1P6ApDABXZ6hlOommAhHoLb7pba4EJvBXxY7VsG8fdkRggOFCvZO7YSle+JCfeyncFFMrou56fkObBkz7UkWR5y2NQ4vq3eRF0jjVTx4s5ynG3HkAigaCvZbsBQ=",
+      "password": "AgA95xAB4mKFd4JCfJNZCsKZ4Fd06sCeGmPvOB7YWpZwEHKCCkflwB086NhUqSbpZ5UqmFwcAK2s+fY08NpPZ8BysxLDQHvPwTYo2l74i/GzcbDm+InWv9IGgE9XU9KOndoauUyzDQcLBtKJQi48pUJ1VA2RGDgGUXnqTvFASQVmjD5S6f6lGM1PxAYgWLKG4q3ixR8/wpB6uv17tABUodFksds9kVlmC/pbE3c1AS7mBQxNL6NDlGzTaMamXfnnzfSyf9s1moeWclWErCiiPXDOsoV72JrNVPh+4lKxO2HDo0lou0cS3XnS1Cb/GplfzrTFLnVPHR0tjH9AXR8Sz//mbqiYbmUdevQwYsRd6WXeOdwbDN7kieEW1jPlc/CqeaUV0v4VoyQDAarIyEmufVK2mKhU4ILOx484hi1tLrMVd6bVAFifxMW5qmOkNlIn3YhohahJBMyGTyznbUnerM8XhpSP8ArIJ3aoAoNxJCgSMyt4GsQmst9y0/D5VPlf5KPZGx8ZvGWRIantm/JY8pWcizGMZaeTQ84BrZwuGUhQNFYtY8V7ztCfsjH9UfW14tlCDO18GdlX7i3lG8KHNRtPBI4LWZEWmQ+UhAHKYdMxoYldHy8ivxetrGDrQMwr8O7exHYfsUhoArylEA+NWtlm3mlEWXlrI1BgfE7VZEYt1sZBg0NAlpO+4qaO+S5ywNEqD22cjhi9B7N2QRw2l3+sQ5OxdA==",
+      "username": "AgBnXap3ZlP53PaCfQOvk3qIlaAimBGHZTH8YZTD0/sCtuYhCIbPri1y3uUpEx+ARZIAqHdQ7vPcQJtjXk7TXr7aqXkDlzXTL7B5tfr5S1IF7TcgNu+sKB8UjLIJzxNqLDjEkqoc/EieFp13Zo/oSNJgYto0Ua4kfeoAL8YvB6V4tAZK6taxo+qq+TYGGmD8hPkA7BnnJJG+QUnAmMuWJXUvbM7F+csA1MknqYGqJ23vhKnfiOXReEqXfEnFNg+ICpvW5UOi62XOreaWGQqQ1vMx6Pay4yDDJV217coDiCxlHGE8FH1tqoz1+4KWAAE2rBvq3500wmi2q01iYNXMcwDgdJMVsJlvJ1qB8ryjhGeMQUszF+u4NkRG/JMUxU2XqzYxIAKXSAHXHReKUq1219PEMphd2InkxKOiT6jdqYTVj+kBCBnpEDHvyv9SLGiMvLPZs6jo+nlOs1YmsuqCqB87lgx9OGa3wGeQoRTQJwht1cenKlzJ4Fkzhrzu2+dPCXQ54dmEOswkPNQ0coVxcewYLa86qBKEA4TEVgSiqDOhUbZNiBo4eYgbeFtrWTJV+UruUZhecog4vwAk8DkHrY14CYHbNYa/0v7y+swcJ8S0ZbzVmbZbL59ZJ2LYDc6bdRos0m72gVsXf9OGiZiFW9Z4jxSkHjgcqbEg1M6nWbOu0O3q/57revn68syPznJFbD/BPmaAF8Y="
+    }
+  }
+}
diff --git a/apps/immich/pvc.yaml b/apps/immich/pvc.yaml
index 1197d61..6955936 100644
--- a/apps/immich/pvc.yaml
+++ b/apps/immich/pvc.yaml
@@ -6,7 +6,6 @@ metadata:
 spec:
   capacity:
     storage: "50Gi"
-  # volumeMode: Filesystem
   accessModes:
     - ReadWriteOnce
   nfs:
diff --git a/apps/immich/values.yaml b/apps/immich/values.yaml
index 79415c9..2128a88 100644
--- a/apps/immich/values.yaml
+++ b/apps/immich/values.yaml
@@ -6,11 +6,22 @@
 
 env:
   REDIS_HOSTNAME: '{{ printf "%s-redis-master" .Release.Name }}'
-  DB_HOSTNAME: "{{ .Release.Name }}-postgresql"
-  DB_USERNAME: "{{ .Values.postgresql.global.postgresql.auth.username }}"
-  DB_DATABASE_NAME: "{{ .Values.postgresql.global.postgresql.auth.database }}"
-  # -- You should provide your own secret outside of this helm-chart and use `postgresql.global.postgresql.auth.existingSecret` to provide credentials to the postgresql instance
-  DB_PASSWORD: "{{ .Values.postgresql.global.postgresql.auth.password }}"
+  DB_HOSTNAME: "postgres-postgresql.postgres"
+  DB_USERNAME: 
+    valueFrom:
+      secretKeyRef:
+        name: postgres-password
+        key: username
+  DB_DATABASE_NAME:
+    valueFrom:
+      secretKeyRef:
+        name: postgres-password
+        key: database
+  DB_PASSWORD:
+    valueFrom:
+      secretKeyRef:
+        name: postgres-password
+        key: password
   TYPESENSE_ENABLED: "{{ .Values.typesense.enabled }}"
   TYPESENSE_API_KEY: "{{ .Values.typesense.env.TYPESENSE_API_KEY }}"
   TYPESENSE_HOST: '{{ printf "%s-typesense" .Release.Name }}'
@@ -19,7 +30,7 @@ env:
   IMMICH_MACHINE_LEARNING_URL: '{{ printf "http://%s-machine-learning:3003" .Release.Name }}'
 
 image:
-  tag: v1.88.1
+  tag: v1.88.2
 
 immich:
   persistence:
@@ -32,13 +43,8 @@ immich:
 # Dependencies
 
 postgresql:
-  enabled: true
-  global:
-    postgresql:
-      auth:
-        username: immich
-        database: immich
-        password: immich
+  enabled: false
+
 
 redis:
   enabled: true
diff --git a/infrastructure/postgres/adding.md b/infrastructure/postgres/adding.md
index 0f50e05..d946050 100644
--- a/infrastructure/postgres/adding.md
+++ b/infrastructure/postgres/adding.md
@@ -9,5 +9,5 @@ You will be prompted to enter first the password for the new role and to reenter
 
 Create a new database with the new role as the owner:
 ```
-createdb -U postgres DATABASE_NAME  -O USER_NAME
+createdb -U postgres DATABASE_NAME -O USER_NAME
 ```
\ No newline at end of file
diff --git a/infrastructure/postgres/postgres-password.sealedsecret.yaml b/infrastructure/postgres/postgres-password.sealedsecret.yaml
index a5f6fc8..e925460 100644
--- a/infrastructure/postgres/postgres-password.sealedsecret.yaml
+++ b/infrastructure/postgres/postgres-password.sealedsecret.yaml
@@ -15,7 +15,7 @@
       }
     },
     "encryptedData": {
-      "password": "AgCVytxZbe1yjT7OQuA7LocPTgn6Ikx9pDJAA49Ktboy86dJWlxnBke23O0qn3ELFTGUTDaMhBcJB0neqA0RjTTW3o7PsvbxEBvrP5F1EK4jN2vHti8Jgt/CUbOlJVfFuGPaL2DG9M7vafUnL3AQvZv/YkL79Q32Wcg9nPq+4iT7fTGQzUu22G6bmKJv/SnByAnBIzZRsL3R3pP4J7suG+5+K6PDlNRbIb0mIoy1vjBz5PKQAR2Hrh1+kLFIJEIwDuinSDHRDUoa9fChC52x/Oc4PavFw8RWTXjot5cnEOkUK3umSx0jnD247nPc8sRW87hmHE3O/T+doDqEetQxtarSNPxCZXwkVJCIAxg48M29mdkPiOUu2Rr9W9w+HnN8j7mA2rHYAxxi3KPeDBL7kaFH+Xtyv+MT6upRr9BHfSbA/gMPjT37dJmbEYJAvEEyZZJK6TpXUkLh3jnhg1P180t8AnJVX4KQhjUm+UmgUCytxEjp082vxoKEHop6I7f4qzUYfudaG825i0zL11yjSvUbQbdoe8j3C5pNs5OgNBboGqYGfreCcp76zKdNrNI6GYhtj04AuOQZP5SD9/bqsP4JW4yFYsWsq3XuqIxE/2ExCRvDOFu2H1rnPnkcvUYr30doYPIugP40l7AY18YucUsbH19ww7jM1TOejo5QS5wb39uygwf4j0+XjbD3iV12AQzaEnk/pfo="
+      "password": "AgBZ6tzoD2xnUNujT5eDjzmVcUuDZIjDz5PG1aEImvm+5iNdn8/s5etnU04Jq2gfWoJPgzaZZVWuBc7ZGRzy0+4FcHriMxx3A78MSfS6ucCjIpfxWXhzm+ZUqUq/D3on8tMSFpf6BVosxw26uI414pLp4v2xDrKACB/6xZFeHZnWEVEHSLWniRzIxewA56LlJQ/4MNj7uGMhB5IX4WgGullKP1g2/WFuYp524jOHMWkaWhSXXpvRLfmSStDIrgobgjilmUKCxGO7y7m+L+qCzfNvXLCvRjhRbHWzINwjkN6X7BG7hMA9LjhN4aXglO68EdIU5vn+ekRh7FdrMt29sCm0JSWiMpE8HXNGdyuiuol8uMWIMeu8Em3rJah5LA38sSwsP7cZ74wM1ySNePtDagkb2pnqzCEg5e6eF54dpBuDbkQ9qm8q2+czDFovDUK2F4i3x7u5quQ5+qzem7kQsOi9fs/TKISFPHDSgJtVgp8z+kxbQIwa3hHa2Rhahm6PMGcN++V0gYVSdI04UmywX+DmcUPaOF2wP2ABYbpHWr96smbE5/iBG1l3qBFTxhl7FiZV6MZwiCZ4z0DCr59quhKAcEhxla0OEcUN+VXkyEHN16PVVKMh8uKPHOyXVGsBf4zQw5bWFwcZ8zBMdfQknK5pPwbUvSTEaPPW9lMZZW29tVOyZ+lb4l6iZkzGOzn9/VqWjwhLKiI="
     }
   }
 }