feat(server): infix search for originalPath

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

.dockerignore

@@ -4,6 +4,7 @@
 
 design/
 docker/
+!docker/scripts
 docs/
 e2e/
 fastlane/
@@ -21,6 +22,7 @@ open-api/typescript-sdk/node_modules/
 server/coverage/
 server/node_modules/
 server/upload/
+server/src/queries
 server/dist/
 server/www/
 
@@ -28,3 +30,4 @@ web/node_modules/
 web/coverage/
 web/.svelte-kit
 web/build/
+web/.env

.github/DISCUSSION_TEMPLATE/feature-request.yaml

@@ -1,11 +1,13 @@
-title: "[Feature] <feature-name-goes-here>"
+title: "[Feature] feature-name-goes-here"
 labels: ["feature"]
 
 body:
   - type: markdown
     attributes:
       value: |
-        Please use this form to request new feature for Immich
+        Please use this form to request new feature for Immich.
+        Stick to only a single feature per request. If you list multiple different features at once, 
+        your request will be closed.
 
   - type: checkboxes
     attributes:

.github/FUNDING.yml

@@ -0,0 +1 @@
+custom: ['https://buy.immich.app']

.github/ISSUE_TEMPLATE/bug_report.yaml

@@ -83,7 +83,6 @@ body:
         2.
         3.
         ...
-      render: bash
     validations:
       required: true
 

.github/ISSUE_TEMPLATE/config.yml

@@ -1,11 +1,11 @@
 blank_issues_enabled: false
 contact_links:
   - name: I have a question or need support
-    url: https://discord.gg/D8JsnBEuKb
+    url: https://discord.immich.app
     about: We use GitHub for tracking bugs, please check out our Discord channel for freaky fast support.
   - name: Feature Request
     url: https://github.com/immich-app/immich/discussions/new?category=feature-request
     about: Please use our GitHub Discussion for making feature requests.
   - name: I'm unsure where to go
-    url: https://discord.gg/D8JsnBEuKb
+    url: https://discord.immich.app
     about: If you are unsure where to go, then joining our Discord is recommended; Just ask!

.github/labeler.yml

@@ -0,0 +1,35 @@
+cli:
+  - changed-files:
+      - any-glob-to-any-file:
+          - cli/src/**
+
+documentation:
+  - changed-files:
+      - any-glob-to-any-file:
+          - docs/blob/**
+          - docs/docs/**
+          - docs/src/**
+          - docs/static/**
+
+🖥️web:
+  - changed-files:
+      - any-glob-to-any-file:
+          - web/src/**
+          - web/static/**
+
+📱mobile:
+  - changed-files:
+      - any-glob-to-any-file:
+          - mobile/lib/**
+          - mobile/test/**
+
+🗄️server:
+  - changed-files:
+      - any-glob-to-any-file:
+          - server/src/**
+          - server/test/**
+
+🧠machine-learning:
+  - changed-files:
+      - any-glob-to-any-file:
+          - machine-learning/app/**

.github/release.yml

@@ -1,41 +1,29 @@
 changelog:
   categories:
-    - title: ⚠️ Breaking Changes
+    - title: 🚨 Breaking Changes
       labels:
-        - breaking-change
+        - changelog:breaking-change
 
-    - title: 🗄️ Server
+    - title: 🔒 Security
       labels:
-        - 🗄️server
+        - changelog:security
 
-    - title: 📱 Mobile
+    - title: 🚀 Features
       labels:
-        - 📱mobile
+        - changelog:feature
 
-    - title: 🖥️ Web
+    - title: 🌟 Enhancements
       labels:
-        - 🖥️web
+        - changelog:enhancement
 
-    - title: 🧠 Machine Learning
+    - title: 🐛 Bug fixes
       labels:
-        - 🧠machine-learning
+        - changelog:bugfix
 
-    - title: ⚡ CLI
+    - title: 📚 Documentation
       labels:
-        - cli
+        - changelog:documentation
 
-    - title: 📓 Documentation
+    - title: 🌐 Translations
       labels:
-        - documentation
-
-    - title: 🔨 Maintenance
-      labels:
-        - deployment
-        - dependencies
-        - renovate
-        - maintenance
-        - tech-debt
-
-    - title: Other changes
-      labels:
-        - "*"
+        - changelog:translation

.github/workflows/build-mobile.yml

@@ -16,10 +16,28 @@ concurrency:
   cancel-in-progress: true
 
 jobs:
+  pre-job:
+    runs-on: ubuntu-latest
+    outputs:
+      should_run: ${{ steps.found_paths.outputs.mobile == 'true' || steps.should_force.outputs.should_force == 'true' }}
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+      - id: found_paths
+        uses: dorny/paths-filter@v3
+        with:
+          filters: |
+            mobile:
+              - 'mobile/**'
+      - name: Check if we should force jobs to run
+        id: should_force
+        run: echo "should_force=${{ github.event_name == 'workflow_call' || github.event_name == 'workflow_dispatch' }}" >> "$GITHUB_OUTPUT"
+
   build-sign-android:
     name: Build and sign Android
+    needs: pre-job
     # Skip when PR from a fork
-    if: ${{ !github.event.pull_request.head.repo.fork && github.actor != 'dependabot[bot]' }}
+    if: ${{ !github.event.pull_request.head.repo.fork && github.actor != 'dependabot[bot]' && needs.pre-job.outputs.should_run == 'true' }}
     runs-on: macos-14
 
     steps:
@@ -45,7 +63,7 @@ jobs:
         uses: subosito/flutter-action@v2
         with:
           channel: 'stable'
-          flutter-version: '3.22.0'
+          flutter-version-file: ./mobile/pubspec.yaml
           cache: true
 
       - name: Create the Keystore

.github/workflows/cli.yml

@@ -1,16 +1,17 @@
 name: CLI Build
 on:
-  workflow_dispatch:
   push:
     branches: [main]
     paths:
-      - "cli/**"
-      - ".github/workflows/cli.yml"
+      - 'cli/**'
+      - '.github/workflows/cli.yml'
   pull_request:
     branches: [main]
     paths:
-      - "cli/**"
-      - ".github/workflows/cli.yml"
+      - 'cli/**'
+      - '.github/workflows/cli.yml'
+  release:
+    types: [published]
 
 concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
@@ -32,8 +33,8 @@ jobs:
       # Setup .npmrc file to publish to npm
       - uses: actions/setup-node@v4
         with:
-          node-version: "20.x"
-          registry-url: "https://registry.npmjs.org"
+          node-version-file: './cli/.nvmrc'
+          registry-url: 'https://registry.npmjs.org'
       - name: Prepare SDK
         run: npm ci --prefix ../open-api/typescript-sdk/
       - name: Build SDK
@@ -41,7 +42,7 @@ jobs:
       - run: npm ci
       - run: npm run build
       - run: npm publish
-        if: ${{ github.event_name == 'workflow_dispatch' }}
+        if: ${{ github.event_name == 'release' }}
         env:
           NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
 
@@ -55,10 +56,10 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Set up QEMU
-        uses: docker/setup-qemu-action@v3.0.0
+        uses: docker/setup-qemu-action@v3.2.0
 
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3.3.0
+        uses: docker/setup-buildx-action@v3.6.1
 
       - name: Login to GitHub Container Registry
         uses: docker/login-action@v3
@@ -83,15 +84,15 @@ jobs:
           images: |
             name=ghcr.io/${{ github.repository_owner }}/immich-cli
           tags: |
-            type=raw,value=${{ steps.package-version.outputs.version }},enable=${{ github.event_name == 'workflow_dispatch' }}
-            type=raw,value=latest,enable=${{ github.event_name == 'workflow_dispatch' }}
+            type=raw,value=${{ steps.package-version.outputs.version }},enable=${{ github.event_name == 'release' }}
+            type=raw,value=latest,enable=${{ github.event_name == 'release' }}
 
       - name: Build and push image
-        uses: docker/build-push-action@v5.3.0
+        uses: docker/build-push-action@v6.7.0
         with:
           file: cli/Dockerfile
           platforms: linux/amd64,linux/arm64
-          push: ${{ github.event_name == 'workflow_dispatch' }}
+          push: ${{ github.event_name == 'release' }}
           cache-from: type=gha
           cache-to: type=gha,mode=max
           tags: ${{ steps.metadata.outputs.tags }}

.github/workflows/docker-cleanup.yml

@@ -35,7 +35,7 @@ jobs:
     steps:
       - name: Clean temporary images
         if: "${{ env.TOKEN != '' }}"
-        uses: stumpylog/image-cleaner-action/ephemeral@v0.6.0
+        uses: stumpylog/image-cleaner-action/ephemeral@v0.8.0
         with:
           token: "${{ env.TOKEN }}"
           owner: "immich-app"
@@ -64,7 +64,7 @@ jobs:
     steps:
       - name: Clean untagged images
         if: "${{ env.TOKEN != '' }}"
-        uses: stumpylog/image-cleaner-action/untagged@v0.6.0
+        uses: stumpylog/image-cleaner-action/untagged@v0.8.0
         with:
           token: "${{ env.TOKEN }}"
           owner: "immich-app"

.github/workflows/docker.yml

@@ -17,56 +17,67 @@ permissions:
   packages: write
 
 jobs:
-  build_and_push:
-    name: Build and Push
+  pre-job:
     runs-on: ubuntu-latest
+    outputs:
+      should_run_server: ${{ steps.found_paths.outputs.server == 'true' || steps.should_force.outputs.should_force == 'true' }}
+      should_run_ml: ${{ steps.found_paths.outputs.machine-learning == 'true' || steps.should_force.outputs.should_force == 'true' }}
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+      - id: found_paths
+        uses: dorny/paths-filter@v3
+        with:
+          filters: |
+            server:
+              - 'server/**'
+              - 'openapi/**'
+              - 'web/**'
+            machine-learning:
+              - 'machine-learning/**'
+
+      - name: Check if we should force jobs to run
+        id: should_force
+        run: echo "should_force=${{ github.event_name == 'workflow_dispatch' || github.event_name == 'release' }}" >> "$GITHUB_OUTPUT"
+
+  build_and_push_ml:
+    name: Build and Push ML
+    needs: pre-job
+    if: ${{ needs.pre-job.outputs.should_run_ml == 'true' }}
+    runs-on: ubuntu-latest
+    env:
+      image: immich-machine-learning
+      context: machine-learning
+      file: machine-learning/Dockerfile
     strategy:
       # Prevent a failure in one image from stopping the other builds
       fail-fast: false
       matrix:
         include:
-          - image: immich-machine-learning
-            context: machine-learning
-            file: machine-learning/Dockerfile
-            platforms: linux/amd64,linux/arm64
+          - platforms: linux/amd64,linux/arm64
             device: cpu
 
-          - image: immich-machine-learning
-            context: machine-learning
-            file: machine-learning/Dockerfile
-            platforms: linux/amd64
+          - platforms: linux/amd64
             device: cuda
             suffix: -cuda
 
-          - image: immich-machine-learning
-            context: machine-learning
-            file: machine-learning/Dockerfile
-            platforms: linux/amd64
+          - platforms: linux/amd64
             device: openvino
             suffix: -openvino
 
-          - image: immich-machine-learning
-            context: machine-learning
-            file: machine-learning/Dockerfile
-            platforms: linux/arm64
+          - platforms: linux/arm64
             device: armnn
             suffix: -armnn
 
-          - image: immich-server
-            context: .
-            file: server/Dockerfile
-            platforms: linux/amd64,linux/arm64
-            device: cpu
-
     steps:
       - name: Checkout
         uses: actions/checkout@v4
 
       - name: Set up QEMU
-        uses: docker/setup-qemu-action@v3.0.0
+        uses: docker/setup-qemu-action@v3.2.0
 
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3.3.0
+        uses: docker/setup-buildx-action@v3.6.1
 
       - name: Login to Docker Hub
         # Only push to Docker Hub when making a release
@@ -93,8 +104,8 @@ jobs:
             # Disable latest tag
             latest=false
           images: |
-            name=ghcr.io/${{ github.repository_owner }}/${{matrix.image}}
-            name=altran1502/${{matrix.image}},enable=${{ github.event_name == 'release' }}
+            name=ghcr.io/${{ github.repository_owner }}/${{env.image}}
+            name=altran1502/${{env.image}},enable=${{ github.event_name == 'release' }}
           tags: |
             # Tag with branch name
             type=ref,event=branch,suffix=${{ matrix.suffix }}
@@ -111,20 +122,115 @@ jobs:
             # Essentially just ignore the cache output (PR can't write to registry cache)
             echo "cache-to=type=local,dest=/tmp/discard,ignore-error=true" >> $GITHUB_OUTPUT
           else
-            echo "cache-to=type=registry,mode=max,ref=ghcr.io/${{ github.repository_owner }}/immich-build-cache:${{ matrix.image }}" >> $GITHUB_OUTPUT
+            echo "cache-to=type=registry,mode=max,ref=ghcr.io/${{ github.repository_owner }}/immich-build-cache:${{ env.image }}" >> $GITHUB_OUTPUT
           fi
 
       - name: Build and push image
-        uses: docker/build-push-action@v5.3.0
+        uses: docker/build-push-action@v6.7.0
         with:
-          context: ${{ matrix.context }}
-          file: ${{ matrix.file }}
+          context: ${{ env.context }}
+          file: ${{ env.file }}
           platforms: ${{ matrix.platforms }}
           # Skip pushing when PR from a fork
           push: ${{ !github.event.pull_request.head.repo.fork }}
-          cache-from: type=registry,ref=ghcr.io/${{ github.repository_owner }}/immich-build-cache:${{matrix.image}}
+          cache-from: type=registry,ref=ghcr.io/${{ github.repository_owner }}/immich-build-cache:${{env.image}}
           cache-to: ${{ steps.cache-target.outputs.cache-to }}
-          build-args: |
-            DEVICE=${{ matrix.device }}
           tags: ${{ steps.metadata.outputs.tags }}
           labels: ${{ steps.metadata.outputs.labels }}
+          build-args: |
+            DEVICE=${{ matrix.device }}
+            BUILD_ID=${{ github.run_id }}
+            BUILD_IMAGE=${{ github.event_name == 'release' && github.ref_name || steps.metadata.outputs.tags }}
+            BUILD_SOURCE_REF=${{ github.ref_name }}
+            BUILD_SOURCE_COMMIT=${{ github.sha }}
+
+
+  build_and_push_server:
+    name: Build and Push Server
+    runs-on: ubuntu-latest
+    needs: pre-job
+    if: ${{ needs.pre-job.outputs.should_run_server == 'true' }}
+    env:
+      image: immich-server
+      context: .
+      file: server/Dockerfile
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - platforms: linux/amd64,linux/arm64
+            device: cpu
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3.2.0
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3.6.1
+
+      - name: Login to Docker Hub
+        # Only push to Docker Hub when making a release
+        if: ${{ github.event_name == 'release' }}
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v3
+        # Skip when PR from a fork
+        if: ${{ !github.event.pull_request.head.repo.fork }}
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Generate docker image tags
+        id: metadata
+        uses: docker/metadata-action@v5
+        with:
+          flavor: |
+            # Disable latest tag
+            latest=false
+          images: |
+            name=ghcr.io/${{ github.repository_owner }}/${{env.image}}
+            name=altran1502/${{env.image}},enable=${{ github.event_name == 'release' }}
+          tags: |
+            # Tag with branch name
+            type=ref,event=branch,suffix=${{ matrix.suffix }}
+            # Tag with pr-number
+            type=ref,event=pr,suffix=${{ matrix.suffix }}
+            # Tag with git tag on release
+            type=ref,event=tag,suffix=${{ matrix.suffix }}
+            type=raw,value=release,enable=${{ github.event_name == 'release' }},suffix=${{ matrix.suffix }}
+
+      - name: Determine build cache output
+        id: cache-target
+        run: |
+          if [[ "${{ github.event_name }}" == "pull_request" ]]; then
+            # Essentially just ignore the cache output (PR can't write to registry cache)
+            echo "cache-to=type=local,dest=/tmp/discard,ignore-error=true" >> $GITHUB_OUTPUT
+          else
+            echo "cache-to=type=registry,mode=max,ref=ghcr.io/${{ github.repository_owner }}/immich-build-cache:${{ env.image }}" >> $GITHUB_OUTPUT
+          fi
+
+      - name: Build and push image
+        uses: docker/build-push-action@v6.7.0
+        with:
+          context: ${{ env.context }}
+          file: ${{ env.file }}
+          platforms: ${{ matrix.platforms }}
+          # Skip pushing when PR from a fork
+          push: ${{ !github.event.pull_request.head.repo.fork }}
+          cache-from: type=registry,ref=ghcr.io/${{ github.repository_owner }}/immich-build-cache:${{env.image}}
+          cache-to: ${{ steps.cache-target.outputs.cache-to }}
+          tags: ${{ steps.metadata.outputs.tags }}
+          labels: ${{ steps.metadata.outputs.labels }}
+          build-args: |
+            DEVICE=${{ matrix.device }}
+            BUILD_ID=${{ github.run_id }}
+            BUILD_IMAGE=${{ github.event_name == 'release' && github.ref_name || steps.metadata.outputs.tags }}
+            BUILD_SOURCE_REF=${{ github.ref_name }}
+            BUILD_SOURCE_COMMIT=${{ github.sha }}

.github/workflows/docs-build.yml

@@ -0,0 +1,63 @@
+name: Docs build
+on:
+  push:
+    branches: [main]
+  pull_request:
+    branches: [main]
+  release:
+    types: [published]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  pre-job:
+    runs-on: ubuntu-latest
+    outputs:
+      should_run: ${{ steps.found_paths.outputs.docs == 'true' || steps.should_force.outputs.should_force == 'true' }}
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+      - id: found_paths
+        uses: dorny/paths-filter@v3
+        with:
+          filters: |
+            docs:
+              - 'docs/**'
+      - name: Check if we should force jobs to run
+        id: should_force
+        run: echo "should_force=${{ github.event_name == 'release' }}" >> "$GITHUB_OUTPUT"
+
+  build:
+    needs: pre-job
+    if: ${{ needs.pre-job.outputs.should_run == 'true' }}
+    runs-on: ubuntu-latest
+    defaults:
+      run:
+        working-directory: ./docs
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Setup Node
+        uses: actions/setup-node@v4
+        with:
+          node-version-file: './docs/.nvmrc'
+
+      - name: Run npm install
+        run: npm ci
+
+      - name: Check formatting
+        run: npm run format
+
+      - name: Run build
+        run: npm run build
+
+      - name: Upload build output
+        uses: actions/upload-artifact@v4
+        with:
+          name: docs-build-output
+          path: docs/build/
+          retention-days: 1

.github/workflows/docs-deploy.yml

@@ -0,0 +1,200 @@
+name: Docs deploy
+on:
+  workflow_run:
+    workflows: ["Docs build"]
+    types:
+      - completed
+
+jobs:
+  checks:
+    runs-on: ubuntu-latest
+    outputs:
+      parameters: ${{ steps.parameters.outputs.result }}
+      artifact: ${{ steps.get-artifact.outputs.result }}
+    steps:
+      - if: ${{ github.event.workflow_run.conclusion != 'success' }}
+        run: echo 'The triggering workflow did not succeed' && exit 1
+      - name: Get artifact
+        id: get-artifact
+        uses: actions/github-script@v7
+        with:
+          script: |
+            let allArtifacts = await github.rest.actions.listWorkflowRunArtifacts({
+               owner: context.repo.owner,
+               repo: context.repo.repo,
+               run_id: context.payload.workflow_run.id,
+            });
+            let matchArtifact = allArtifacts.data.artifacts.filter((artifact) => {
+              return artifact.name == "docs-build-output"
+            })[0];
+            if (!matchArtifact) {
+              console.log("No artifact found with the name docs-build-output, build job was skipped")
+              return { found: false };
+            }
+            return { found: true, id: matchArtifact.id };
+      - name: Determine deploy parameters
+        id: parameters
+        uses: actions/github-script@v7
+        with:
+          script: |
+            const eventType = context.payload.workflow_run.event;
+            const isFork = context.payload.workflow_run.repository.fork;
+
+            let parameters;
+
+            console.log({eventType, isFork});
+
+            if (eventType == "push") {
+              const branch = context.payload.workflow_run.head_branch;
+              console.log({branch});
+              const shouldDeploy = !isFork && branch == "main";
+              parameters = {
+                event: "branch",
+                name: "main",
+                shouldDeploy
+              };
+            } else if (eventType == "pull_request") {
+              let pull_number = context.payload.workflow_run.pull_requests[0]?.number;
+              if(!pull_number) {
+                const response = await github.rest.search.issuesAndPullRequests({q: 'repo:${{ github.repository }} is:pr sha:${{ github.event.workflow_run.head_sha }}',per_page: 1,})
+                const items = response.data.items
+                if (items.length < 1) {
+                  throw new Error("No pull request found for the commit")
+                }
+                const pullRequestNumber = items[0].number
+                console.info("Pull request number is", pullRequestNumber)
+                pull_number = pullRequestNumber
+              }
+              const {data: pr} = await github.rest.pulls.get({
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                pull_number
+              });
+
+              console.log({pull_number});
+
+              parameters = {
+                event: "pr",
+                name: `pr-${pull_number}`,
+                pr_number: pull_number,
+                shouldDeploy: true
+              };
+            } else if (eventType == "release") {
+              parameters = {
+                event: "release",
+                name: context.payload.workflow_run.head_branch,
+                shouldDeploy: !isFork
+              };
+            }
+
+            console.log(parameters);
+            return parameters;
+
+  deploy:
+    runs-on: ubuntu-latest
+    needs: checks
+    if: ${{ fromJson(needs.checks.outputs.artifact).found && fromJson(needs.checks.outputs.parameters).shouldDeploy }}
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Load parameters
+        id: parameters
+        uses: actions/github-script@v7
+        with:
+          script: |
+            const json = `${{ needs.checks.outputs.parameters }}`;
+            const parameters = JSON.parse(json);
+            core.setOutput("event", parameters.event);
+            core.setOutput("name", parameters.name);
+            core.setOutput("shouldDeploy", parameters.shouldDeploy);
+
+      - run: |
+          echo "Starting docs deployment for ${{ steps.parameters.outputs.event }} ${{ steps.parameters.outputs.name }}"
+
+      - name: Download artifact
+        uses: actions/github-script@v7
+        with:
+          script: |
+            let artifact = ${{ needs.checks.outputs.artifact }};
+            let download = await github.rest.actions.downloadArtifact({
+               owner: context.repo.owner,
+               repo: context.repo.repo,
+               artifact_id: artifact.id,
+               archive_format: 'zip',
+            });
+            let fs = require('fs');
+            fs.writeFileSync(`${process.env.GITHUB_WORKSPACE}/docs-build-output.zip`, Buffer.from(download.data));
+
+      - name: Unzip artifact
+        run: unzip "${{ github.workspace }}/docs-build-output.zip" -d "${{ github.workspace }}/docs/build"
+
+      - name: Deploy Docs Subdomain
+        env:
+          TF_VAR_prefix_name: ${{ steps.parameters.outputs.name}}
+          TF_VAR_prefix_event_type: ${{ steps.parameters.outputs.event }}
+          CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }}
+          CLOUDFLARE_ACCOUNT_ID: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
+          TF_STATE_POSTGRES_CONN_STR: ${{ secrets.TF_STATE_POSTGRES_CONN_STR }}
+        uses: gruntwork-io/terragrunt-action@v2
+        with:
+          tg_version: "0.58.12"
+          tofu_version: "1.7.1"
+          tg_dir: "deployment/modules/cloudflare/docs"
+          tg_command: "apply"
+
+      - name: Deploy Docs Subdomain Output
+        id: docs-output
+        env:
+          TF_VAR_prefix_name: ${{ steps.parameters.outputs.name}}
+          TF_VAR_prefix_event_type: ${{ steps.parameters.outputs.event }}
+          CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }}
+          CLOUDFLARE_ACCOUNT_ID: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
+          TF_STATE_POSTGRES_CONN_STR: ${{ secrets.TF_STATE_POSTGRES_CONN_STR }}
+        uses: gruntwork-io/terragrunt-action@v2
+        with:
+          tg_version: "0.58.12"
+          tofu_version: "1.7.1"
+          tg_dir: "deployment/modules/cloudflare/docs"
+          tg_command: "output -json"
+
+      - name: Output Cleaning
+        id: clean
+        run: |
+          TG_OUT=$(echo '${{ steps.docs-output.outputs.tg_action_output }}' | sed 's|%0A|\n|g ; s|%3C|<|g' | jq -c .)
+          echo "output=$TG_OUT" >> $GITHUB_OUTPUT
+
+      - name: Publish to Cloudflare Pages
+        uses: cloudflare/pages-action@v1
+        with:
+          apiToken: ${{ secrets.CLOUDFLARE_API_TOKEN_PAGES_UPLOAD }}
+          accountId: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
+          projectName: ${{ fromJson(steps.clean.outputs.output).pages_project_name.value }}
+          workingDirectory: "docs"
+          directory: "build"
+          branch: ${{ steps.parameters.outputs.name }}
+          wranglerVersion: '3'
+
+      - name: Deploy Docs Release Domain
+        if: ${{ steps.parameters.outputs.event == 'release' }}
+        env:
+          TF_VAR_prefix_name: ${{ steps.parameters.outputs.name}}
+          CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }}
+          CLOUDFLARE_ACCOUNT_ID: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
+          TF_STATE_POSTGRES_CONN_STR: ${{ secrets.TF_STATE_POSTGRES_CONN_STR }}
+        uses: gruntwork-io/terragrunt-action@v2
+        with:
+          tg_version: '0.58.12'
+          tofu_version: '1.7.1'
+          tg_dir: 'deployment/modules/cloudflare/docs-release'
+          tg_command: 'apply'
+
+      - name: Comment
+        uses: actions-cool/maintain-one-comment@v3
+        if: ${{ steps.parameters.outputs.event == 'pr' }}
+        with:
+          number: ${{ fromJson(needs.checks.outputs.parameters).pr_number }}
+          body: |
+            📖 Documentation deployed to [${{ fromJson(steps.clean.outputs.output).immich_app_branch_subdomain.value }}](https://${{ fromJson(steps.clean.outputs.output).immich_app_branch_subdomain.value }})
+          emojis: 'rocket'
+          body-include: '<!-- Docs PR URL -->'

.github/workflows/docs-destroy.yml

@@ -0,0 +1,32 @@
+name: Docs destroy
+on:
+  pull_request_target:
+    types: [closed]
+
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Destroy Docs Subdomain
+        env:
+          TF_VAR_prefix_name: "pr-${{ github.event.number }}"
+          TF_VAR_prefix_event_type: "pr"
+          CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }}
+          CLOUDFLARE_ACCOUNT_ID: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
+          TF_STATE_POSTGRES_CONN_STR: ${{ secrets.TF_STATE_POSTGRES_CONN_STR }}
+        uses: gruntwork-io/terragrunt-action@v2
+        with:
+          tg_version: "0.58.12"
+          tofu_version: "1.7.1"
+          tg_dir: "deployment/modules/cloudflare/docs"
+          tg_command: "destroy"
+
+      - name: Comment
+        uses: actions-cool/maintain-one-comment@v3
+        with:
+          number: ${{ github.event.number }}
+          delete: true
+          body-include: '<!-- Docs PR URL -->'

.github/workflows/pr-label-validation.yml

@@ -0,0 +1,21 @@
+name: PR Label Validation
+
+on:
+  pull_request_target:
+    types: [opened, labeled, unlabeled, synchronize]
+
+jobs:
+  validate-release-label:
+    runs-on: ubuntu-latest
+    permissions:
+      issues: write
+      pull-requests: read
+    steps:
+      - name: Require PR to have a changelog label
+        uses: mheap/github-action-required-labels@v5
+        with:
+          mode: exactly
+          count: 1
+          use_regex: true
+          labels: "changelog:.*"
+          add_comment: true

.github/workflows/pr-labeler.yml

@@ -0,0 +1,12 @@
+name: "Pull Request Labeler"
+on:
+- pull_request_target
+
+jobs:
+  labeler:
+    permissions:
+      contents: read
+      pull-requests: write
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/labeler@v5

.github/workflows/pr-require-conventional-commit.yml

@@ -9,7 +9,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: PR Conventional Commit Validation
-        uses:  ytanikin/PRConventionalCommits@1.1.0
+        uses:  ytanikin/PRConventionalCommits@1.2.0
         with:
           task_types: '["feat","fix","docs","test","ci","refactor","perf","chore","revert"]'
           add_label: 'false'

.github/workflows/pr-require-label.yml

@@ -1,13 +0,0 @@
-name: Enforce PR labels
-
-on:
-  pull_request:
-    types: [labeled, unlabeled, opened, edited, synchronize]
-jobs:
-  enforce-label:
-    name: Enforce label
-    runs-on: ubuntu-latest
-    steps:
-    - if: toJson(github.event.pull_request.labels) == '[]'
-      run: exit 1
-

.github/workflows/prepare-release.yml

@@ -29,10 +29,17 @@ jobs:
       ref: ${{ steps.push-tag.outputs.commit_long_sha }}
 
     steps:
+      - name: Generate a token
+        id: generate-token
+        uses: actions/create-github-app-token@v1
+        with:
+          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
+          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
+
       - name: Checkout
         uses: actions/checkout@v4
         with:
-          token: ${{ secrets.ORG_RELEASE_TOKEN }}
+          token: ${{ steps.generate-token.outputs.token }}
 
       - name: Install Poetry
         run: pipx install poetry
@@ -44,10 +51,8 @@ jobs:
         id: push-tag
         uses: EndBug/add-and-commit@v9
         with:
-          author_name: Alex The Bot
-          author_email: alex.tran1502@gmail.com
-          default_author: user_info
-          message: 'Version ${{ env.IMMICH_VERSION }}'
+          default_author: github_actions
+          message: 'chore: version ${{ env.IMMICH_VERSION }}'
           tag: ${{ env.IMMICH_VERSION }}
           push: true
 

.github/workflows/sdk.yml

@@ -19,7 +19,7 @@ jobs:
       # Setup .npmrc file to publish to npm
       - uses: actions/setup-node@v4
         with:
-          node-version: '20.x'
+          node-version-file: './open-api/typescript-sdk/.nvmrc'
           registry-url: 'https://registry.npmjs.org'
       - name: Install deps
         run: npm ci

.github/workflows/static_analysis.yml

@@ -10,8 +10,27 @@ concurrency:
   cancel-in-progress: true
 
 jobs:
+  pre-job:
+    runs-on: ubuntu-latest
+    outputs:
+      should_run: ${{ steps.found_paths.outputs.mobile == 'true' || steps.should_force.outputs.should_force == 'true' }}
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+      - id: found_paths
+        uses: dorny/paths-filter@v3
+        with:
+          filters: |
+            mobile:
+              - 'mobile/**'
+      - name: Check if we should force jobs to run
+        id: should_force
+        run: echo "should_force=${{ github.event_name == 'release' }}" >> "$GITHUB_OUTPUT"
+
   mobile-dart-analyze:
     name: Run Dart Code Analysis
+    needs: pre-job
+    if: ${{ needs.pre-job.outputs.should_run == 'true' }}
 
     runs-on: ubuntu-latest
 
@@ -23,7 +42,7 @@ jobs:
         uses: subosito/flutter-action@v2
         with:
           channel: 'stable'
-          flutter-version: '3.22.0'
+          flutter-version-file: ./mobile/pubspec.yaml
 
       - name: Install dependencies
         run: dart pub get

.github/workflows/test.yml

@@ -10,30 +10,47 @@ concurrency:
   cancel-in-progress: true
 
 jobs:
-  doc-tests:
-    name: Docs
+  pre-job:
     runs-on: ubuntu-latest
-    defaults:
-      run:
-        working-directory: ./docs
-
+    outputs:
+      should_run_web: ${{ steps.found_paths.outputs.web == 'true' || steps.should_force.outputs.should_force == 'true' }}
+      should_run_server: ${{ steps.found_paths.outputs.server == 'true' || steps.should_force.outputs.should_force == 'true' }}
+      should_run_cli: ${{ steps.found_paths.outputs.cli == 'true' || steps.should_force.outputs.should_force == 'true' }}
+      should_run_e2e: ${{ steps.found_paths.outputs.e2e == 'true' || steps.should_force.outputs.should_force == 'true' }}
+      should_run_mobile: ${{ steps.found_paths.outputs.mobile == 'true' || steps.should_force.outputs.should_force == 'true' }}
+      should_run_ml: ${{ steps.found_paths.outputs.machine-learning == 'true' || steps.should_force.outputs.should_force == 'true' }}
+      should_run_e2e_web: ${{ steps.found_paths.outputs.e2e == 'true' || steps.found_paths.outputs.web == 'true' || steps.should_force.outputs.should_force == 'true' }}
+      should_run_e2e_server_cli: ${{ steps.found_paths.outputs.e2e == 'true' || steps.found_paths.outputs.server == 'true' || steps.found_paths.outputs.cli == 'true' || steps.should_force.outputs.should_force == 'true' }}
     steps:
       - name: Checkout code
         uses: actions/checkout@v4
+      - id: found_paths
+        uses: dorny/paths-filter@v3
+        with:
+          filters: |
+            web:
+              - 'web/**'
+              - 'open-api/typescript-sdk/**'
+            server:
+              - 'server/**'
+            cli:
+              - 'cli/**'
+              - 'open-api/typescript-sdk/**'
+            e2e:
+              - 'e2e/**'
+            mobile:
+              - 'mobile/**'
+            machine-learning:
+              - 'machine-learning/**'
 
-      - name: Run npm install
-        run: npm ci
-
-      - name: Run formatter
-        run: npm run format
-        if: ${{ !cancelled() }}
-
-      - name: Run build
-        run: npm run build
-        if: ${{ !cancelled() }}
+      - name: Check if we should force jobs to run
+        id: should_force
+        run: echo "should_force=${{ github.event_name == 'workflow_dispatch' }}" >> "$GITHUB_OUTPUT"
 
   server-unit-tests:
     name: Server
+    needs: pre-job
+    if: ${{ needs.pre-job.outputs.should_run_server == 'true' }}
     runs-on: ubuntu-latest
     defaults:
       run:
@@ -43,6 +60,11 @@ jobs:
       - name: Checkout code
         uses: actions/checkout@v4
 
+      - name: Setup Node
+        uses: actions/setup-node@v4
+        with:
+          node-version-file: './server/.nvmrc'
+
       - name: Run npm install
         run: npm ci
 
@@ -64,6 +86,8 @@ jobs:
 
   cli-unit-tests:
     name: CLI
+    needs: pre-job
+    if: ${{ needs.pre-job.outputs.should_run_cli == 'true' }}
     runs-on: ubuntu-latest
     defaults:
       run:
@@ -76,7 +100,7 @@ jobs:
       - name: Setup Node
         uses: actions/setup-node@v4
         with:
-          node-version: 20
+          node-version-file: './cli/.nvmrc'
 
       - name: Setup typescript-sdk
         run: npm ci && npm run build
@@ -101,8 +125,44 @@ jobs:
         run: npm run test:cov
         if: ${{ !cancelled() }}
 
+  cli-unit-tests-win:
+    name: CLI (Windows)
+    needs: pre-job
+    if: ${{ needs.pre-job.outputs.should_run_cli == 'true' }}
+    runs-on: windows-latest
+    defaults:
+      run:
+        working-directory: ./cli
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Setup Node
+        uses: actions/setup-node@v4
+        with:
+          node-version-file: './cli/.nvmrc'
+
+      - name: Setup typescript-sdk
+        run: npm ci && npm run build
+        working-directory: ./open-api/typescript-sdk
+
+      - name: Install deps
+        run: npm ci
+
+      # Skip linter & formatter in Windows test.
+      - name: Run tsc
+        run: npm run check
+        if: ${{ !cancelled() }}
+
+      - name: Run unit tests & coverage
+        run: npm run test:cov
+        if: ${{ !cancelled() }}
+
   web-unit-tests:
     name: Web
+    needs: pre-job
+    if: ${{ needs.pre-job.outputs.should_run_web == 'true' }}
     runs-on: ubuntu-latest
     defaults:
       run:
@@ -112,6 +172,11 @@ jobs:
       - name: Checkout code
         uses: actions/checkout@v4
 
+      - name: Setup Node
+        uses: actions/setup-node@v4
+        with:
+          node-version-file: './web/.nvmrc'
+
       - name: Run setup typescript-sdk
         run: npm ci && npm run build
         working-directory: ./open-api/typescript-sdk
@@ -139,8 +204,10 @@ jobs:
         run: npm run test:cov
         if: ${{ !cancelled() }}
 
-  e2e-tests:
-    name: End-to-End Tests
+  e2e-tests-lint:
+    name: End-to-End Lint
+    needs: pre-job
+    if: ${{ needs.pre-job.outputs.should_run_e2e == 'true' }}
     runs-on: ubuntu-latest
     defaults:
       run:
@@ -149,24 +216,17 @@ jobs:
     steps:
       - name: Checkout code
         uses: actions/checkout@v4
-        with:
-          submodules: 'recursive'
 
       - name: Setup Node
         uses: actions/setup-node@v4
         with:
-          node-version: 20
+          node-version-file: './e2e/.nvmrc'
 
       - name: Run setup typescript-sdk
         run: npm ci && npm run build
         working-directory: ./open-api/typescript-sdk
         if: ${{ !cancelled() }}
 
-      - name: Run setup cli
-        run: npm ci && npm run build
-        working-directory: ./cli
-        if: ${{ !cancelled() }}
-
       - name: Install dependencies
         run: npm ci
         if: ${{ !cancelled() }}
@@ -183,8 +243,38 @@ jobs:
         run: npm run check
         if: ${{ !cancelled() }}
 
-      - name: Install Playwright Browsers
-        run: npx playwright install --with-deps chromium
+  e2e-tests-server-cli:
+    name: End-to-End Tests (Server & CLI)
+    needs: pre-job
+    if: ${{ needs.pre-job.outputs.should_run_e2e_server_cli == 'true' }}
+    runs-on: mich
+    defaults:
+      run:
+        working-directory: ./e2e
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          submodules: 'recursive'
+
+      - name: Setup Node
+        uses: actions/setup-node@v4
+        with:
+          node-version-file: './e2e/.nvmrc'
+
+      - name: Run setup typescript-sdk
+        run: npm ci && npm run build
+        working-directory: ./open-api/typescript-sdk
+        if: ${{ !cancelled() }}
+
+      - name: Run setup cli
+        run: npm ci && npm run build
+        working-directory: ./cli
+        if: ${{ !cancelled() }}
+
+      - name: Install dependencies
+        run: npm ci
         if: ${{ !cancelled() }}
 
       - name: Docker build
@@ -195,12 +285,51 @@ jobs:
         run: npm run test
         if: ${{ !cancelled() }}
 
+  e2e-tests-web:
+    name: End-to-End Tests (Web)
+    needs: pre-job
+    if: ${{ needs.pre-job.outputs.should_run_e2e_web == 'true' }}
+    runs-on: mich
+    defaults:
+      run:
+        working-directory: ./e2e
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          submodules: 'recursive'
+
+      - name: Setup Node
+        uses: actions/setup-node@v4
+        with:
+          node-version-file: './e2e/.nvmrc'
+
+      - name: Run setup typescript-sdk
+        run: npm ci && npm run build
+        working-directory: ./open-api/typescript-sdk
+        if: ${{ !cancelled() }}
+
+      - name: Install dependencies
+        run: npm ci
+        if: ${{ !cancelled() }}
+
+      - name: Install Playwright Browsers
+        run: npx playwright install --with-deps chromium
+        if: ${{ !cancelled() }}
+
+      - name: Docker build
+        run: docker compose build
+        if: ${{ !cancelled() }}
+
       - name: Run e2e tests (web)
         run: npx playwright test
         if: ${{ !cancelled() }}
 
   mobile-unit-tests:
     name: Mobile
+    needs: pre-job
+    if: ${{ needs.pre-job.outputs.should_run_mobile == 'true' }}
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
@@ -208,13 +337,15 @@ jobs:
         uses: subosito/flutter-action@v2
         with:
           channel: 'stable'
-          flutter-version: '3.22.0'
+          flutter-version-file: ./mobile/pubspec.yaml
       - name: Run tests
         working-directory: ./mobile
         run: flutter test -j 1
 
   ml-unit-tests:
     name: Machine Learning
+    needs: pre-job
+    if: ${{ needs.pre-job.outputs.should_run_ml == 'true' }}
     runs-on: ubuntu-latest
     defaults:
       run:
@@ -260,9 +391,23 @@ jobs:
     name: OpenAPI Clients
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Setup Node
+        uses: actions/setup-node@v4
+        with:
+          node-version-file: './server/.nvmrc'
+
+      - name: Install server dependencies
+        run: npm --prefix=server ci
+
+      - name: Build the app
+        run: npm --prefix=server run build
+
       - name: Run API generation
         run: make open-api
+
       - name: Find file changes
         uses: tj-actions/verify-changed-files@v20
         id: verify-changed-files
@@ -270,6 +415,8 @@ jobs:
           files: |
             mobile/openapi
             open-api/typescript-sdk
+            open-api/immich-openapi-specs.json
+
       - name: Verify files have not changed
         if: steps.verify-changed-files.outputs.files_changed == 'true'
         run: |
@@ -302,6 +449,11 @@ jobs:
       - name: Checkout code
         uses: actions/checkout@v4
 
+      - name: Setup Node
+        uses: actions/setup-node@v4
+        with:
+          node-version-file: './server/.nvmrc'
+
       - name: Install server dependencies
         run: npm ci
 
@@ -332,7 +484,7 @@ jobs:
           exit 1
 
       - name: Run SQL generation
-        run: npm run sql:generate
+        run: npm run sync:sql
         env:
           DB_URL: postgres://postgres:postgres@localhost:5432/immich
 

.gitmodules

@@ -1,6 +1,6 @@
 [submodule "mobile/.isar"]
 	path = mobile/.isar
 	url = https://github.com/isar/isar
-[submodule "server/test/assets"]
+[submodule "e2e/test-assets"]
 	path = e2e/test-assets
 	url = https://github.com/immich-app/test-assets

CODE_OF_CONDUCT.md

@@ -131,4 +131,4 @@ conduct enforcement ladder](https://github.com/mozilla/diversity).
 
 For answers to common questions about this code of conduct, see the
 FAQ at https://www.contributor-covenant.org/faq. Translations are
-available at https://www.contributor-covenant.org/translations.
+available at https://www.contributor-covenant.org/translations.

Makefile

@@ -10,12 +10,6 @@ dev-update:
 dev-scale:
 	docker compose -f ./docker/docker-compose.dev.yml up --build -V  --scale immich-server=3 --remove-orphans
 
-stage:
-	docker compose -f ./docker/docker-compose.staging.yml up --build -V --remove-orphans
-
-pull-stage:
-	docker compose -f ./docker/docker-compose.staging.yml pull
-
 .PHONY: e2e
 e2e:
 	docker compose -f ./e2e/docker-compose.yml up --build -V --remove-orphans
@@ -37,7 +31,55 @@ open-api-typescript:
 	cd ./open-api && bash ./bin/generate-open-api.sh typescript
 
 sql:
-	npm --prefix server run sql:generate
+	npm --prefix server run sync:sql
 
 attach-server:
 	docker exec -it docker_immich-server_1 sh
+
+renovate:
+  LOG_LEVEL=debug npx renovate --platform=local --repository-cache=reset
+
+MODULES = e2e server web cli sdk
+
+audit-%:
+	npm --prefix $(subst sdk,open-api/typescript-sdk,$*) audit fix
+install-%:
+	npm --prefix $(subst sdk,open-api/typescript-sdk,$*) i
+build-cli: build-sdk
+build-web: build-sdk
+build-%: install-%
+	npm --prefix $(subst sdk,open-api/typescript-sdk,$*) run | grep 'build' >/dev/null \
+		&& npm --prefix $(subst sdk,open-api/typescript-sdk,$*) run build || true
+format-%:
+	npm --prefix $(subst sdk,open-api/typescript-sdk,$*) run | grep 'format:fix' >/dev/null \
+		&& npm --prefix $(subst sdk,open-api/typescript-sdk,$*) run format:fix || true
+lint-%:
+	npm --prefix $* run lint:fix
+check-%:
+	npm --prefix $* run check
+check-web:
+	npm --prefix web run check:typescript
+	npm --prefix web run check:svelte
+test-%:
+	npm --prefix $* run test
+test-e2e:
+	docker compose -f ./e2e/docker-compose.yml build
+	npm --prefix e2e run test
+	npm --prefix e2e run test:web
+
+build-all: $(foreach M,$(MODULES),build-$M) ;
+install-all: $(foreach M,$(MODULES),install-$M) ;
+check-all: $(foreach M,$(MODULES),check-$M) ;
+lint-all: $(foreach M,$(MODULES),lint-$M) ;
+format-all: $(foreach M,$(MODULES),format-$M) ;
+audit-all:  $(foreach M,$(MODULES),audit-$M) ;
+hygiene-all: lint-all format-all check-all sql audit-all;
+test-all: $(foreach M,$(MODULES),test-$M) ;
+
+clean:
+	find . -name "node_modules" -type d -prune -exec rm -rf '{}' +
+	find . -name "dist" -type d -prune -exec rm -rf '{}' +
+	find . -name "build" -type d -prune -exec rm -rf '{}' +
+	find . -name "svelte-kit" -type d -prune -exec rm -rf '{}' +
+	docker compose -f ./docker/docker-compose.dev.yml rm -v -f || true
+	docker compose -f ./e2e/docker-compose.yml rm -v -f || true

README.md

@@ -1,7 +1,7 @@
 <p align="center"> 
   <br/>  
   <a href="https://opensource.org/license/agpl-v3"><img src="https://img.shields.io/badge/License-AGPL_v3-blue.svg?color=3F51B5&style=for-the-badge&label=License&logoColor=000000&labelColor=ececec" alt="License: AGPLv3"></a>
-  <a href="https://discord.gg/D8JsnBEuKb">
+  <a href="https://discord.immich.app">
     <img src="https://img.shields.io/discord/979116623879368755.svg?label=Discord&logo=Discord&style=for-the-badge&logoColor=000000&labelColor=ececec" alt="Discord"/>
   </a>
   <br/>  
@@ -19,19 +19,21 @@
 <br/>
 <p align="center">
 
-  <a href="readme_i18n/README_ca_ES.md">Català</a>
-  <a href="readme_i18n/README_es_ES.md">Español</a>
-  <a href="readme_i18n/README_fr_FR.md">Français</a>
-  <a href="readme_i18n/README_it_IT.md">Italiano</a>
-  <a href="readme_i18n/README_ja_JP.md">日本語</a>
-  <a href="readme_i18n/README_ko_KR.md">한국어</a>
-  <a href="readme_i18n/README_de_DE.md">Deutsch</a>
-  <a href="readme_i18n/README_nl_NL.md">Nederlands</a>
-  <a href="readme_i18n/README_tr_TR.md">Türkçe</a>
-  <a href="readme_i18n/README_zh_CN.md">中文</a>
-  <a href="readme_i18n/README_ru_RU.md">Русский</a>
-  <a href="readme_i18n/README_pt_BR.md">Português Brasileiro</a>
-  <a href="readme_i18n/README_ar_JO.md">العربية</a>
+<a href="readme_i18n/README_ca_ES.md">Català</a>
+<a href="readme_i18n/README_es_ES.md">Español</a>
+<a href="readme_i18n/README_fr_FR.md">Français</a>
+<a href="readme_i18n/README_it_IT.md">Italiano</a>
+<a href="readme_i18n/README_ja_JP.md">日本語</a>
+<a href="readme_i18n/README_ko_KR.md">한국어</a>
+<a href="readme_i18n/README_de_DE.md">Deutsch</a>
+<a href="readme_i18n/README_nl_NL.md">Nederlands</a>
+<a href="readme_i18n/README_tr_TR.md">Türkçe</a>
+<a href="readme_i18n/README_zh_CN.md">中文</a>
+<a href="readme_i18n/README_ru_RU.md">Русский</a>
+<a href="readme_i18n/README_pt_BR.md">Português Brasileiro</a>
+<a href="readme_i18n/README_sv_SE.md">Svenska</a>
+<a href="readme_i18n/README_ar_JO.md">العربية</a>
+
 </p>
 
 ## Disclaimer
@@ -41,45 +43,36 @@
 - ⚠️ **Do not use the app as the only way to store your photos and videos.**
 - ⚠️ Always follow [3-2-1](https://www.backblaze.com/blog/the-3-2-1-backup-strategy/) backup plan for your precious photos and videos!
 
-## Content
+> [!NOTE]
+> You can find the main documentation, including installation guides, at https://immich.app/.
 
-- [Official Documentation](https://immich.app/docs)
-- [Roadmap](https://github.com/orgs/immich-app/projects/1)
+## Links
+
+- [Documentation](https://immich.app/docs)
+- [About](https://immich.app/docs/overview/introduction)
+- [Installation](https://immich.app/docs/install/requirements)
+- [Roadmap](https://immich.app/roadmap)
 - [Demo](#demo)
 - [Features](#features)
-- [Introduction](https://immich.app/docs/overview/introduction)
-- [Installation](https://immich.app/docs/install/requirements)
-- [Contribution Guidelines](https://immich.app/docs/overview/support-the-project)
-
-## Documentation
-
-You can find the main documentation, including installation guides, at https://immich.app/.
+- [Translations](https://immich.app/docs/developer/translations)
+- [Contributing](https://immich.app/docs/overview/support-the-project)
 
 ## Demo
 
-You can access the web demo at https://demo.immich.app
+Access the demo [here](https://demo.immich.app). The demo is running on a Free-tier Oracle VM in Amsterdam with a 2.4Ghz quad-core ARM64 CPU and 24GB RAM.
 
 For the mobile app, you can use `https://demo.immich.app/api` for the `Server Endpoint URL`
 
-```bash title="Demo Credential"
-The credential
-email: demo@immich.app
-password: demo
-```
+### Login credentials
 
-```
-Spec: Free-tier Oracle VM - Amsterdam - 2.4Ghz quad-core ARM64 CPU, 24GB RAM
-```
-
-## Activities
-
-![Activities](https://repobeats.axiom.co/api/embed/9e86d9dc3ddd137161f2f6d2e758d7863b1789cb.svg "Repobeats analytics image")
+| Email           | Password |
+| --------------- | -------- |
+| demo@immich.app | demo     |
 
 ## Features
 
-
 | Features                                     | Mobile | Web |
-| :--------------------------------------------- | -------- | ----- |
+| :------------------------------------------- | ------ | --- |
 | Upload and view videos and photos            | Yes    | Yes |
 | Auto backup when the app is opened           | Yes    | N/A |
 | Prevent duplication of assets                | Yes    | Yes |
@@ -109,13 +102,19 @@ Spec: Free-tier Oracle VM - Amsterdam - 2.4Ghz quad-core ARM64 CPU, 24GB RAM
 | Read-only gallery                            | Yes    | Yes |
 | Stacked Photos                               | Yes    | Yes |
 
-## Contributors
+## Translations
 
-<a href="https://github.com/alextran1502/immich/graphs/contributors">
-  <img src="https://contrib.rocks/image?repo=immich-app/immich" width="100%"/>
+Read more about translations [here](https://immich.app/docs/developer/translations).
+
+<a href="https://hosted.weblate.org/engage/immich/">
+<img src="https://hosted.weblate.org/widget/immich/immich/multi-auto.svg" alt="Translation status" />
 </a>
 
-## Star History
+## Repository activity
+
+![Activities](https://repobeats.axiom.co/api/embed/9e86d9dc3ddd137161f2f6d2e758d7863b1789cb.svg "Repobeats analytics image")
+
+## Star history
 
 <a href="https://star-history.com/#immich-app/immich&Date">
  <picture>
@@ -124,3 +123,9 @@ Spec: Free-tier Oracle VM - Amsterdam - 2.4Ghz quad-core ARM64 CPU, 24GB RAM
    <img alt="Star History Chart" src="https://api.star-history.com/svg?repos=immich-app/immich&type=Date" width="100%" />
  </picture>
 </a>
+
+## Contributors
+
+<a href="https://github.com/alextran1502/immich/graphs/contributors">
+  <img src="https://contrib.rocks/image?repo=immich-app/immich" width="100%"/>
+</a>

SECURITY.md

@@ -2,4 +2,4 @@
 
 ## Reporting a Vulnerability
 
-Please report security issues to `alex.tran1502@gmail.com`
+Please report security issues to `security@immich.app`

cli/.eslintignore

@@ -1 +0,0 @@
-/dist

cli/.eslintrc.cjs

@@ -1,28 +0,0 @@
-module.exports = {
-  parser: '@typescript-eslint/parser',
-  parserOptions: {
-    project: 'tsconfig.json',
-    sourceType: 'module',
-    tsconfigRootDir: __dirname,
-  },
-  plugins: ['@typescript-eslint/eslint-plugin'],
-  extends: ['plugin:@typescript-eslint/recommended', 'plugin:prettier/recommended', 'plugin:unicorn/recommended'],
-  root: true,
-  env: {
-    node: true,
-  },
-  ignorePatterns: ['.eslintrc.js'],
-  rules: {
-    '@typescript-eslint/interface-name-prefix': 'off',
-    '@typescript-eslint/explicit-function-return-type': 'off',
-    '@typescript-eslint/explicit-module-boundary-types': 'off',
-    '@typescript-eslint/no-explicit-any': 'off',
-    '@typescript-eslint/no-floating-promises': 'error',
-    'unicorn/prefer-module': 'off',
-    'unicorn/prevent-abbreviations': 'off',
-    'unicorn/no-process-exit': 'off',
-    'unicorn/import-style': 'off',
-    curly: 2,
-    'prettier/prettier': 0,
-  },
-};

cli/.nvmrc

@@ -1 +1 @@
-20.13
+20.17.0

cli/Dockerfile

@@ -1,4 +1,4 @@
-FROM node:20-alpine3.19@sha256:291e84d956f1aff38454bbd3da38941461ad569a185c20aa289f71f37ea08e23 as core
+FROM node:20.17.0-alpine3.20@sha256:1a526b97cace6b4006256570efa1a29cd1fe4b96a5301f8d48e87c5139438a45 AS core
 
 WORKDIR /usr/src/open-api/typescript-sdk
 COPY open-api/typescript-sdk/package*.json open-api/typescript-sdk/tsconfig*.json ./
@@ -16,4 +16,4 @@ RUN npm run build
 
 WORKDIR /import
 
-ENTRYPOINT ["node", "/usr/src/app/dist"]
+ENTRYPOINT ["node", "/usr/src/app/dist"]

cli/README.md

@@ -4,8 +4,18 @@ Please see the [Immich CLI documentation](https://immich.app/docs/features/comma
 
 # For developers
 
+Before building the CLI, you must build the immich server and the open-api client. To build the server run the following in the server folder:
+
+    $ npm install
+    $ npm run build
+
+Then, to build the open-api client run the following in the open-api folder:
+
+    $ ./bin/generate-open-api.sh
+
 To run the Immich CLI from source, run the following in the cli folder:
 
+    $ npm install
     $ npm run build
     $ ts-node .
 
@@ -17,3 +27,4 @@ You can also build and install the CLI using
 
     $ npm run build
     $ npm install -g .
+****

cli/eslint.config.mjs

@@ -0,0 +1,61 @@
+import { FlatCompat } from '@eslint/eslintrc';
+import js from '@eslint/js';
+import typescriptEslint from '@typescript-eslint/eslint-plugin';
+import tsParser from '@typescript-eslint/parser';
+import globals from 'globals';
+import path from 'node:path';
+import { fileURLToPath } from 'node:url';
+
+const __filename = fileURLToPath(import.meta.url);
+const __dirname = path.dirname(__filename);
+const compat = new FlatCompat({
+  baseDirectory: __dirname,
+  recommendedConfig: js.configs.recommended,
+  allConfig: js.configs.all,
+});
+
+export default [
+  {
+    ignores: ['eslint.config.mjs', 'dist'],
+  },
+  ...compat.extends(
+    'plugin:@typescript-eslint/recommended',
+    'plugin:prettier/recommended',
+    'plugin:unicorn/recommended',
+  ),
+  {
+    plugins: {
+      '@typescript-eslint': typescriptEslint,
+    },
+
+    languageOptions: {
+      globals: {
+        ...globals.node,
+      },
+
+      parser: tsParser,
+      ecmaVersion: 5,
+      sourceType: 'module',
+
+      parserOptions: {
+        project: 'tsconfig.json',
+        tsconfigRootDir: __dirname,
+      },
+    },
+
+    rules: {
+      '@typescript-eslint/interface-name-prefix': 'off',
+      '@typescript-eslint/explicit-function-return-type': 'off',
+      '@typescript-eslint/explicit-module-boundary-types': 'off',
+      '@typescript-eslint/no-explicit-any': 'off',
+      '@typescript-eslint/no-floating-promises': 'error',
+      'unicorn/prefer-module': 'off',
+      'unicorn/prevent-abbreviations': 'off',
+      'unicorn/no-process-exit': 'off',
+      'unicorn/import-style': 'off',
+      curly: 2,
+      'prettier/prettier': 0,
+      'object-shorthand': ['error', 'always'],
+    },
+  },
+];

cli/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@immich/cli",
-  "version": "2.2.0",
+  "version": "2.2.17",
   "description": "Command Line Interface (CLI) for Immich",
   "type": "module",
   "exports": "./dist/index.js",
@@ -13,29 +13,33 @@
     "cli"
   ],
   "devDependencies": {
+    "@eslint/eslintrc": "^3.1.0",
+    "@eslint/js": "^9.8.0",
     "@immich/sdk": "file:../open-api/typescript-sdk",
     "@types/byte-size": "^8.1.0",
     "@types/cli-progress": "^3.11.0",
     "@types/lodash-es": "^4.17.12",
     "@types/mock-fs": "^4.13.1",
-    "@types/node": "^20.3.1",
-    "@typescript-eslint/eslint-plugin": "^7.0.0",
-    "@typescript-eslint/parser": "^7.0.0",
-    "@vitest/coverage-v8": "^1.2.2",
-    "byte-size": "^8.1.1",
+    "@types/node": "^20.16.2",
+    "@typescript-eslint/eslint-plugin": "^8.0.0",
+    "@typescript-eslint/parser": "^8.0.0",
+    "@vitest/coverage-v8": "^2.0.5",
+    "byte-size": "^9.0.0",
     "cli-progress": "^3.12.0",
     "commander": "^12.0.0",
-    "eslint": "^8.56.0",
+    "eslint": "^9.0.0",
     "eslint-config-prettier": "^9.1.0",
     "eslint-plugin-prettier": "^5.1.3",
-    "eslint-plugin-unicorn": "^53.0.0",
+    "eslint-plugin-unicorn": "^55.0.0",
+    "globals": "^15.9.0",
     "mock-fs": "^5.2.0",
     "prettier": "^3.2.5",
-    "prettier-plugin-organize-imports": "^3.2.4",
+    "prettier-plugin-organize-imports": "^4.0.0",
     "typescript": "^5.3.3",
     "vite": "^5.0.12",
-    "vite-tsconfig-paths": "^4.3.2",
-    "vitest": "^1.2.2",
+    "vite-tsconfig-paths": "^5.0.0",
+    "vitest": "^2.0.5",
+    "vitest-fetch-mock": "^0.3.0",
     "yaml": "^2.3.1"
   },
   "scripts": {
@@ -59,9 +63,10 @@
   },
   "dependencies": {
     "fast-glob": "^3.3.2",
+    "fastq": "^1.17.1",
     "lodash-es": "^4.17.21"
   },
   "volta": {
-    "node": "20.13.1"
+    "node": "20.17.0"
   }
 }

cli/src/commands/asset.spec.ts

@@ -0,0 +1,201 @@
+import * as fs from 'node:fs';
+import * as os from 'node:os';
+import * as path from 'node:path';
+import { describe, expect, it, vi } from 'vitest';
+
+import { Action, checkBulkUpload, defaults, Reason } from '@immich/sdk';
+import createFetchMock from 'vitest-fetch-mock';
+
+import { checkForDuplicates, getAlbumName, uploadFiles, UploadOptionsDto } from './asset';
+
+vi.mock('@immich/sdk');
+
+describe('getAlbumName', () => {
+  it('should return a non-undefined value', () => {
+    if (os.platform() === 'win32') {
+      // This is meaningless for Unix systems.
+      expect(getAlbumName(String.raw`D:\test\Filename.txt`, {} as UploadOptionsDto)).toBe('test');
+    }
+    expect(getAlbumName('D:/parentfolder/test/Filename.txt', {} as UploadOptionsDto)).toBe('test');
+  });
+
+  it('has higher priority to return `albumName` in `options`', () => {
+    expect(getAlbumName('/parentfolder/test/Filename.txt', { albumName: 'example' } as UploadOptionsDto)).toBe(
+      'example',
+    );
+  });
+});
+
+describe('uploadFiles', () => {
+  const testDir = fs.mkdtempSync(path.join(os.tmpdir(), 'test-'));
+  const testFilePath = path.join(testDir, 'test.png');
+  const testFileData = 'test';
+  const baseUrl = 'http://example.com';
+  const apiKey = 'key';
+  const retry = 3;
+
+  const fetchMocker = createFetchMock(vi);
+
+  beforeEach(() => {
+    // Create a test file
+    fs.writeFileSync(testFilePath, testFileData);
+
+    // Defaults
+    vi.mocked(defaults).baseUrl = baseUrl;
+    vi.mocked(defaults).headers = { 'x-api-key': apiKey };
+
+    fetchMocker.enableMocks();
+    fetchMocker.resetMocks();
+  });
+
+  it('returns new assets when upload file is successful', async () => {
+    fetchMocker.doMockIf(new RegExp(`${baseUrl}/assets$`), () => {
+      return {
+        status: 200,
+        body: JSON.stringify({ id: 'fc5621b1-86f6-44a1-9905-403e607df9f5', status: 'created' }),
+      };
+    });
+
+    await expect(uploadFiles([testFilePath], { concurrency: 1 })).resolves.toEqual([
+      {
+        filepath: testFilePath,
+        id: 'fc5621b1-86f6-44a1-9905-403e607df9f5',
+      },
+    ]);
+  });
+
+  it('returns new assets when upload file retry is successful', async () => {
+    let counter = 0;
+    fetchMocker.doMockIf(new RegExp(`${baseUrl}/assets$`), () => {
+      counter++;
+      if (counter < retry) {
+        throw new Error('Network error');
+      }
+
+      return {
+        status: 200,
+        body: JSON.stringify({ id: 'fc5621b1-86f6-44a1-9905-403e607df9f5', status: 'created' }),
+      };
+    });
+
+    await expect(uploadFiles([testFilePath], { concurrency: 1 })).resolves.toEqual([
+      {
+        filepath: testFilePath,
+        id: 'fc5621b1-86f6-44a1-9905-403e607df9f5',
+      },
+    ]);
+  });
+
+  it('returns new assets when upload file retry is failed', async () => {
+    fetchMocker.doMockIf(new RegExp(`${baseUrl}/assets$`), () => {
+      throw new Error('Network error');
+    });
+
+    await expect(uploadFiles([testFilePath], { concurrency: 1 })).resolves.toEqual([]);
+  });
+});
+
+describe('checkForDuplicates', () => {
+  const testDir = fs.mkdtempSync(path.join(os.tmpdir(), 'test-'));
+  const testFilePath = path.join(testDir, 'test.png');
+  const testFileData = 'test';
+  const testFileChecksum = 'a94a8fe5ccb19ba61c4c0873d391e987982fbbd3'; // SHA1
+  const retry = 3;
+
+  beforeEach(() => {
+    // Create a test file
+    fs.writeFileSync(testFilePath, testFileData);
+  });
+
+  it('checks duplicates', async () => {
+    vi.mocked(checkBulkUpload).mockResolvedValue({
+      results: [
+        {
+          action: Action.Accept,
+          id: testFilePath,
+        },
+      ],
+    });
+
+    await checkForDuplicates([testFilePath], { concurrency: 1 });
+
+    expect(checkBulkUpload).toHaveBeenCalledWith({
+      assetBulkUploadCheckDto: {
+        assets: [
+          {
+            checksum: testFileChecksum,
+            id: testFilePath,
+          },
+        ],
+      },
+    });
+  });
+
+  it('returns duplicates when check duplicates is rejected', async () => {
+    vi.mocked(checkBulkUpload).mockResolvedValue({
+      results: [
+        {
+          action: Action.Reject,
+          id: testFilePath,
+          assetId: 'fc5621b1-86f6-44a1-9905-403e607df9f5',
+          reason: Reason.Duplicate,
+        },
+      ],
+    });
+
+    await expect(checkForDuplicates([testFilePath], { concurrency: 1 })).resolves.toEqual({
+      duplicates: [
+        {
+          filepath: testFilePath,
+          id: 'fc5621b1-86f6-44a1-9905-403e607df9f5',
+        },
+      ],
+      newFiles: [],
+    });
+  });
+
+  it('returns new assets when check duplicates is accepted', async () => {
+    vi.mocked(checkBulkUpload).mockResolvedValue({
+      results: [
+        {
+          action: Action.Accept,
+          id: testFilePath,
+        },
+      ],
+    });
+
+    await expect(checkForDuplicates([testFilePath], { concurrency: 1 })).resolves.toEqual({
+      duplicates: [],
+      newFiles: [testFilePath],
+    });
+  });
+
+  it('returns results when check duplicates retry is successful', async () => {
+    let mocked = vi.mocked(checkBulkUpload);
+    for (let i = 1; i < retry; i++) {
+      mocked = mocked.mockRejectedValueOnce(new Error('Network error'));
+    }
+    mocked.mockResolvedValue({
+      results: [
+        {
+          action: Action.Accept,
+          id: testFilePath,
+        },
+      ],
+    });
+
+    await expect(checkForDuplicates([testFilePath], { concurrency: 1 })).resolves.toEqual({
+      duplicates: [],
+      newFiles: [testFilePath],
+    });
+  });
+
+  it('returns results when check duplicates retry is failed', async () => {
+    vi.mocked(checkBulkUpload).mockRejectedValue(new Error('Network error'));
+
+    await expect(checkForDuplicates([testFilePath], { concurrency: 1 })).resolves.toEqual({
+      duplicates: [],
+      newFiles: [],
+    });
+  });
+});

cli/src/commands/asset.ts

@@ -1,7 +1,8 @@
 import {
   Action,
   AssetBulkUploadCheckResult,
-  AssetFileUploadResponseDto,
+  AssetMediaResponseDto,
+  AssetMediaStatus,
   addAssetsToAlbum,
   checkBulkUpload,
   createAlbum,
@@ -14,8 +15,8 @@ import { Presets, SingleBar } from 'cli-progress';
 import { chunk } from 'lodash-es';
 import { Stats, createReadStream } from 'node:fs';
 import { stat, unlink } from 'node:fs/promises';
-import os from 'node:os';
 import path, { basename } from 'node:path';
+import { Queue } from 'src/queue';
 import { BaseOptions, authenticate, crawl, sha1 } from 'src/utils';
 
 const s = (count: number) => (count === 1 ? '' : 's');
@@ -24,7 +25,7 @@ const s = (count: number) => (count === 1 ? '' : 's');
 type AssetBulkUploadCheckResults = Array<AssetBulkUploadCheckResult & { id: string }>;
 type Asset = { id: string; filepath: string };
 
-interface UploadOptionsDto {
+export interface UploadOptionsDto {
   recursive?: boolean;
   ignore?: string;
   dryRun?: boolean;
@@ -83,7 +84,7 @@ const scan = async (pathsToCrawl: string[], options: UploadOptionsDto) => {
   return files;
 };
 
-const checkForDuplicates = async (files: string[], { concurrency, skipHash }: UploadOptionsDto) => {
+export const checkForDuplicates = async (files: string[], { concurrency, skipHash }: UploadOptionsDto) => {
   if (skipHash) {
     console.log('Skipping hash check, assuming all files are new');
     return { newFiles: files, duplicates: [] };
@@ -99,32 +100,50 @@ const checkForDuplicates = async (files: string[], { concurrency, skipHash }: Up
   const newFiles: string[] = [];
   const duplicates: Asset[] = [];
 
-  try {
-    // TODO refactor into a queue
-    for (const items of chunk(files, concurrency)) {
-      const dto = await Promise.all(items.map(async (filepath) => ({ id: filepath, checksum: await sha1(filepath) })));
-      const { results } = await checkBulkUpload({ assetBulkUploadCheckDto: { assets: dto } });
-
-      for (const { id: filepath, assetId, action } of results as AssetBulkUploadCheckResults) {
+  const queue = new Queue<string[], AssetBulkUploadCheckResults>(
+    async (filepaths: string[]) => {
+      const dto = await Promise.all(
+        filepaths.map(async (filepath) => ({ id: filepath, checksum: await sha1(filepath) })),
+      );
+      const response = await checkBulkUpload({ assetBulkUploadCheckDto: { assets: dto } });
+      const results = response.results as AssetBulkUploadCheckResults;
+      for (const { id: filepath, assetId, action } of results) {
         if (action === Action.Accept) {
           newFiles.push(filepath);
         } else {
           // rejects are always duplicates
           duplicates.push({ id: assetId as string, filepath });
         }
-        progressBar.increment();
       }
-    }
-  } finally {
-    progressBar.stop();
+      progressBar.increment(filepaths.length);
+      return results;
+    },
+    { concurrency, retry: 3 },
+  );
+
+  for (const items of chunk(files, concurrency)) {
+    await queue.push(items);
   }
 
+  await queue.drained();
+
+  progressBar.stop();
+
   console.log(`Found ${newFiles.length} new files and ${duplicates.length} duplicate${s(duplicates.length)}`);
 
+  // Report failures
+  const failedTasks = queue.tasks.filter((task) => task.status === 'failed');
+  if (failedTasks.length > 0) {
+    console.log(`Failed to verify ${failedTasks.length} file${s(failedTasks.length)}:`);
+    for (const task of failedTasks) {
+      console.log(`- ${task.data} - ${task.error}`);
+    }
+  }
+
   return { newFiles, duplicates };
 };
 
-const uploadFiles = async (files: string[], { dryRun, concurrency }: UploadOptionsDto): Promise<Asset[]> => {
+export const uploadFiles = async (files: string[], { dryRun, concurrency }: UploadOptionsDto): Promise<Asset[]> => {
   if (files.length === 0) {
     console.log('All assets were already uploaded, nothing to do.');
     return [];
@@ -158,41 +177,56 @@ const uploadFiles = async (files: string[], { dryRun, concurrency }: UploadOptio
 
   const newAssets: Asset[] = [];
 
-  try {
-    for (const items of chunk(files, concurrency)) {
-      await Promise.all(
-        items.map(async (filepath) => {
-          const stats = statsMap.get(filepath) as Stats;
-          const response = await uploadFile(filepath, stats);
+  const queue = new Queue<string, AssetMediaResponseDto>(
+    async (filepath: string) => {
+      const stats = statsMap.get(filepath);
+      if (!stats) {
+        throw new Error(`Stats not found for ${filepath}`);
+      }
 
-          newAssets.push({ id: response.id, filepath });
+      const response = await uploadFile(filepath, stats);
+      newAssets.push({ id: response.id, filepath });
+      if (response.status === AssetMediaStatus.Duplicate) {
+        duplicateCount++;
+        duplicateSize += stats.size ?? 0;
+      } else {
+        successCount++;
+        successSize += stats.size ?? 0;
+      }
 
-          if (response.duplicate) {
-            duplicateCount++;
-            duplicateSize += stats.size ?? 0;
-          } else {
-            successCount++;
-            successSize += stats.size ?? 0;
-          }
+      uploadProgress.update(successSize, { value_formatted: byteSize(successSize + duplicateSize) });
 
-          uploadProgress.update(successSize, { value_formatted: byteSize(successSize + duplicateSize) });
+      return response;
+    },
+    { concurrency, retry: 3 },
+  );
 
-          return response;
-        }),
-      );
-    }
-  } finally {
-    uploadProgress.stop();
+  for (const filepath of files) {
+    await queue.push(filepath);
   }
 
+  await queue.drained();
+
+  uploadProgress.stop();
+
   console.log(`Successfully uploaded ${successCount} new asset${s(successCount)} (${byteSize(successSize)})`);
   if (duplicateCount > 0) {
     console.log(`Skipped ${duplicateCount} duplicate asset${s(duplicateCount)} (${byteSize(duplicateSize)})`);
   }
+
+  // Report failures
+  const failedTasks = queue.tasks.filter((task) => task.status === 'failed');
+  if (failedTasks.length > 0) {
+    console.log(`Failed to upload ${failedTasks.length} asset${s(failedTasks.length)}:`);
+    for (const task of failedTasks) {
+      console.log(`- ${task.data} - ${task.error}`);
+    }
+  }
+
   return newAssets;
 };
 
-const uploadFile = async (input: string, stats: Stats): Promise<AssetFileUploadResponseDto> => {
+const uploadFile = async (input: string, stats: Stats): Promise<AssetMediaResponseDto> => {
   const { baseUrl, headers } = defaults;
 
   const assetPath = path.parse(input);
@@ -225,7 +259,7 @@ const uploadFile = async (input: string, stats: Stats): Promise<AssetFileUploadR
     formData.append('sidecarData', sidecarData);
   }
 
-  const response = await fetch(`${baseUrl}/asset/upload`, {
+  const response = await fetch(`${baseUrl}/assets`, {
     method: 'post',
     redirect: 'error',
     headers: headers as Record<string, string>,
@@ -345,7 +379,9 @@ const updateAlbums = async (assets: Asset[], options: UploadOptionsDto) => {
   }
 };
 
-const getAlbumName = (filepath: string, options: UploadOptionsDto) => {
-  const folderName = os.platform() === 'win32' ? filepath.split('\\').at(-2) : filepath.split('/').at(-2);
-  return options.albumName ?? folderName;
+// `filepath` valid format:
+// - Windows: `D:\\test\\Filename.txt` or `D:/test/Filename.txt`
+// - Unix: `/test/Filename.txt`
+export const getAlbumName = (filepath: string, options: UploadOptionsDto) => {
+  return options.albumName ?? path.basename(path.dirname(filepath));
 };

cli/src/commands/auth.ts

@@ -1,4 +1,4 @@
-import { getMyUserInfo } from '@immich/sdk';
+import { getMyUser } from '@immich/sdk';
 import { existsSync } from 'node:fs';
 import { mkdir, unlink } from 'node:fs/promises';
 import { BaseOptions, connect, getAuthFilePath, logError, withError, writeAuthFile } from 'src/utils';
@@ -10,13 +10,13 @@ export const login = async (url: string, key: string, options: BaseOptions) => {
 
   await connect(url, key);
 
-  const [error, userInfo] = await withError(getMyUserInfo());
+  const [error, user] = await withError(getMyUser());
   if (error) {
     logError(error, 'Failed to load user info');
     process.exit(1);
   }
 
-  console.log(`Logged in as ${userInfo.email}`);
+  console.log(`Logged in as ${user.email}`);
 
   if (!existsSync(configDir)) {
     // Create config folder if it doesn't exist

cli/src/commands/server-info.ts

@@ -1,4 +1,4 @@
-import { getAssetStatistics, getMyUserInfo, getServerVersion, getSupportedMediaTypes } from '@immich/sdk';
+import { getAssetStatistics, getMyUser, getServerVersion, getSupportedMediaTypes } from '@immich/sdk';
 import { BaseOptions, authenticate } from 'src/utils';
 
 export const serverInfo = async (options: BaseOptions) => {
@@ -8,7 +8,7 @@ export const serverInfo = async (options: BaseOptions) => {
     getServerVersion(),
     getSupportedMediaTypes(),
     getAssetStatistics({}),
-    getMyUserInfo(),
+    getMyUser(),
   ]);
 
   console.log(`Server Info (via ${userInfo.email})`);

cli/src/queue.ts

@@ -0,0 +1,131 @@
+import * as fastq from 'fastq';
+import { uniqueId } from 'lodash-es';
+
+export type Task<T, R> = {
+  readonly id: string;
+  status: 'idle' | 'processing' | 'succeeded' | 'failed';
+  data: T;
+  error: unknown | undefined;
+  count: number;
+  // TODO: Could be useful to adding progress property.
+  // TODO: Could be useful to adding start_at/end_at/duration properties.
+  result: undefined | R;
+};
+
+export type QueueOptions = {
+  verbose?: boolean;
+  concurrency?: number;
+  retry?: number;
+  // TODO: Could be useful to adding timeout property for retry.
+};
+
+export type ComputedQueueOptions = Required<QueueOptions>;
+
+export const defaultQueueOptions = {
+  concurrency: 1,
+  retry: 0,
+  verbose: false,
+};
+
+/**
+ * An in-memory queue that processes tasks in parallel with a given concurrency.
+ * @see {@link https://www.npmjs.com/package/fastq}
+ * @template T - The type of the worker task data.
+ * @template R - The type of the worker output data.
+ */
+export class Queue<T, R> {
+  private readonly queue: fastq.queueAsPromised<string, Task<T, R>>;
+  private readonly store = new Map<string, Task<T, R>>();
+  readonly options: ComputedQueueOptions;
+  readonly worker: (data: T) => Promise<R>;
+
+  /**
+   * Create a new queue.
+   * @param worker - The worker function that processes the task.
+   * @param options - The queue options.
+   */
+  constructor(worker: (data: T) => Promise<R>, options?: QueueOptions) {
+    this.options = { ...defaultQueueOptions, ...options };
+    this.worker = worker;
+    this.store = new Map<string, Task<T, R>>();
+    this.queue = this.buildQueue();
+  }
+
+  get tasks(): Task<T, R>[] {
+    const tasks: Task<T, R>[] = [];
+    for (const task of this.store.values()) {
+      tasks.push(task);
+    }
+    return tasks;
+  }
+
+  getTask(id: string): Task<T, R> {
+    const task = this.store.get(id);
+    if (!task) {
+      throw new Error(`Task with id ${id} not found`);
+    }
+    return task;
+  }
+
+  /**
+   * Wait for the queue to be empty.
+   * @returns Promise<void> - The returned Promise will be resolved when all tasks in the queue have been processed by a worker.
+   * This promise could be ignored as it will not lead to a `unhandledRejection`.
+   */
+  async drained(): Promise<void> {
+    await this.queue.drain();
+  }
+
+  /**
+   * Add a task at the end of the queue.
+   * @see {@link https://www.npmjs.com/package/fastq}
+   * @param data
+   * @returns Promise<void> - A Promise that will be fulfilled (rejected) when the task is completed successfully (unsuccessfully).
+   * This promise could be ignored as it will not lead to a `unhandledRejection`.
+   */
+  async push(data: T): Promise<Task<T, R>> {
+    const id = uniqueId();
+    const task: Task<T, R> = { id, status: 'idle', error: undefined, count: 0, data, result: undefined };
+    this.store.set(id, task);
+    return this.queue.push(id);
+  }
+
+  // TODO: Support more function delegation to fastq.
+
+  private buildQueue(): fastq.queueAsPromised<string, Task<T, R>> {
+    return fastq.promise((id: string) => {
+      const task = this.getTask(id);
+      return this.work(task);
+    }, this.options.concurrency);
+  }
+
+  private async work(task: Task<T, R>): Promise<Task<T, R>> {
+    task.count += 1;
+    task.error = undefined;
+    task.status = 'processing';
+    if (this.options.verbose) {
+      console.log('[task] processing:', task);
+    }
+    try {
+      task.result = await this.worker(task.data);
+      task.status = 'succeeded';
+      if (this.options.verbose) {
+        console.log('[task] succeeded:', task);
+      }
+      return task;
+    } catch (error) {
+      task.error = error;
+      task.status = 'failed';
+      if (this.options.verbose) {
+        console.log('[task] failed:', task);
+      }
+      if (this.options.retry > 0 && task.count < this.options.retry) {
+        if (this.options.verbose) {
+          console.log('[task] retry:', task);
+        }
+        return this.work(task);
+      }
+      return task;
+    }
+  }
+}

cli/src/utils.spec.ts

@@ -1,4 +1,5 @@
 import mockfs from 'mock-fs';
+import { readFileSync } from 'node:fs';
 import { CrawlOptions, crawl } from 'src/utils';
 
 interface Test {
@@ -9,6 +10,10 @@ interface Test {
 
 const cwd = process.cwd();
 
+const readContent = (path: string) => {
+  return readFileSync(path).toString();
+};
+
 const extensions = [
   '.jpg',
   '.jpeg',
@@ -256,7 +261,8 @@ const tests: Test[] = [
   {
     test: 'should support ignoring absolute paths',
     options: {
-      pathsToCrawl: ['/'],
+      // Currently, fast-glob has some caveat when dealing with `/`.
+      pathsToCrawl: ['/*s'],
       recursive: true,
       exclusionPattern: '/images/**',
     },
@@ -276,14 +282,16 @@ describe('crawl', () => {
   describe('crawl', () => {
     for (const { test, options, files } of tests) {
       it(test, async () => {
-        mockfs(Object.fromEntries(Object.keys(files).map((file) => [file, ''])));
+        // The file contents is the same as the path.
+        mockfs(Object.fromEntries(Object.keys(files).map((file) => [file, file])));
 
         const actual = await crawl({ ...options, extensions });
         const expected = Object.entries(files)
           .filter((entry) => entry[1])
           .map(([file]) => file);
 
-        expect(actual.sort()).toEqual(expected.sort());
+        // Compare file's content instead of path since a file can be represent in multiple ways.
+        expect(actual.map((path) => readContent(path)).sort()).toEqual(expected.sort());
       });
     }
   });

cli/src/utils.ts

@@ -1,8 +1,9 @@
-import { getMyUserInfo, init, isHttpError } from '@immich/sdk';
-import { glob } from 'fast-glob';
+import { getMyUser, init, isHttpError } from '@immich/sdk';
+import { convertPathToPattern, glob } from 'fast-glob';
 import { createHash } from 'node:crypto';
 import { createReadStream } from 'node:fs';
 import { readFile, stat, writeFile } from 'node:fs/promises';
+import { platform } from 'node:os';
 import { join, resolve } from 'node:path';
 import yaml from 'yaml';
 
@@ -48,7 +49,7 @@ export const connect = async (url: string, key: string) => {
 
   init({ baseUrl: url, apiKey: key });
 
-  const [error] = await withError(getMyUserInfo());
+  const [error] = await withError(getMyUser());
   if (isHttpError(error)) {
     logError(error, 'Failed to connect to server');
     process.exit(1);
@@ -106,6 +107,11 @@ export interface CrawlOptions {
   exclusionPattern?: string;
   extensions: string[];
 }
+
+const convertPathToPatternOnWin = (path: string) => {
+  return platform() === 'win32' ? convertPathToPattern(path) : path;
+};
+
 export const crawl = async (options: CrawlOptions): Promise<string[]> => {
   const { extensions: extensionsWithPeriod, recursive, pathsToCrawl, exclusionPattern, includeHidden } = options;
   const extensions = extensionsWithPeriod.map((extension) => extension.replace('.', ''));
@@ -124,11 +130,11 @@ export const crawl = async (options: CrawlOptions): Promise<string[]> => {
       if (stats.isFile() || stats.isSymbolicLink()) {
         crawledFiles.push(absolutePath);
       } else {
-        patterns.push(absolutePath);
+        patterns.push(convertPathToPatternOnWin(absolutePath));
       }
     } catch (error: any) {
       if (error.code === 'ENOENT') {
-        patterns.push(currentPath);
+        patterns.push(convertPathToPatternOnWin(currentPath));
       } else {
         throw error;
       }

cli/src/version.ts

@@ -1,37 +0,0 @@
-import { version } from '../package.json';
-
-export interface ICliVersion {
-  major: number;
-  minor: number;
-  patch: number;
-}
-
-export class CliVersion implements ICliVersion {
-  constructor(
-    public readonly major: number,
-    public readonly minor: number,
-    public readonly patch: number,
-  ) {}
-
-  toString() {
-    return `${this.major}.${this.minor}.${this.patch}`;
-  }
-
-  toJSON() {
-    const { major, minor, patch } = this;
-    return { major, minor, patch };
-  }
-
-  static fromString(version: string): CliVersion {
-    const regex = /v?(?<major>\d+)\.(?<minor>\d+)\.(?<patch>\d+)/i;
-    const matchResult = version.match(regex);
-    if (matchResult) {
-      const [, major, minor, patch] = matchResult.map(Number);
-      return new CliVersion(major, minor, patch);
-    } else {
-      throw new Error(`Invalid version format: ${version}`);
-    }
-  }
-}
-
-export const cliVersion = CliVersion.fromString(version);

cli/vite.config.ts

@@ -2,6 +2,7 @@ import { defineConfig } from 'vite';
 import tsconfigPaths from 'vite-tsconfig-paths';
 
 export default defineConfig({
+  resolve: { alias: { src: '/src' } },
   build: {
     rollupOptions: {
       input: 'src/index.ts',

deployment/.gitignore

@@ -0,0 +1,38 @@
+# OpenTofu
+
+# Local .terraform directories
+**/.terraform/*
+
+# .tfstate files
+*.tfstate
+*.tfstate.*
+
+# Crash log files
+crash.log
+crash.*.log
+
+# Ignore override files as they are usually used to override resources locally and so
+# are not checked in
+override.tf
+override.tf.json
+*_override.tf
+*_override.tf.json
+
+# Include override files you do wish to add to version control using negated pattern
+# !example_override.tf
+
+# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
+# example: *tfplan*
+
+# Ignore CLI configuration files
+.terraformrc
+terraform.rc
+
+# Terragrunt
+
+# terragrunt cache directories
+**/.terragrunt-cache/*
+
+# Terragrunt debug output file (when using `--terragrunt-debug` option)
+# See: https://terragrunt.gruntwork.io/docs/reference/cli-options/#terragrunt-debug
+terragrunt-debug.tfvars.json

deployment/modules/cloudflare/docs-release/.terraform.lock.hcl

@@ -0,0 +1,38 @@
+# This file is maintained automatically by "tofu init".
+# Manual edits may be lost in future updates.
+
+provider "registry.opentofu.org/cloudflare/cloudflare" {
+  version     = "4.40.0"
+  constraints = "4.40.0"
+  hashes = [
+    "h1:GP2N1tXrmpxu+qEDvFAmkfv9aeZNhag3bchyJpGpYbU=",
+    "h1:HDJKZBQkVU0kQl4gViQ5L7EcFLn9hB0iuvO+ORJiDS4=",
+    "h1:KrbeEsZoCJOnnX68yNI5h3QhMjc5bBCQW4yvYaEFq3s=",
+    "h1:LelwnzU0OVn6g2+T9Ub9XdpC+vbheraIL/qgXhWBs/k=",
+    "h1:TIq9CynfWrKgCxKL97Akj89cYlvJKn/AL4UXogd8/FM=",
+    "h1:Uoy5oPdm1ipDG7yIMCUN1IXMpsTGXahPw3I0rVA/6wA=",
+    "h1:Wunfpm+IZhENdoimrh4iXiakVnCsfKOHo80yJUjMQXM=",
+    "h1:cRdCuahMOFrNyldnCInqGQRBT1DTkRPSfPnaf5r05iw=",
+    "h1:k+zpXg8BO7gdbTIfSGyQisHhs5aVWQVbPLa5uUdr2UA=",
+    "h1:kWNrzZ8Rh0OpHikexkmwJIIucD6SMZPi4oGyDsKJitw=",
+    "h1:lomfTTjK78BdSEVTFcJUBQRy7IQHuGQImMaPWaYpfgQ=",
+    "h1:oWcWlZe52ZRyLQciNe94RaWzhHifSTu03nlK0uL7rlM=",
+    "h1:p3JJrhGEPlPQP7Uwy9FNMdvqCyD8tuT4lnXuJ+pSF/M=",
+    "h1:wtB0sKxG2K/H41hWJI4uJdImWquuaP34Sip5LmfE410=",
+    "zh:01742e5946f936548f8e42120287ffc757abf97e7cbbe34e25c266a438fb54fd",
+    "zh:08d81f5a5aab4cc269f983b8c6b5be0e278105136aca9681740802619577371f",
+    "zh:0d75131ba70902cfc94a7a5900369bdde56528b2aad6e10b164449cc97d57396",
+    "zh:3890a715a012e197541daacdacb8cceec6d364814daa4640ddfe98a8ba9036cb",
+    "zh:58254ce5ebe1faed4664df86210c39d660bcdc60280f17b25fe4d4dbea21ea8c",
+    "zh:6b0abc1adbc2edee79368ce9f7338ebcb5d0bf941e8d7d9ac505b750f20f80a2",
+    "zh:81cc415d1477174a1ca288d25fdb57e5ee488c2d7f61f265ef995b255a53b0ce",
+    "zh:8680140c7fe5beaefe61c5cfa471bf88422dc0c0f05dad6d3cb482d4ffd22be4",
+    "zh:890df766e9b839623b1f0437355032a3c006226a6c200cd911e15ee1a9014e9f",
+    "zh:a491d26236122ccb83dac8cb490d2c0aa1f4d3a0b4abe99300fd49b1a624f42f",
+    "zh:a70d9c469dc8d55715ba77c9d1a4ede1fdebf79e60ee18438a0844868db54e0d",
+    "zh:a7fcb7d5c4222e14ec6d9a15adf8b9a083d84b102c3d0e4a0d102df5a1360b62",
+    "zh:b4f9677174fabd199c8ebd2e9e5eb3528cf887e700569a4fb61eef4e070cec5e",
+    "zh:c27f0f7519221d75dae4a3787a59e05acd5cc9a0d30a390eff349a77d20d52e6",
+    "zh:db00d8605dbf43ca42fe1481a6c67fdcaa73debb7d2a0f613cb95ae5c5e7150e",
+  ]
+}

deployment/modules/cloudflare/docs-release/config.tf

@@ -0,0 +1,11 @@
+terraform {
+  backend "pg" {}
+  required_version = "~> 1.7"
+
+  required_providers {
+    cloudflare = {
+      source = "cloudflare/cloudflare"
+      version = "4.40.0"
+    }
+  }
+}

deployment/modules/cloudflare/docs-release/domain.tf

@@ -0,0 +1,14 @@
+resource "cloudflare_pages_domain" "immich_app_release_domain" {
+  account_id   = var.cloudflare_account_id
+  project_name = data.terraform_remote_state.cloudflare_account.outputs.immich_app_archive_pages_project_name
+  domain       = "immich.app"
+}
+
+resource "cloudflare_record" "immich_app_release_domain" {
+  name = "immich.app"
+  proxied = true
+  ttl = 1
+  type = "CNAME"
+  content = data.terraform_remote_state.cloudflare_immich_app_docs.outputs.immich_app_branch_pages_hostname
+  zone_id = data.terraform_remote_state.cloudflare_account.outputs.immich_app_zone_id
+}

deployment/modules/cloudflare/docs-release/providers.tf

@@ -0,0 +1,3 @@
+provider "cloudflare" {
+  api_token = data.terraform_remote_state.api_keys_state.outputs.terraform_key_cloudflare_docs
+}

deployment/modules/cloudflare/docs-release/remote-state.tf

@@ -0,0 +1,27 @@
+data "terraform_remote_state" "api_keys_state" {
+  backend = "pg"
+
+  config = {
+    conn_str = var.tf_state_postgres_conn_str
+    schema_name = "prod_cloudflare_api_keys"
+  }
+}
+
+data "terraform_remote_state" "cloudflare_account" {
+  backend = "pg"
+
+  config = {
+    conn_str = var.tf_state_postgres_conn_str
+    schema_name = "prod_cloudflare_account"
+  }
+}
+
+data "terraform_remote_state" "cloudflare_immich_app_docs" {
+  backend = "pg"
+
+  config = {
+    conn_str = var.tf_state_postgres_conn_str
+    schema_name = "prod_cloudflare_immich_app_docs_${var.prefix_name}"
+  }
+}
+

deployment/modules/cloudflare/docs-release/terragrunt.hcl

@@ -0,0 +1,20 @@
+terraform {
+  source = "."
+
+  extra_arguments custom_vars {
+    commands = get_terraform_commands_that_need_vars()
+  }
+}
+
+include {
+  path = find_in_parent_folders("state.hcl")
+}
+
+remote_state {
+  backend = "pg"
+
+  config = {
+    conn_str = get_env("TF_STATE_POSTGRES_CONN_STR")
+    schema_name = "prod_cloudflare_immich_app_docs_release"
+  }
+}

deployment/modules/cloudflare/docs-release/variables.tf

@@ -0,0 +1,4 @@
+variable "cloudflare_account_id" {}
+variable "tf_state_postgres_conn_str" {}
+
+variable "prefix_name" {}

deployment/modules/cloudflare/docs/.terraform.lock.hcl

@@ -0,0 +1,38 @@
+# This file is maintained automatically by "tofu init".
+# Manual edits may be lost in future updates.
+
+provider "registry.opentofu.org/cloudflare/cloudflare" {
+  version     = "4.40.0"
+  constraints = "4.40.0"
+  hashes = [
+    "h1:GP2N1tXrmpxu+qEDvFAmkfv9aeZNhag3bchyJpGpYbU=",
+    "h1:HDJKZBQkVU0kQl4gViQ5L7EcFLn9hB0iuvO+ORJiDS4=",
+    "h1:KrbeEsZoCJOnnX68yNI5h3QhMjc5bBCQW4yvYaEFq3s=",
+    "h1:LelwnzU0OVn6g2+T9Ub9XdpC+vbheraIL/qgXhWBs/k=",
+    "h1:TIq9CynfWrKgCxKL97Akj89cYlvJKn/AL4UXogd8/FM=",
+    "h1:Uoy5oPdm1ipDG7yIMCUN1IXMpsTGXahPw3I0rVA/6wA=",
+    "h1:Wunfpm+IZhENdoimrh4iXiakVnCsfKOHo80yJUjMQXM=",
+    "h1:cRdCuahMOFrNyldnCInqGQRBT1DTkRPSfPnaf5r05iw=",
+    "h1:k+zpXg8BO7gdbTIfSGyQisHhs5aVWQVbPLa5uUdr2UA=",
+    "h1:kWNrzZ8Rh0OpHikexkmwJIIucD6SMZPi4oGyDsKJitw=",
+    "h1:lomfTTjK78BdSEVTFcJUBQRy7IQHuGQImMaPWaYpfgQ=",
+    "h1:oWcWlZe52ZRyLQciNe94RaWzhHifSTu03nlK0uL7rlM=",
+    "h1:p3JJrhGEPlPQP7Uwy9FNMdvqCyD8tuT4lnXuJ+pSF/M=",
+    "h1:wtB0sKxG2K/H41hWJI4uJdImWquuaP34Sip5LmfE410=",
+    "zh:01742e5946f936548f8e42120287ffc757abf97e7cbbe34e25c266a438fb54fd",
+    "zh:08d81f5a5aab4cc269f983b8c6b5be0e278105136aca9681740802619577371f",
+    "zh:0d75131ba70902cfc94a7a5900369bdde56528b2aad6e10b164449cc97d57396",
+    "zh:3890a715a012e197541daacdacb8cceec6d364814daa4640ddfe98a8ba9036cb",
+    "zh:58254ce5ebe1faed4664df86210c39d660bcdc60280f17b25fe4d4dbea21ea8c",
+    "zh:6b0abc1adbc2edee79368ce9f7338ebcb5d0bf941e8d7d9ac505b750f20f80a2",
+    "zh:81cc415d1477174a1ca288d25fdb57e5ee488c2d7f61f265ef995b255a53b0ce",
+    "zh:8680140c7fe5beaefe61c5cfa471bf88422dc0c0f05dad6d3cb482d4ffd22be4",
+    "zh:890df766e9b839623b1f0437355032a3c006226a6c200cd911e15ee1a9014e9f",
+    "zh:a491d26236122ccb83dac8cb490d2c0aa1f4d3a0b4abe99300fd49b1a624f42f",
+    "zh:a70d9c469dc8d55715ba77c9d1a4ede1fdebf79e60ee18438a0844868db54e0d",
+    "zh:a7fcb7d5c4222e14ec6d9a15adf8b9a083d84b102c3d0e4a0d102df5a1360b62",
+    "zh:b4f9677174fabd199c8ebd2e9e5eb3528cf887e700569a4fb61eef4e070cec5e",
+    "zh:c27f0f7519221d75dae4a3787a59e05acd5cc9a0d30a390eff349a77d20d52e6",
+    "zh:db00d8605dbf43ca42fe1481a6c67fdcaa73debb7d2a0f613cb95ae5c5e7150e",
+  ]
+}

deployment/modules/cloudflare/docs/config.tf

@@ -0,0 +1,11 @@
+terraform {
+  backend "pg" {}
+  required_version = "~> 1.7"
+
+  required_providers {
+    cloudflare = {
+      source = "cloudflare/cloudflare"
+      version = "4.40.0"
+    }
+  }
+}

deployment/modules/cloudflare/docs/domain.tf

@@ -0,0 +1,26 @@
+resource "cloudflare_pages_domain" "immich_app_branch_domain" {
+  account_id   = var.cloudflare_account_id
+  project_name = local.is_release ? data.terraform_remote_state.cloudflare_account.outputs.immich_app_archive_pages_project_name : data.terraform_remote_state.cloudflare_account.outputs.immich_app_preview_pages_project_name
+  domain       = "${var.prefix_name}.${local.deploy_domain_prefix}.immich.app"
+}
+
+resource "cloudflare_record" "immich_app_branch_subdomain" {
+  name    = "${var.prefix_name}.${local.deploy_domain_prefix}.immich.app"
+  proxied = true
+  ttl     = 1
+  type    = "CNAME"
+  content   = "${replace(var.prefix_name, "/\\/|\\./", "-")}.${local.is_release ? data.terraform_remote_state.cloudflare_account.outputs.immich_app_archive_pages_project_subdomain : data.terraform_remote_state.cloudflare_account.outputs.immich_app_preview_pages_project_subdomain}"
+  zone_id = data.terraform_remote_state.cloudflare_account.outputs.immich_app_zone_id
+}
+
+output "immich_app_branch_subdomain" {
+  value = cloudflare_record.immich_app_branch_subdomain.hostname
+}
+
+output "immich_app_branch_pages_hostname" {
+  value = cloudflare_record.immich_app_branch_subdomain.value
+}
+
+output "pages_project_name" {
+  value = cloudflare_pages_domain.immich_app_branch_domain.project_name
+}

deployment/modules/cloudflare/docs/locals.tf

@@ -0,0 +1,7 @@
+locals {
+  domain_name = "immich.app"
+  preview_prefix = contains(["branch", "pr"], var.prefix_event_type) ? "preview" : ""
+  archive_prefix = contains(["release"], var.prefix_event_type) ? "archive" : ""
+  deploy_domain_prefix = coalesce(local.preview_prefix, local.archive_prefix)
+  is_release = contains(["release"], var.prefix_event_type)
+}

deployment/modules/cloudflare/docs/providers.tf

@@ -0,0 +1,3 @@
+provider "cloudflare" {
+  api_token = data.terraform_remote_state.api_keys_state.outputs.terraform_key_cloudflare_docs
+}

deployment/modules/cloudflare/docs/remote-state.tf

@@ -0,0 +1,17 @@
+data "terraform_remote_state" "api_keys_state" {
+  backend = "pg"
+
+  config = {
+    conn_str = var.tf_state_postgres_conn_str
+    schema_name = "prod_cloudflare_api_keys"
+  }
+}
+
+data "terraform_remote_state" "cloudflare_account" {
+  backend = "pg"
+
+  config = {
+    conn_str = var.tf_state_postgres_conn_str
+    schema_name = "prod_cloudflare_account"
+  }
+}

deployment/modules/cloudflare/docs/terragrunt.hcl

@@ -0,0 +1,24 @@
+terraform {
+  source = "."
+
+  extra_arguments custom_vars {
+    commands = get_terraform_commands_that_need_vars()
+  }
+}
+
+include {
+  path = find_in_parent_folders("state.hcl")
+}
+
+locals {
+  prefix_name = get_env("TF_VAR_prefix_name")
+}
+
+remote_state {
+  backend = "pg"
+
+  config = {
+    conn_str = get_env("TF_STATE_POSTGRES_CONN_STR")
+    schema_name = "prod_cloudflare_immich_app_docs_${local.prefix_name}"
+  }
+}

deployment/modules/cloudflare/docs/variables.tf

@@ -0,0 +1,5 @@
+variable "cloudflare_account_id" {}
+variable "tf_state_postgres_conn_str" {}
+
+variable "prefix_name" {}
+variable "prefix_event_type" {}

deployment/state.hcl

@@ -0,0 +1,20 @@
+locals {
+  cloudflare_account_id = get_env("CLOUDFLARE_ACCOUNT_ID")
+  cloudflare_api_token  = get_env("CLOUDFLARE_API_TOKEN")
+
+  tf_state_postgres_conn_str = get_env("TF_STATE_POSTGRES_CONN_STR")
+}
+
+remote_state {
+  backend = "pg"
+
+  config = {
+    conn_str = local.tf_state_postgres_conn_str
+  }
+}
+
+inputs = {
+  cloudflare_account_id      = local.cloudflare_account_id
+  cloudflare_api_token       = local.cloudflare_api_token
+  tf_state_postgres_conn_str = local.tf_state_postgres_conn_str
+}

docker/docker-compose.dev.yml

@@ -9,6 +9,9 @@ services:
     container_name: immich_server
     command: ['/usr/src/app/bin/immich-dev']
     image: immich-server-dev:latest
+    # extends:
+    #   file: hwaccel.transcoding.yml
+    #   service: cpu # set to one of [nvenc, quicksync, rkmpp, vaapi, vaapi-wsl] for accelerated transcoding
     build:
       context: ../
       dockerfile: server/Dockerfile
@@ -23,6 +26,16 @@ services:
       - /etc/localtime:/etc/localtime:ro
     env_file:
       - .env
+    environment:
+      IMMICH_REPOSITORY: immich-app/immich
+      IMMICH_REPOSITORY_URL: https://github.com/immich-app/immich
+      IMMICH_SOURCE_REF: local
+      IMMICH_SOURCE_COMMIT: af2efbdbbddc27cd06142f22253ccbbbbeec1f55
+      IMMICH_SOURCE_URL: https://github.com/immich-app/immich/commit/af2efbdbbddc27cd06142f22253ccbbbbeec1f55
+      IMMICH_BUILD: '9654404849'
+      IMMICH_BUILD_URL: https://github.com/immich-app/immich/actions/runs/9654404849
+      IMMICH_BUILD_IMAGE: development
+      IMMICH_BUILD_IMAGE_URL: https://github.com/immich-app/immich/pkgs/container/immich-server
     ulimits:
       nofile:
         soft: 1048576
@@ -33,6 +46,8 @@ services:
     depends_on:
       - redis
       - database
+    healthcheck:
+      disable: false
 
   immich-web:
     container_name: immich_web
@@ -78,10 +93,14 @@ services:
     depends_on:
       - database
     restart: unless-stopped
+    healthcheck:
+      disable: false
 
   redis:
     container_name: immich_redis
-    image: redis:6.2-alpine@sha256:c0634a08e74a4bb576d02d1ee993dc05dba10e8b7b9492dfa28a7af100d46c01
+    image: redis:6.2-alpine@sha256:e3b17ba9479deec4b7d1eeec1548a253acc5374d68d3b27937fcfe4df8d18c7e
+    healthcheck:
+      test: redis-cli ping || exit 1
 
   database:
     container_name: immich_postgres
@@ -97,7 +116,27 @@ services:
       - ${UPLOAD_LOCATION}/postgres:/var/lib/postgresql/data
     ports:
       - 5432:5432
-    command: ["postgres", "-c" ,"shared_preload_libraries=vectors.so", "-c", 'search_path="$$user", public, vectors', "-c", "logging_collector=on", "-c", "max_wal_size=2GB", "-c", "shared_buffers=512MB", "-c", "wal_compression=on"]
+    healthcheck:
+      test: pg_isready --dbname='${DB_DATABASE_NAME}' --username='${DB_USERNAME}' || exit 1; Chksum="$$(psql --dbname='${DB_DATABASE_NAME}' --username='${DB_USERNAME}' --tuples-only --no-align --command='SELECT COALESCE(SUM(checksum_failures), 0) FROM pg_stat_database')"; echo "checksum failure count is $$Chksum"; [ "$$Chksum" = '0' ] || exit 1
+      interval: 5m
+      start_interval: 30s
+      start_period: 5m
+    command:
+      [
+        'postgres',
+        '-c',
+        'shared_preload_libraries=vectors.so',
+        '-c',
+        'search_path="$$user", public, vectors',
+        '-c',
+        'logging_collector=on',
+        '-c',
+        'max_wal_size=2GB',
+        '-c',
+        'shared_buffers=512MB',
+        '-c',
+        'wal_compression=on',
+      ]
 
   # set IMMICH_METRICS=true in .env to enable metrics
   # immich-prometheus:

docker/docker-compose.prod.yml

@@ -4,6 +4,9 @@ services:
   immich-server:
     container_name: immich_server
     image: immich-server:latest
+    # extends:
+    #   file: hwaccel.transcoding.yml
+    #   service: cpu # set to one of [nvenc, quicksync, rkmpp, vaapi, vaapi-wsl] for accelerated transcoding
     build:
       context: ../
       dockerfile: server/Dockerfile
@@ -12,12 +15,14 @@ services:
       - /etc/localtime:/etc/localtime:ro
     env_file:
       - .env
-    restart: always
     ports:
       - 2283:3001
     depends_on:
       - redis
       - database
+    restart: always
+    healthcheck:
+      disable: false
 
   immich-machine-learning:
     container_name: immich_machine_learning
@@ -30,15 +35,21 @@ services:
       dockerfile: Dockerfile
       args:
         - DEVICE=cpu # set to one of [armnn, cuda, openvino, openvino-wsl] for accelerated inference
+    ports:
+      - 3003:3003
     volumes:
       - model-cache:/cache
     env_file:
       - .env
     restart: always
+    healthcheck:
+      disable: false
 
   redis:
     container_name: immich_redis
-    image: redis:6.2-alpine@sha256:c0634a08e74a4bb576d02d1ee993dc05dba10e8b7b9492dfa28a7af100d46c01
+    image: redis:6.2-alpine@sha256:e3b17ba9479deec4b7d1eeec1548a253acc5374d68d3b27937fcfe4df8d18c7e
+    healthcheck:
+      test: redis-cli ping || exit 1
     restart: always
 
   database:
@@ -55,14 +66,20 @@ services:
       - ${UPLOAD_LOCATION}/postgres:/var/lib/postgresql/data
     ports:
       - 5432:5432
-    command: ["postgres", "-c" ,"shared_preload_libraries=vectors.so", "-c", 'search_path="$$user", public, vectors', "-c", "logging_collector=on", "-c", "max_wal_size=2GB", "-c", "shared_buffers=512MB", "-c", "wal_compression=on"]
+    healthcheck:
+      test: pg_isready --dbname='${DB_DATABASE_NAME}' --username='${DB_USERNAME}' || exit 1; Chksum="$$(psql --dbname='${DB_DATABASE_NAME}' --username='${DB_USERNAME}' --tuples-only --no-align --command='SELECT COALESCE(SUM(checksum_failures), 0) FROM pg_stat_database')"; echo "checksum failure count is $$Chksum"; [ "$$Chksum" = '0' ] || exit 1
+      interval: 5m
+      start_interval: 30s
+      start_period: 5m
+    command: ["postgres", "-c", "shared_preload_libraries=vectors.so", "-c", 'search_path="$$user", public, vectors', "-c", "logging_collector=on", "-c", "max_wal_size=2GB", "-c", "shared_buffers=512MB", "-c", "wal_compression=on"]
+    restart: always
 
   # set IMMICH_METRICS=true in .env to enable metrics
   immich-prometheus:
     container_name: immich_prometheus
     ports:
       - 9090:9090
-    image: prom/prometheus@sha256:5c435642ca4d8427ca26f4901c11114023004709037880cd7860d5b7176aa731
+    image: prom/prometheus@sha256:f6639335d34a77d9d9db382b92eeb7fc00934be8eae81dbc03b31cfe90411a94
     volumes:
       - ./prometheus.yml:/etc/prometheus/prometheus.yml
       - prometheus-data:/prometheus
@@ -74,7 +91,7 @@ services:
     command: ['./run.sh', '-disable-reporting']
     ports:
       - 3000:3000
-    image: grafana/grafana:11.0.0-ubuntu@sha256:02e99d1ee0b52dc9d3000c7b5314e7a07e0dfd69cc49bb3f8ce323491ed3406b
+    image: grafana/grafana:11.2.0-ubuntu@sha256:8e2c13739563c3da9d45de96c6bcb63ba617cac8c571c060112c7fc8ad6914e9
     volumes:
       - grafana-data:/var/lib/grafana
 

docker/docker-compose.yml

@@ -12,7 +12,11 @@ services:
   immich-server:
     container_name: immich_server
     image: ghcr.io/immich-app/immich-server:${IMMICH_VERSION:-release}
+    # extends:
+    #   file: hwaccel.transcoding.yml
+    #   service: cpu # set to one of [nvenc, quicksync, rkmpp, vaapi, vaapi-wsl] for accelerated transcoding
     volumes:
+      # Do not edit the next line. If you want to change the media storage location on your system, edit the value of UPLOAD_LOCATION in the .env file
       - ${UPLOAD_LOCATION}:/usr/src/app/upload
       - /etc/localtime:/etc/localtime:ro
     env_file:
@@ -23,6 +27,8 @@ services:
       - redis
       - database
     restart: always
+    healthcheck:
+      disable: false
 
   immich-machine-learning:
     container_name: immich_machine_learning
@@ -37,10 +43,14 @@ services:
     env_file:
       - .env
     restart: always
+    healthcheck:
+      disable: false
 
   redis:
     container_name: immich_redis
-    image: docker.io/redis:6.2-alpine@sha256:c0634a08e74a4bb576d02d1ee993dc05dba10e8b7b9492dfa28a7af100d46c01
+    image: docker.io/redis:6.2-alpine@sha256:e3b17ba9479deec4b7d1eeec1548a253acc5374d68d3b27937fcfe4df8d18c7e
+    healthcheck:
+      test: redis-cli ping || exit 1
     restart: always
 
   database:
@@ -52,9 +62,15 @@ services:
       POSTGRES_DB: ${DB_DATABASE_NAME}
       POSTGRES_INITDB_ARGS: '--data-checksums'
     volumes:
+      # Do not edit the next line. If you want to change the database storage location on your system, edit the value of DB_DATA_LOCATION in the .env file
       - ${DB_DATA_LOCATION}:/var/lib/postgresql/data
+    healthcheck:
+      test: pg_isready --dbname='${DB_DATABASE_NAME}' --username='${DB_USERNAME}' || exit 1; Chksum="$$(psql --dbname='${DB_DATABASE_NAME}' --username='${DB_USERNAME}' --tuples-only --no-align --command='SELECT COALESCE(SUM(checksum_failures), 0) FROM pg_stat_database')"; echo "checksum failure count is $$Chksum"; [ "$$Chksum" = '0' ] || exit 1
+      interval: 5m
+      start_interval: 30s
+      start_period: 5m
+    command: ["postgres", "-c", "shared_preload_libraries=vectors.so", "-c", 'search_path="$$user", public, vectors', "-c", "logging_collector=on", "-c", "max_wal_size=2GB", "-c", "shared_buffers=512MB", "-c", "wal_compression=on"]
     restart: always
-    command: ["postgres", "-c" ,"shared_preload_libraries=vectors.so", "-c", 'search_path="$$user", public, vectors', "-c", "logging_collector=on", "-c", "max_wal_size=2GB", "-c", "shared_buffers=512MB", "-c", "wal_compression=on"]
 
 volumes:
   model-cache:

docker/example.env

@@ -5,10 +5,14 @@ UPLOAD_LOCATION=./library
 # The location where your database files are stored
 DB_DATA_LOCATION=./postgres
 
+# To set a timezone, uncomment the next line and change Etc/UTC to a TZ identifier from this list: https://en.wikipedia.org/wiki/List_of_tz_database_time_zones#List
+# TZ=Etc/UTC
+
 # The Immich version to use. You can pin this to a specific version like "v1.71.0"
 IMMICH_VERSION=release
 
 # Connection secret for postgres. You should change it to a random password
+# Please use only the characters `A-Za-z0-9`, without special characters or spaces
 DB_PASSWORD=postgres
 
 # The values below this line do not need to be changed

docker/prometheus.yml

@@ -3,10 +3,10 @@ global:
   evaluation_interval: 15s
 
 scrape_configs:
-  - job_name: immich_server
+  - job_name: immich_api
     static_configs:
       - targets: ['immich-server:8081']
-  
+
   - job_name: immich_microservices
     static_configs:
-      - targets: ['immich-microservices:8081']
+      - targets: ['immich-server:8082']

docker/scripts/get-cpus.sh

@@ -0,0 +1,49 @@
+#!/bin/sh
+
+set -eu
+
+LOG_LEVEL="${IMMICH_LOG_LEVEL:='info'}"
+
+logDebug() {
+    if [ "$LOG_LEVEL" = "debug" ] || [ "$LOG_LEVEL" = "verbose" ]; then
+        echo "DEBUG: $1" >&2
+    fi
+}
+
+if [ -f /sys/fs/cgroup/cgroup.controllers ]; then
+    logDebug "cgroup v2 detected."
+    if [ -f /sys/fs/cgroup/cpu.max ]; then
+        read -r quota period </sys/fs/cgroup/cpu.max
+        if [ "$quota" = "max" ]; then
+            logDebug "No CPU limits set."
+            unset quota period
+        fi
+    else
+        logDebug "/sys/fs/cgroup/cpu.max not found."
+    fi
+else
+    logDebug "cgroup v1 detected."
+
+    if [ -f /sys/fs/cgroup/cpu/cpu.cfs_quota_us ] && [ -f /sys/fs/cgroup/cpu/cpu.cfs_period_us ]; then
+        quota=$(cat /sys/fs/cgroup/cpu/cpu.cfs_quota_us)
+        period=$(cat /sys/fs/cgroup/cpu/cpu.cfs_period_us)
+
+        if [ "$quota" = "-1" ]; then
+            logDebug "No CPU limits set."
+            unset quota period
+        fi
+    else
+        logDebug "/sys/fs/cgroup/cpu/cpu.cfs_quota_us or /sys/fs/cgroup/cpu/cpu.cfs_period_us not found."
+    fi
+fi
+
+if [ -n "${quota:-}" ] && [ -n "${period:-}" ]; then
+    cpus=$((quota / period))
+    if [ "$cpus" -eq 0 ]; then
+        cpus=1
+    fi
+else
+    cpus=$(grep -c ^processor /proc/cpuinfo)
+fi
+
+echo "$cpus"

docs/.nvmrc

@@ -1 +1 @@
-20.13
+20.17.0

docs/blog/2023/06-24/update.mdx

@@ -94,7 +94,7 @@ Thank you, and I am asking for your support for the project. I hope to be a full
 - Bitcoin: 3QVAb9dCHutquVejeNXitPqZX26Yg5kxb7
 - Give a project a star - the contributors love gazing at the stars and seeing their creations shining in the sky.
 
-Join our friendly [Discord](https://discord.gg/D8JsnBEuKb) to talk and discuss Immich, tech, or anything
+Join our friendly [Discord](https://discord.immich.app) to talk and discuss Immich, tech, or anything
 
 Cheer!
 

docs/blog/2023/07-29/update.mdx

@@ -142,7 +142,7 @@ Thank you, and I am asking for your support for the project. I hope to be a full
 - Bitcoin: 3QVAb9dCHutquVejeNXitPqZX26Yg5kxb7
 - Give a project a star - the contributors love gazing at the stars and seeing their creations shining in the sky.
 
-Join our friendly [Discord](https://discord.gg/D8JsnBEuKb) to talk and discuss Immich, tech, or anything
+Join our friendly [Discord](https://discord.immich.app) to talk and discuss Immich, tech, or anything
 
 Cheer!
 

docs/blog/2024/immich-core-team-goes-fulltime.mdx

@@ -1,7 +1,7 @@
 ---
 title: The Immich core team goes full-time
 authors: [alextran]
-tags: [update, announcement, futo]
+tags: [update, announcement, FUTO]
 date: 2024-05-01T00:00
 ---
 

docs/blog/2024/immich-licensing.mdx

@@ -0,0 +1,91 @@
+---
+title: Licensing announcement - Purchase a license to support Immich
+authors: [alextran]
+tags: [update, announcement, FUTO]
+date: 2024-07-18T00:00
+---
+
+Hello everybody,
+
+Firstly, on behalf of the Immich team, I'd like to thank everybody for your continuous support of Immich since the very first day! Your contributions, encouragement, and community engagement have helped bring Immich to its current state. The team and I are forever grateful for that.
+
+Since our [last announcement of the core team joining FUTO to work on Immich full-time](https://immich.app/blog/2024/immich-core-team-goes-fulltime), one of the goals of our new position is to foster a healthy relationship between the developers and the users. We believe that this enables us to create great software, establish transparent policies and build trust.
+
+We want to build a great software application that brings value to you and your loved ones' lives. We are not using you as a product, i.e., selling or tracking your data. We are not putting annoying ads into our software. We respect your privacy. We want to be compensated for the hard work we put in to build Immich for you.
+
+With those notes, we have enabled a way for you to financially support the continued development of Immich, ensuring the software can move forward and will be maintained, by offering a lifetime license of the software. We think if you like and use software, you should pay for it, but _we're never going to force anyone to pay or try to limit Immich for those who don't._
+
+There are two types of license that you can choose to purchase: **Server License** and **Individual License**.
+
+### Server License
+
+This is a lifetime license costing **$99.99**. The license is applied to the whole server. You and all users that use your server are licensed.
+
+### Individual License
+
+This is a lifetime license costing **$24.99**. The license is applied to a single user, and can be used on any server they choose to connect to.
+
+<img
+  width="837"
+  alt="license-social-gh"
+  src="https://github.com/user-attachments/assets/241932ed-ef3b-44ec-a9e2-ee80754e0cca"
+/>
+
+You can purchase the license on [our page - https://buy.immich.app](https://buy.immich.app).
+
+Starting with release `v1.109.0` you can purchase and enter your purchased license key directly in the app.
+
+<img
+  width="1414"
+  alt="license-page-gh"
+  src="https://github.com/user-attachments/assets/364fc32a-f6ef-4594-9fea-28d5a26ad77c"
+/>
+
+## Thank you
+
+Thank you again for your support, this will help create a strong foundation and stability for the Immich team to continue developing and maintaining the project that you love to use.
+
+<p align="center">
+  <img
+    src="https://media.giphy.com/media/v1.Y2lkPTc5MGI3NjExbjY2eWc5Y2F0ZW56MmR4aWE0dDhzZXlidXRmYWZyajl1bWZidXZpcyZlcD12MV9pbnRlcm5hbF9naWZfYnlfaWQmY3Q9Zw/87CKDqErVfMqY/giphy.gif"
+    width="550"
+    title="SUPPORT THE PROJECT!"
+  />
+</p>
+
+<br />
+<br />
+
+Cheers! 🎉
+
+Immich team
+
+# FAQ
+
+### 1. Where can I purchase a license?
+
+There are several places where you can purchase the license from
+
+- [https://buy.immich.app](https://buy.immich.app)
+- [https://pay.futo.org](https://pay.futo.org/)
+- or directly from the app.
+
+### 2. Do I need both _Individual License_ and _Server License_?
+
+No,
+
+If you are the admin and the sole user, or your instance has less than a total of 4 users, you can buy the **Individual License** for each user.
+
+If your instance has more than 4 users, it is more cost-effective to buy the **Server License**, which will license all the users on your instance.
+
+### 3. What do I do if I don't pay?
+
+You can continue using Immich without any restriction.
+
+### 4. Will there be any paywalled features?
+
+No, there will never be any paywalled features.
+
+### 5. Where can I get support regarding payment issues?
+
+You can email us with your `orderId` and your email address `billing@futo.org` or on our Discord server.

docs/blog/2024/update-july-2024.mdx

@@ -0,0 +1,78 @@
+---
+title: Immich Update - July 2024
+authors: [alextran]
+date: 2024-07-01T00:00
+tags: [update, v1.106.0]
+---
+
+Hello everybody! Alex from Immich here and I am back with another development progress update for the project.
+
+Summer has returned once again, and the night sky is filled with stars, thank you for **38_000 shining stars** you have sent to our [GitHub repo](https://github.com/immich-app/immich)! Since the last announcement several core contributors have started full time. Everything is going great with development, PRs get merged with _brrrrrrr_ rate, conversation exchange between team members is on a new high, we met and are working with the great engineers at FUTO. The spirit is high and we have a lot of things brewing that we think you will like.
+
+Let's go over some of the updates we had since the last post.
+
+### Container consolidation
+
+Reduced the number of total containers from 5 to 4 by making the microservices thread get spawned directly in the server container. Woohoo, remember when Immich had 7 containers?
+
+### Email notifications
+
+![smtp](https://github.com/immich-app/immich/assets/27055614/949cba85-d3f1-4cd3-b246-a6f5fb5d3ae8)
+
+We added email notifications to the app with SMTP settings that you can configure for the following events
+
+- A new account is created for you.
+- You are added to a shared album.
+- New media is added to an album.
+
+### Versioned docs
+
+You can now jump back into the past or take a peek at the unreleased version of the documentation by selecting the version on the website.
+
+![version-doc](https://github.com/immich-app/immich/assets/27055614/6d22898a-5093-41ad-b416-4573d7ce6e03)
+
+### Similarity deduplication
+
+With more machine learning and CLIP magic, we now have similarity deduplication built into the application where it will search for closely similar images and let you decide what to do with them; i.e keep or trash.
+
+![similarity-deduplication](https://github.com/immich-app/immich/assets/27055614/3cac8478-fbf7-47ea-acb6-0146901dc67e)
+
+### Permanent URL for asset on the web
+
+The detail view for an asset now has a permanent URL so you can easily share them with your loved ones.
+
+### Web app translations
+
+We now have a public Weblate project which the community can use to translate the webapp to their native languages. We are planning to port the mobile app translation to this platform as well. If you would like to contribute, you can take a look [here](https://hosted.weblate.org/projects/immich/immich/). We're already close to 50% translations -- we really appreciate everyone contributing to that!
+
+![web-translation](https://github.com/immich-app/immich/assets/27055614/363df2ed-656c-4584-bd82-0708a693c5bc)
+
+### Read-only/Editor mode on shared album
+
+As the owner of the album, you can choose if the shared user can edit the album or to only view the content of the album without any modification.
+
+![read-only-album](https://github.com/immich-app/immich/assets/27055614/c6f66375-b869-495a-9a86-3e87b316d109)
+
+### Better video thumbnails
+
+Immich now tries to find a descriptive video thumbnail instead of simply using the first frame. No more black images for thumbnails!
+
+### Public Roadmap
+
+We now have a [public roadmap](https://immich.app/roadmap), giving you a high-level overview of things the team is working on. The first goal of this roadmap is to bring Immich to a stable release, which is expected sometime later this year. Some of the highlights include
+
+- Auto stacking - Auto stacking of burst photos
+- Basic editor - Basic photo editing capabilities
+- Workflows - Automate tasks with workflows
+- Fine grained access controls - Granular access controls for users and api keys
+- Better background backups - Rework background backups to be more reliable
+- Private/locked photos - Private assets with extra protections
+
+Beyond the items in the roadmap, we have _many many_ more ideas for Immich. The team and I hope that you are enjoying the application, find it helpful in your life and we have nothing but the intention of building out great software for you all!
+
+Have an amazing Summer or Winter for those in the southern hemisphere! :D
+
+Until next time,
+
+Cheers!
+Alex

docs/docs/FAQ.mdx

@@ -52,14 +52,25 @@ On iOS (iPhone and iPad), the operating system determines if a particular app ca
 - Disable Background App Refresh for apps that don't need background tasks to run. This will reduce the competition for background task invocation for Immich.
 - Use the Immich app more often.
 
+### Why are features not working with a self-signed cert or mTLS?
+
+Due to limitations in the upstream app/video library, using a self-signed TLS certificate or mutual TLS may break video playback or asset upload (both foreground and/or background).
+We recommend using a real SSL certificate from a free provider, for example [Let's Encrypt](https://letsencrypt.org/).
+
 ---
 
 ## Assets
 
 ### Does Immich change the file?
 
-No, Immich does not touch the original file under any circumstances,  
-all edited metadata are saved in the companion sidecar file and the database.
+No, Immich does not modify the original files.
+All edited metadata is saved in companion `.xmp` sidecar files and the database.
+However, Immich will delete original files that have been trashed when the trash is emptied in the Immich UI.
+
+### Why do my file names appear as a random string in the file manager?
+
+When Storage Template is off (default) Immich saves the file names in a random string (also known as random UUIDs) to prevent duplicate file names. To retrieve the original file names, you must enable the Storage Template and then run the STORAGE TEMPLATE MIGRATION job.
+It is recommended to read about [Storage Template](https://immich.app/docs/administration/storage-template) before activation.
 
 ### Can I add my existing photo library?
 
@@ -67,7 +78,7 @@ Yes, with an [External Library](/docs/features/libraries.md).
 
 ### What happens to existing files after I choose a new [Storage Template](/docs/administration/storage-template.mdx)?
 
-Template changes will only apply to _new_ assets. To retroactively apply the template to previously uploaded assets, run the Storage Migration Job, available on the [Jobs](/docs/administration/jobs.md) page.
+Template changes will only apply to _new_ assets. To retroactively apply the template to previously uploaded assets, run the Storage Migration Job, available on the [Jobs](/docs/administration/jobs-workers/#jobs) page.
 
 ### Why are only photos and not videos being uploaded to Immich?
 
@@ -133,40 +144,6 @@ For example, say you have existing transcodes with the policy "Videos higher tha
 
 No. Our design principle is that the original assets should always be untouched.
 
-### How can I move all data (photos, persons, albums, libraries) from one user to another?
-
-This is not officially supported but can be accomplished with some database updates. You can do this on the command line (in the PostgreSQL container using the `psql` command), or you can add, for example, an [Adminer](https://www.adminer.org/) container to the `docker-compose.yml` file so that you can use a web interface.
-
-<details>
-<summary>Steps</summary>
-
-1. **MAKE A BACKUP** - See [backup and restore](/docs/administration/backup-and-restore.md).
-
-2. Find the ID of both the 'source' and the 'destination' user (it's the id column in the `users` table)
-
-3. Four tables need to be updated:
-
-```sql
-BEGIN;
--- reassign albums
-UPDATE albums SET "ownerId" = '<destinationId>' WHERE "ownerId" = '<sourceId>';
-
--- reassign people
-UPDATE person SET "ownerId" = '<destinationId>' WHERE "ownerId" = '<sourceId>';
-
--- reassign assets
-UPDATE assets SET "ownerId" = '<destinationId>' WHERE "ownerId" = '<sourceId>'
- AND CHECKSUM NOT IN (SELECT CHECKSUM FROM assets WHERE "ownerId" = '<destinationId>');
-
--- reassign external libraries
-UPDATE libraries SET "ownerId" = '<destinationId>' WHERE "ownerId" = '<sourceId>';
-COMMIT;
-```
-
-4. There might be left-over assets in the 'source' user's library if they are skipped by the last query because of duplicate checksums. These are probably duplicates anyway, and can probably be removed.
-
-</details>
-
 ---
 
 ## Albums
@@ -191,6 +168,19 @@ We haven't implemented an official mechanism for creating albums from external l
 
 Duplicate checking only exists for upload libraries, using the file hash. Furthermore, duplicate checking is not global, but _per library_. Therefore, a situation where the same file appears twice in the timeline is possible, especially for external libraries.
 
+### Why are my edits to files not being saved in read-only external libraries?
+
+Images in read-write external libraries (the default) can be edited as normal.
+In read-only libraries (`:ro` in the `docker-compose.yml`), Immich is unable to create the `.xmp` sidecar files to store edited file metadata.
+For this reason, the metadata (timestamp, location, description, star rating, etc.) cannot be edited for files in read-only external libraries.
+
+### How are deletions of files handled in external libraries?
+
+Immich will attempt to delete original files that have been trashed when the trash is emptied.
+In read-write external libraries (the default), Immich will delete the original file.
+In read-only libraries (`:ro` in the `docker-compose.yml`), files can still be trashed in the UI.
+However, when the trash is emptied, the files will re-appear in the main timeline since Immich is unable to delete the original file.
+
 ---
 
 ## Machine Learning
@@ -201,7 +191,7 @@ Immich uses CLIP models. For more information about CLIP and its capabilities, r
 
 ### How does facial recognition work?
 
-For face detection and recognition, Immich uses [InsightFace models](https://github.com/deepinsight/insightface/tree/master/model_zoo).
+See [How Facial Recognition Works](/docs/features/facial-recognition#How-Facial-Recognition-Works) for details.
 
 ### How can I disable machine learning?
 
@@ -215,19 +205,15 @@ However, disabling all jobs will not disable the machine learning service itself
 
 ### I'm getting errors about models being corrupt or failing to download. What do I do?
 
-You can delete the model cache volume, where models are downloaded. This will give the service a clean environment to download the model again. If models are failing to download entirely, you can manually download them from [Huggingface][huggingface] and place them in the cache folder.
+You can delete the model cache volume, where models are downloaded. This will give the service a clean environment to download the model again. If models are failing to download entirely, you can manually download them from [Hugging Face][huggingface] and place them in the cache folder.
 
 ### Can I use a custom CLIP model?
 
-No, this is not supported. Only models listed in the [Huggingface][huggingface] page are compatible. Feel free to make a feature request if there's a model not listed here that you think should be added.
+No, this is not supported. Only models listed in the [Hugging Face][huggingface] page are compatible. Feel free to make a feature request if there's a model not listed here that you think should be added.
 
 ### I want to be able to search in other languages besides English. How can I do that?
 
-You can change to a multilingual model listed [here](https://huggingface.co/collections/immich-app/multilingual-clip-654eb08c2382f591eeb8c2a7) by going to Administration > Machine Learning Settings > Smart Search and replacing the name of the model. Be sure to re-run Smart Search on all assets after this change. You can then search in over 100 languages.
-
-:::note
-Feel free to make a feature request if there's a model you want to use that isn't in [Immich Huggingface list][huggingface].
-:::
+You can change to a multilingual CLIP model. See [here](/docs/features/smart-search#CLIP-model) for instructions.
 
 ### Does Immich support Facial Recognition for videos?
 
@@ -268,7 +254,7 @@ ls clip/ facial-recognition/
 
 ### Why is Immich slow on low-memory systems like the Raspberry Pi?
 
-Immich optionally uses machine learning for several features. However, it can be too heavy to run on a Raspberry Pi. You can [mitigate](/docs/FAQ#can-i-lower-cpu-and-ram-usage) this or host Immich's machine-learning container on a [more powerful system](/docs/guides/remote-machine-learning), or [disable](/docs/FAQ#how-can-i-disable-machine-learning) machine learning entirely.
+Immich optionally uses transcoding and machine learning for several features. However, it can be too heavy to run on a Raspberry Pi. You can [mitigate](/docs/FAQ#can-i-lower-cpu-and-ram-usage) this or host Immich's machine-learning container on a [more powerful system](/docs/guides/remote-machine-learning), or [disable](/docs/FAQ#how-can-i-disable-machine-learning) machine learning entirely.
 
 ### Can I lower CPU and RAM usage?
 
@@ -277,10 +263,12 @@ The initial backup is the most intensive due to the number of jobs running. The
 - Lower the job concurrency for these jobs to 1.
 - Under Settings > Transcoding Settings > Threads, set the number of threads to a low number like 1 or 2.
 - Under Settings > Machine Learning Settings > Facial Recognition > Model Name, you can change the facial recognition model to `buffalo_s` instead of `buffalo_l`. The former is a smaller and faster model, albeit not as good.
-- For facial recognition on new images to work properly, You must re-run the Face Detection job for all images after this.
+  - For facial recognition on new images to work properly, You must re-run the Face Detection job for all images after this.
+- At the container level, you can [set resource constraints](/docs/FAQ#can-i-limit-cpu-and-ram-usage) to lower usage further.
+  - It's recommended to only apply these constraints _after_ taking some of the measures here for best performance.
 - If these changes are not enough, see [below](/docs/FAQ#how-can-i-disable-machine-learning) for instructions on how to disable machine learning.
 
-### Can I limit the amount of CPU and RAM usage?
+### Can I limit CPU and RAM usage?
 
 By default, a container has no resource constraints and can use as much of a given resource as the host's kernel scheduler allows. To limit this, you can add the following to the `docker-compose.yml` block of any containers that you want to have limited resources.
 
@@ -300,6 +288,8 @@ deploy:
 </details>
 For more details, you can look at the [original docker docs](https://docs.docker.com/config/containers/resource_constraints/) or use this [guide](https://www.baeldung.com/ops/docker-memory-limit).
 
+Note that memory constraints work by terminating the container, so this can introduce instability if set too low.
+
 ### How can I boost machine learning speed?
 
 :::note
@@ -309,21 +299,16 @@ This advice improves throughput, not latency. This is to say that it will make S
 You can increase throughput by increasing the job concurrency for machine learning jobs (Smart Search, Face Detection). With higher concurrency, the host will work on more assets in parallel. You can do this by navigating to Administration > Settings > Job Settings and increasing concurrency as needed.
 
 :::danger
-On a normal machine, 2 or 3 concurrent jobs can probably max the CPU. Beyond this, note that storage speed and latency may quickly become the limiting factor; particularly when using HDDs.
+On a normal machine, 2 or 3 concurrent jobs can probably max the CPU. Storage speed and latency can quickly become the limiting factor beyond this, particularly when using HDDs.
 
-Do not exaggerate with the amount of jobs because you're probably thoroughly overloading the server.
+The concurrency can be increased more comfortably with a GPU, but should still not be above 16 in most cases.
 
-More details can be found [here](https://discord.com/channels/979116623879368755/994044917355663450/1174711719994605708)
+Do not exaggerate with the job concurrency because you're probably thoroughly overloading the server.
 :::
 
-### Why is Immich using so much of my CPU?
+### My server shows Server Status Offline | Version Unknown. What can I do?
 
-When a large number of assets are uploaded to Immich, it makes sense that the CPU and RAM will be heavily used for machine learning work and creating image thumbnails.
-Once this process is completed, the percentage of CPU usage will drop to around 3-5% usage
-
-### My server shows Server Status Offline | Version Unknown what can I do?
-
-You need to enable Websocket on your reverse proxy.
+You need to enable WebSockets on your reverse proxy.
 
 ---
 
@@ -333,6 +318,12 @@ You need to enable Websocket on your reverse proxy.
 
 Immich components are typically deployed using docker. To see logs for deployed docker containers, you can use the [Docker CLI](https://docs.docker.com/engine/reference/commandline/cli/), specifically the `docker logs` command. For examples, see [Docker Help](/docs/guides/docker-help.md).
 
+### How can I reduce the log verbosity of Redis?
+
+To decrease Redis logs, you can add the following line to the `redis:` section of the `docker-compose.yml`:
+
+`    command: redis-server --loglevel warning`
+
 ### How can I run Immich as a non-root user?
 
 You can change the user in the container by setting the `user` argument in `docker-compose.yml` for each service.
@@ -442,4 +433,11 @@ docker exec -it immich_postgres psql --dbname=immich --username=<DB_USERNAME> --
 
 </details>
 
+If corruption is detected, you should immediately make a backup before performing any other work in the database.
+To do so, you may need to set the `zero_damaged_pages=on` flag for the database server to allow `pg_dumpall` to succeed.
+After taking a backup, the recommended next step is to restore the database from a healthy backup before corruption was detected.
+The damaged database dump can be used to manually recover any changes made since the last backup, if needed.
+
+The causes of possible corruption are many, but can include unexpected poweroffs or unmounts, use of a network share for Postgres data, or a poor storage medium such an SD card or failing HDD/SSD.
+
 [huggingface]: https://huggingface.co/immich-app

docs/docs/administration/backup-and-restore.md

@@ -45,7 +45,7 @@ docker compose up -d    # Start remainder of Immich apps
   <TabItem value="Windows system (PowerShell)" label="Windows system (PowerShell)">
 
 ```powershell title='Backup'
-docker exec -t immich_postgres pg_dumpall --clean --if-exists --username=postgres > "\path\to\backup\dump.sql"
+docker exec -t immich_postgres pg_dumpall --clean --if-exists --username=postgres | Set-Content -Encoding utf8 "C:\path\to\backup\dump.sql"
 ```
 
 ```powershell title='Restore'
@@ -76,6 +76,7 @@ services:
   backup:
     container_name: immich_db_dumper
     image: prodrigestivill/postgres-backup-local:14
+    restart: always
     env_file:
       - .env
     environment:
@@ -148,9 +149,21 @@ for more info read the [release notes](https://github.com/immich-app/immich/rele
   - Preview images (small thumbnails and large previews) for each asset and thumbnails for recognized faces.
   - Stored in `UPLOAD_LOCATION/thumbs/<userID>`.
 - **Encoded Assets:**
+
   - Videos that have been re-encoded from the original for wider compatibility. The original is not removed.
   - Stored in `UPLOAD_LOCATION/encoded-video/<userID>`.
 
+- **Postgres**
+
+  - The Immich database containing all the information to allow the system to function properly.  
+    **Note:** This folder will only appear to users who have made the changes mentioned in [v1.102.0](https://github.com/immich-app/immich/discussions/8930) (an optional, non-mandatory change) or who started with this version.
+  - Stored in `UPLOAD_LOCATION/postgres`.
+
+  :::danger
+  A backup of this folder does not constitute a backup of your database!
+  Follow the instructions listed [here](/docs/administration/backup-and-restore#database) to learn how to perform a proper backup.
+  :::
+
 </TabItem>
   <TabItem value="Storage Template On" label="Storage Template On">
 
@@ -186,11 +199,22 @@ When you turn off the storage template engine, it will leave the assets in `UPLO
   - Files uploaded through mobile apps.
   - Temporarily located in `UPLOAD_LOCATION/upload/<userID>`.
   - Transferred to `UPLOAD_LOCATION/library/<userID>` upon successful upload.
+- **Postgres**
+
+  - The Immich database containing all the information to allow the system to function properly.  
+    **Note:** This folder will only appear to users who have made the changes mentioned in [v1.102.0](https://github.com/immich-app/immich/discussions/8930) (an optional, non-mandatory change) or who started with this version.
+  - Stored in `UPLOAD_LOCATION/postgres`.
+
+  :::danger
+  A backup of this folder does not constitute a backup of your database!
+  Follow the instructions listed [here](/docs/administration/backup-and-restore#database) to learn how to perform a proper backup.
+  :::
 
 </TabItem>
+
 </Tabs>
 
 :::danger
-Do not touch the files inside these folders under any circumstances except taking a backup, changing or removing an asset can cause untracked and missing files.
+Do not touch the files inside these folders under any circumstances except taking a backup. Changing or removing an asset can cause untracked and missing files.
 You can think of it as App-Which-Must-Not-Be-Named, the only access to viewing, changing and deleting assets is only through the mobile or browser interface.
 :::

docs/docs/administration/email-notification.mdx

@@ -0,0 +1,23 @@
+# Email Notifications
+
+Immich supports the option to send notifications via Email for the following events:
+
+- Creating a new user
+- Notifying a user when they get added to a shared album
+- Informing other users about the addition of new assets to a shared album
+
+## SMTP settings
+
+You can access the settings panel from the web at `Administration -> Settings -> Notification settings`
+
+Under Email, enter the following details to connect with SMTP servers.
+
+You can use the following [guide](/docs/guides/smtp-gmail) to use Gmail's SMTP server.
+
+<img src={require('./img/email-settings.png').default} width="80%" title="SMTP settings" />
+
+## User's notifications settings
+
+Users can manage their email notification settings from their account settings page on the web. They can choose to turn email notifications on or off for the following events:
+
+<img src={require('./img/user-notifications-settings.png').default} width="80%" title="User notification settings" />

docs/docs/administration/jobs-workers.md

@@ -0,0 +1,55 @@
+# Jobs and Workers
+
+## Workers
+
+### Architecture
+
+The `immich-server` container contains multiple workers:
+
+- `api`: responds to API requests for data and files for the web and mobile app.
+- `microservices`: handles most other work, such as thumbnail generation and video encoding, in the form of _jobs_. Simply put, a job is a request to process data in the background.
+
+## Split workers
+
+If you prefer to throttle or distribute the workers, you can do this using the [environment variables](/docs/install/environment-variables) to specify which container should pick up which tasks.
+
+For example, for a simple setup with one container for the Web/API and one for all other microservices, you can do the following:
+
+Copy the entire `immich-server` block as a new service and make the following changes to the **copy**:
+
+```diff
+- immich-server:
+-   container_name: immich_server
+...
+-   ports:
+-     - 2283:3001
++ immich-microservices:
++   container_name: immich_microservices
+```
+
+Once you have two copies of the immich-server service, make the following changes to each one. This will allow one container to only serve the web UI and API, and the other one to handle all other tasks.
+
+```diff
+services:
+  immich-server:
+    ...
++   environment:
++     IMMICH_WORKERS_INCLUDE: 'api'
+
+  immich-microservices:
+    ...
++   environment:
++     IMMICH_WORKERS_EXCLUDE: 'api'
+```
+
+## Jobs
+
+When a new asset is uploaded it kicks off a series of jobs, which include metadata extraction, thumbnail generation, machine learning tasks, and storage template migration, if enabled. To view the status of a job navigate to the Administration -> Jobs page.
+
+Additionally, some jobs run on a schedule, which is every night at midnight. This schedule, with the exception of [External Libraries](/docs/features/libraries) scanning, cannot be changed.
+
+:::info
+Storage Migration job can be run after changing the [Storage Template](/docs/administration/storage-template.mdx), in order to apply the change to the existing library.
+:::
+
+<img src={require('./img/admin-jobs.webp').default} width="60%" title="Admin jobs" />

docs/docs/administration/jobs.md

@@ -1,13 +0,0 @@
-# Jobs
-
-The `immich-server` responds to API requests for data and files for the web and mobile app. To do this quickly and reliably, it offloads most other work to `immich-microservices` in the form of _jobs_. Simply put, a job is a request to process data in the background. Jobs are picked up automatically by microservices containers.
-
-When a new asset is uploaded it kicks off a series of jobs, which include metadata extraction, thumbnail generation, machine learning tasks, and storage template migration, if enabled. To view the status of a job navigate to the Administration -> Jobs page.
-
-Additionally, some jobs run on a schedule, which is every night at midnight. This schedule, with the exception of [External Libraries](/docs/features/libraries) scanning, cannot be changed.
-
-:::info
-Storage Migration job can be run after changing the [Storage Template](/docs/administration/storage-template.mdx), in order to apply the change to the existing library.
-:::
-
-<img src={require('./img/admin-jobs.png').default} width="80%" title="Admin jobs" />

docs/docs/administration/oauth.md

@@ -3,7 +3,7 @@
 This page contains details about using OAuth in Immich.
 
 :::tip
-Unable to set `app.immich:/` as a valid redirect URI? See [Mobile Redirect URI](#mobile-redirect-uri) for an alternative solution.
+Unable to set `app.immich:///oauth-callback` as a valid redirect URI? See [Mobile Redirect URI](#mobile-redirect-uri) for an alternative solution.
 :::
 
 ## Overview
@@ -30,7 +30,7 @@ Before enabling OAuth in Immich, a new client application needs to be configured
 
    The **Sign-in redirect URIs** should include:
 
-   - `app.immich:/` - for logging in with OAuth from the [Mobile App](/docs/features/mobile-app.mdx)
+   - `app.immich:///oauth-callback` - for logging in with OAuth from the [Mobile App](/docs/features/mobile-app.mdx)
    - `http://DOMAIN:PORT/auth/login` - for logging in with OAuth from the Web Client
    - `http://DOMAIN:PORT/user-settings` - for manually linking OAuth in the Web Client
 
@@ -38,7 +38,7 @@ Before enabling OAuth in Immich, a new client application needs to be configured
 
    Mobile
 
-   - `app.immich:/` (You **MUST** include this for iOS and Android mobile apps to work properly)
+   - `app.immich:///oauth-callback` (You **MUST** include this for iOS and Android mobile apps to work properly)
 
    Localhost
 
@@ -96,22 +96,80 @@ When Auto Launch is enabled, the login page will automatically redirect the user
 
 ## Mobile Redirect URI
 
-The redirect URI for the mobile app is `app.immich:/`, which is a [Custom Scheme](https://developer.apple.com/documentation/xcode/defining-a-custom-url-scheme-for-your-app). If this custom scheme is an invalid redirect URI for your OAuth Provider, you can work around this by doing the following:
+The redirect URI for the mobile app is `app.immich:///oauth-callback`, which is a [Custom Scheme](https://developer.apple.com/documentation/xcode/defining-a-custom-url-scheme-for-your-app). If this custom scheme is an invalid redirect URI for your OAuth Provider, you can work around this by doing the following:
 
-1. Configure an http(s) endpoint to forwards requests to `app.immich:/`
+1. Configure an http(s) endpoint to forwards requests to `app.immich:///oauth-callback`
 2. Whitelist the new endpoint as a valid redirect URI with your provider.
 3. Specify the new endpoint as the `Mobile Redirect URI Override`, in the OAuth settings.
 
 With these steps in place, you should be able to use OAuth from the [Mobile App](/docs/features/mobile-app.mdx) without a custom scheme redirect URI.
 
 :::info
-Immich has a route (`/api/oauth/mobile-redirect`) that is already configured to forward requests to `app.immich:/`, and can be used for step 1.
+Immich has a route (`/api/oauth/mobile-redirect`) that is already configured to forward requests to `app.immich:///oauth-callback`, and can be used for step 1.
 :::
 
 ## Example Configuration
 
+<details>
+<summary>Authentik Example</summary>
+
+### Authentik Example
+
 Here's an example of OAuth configured for Authentik:
 
-![OAuth Settings](./img/oauth-settings.png)
+Configuration of Authorised redirect URIs (Authentik OAuth2/OpenID Provider)
+
+<img src={require('./img/authentik-redirect-uris-example.webp').default} width='70%' title="Authentik authorised redirect URIs" />
+
+Configuration of OAuth in Immich System Settings
+
+| Setting                      | Value                                                                              |
+| ---------------------------- | ---------------------------------------------------------------------------------- |
+| Issuer URL                   | `https://example.immich.app/application/o/immich/.well-known/openid-configuration` |
+| Client ID                    | AFCj2rM1f4rps**\*\*\*\***\***\*\*\*\***lCLEum6hH9...                               |
+| Client Secret                | 0v89FXkQOWO\***\*\*\*\*\***\*\*\***\*\*\*\*\***mprbvXD549HH6s1iw...                |
+| Scope                        | openid email profile                                                               |
+| Signing Algorithm            | RS256                                                                              |
+| Storage Label Claim          | preferred_username                                                                 |
+| Storage Quota Claim          | immich_quota                                                                       |
+| Default Storage Quota (GiB)  | 0 (0 for unlimited quota)                                                          |
+| Button Text                  | Sign in with Authentik (optional)                                                  |
+| Auto Register                | Enabled (optional)                                                                 |
+| Auto Launch                  | Enabled (optional)                                                                 |
+| Mobile Redirect URI Override | Disable                                                                            |
+| Mobile Redirect URI          |                                                                                    |
+
+</details>
+
+<details>
+<summary>Google Example</summary>
+
+### Google Example
+
+Here's an example of OAuth configured for Google:
+
+Configuration of Authorised redirect URIs (Google Console)
+
+<img src={require('./img/google-redirect-uris-example.webp').default} width='50%' title="Google authorised redirect URIs" />
+
+Configuration of OAuth in Immich System Settings
+
+| Setting                      | Value                                                                        |
+| ---------------------------- | ---------------------------------------------------------------------------- |
+| Issuer URL                   | `https://accounts.google.com`                                                |
+| Client ID                    | 7\***\*\*\*\*\*\*\***\*\*\***\*\*\*\*\*\*\***vuls.apps.googleusercontent.com |
+| Client Secret                | G\***\*\*\*\*\*\*\***\*\*\***\*\*\*\*\*\*\***OO                              |
+| Scope                        | openid email profile                                                         |
+| Signing Algorithm            | RS256                                                                        |
+| Storage Label Claim          | preferred_username                                                           |
+| Storage Quota Claim          | immich_quota                                                                 |
+| Default Storage Quota (GiB)  | 0 (0 for unlimited quota)                                                    |
+| Button Text                  | Sign in with Google (optional)                                               |
+| Auto Register                | Enabled (optional)                                                           |
+| Auto Launch                  | Enabled                                                                      |
+| Mobile Redirect URI Override | Enabled (required)                                                           |
+| Mobile Redirect URI          | `https://example.immich.app/api/oauth/mobile-redirect`                       |
+
+</details>
 
 [oidc]: https://openid.net/connect/

docs/docs/administration/server-commands.md

@@ -77,7 +77,6 @@ immich-admin list-users
     deletedAt: null,
     updatedAt: 2023-09-21T15:42:28.129Z,
     oauthId: '',
-    memoriesEnabled: true
   }
 ]
 ```

docs/docs/administration/system-settings.md

@@ -10,6 +10,59 @@ Viewing and modifying the system settings is restricted to the Administrator.
 You can always return to the default settings by clicking the `Reset to default` button.
 :::
 
+## Authentication Settings
+
+Manage password, OAuth, and other authentication settings
+
+### OAuth Authentication
+
+Immich supports OAuth Authentication. Read more about this feature and its configuration [here](/docs/administration/oauth).
+
+### Password Authentication
+
+The administrator can choose to disable login with username and password for the entire instance. This means that **no one**, including the system administrator, will be able to log using this method. If [OAuth Authentication](/docs/administration/oauth) is also disabled, no users will be able to login using **any** method. Changing this setting does not affect existing sessions, just new login attempts.
+
+:::tip
+You can always use the [Server CLI](/docs/administration/server-commands) to re-enable password login.
+:::
+
+## Image Settings (thumbnails and previews)
+
+- Thumbnails - Used in the main timeline.
+- Previews - Used in the asset viewer.
+
+By default Immich creates 3 thumbnails for each asset,
+Blurred (thumbhash) , Small - thumbnails (webp) , and Large - previews (jpeg/webp), using these settings you can change the quality for the thumbnails and previews files that are created.
+
+**Thumbnail format**  
+Allows you to choose the type of format you want for the Thumbnail images, Webp produces smaller files than jpeg, but is slower to encode.
+
+:::tip
+You can read in detail about the advantages and disadvantages of using webp over jpeg on [Adobe's website](https://www.adobe.com/creativecloud/file-types/image/raster/webp-file.html)
+:::
+
+**Thumbnail resolution**  
+Used when viewing groups of photos (main timeline, album view, etc.). Higher resolutions can preserve more detail but take longer to encode, have larger file sizes, and can reduce app responsiveness.
+
+**Preview format**  
+Allows you to choose the type of format you want for the Preview images, Webp produces smaller files than jpeg, but is slower to encode.
+
+**Preview resolution**  
+Used when viewing a single photo and for machine learning. Higher resolutions can preserve more detail but take longer to encode, have larger file sizes, and can reduce app responsiveness.
+
+**Quality**  
+Image quality from 1-100. Higher is better for quality but produces larger files, this option affects the Preview and Thumbnail images.
+
+**Prefer wide gamut**  
+Use Display P3 for thumbnails. This better preserves the vibrance of images with wide colorspaces, but images may appear differently on old devices with an old browser version. sRGB images are kept as sRGB to avoid color shifts.
+
+**Prefer embedded preview**  
+Use embedded previews in RAW photos as the input to image processing when available. This can produce more accurate colors for some images, but the quality of the preview is camera-dependent and the image may have more compression artifacts.
+
+:::tip
+The default resolution for Large thumbnails can be lowered from 1440p (default) to 1080p or 720p to save storage space.
+:::
+
 ## Job Settings
 
 Using these settings, you can determine the amount of work that will run concurrently for each task in microservices. Some tasks can be set to higher values on computers with powerful hardware and storage with good I/O capabilities.
@@ -19,6 +72,11 @@ this advice improves throughput, not latency, for example, it will make Smart Se
 
 It is important to remember that jobs like Smart Search, Face Detection, Facial Recognition, and Transcode Videos require a **lot** of processing power and therefore do not exaggerate the amount of jobs because you're probably thoroughly overloading the server.
 
+:::danger IMPORTANT
+If you increase the concurrency from the defaults we set, especially for thumbnail generation, make sure you do not increase them past the amount of CPU cores you have available.
+Doing so can impact API responsiveness with no gain in thumbnail generation speed.
+:::
+
 :::info Facial Recognition Concurrency
 The Facial Recognition Concurrency value cannot be changed because
 [DBSCAN](https://www.youtube.com/watch?v=RDZUdRSDOok) is traditionally sequential, but there are parallel implementations of it out there. Our implementation isn't parallel.
@@ -46,7 +104,7 @@ You can choose to disable a certain type of machine learning, for example smart
 
 ### Smart Search
 
-The smart search settings are designed to allow the search tool to be used using [CLIP](https://openai.com/research/clip) models that [can be changed](/docs/FAQ#can-i-use-a-custom-clip-model), different models will necessarily give better results but may consume more processing power, when changing a model it is mandatory to re-run the
+The [smart search](/docs/features/smart-search) settings are designed to allow the search tool to be used using [CLIP](https://openai.com/research/clip) models that [can be changed](/docs/FAQ#can-i-use-a-custom-clip-model), different models will necessarily give better results but may consume more processing power, when changing a model it is mandatory to re-run the
 Smart Search job on all images to fully apply the change.
 
 :::info Internet connection
@@ -55,15 +113,23 @@ After downloading, there is no need for Immich to connect to the network
 Unless version checking has been enabled in the settings.
 :::
 
+### Duplicate Detection
+
+Use CLIP embeddings to find likely duplicates. The maximum detection distance can be configured in order to improve / reduce the level of accuracy.
+
+- **Maximum detection distance -** Maximum distance between two images to consider them duplicates, ranging from 0.001-0.1. Higher values will detect more duplicates, but may result in false positives.
+
 ### Facial Recognition
 
 Under these settings, you can change the facial recognition settings
 Editable settings:
 
-- **Facial Recognition Model -** Models are listed in descending order of size. Larger models are slower and use more memory, but produce better results. Note that you must re-run the Face Detection job for all images upon changing a model.
-- **Min Detection Score -** Minimum confidence score for a face to be detected from 0-1. Lower values will detect more faces but may result in false positives.
-- **Max Recognition Distance -** Maximum distance between two faces to be considered the same person, ranging from 0-2. Lowering this can prevent labeling two people as the same person, while raising it can prevent labeling the same person as two different people. Note that it is easier to merge two people than to split one person in two, so err on the side of a lower threshold when possible.
-- **Min Recognized Faces -** The minimum number of recognized faces for a person to be created (AKA: Core face). Increasing this makes Facial Recognition more precise at the cost of increasing the chance that a face is not assigned to a person.
+- **Facial Recognition Model**
+- **Min Detection Score**
+- **Max Recognition Distance**
+- **Min Recognized Faces**
+
+You can learn more about these options on the [Facial Recognition page](/docs/features/facial-recognition#how-face-detection-works)
 
 :::info
 When changing the values in Min Detection Score, Max Recognition Distance, and Min Recognized Faces.
@@ -87,23 +153,15 @@ The map can be adjusted via [OpenMapTiles](https://openmaptiles.org/styles/) for
 
 Immich supports [Reverse Geocoding](/docs/features/reverse-geocoding) using data from the [GeoNames](https://www.geonames.org/) geographical database.
 
-## OAuth Authentication
+## Notification Settings
 
-Immich supports OAuth Authentication. Read more about this feature and its configuration [here](/docs/administration/oauth).
-
-## Password Authentication
-
-The administrator can choose to disable login with username and password for the entire instance. This means that **no one**, including the system administrator, will be able to log using this method. If [OAuth Authentication](/docs/administration/oauth) is also disabled, no users will be able to login using **any** method. Changing this setting does not affect existing sessions, just new login attempts.
-
-:::tip
-You can always use the [Server CLI](/docs/administration/server-commands) to re-enable password login.
-:::
+SMTP server setup, for user creation notifications, new albums, etc. More information can be found [here](/docs/administration/email-notification)
 
 ## Server Settings
 
 ### External Domain
 
-When set, will override the domain name used when viewing and copying a shared link.
+Overrides the domain name in shared links and email notifications. The URL should not include a trailing slash.
 
 ### Welcome Message
 
@@ -125,27 +183,6 @@ p {
 }
 ```
 
-## Thumbnail Settings
-
-By default Immich creates 3 thumbnails for each asset,
-Blurred (thumbhash) , Small (webp) , and Large (jpeg), using these settings you can change the quality for the thumbnail files that are created.
-
-**Small thumbnail resolution**  
-Used when viewing groups of photos (main timeline, album view, etc.). Higher resolutions can preserve more detail but take longer to encode, have larger file sizes, and can reduce app responsiveness.
-
-**Large thumbnail resolution**  
-Used when viewing a single photo and for machine learning. Higher resolutions can preserve more detail but take longer to encode, have larger file sizes, and can reduce app responsiveness.
-
-**Quality**  
-Thumbnail quality from 1-100. Higher is better for quality but produces larger files.
-
-**Prefer wide gamut**  
-Use display p3 for thumbnails. This better preserves the vibrance of images with wide color spaces, but images may appear differently on old devices with an old browser version. Srgb images are kept as srgb to avoid color shifts.
-
-:::tip
-The default resolution for Large thumbnails can be lowered from 1440p (default) to 1080p or 720p to save storage space.
-:::
-
 ## Trash Settings
 
 In the system administrator's option to set a trash for deleted files, these files will remain in the trash until the deletion date 30 days (default) or as defined by the system administrator.

docs/docs/administration/user-management.mdx

@@ -13,6 +13,20 @@ Immich supports multiple users, each with their own library.
 
 <UserCreate />
 
+## Send new user email notification
+
+:::note
+This option is only available if an SMTP server has been configured in the administrator settings.
+:::
+
+Admin can send a welcome email if the Email option is set, you can learn here how to set up the SMTP server in Immich.
+
+<img
+  src={require('./img/send-user-email-notification.webp').default}
+  width="40%"
+  title="Send user email notification"
+/>
+
 ## Set Storage Quota For User
 
 Admin can specify the storage quota for the user as the instance's admin; once the limit is reached, the user won't be able to upload to the instance anymore.

docs/docs/developer/architecture.mdx

@@ -80,7 +80,7 @@ The Immich Microservices image uses the same `Dockerfile` as the Immich Server,
 - Background jobs (file deletion, user deletion)
 
 :::info
-This list closely matches what is available on the [Administration > Jobs](/docs/administration/jobs.md) page, which provides some remote queue management capabilities.
+This list closely matches what is available on the [Administration > Jobs](/docs/administration/jobs-workers/#jobs) page, which provides some remote queue management capabilities.
 :::
 
 ### Machine Learning

docs/docs/developer/setup.md

@@ -24,7 +24,7 @@ This environment includes the services below. Additional details are available i
 - Web app - [`/web`](https://github.com/immich-app/immich/tree/main/web)
 - Machine learning - [`/machine-learning`](https://github.com/immich-app/immich/tree/main/machine-learning)
 - Redis
-- PostgreSQL development database with exposed port `5432` so you can use any database client to acess it
+- PostgreSQL development database with exposed port `5432` so you can use any database client to access it
 
 All the services are packaged to run as with single Docker Compose command.
 

docs/docs/developer/testing.md

@@ -4,7 +4,8 @@
 
 ### Unit tests
 
-Unit are run by calling `npm run test` from the `server` directory.
+Unit are run by calling `npm run test` from the `server/` directory.
+You need to run `npm install` (in `server/`) before _once_.
 
 ### End to end tests
 
@@ -14,6 +15,11 @@ The e2e tests can be run by first starting up a test production environment via:
 make e2e
 ```
 
+Before you can run the tests, you need to run the following commands _once_:
+
+- `npm install` (in `e2e/`)
+- `make open-api` (in the project root `/`)
+
 Once the test environment is running, the e2e tests can be run via:
 
 ```bash

docs/docs/developer/translations.md

@@ -0,0 +1,21 @@
+# Translations
+
+:::tip
+You can request a new language [here](https://hosted.weblate.org/new-lang/immich/immich/).
+:::
+
+## Weblate
+
+[Weblate](https://weblate.org/) is a "libre software web-based continuous localization system". Immich localization efforts are managed on their [hosted platform](https://hosted.weblate.org/projects/immich/immich/).
+
+## International message format
+
+Plurals, numbers, dates and other locale specific message formats can be handled by using the [ICU message format](https://unicode-org.github.io/icu/userguide/format_parse/messages/). Internally, this is handled by the [intl-messageformat](https://www.npmjs.com/package/intl-messageformat) library. Their [documentation](https://formatjs.io/docs/intl-messageformat/) includes common, editable examples via a "live editor" feature, which can be useful to test and debug message formats.
+
+## Progress
+
+Immich currently supports the following languages:
+
+<a href="https://hosted.weblate.org/engage/immich/">
+<img src="https://hosted.weblate.org/widget/immich/immich/multi-auto.svg" alt="Translation status" />
+</a>

docs/docs/developer/troubleshooting.md

@@ -1,7 +1,7 @@
 # Troubleshooting
 
 :::tip
-A great option to get assistance with troubleshooting is to join our [Discord](https://discord.gg/D8JsnBEuKb) server, where we have a dedicated channel for `#contributing`.
+A great option to get assistance with troubleshooting is to join our [Discord](https://discord.immich.app) server, where we have a dedicated channel for `#contributing`.
 :::
 
 ## Known Issues

docs/docs/features/facial-recognition.md

@@ -2,7 +2,7 @@
 
 ## Overview
 
-Immich recognizes faces in your photos and videos and groups them together. You can then assign names to the faces and search for them.
+Immich recognizes faces in your photos and videos and groups them together into people. You can then assign names to these people and search for them.
 
 The list of people is shown in the Explore page.
 
@@ -18,13 +18,75 @@ The asset detail view will also show the faces that are recognized in the asset.
 
 ## Actions
 
-Additional actions you can do with a detected person are:
+Additional actions you can do include:
 
-- Change the feature face photo of the person
-- Set date of birth
-- Merge two or more detected faces into one person
-- Hide face
+- Changing the feature photo of the person
+- Setting a person's date of birth
+- Merging two or more detected faces into one person
+- Hiding the faces of a person from the Explore page and detail view
+- Assigning an unrecognized face to a person
 
 It can be found from the app bar when you access the detail view of a person.
 
 <img src={require('./img/facial-recognition-4.png').default} title='Facial Recognition 4' width="70%"/>
+
+## How Face Detection Works
+
+Face detection sends the generated preview image to the machine learning service for processing. The service checks if it has the relevant model downloaded and downloads it if not. The image is decoded, pre-processed and passed to the face detection model (with hardware acceleration if configured). The bounding boxes and scores outputted from this model are used to crop and preprocess the image once again to be passed to a facial recognition model (also accelerated if configured). The embeddings from the recognition model, together with the bounding boxes and scores from the face detection model, are then sent back to the server to be added to the database. The embeddings in particular are indexed so they can be searched quickly during facial recognition clustering.
+
+## How Facial Recognition Works
+
+The facial recognition algorithm we use is derived from [DBSCAN](https://www.youtube.com/watch?v=RDZUdRSDOok), a popular clustering algorithm. It essentially treats each detected face as a point in a graph and aims to group points that are close to each other.
+
+:::note
+An important concept is whether something is a _core point_. A core point has a minimum number of points around it within a certain distance. A non-core point can only be assigned to a cluster if it can reach a core point; a non-core point can't be used to extend a cluster even if it's part of one. In Immich, the _Minimum Recognized Faces_ setting controls the threshold to be considered a core point.
+:::
+
+For each face, it looks around it to find other faces within a certain distance. Faces within this distance are considered similar, so it then checks if any of these faces are associated with a person.
+
+If there is an existing person, it assigns the person of the most similar face to the face being processed.
+
+If there is none, then it has to determine something from the DBSCAN algorithm: whether the face is a _core point_. If there are a certain number of similar faces (by default 3, including the face being considered), then this face is a core point. A new person is created for this face and the face is assigned to it. When other faces are processed, if they're similar to this face, they'll see that it has an associated person and can be assigned to that person.
+
+However, if there aren't enough similar faces, no new person will be created. Instead, the face will wait for all the other faces to be processed to see if any matches that previously didn't have an associated person now do. If they do, then the face will be assigned to that person. If not, this face will be considered an outlier, such as a stranger in the background of an image.
+
+The algorithm has some subtle differences compared to DBSCAN:
+
+- DBSCAN doesn't have a concept of incremental clustering: it clusters all points at once. In contrast, facial recognition has to evolve as more assets are added without re-clustering everything each time.
+  - The algorithm described above works within a set of queued assets. Once these faces are processed and a new round of faces are detected, the behavior will not be the same as traditional DBSCAN since it preserves the clusters (people) generated from the previous round.
+    - Facial recognition tries to wait for face detection and thumbnail generation to complete before starting for this reason: the larger the set of faces in the queue, the better the results will be.
+    - Re-running facial recognition on all assets afterwards does behave like DBSCAN, however.
+- DBSCAN is designed for range-based searches (i.e. points within a distance), but high-dimensional vector indices are generally optimized for getting the closest K results. The recognition algorithm doesn't try to get _all_ similar faces within a distance for performance reasons. Instead, it searches for a small number of matches for each face. The end result should be very similar if not identical, but with possibly different performance characteristics.
+  - Because of this, part of the recognition process is handled during a nightly job to ensure that unassigned faces with potential matches can be recognized.
+
+:::tip
+If you didn't import your assets at once or if the server was able to process jobs faster than you could upload them, it's possible that the clustering was suboptimal. If you haven't put effort into the current results, it may be worth re-running facial recognition on all assets for the best starting point. If it's too late for that, you can also manually assign a selection of unassigned faces and queue _Missing_ for Facial Recognition to help it learn and assign more faces automatically.
+:::
+
+## Configuration
+
+Navigating to Administration > Settings > Machine Learning Settings > Facial Recognition will show the options available.
+
+:::tip
+It's better to only tweak the parameters here than to set them to something very different unless you're ready to test a variety of options. If you do need to set a parameter to a strict setting, relaxing other settings can be a good option to compensate, and vice versa.
+:::
+
+### Facial recognition model
+
+There are a few different models available; the default is typically considered the best. On more constrained systems where the default is too intensive, you can choose a smaller model instead.
+
+### Minimum detection score
+
+This setting affects whether a result from the face detecton model is filtered out as a false positive. It may seem tempting to set this low to detect more faces, but it can lead to false positives that are difficult to deal with and can harm facial recognition. It is strongly recommended not to go below 0.5 for this setting. Setting it to a very high number like 0.9 is also not recommended: the default is already biased toward precision, so a threshold that high leads to many undetected faces.
+
+After changing this setting, it will only apply to new face detection jobs. To apply the new setting to all assets, you need to re-run face detection for all assets.
+
+### Maximum recognition distance
+
+The distance threshold described in How Facial Recognition Works. The default works well for most people, but it may be worth lowering it if the library has twins or otherwise very similar looking people. A threshold that's too low just means needing to merge duplicate people after facial recognition, whereas a threshold too high can produce unsalvageable results. It is strongly recommended not to go below 0.3 or above 0.7.
+
+### Minimum recognized faces
+
+The core point threshold described in How Facial Recognition Works. This setting has a few implications. First, it takes effect immediately in that people with fewer faces than this are hidden from view. Secondly, it makes clustering more robust as it prevents loosely-related faces from being linked to each other by requiring a certain level of density.
+
+Increasing this setting is a good idea if you increase the recognition distance or reduce the minimum detection score. Setting it to 1 effectively disables the concept of core points, but can be an option if you prefer a more hands-on approach.

docs/docs/features/hardware-transcoding.md

@@ -60,17 +60,17 @@ For RKMPP to work:
 #### Basic Setup
 
 1. If you do not already have it, download the latest [`hwaccel.transcoding.yml`][hw-file] file and ensure it's in the same folder as the `docker-compose.yml`.
-2. In the `docker-compose.yml` under `immich-microservices`, uncomment the `extends` section and change `cpu` to the appropriate backend.
+2. In the `docker-compose.yml` under `immich-server`, uncomment the `extends` section and change `cpu` to the appropriate backend.
 
 - For VAAPI on WSL2, be sure to use `vaapi-wsl` rather than `vaapi`
 
-3. Redeploy the `immich-microservices` container with these updated settings.
+3. Redeploy the `immich-server` container with these updated settings.
 4. In the Admin page under `Video transcoding settings`, change the hardware acceleration setting to the appropriate option and save.
 5. (Optional) If using a compatible backend, you may enable hardware decoding for optimal performance.
 
 #### Single Compose File
 
-Some platforms, including Unraid and Portainer, do not support multiple Compose files as of writing. As an alternative, you can "inline" the relevant contents of the [`hwaccel.transcoding.yml`][hw-file] file into the `immich-microservices` service directly.
+Some platforms, including Unraid and Portainer, do not support multiple Compose files as of writing. As an alternative, you can "inline" the relevant contents of the [`hwaccel.transcoding.yml`][hw-file] file into the `immich-server` service directly.
 
 For example, the `qsv` section in this file is:
 
@@ -79,21 +79,22 @@ devices:
   - /dev/dri:/dev/dri
 ```
 
-You can add this to the `immich-microservices` service instead of extending from `hwaccel.transcoding.yml`:
+You can add this to the `immich-server` service instead of extending from `hwaccel.transcoding.yml`:
 
 ```yaml
-immich-microservices:
-  container_name: immich_microservices
+immich-server:
+  container_name: immich_server
   image: ghcr.io/immich-app/immich-server:${IMMICH_VERSION:-release}
   # Note the lack of an `extends` section
   devices:
     - /dev/dri:/dev/dri
-  command: ['start.sh', 'microservices']
   volumes:
     - ${UPLOAD_LOCATION}:/usr/src/app/upload
     - /etc/localtime:/etc/localtime:ro
   env_file:
     - .env
+  ports:
+    - 2283:3001
   depends_on:
     - redis
     - database
@@ -122,6 +123,7 @@ Once this is done, you can continue to step 3 of "Basic Setup".
 
 - You may want to choose a slower preset than for software transcoding to maintain quality and efficiency
 - While you can use VAAPI with NVIDIA and Intel devices, prefer the more specific APIs since they're more optimized for their respective devices
+- You can confirm the device is being recognized and used by checking its utilization (via `nvtop` for NVIDIA, `intel_gpu_top` for Intel, etc.) when transcoding. A lack of error logs when transcoding also indicates that it's being used.
 
 [hw-file]: https://github.com/immich-app/immich/releases/latest/download/hwaccel.transcoding.yml
 [nvct]: https://docs.nvidia.com/datacenter/cloud-native/container-toolkit/latest/install-guide.html

docs/docs/features/libraries.md

@@ -44,16 +44,16 @@ If the import paths are edited in a way that an external file is no longer in an
 
 ### Troubleshooting
 
-Sometimes, an external library will not scan correctly. This can happen if immich_server or immich_microservices can't access the files. Here are some things to check:
+Sometimes, an external library will not scan correctly. This can happen if Immich can't access the files. Here are some things to check:
 
 - In the docker-compose file, are the volumes mounted correctly?
-- Are the volumes identical between the `server` and `microservices` container?
+- Are the volumes also mounted to any worker containers?
 - Are the import paths set correctly, and do they match the path set in docker-compose file?
 - Make sure you don't use symlinks in your import libraries, and that you aren't linking across docker mounts.
 - Are the permissions set correctly?
 - Make sure you are using forward slashes (`/`) and not backward slashes.
 
-To validate that Immich can reach your external library, start a shell inside the container. Run `docker exec -it immich_microservices /bin/bash` to a bash shell. If your import path is `/data/import/photos`, check it with `ls /data/import/photos`. Do the same check for the `immich_server` container. If you cannot access this directory in both the `microservices` and `server` containers, Immich won't be able to import files.
+To validate that Immich can reach your external library, start a shell inside the container. Run `docker exec -it immich_server bash` to a bash shell. If your import path is `/data/import/photos`, check it with `ls /data/import/photos`. Do the same check for the same in any microservices containers.
 
 ### Exclusion Patterns
 
@@ -98,7 +98,7 @@ First, we need to plan how we want to organize the libraries. The christmas trip
 
 ### Mount Docker Volumes
 
-`immich-server` and `immich-microservices` containers will need access to the gallery. Modify your docker compose file as follows
+The `immich-server` container will need access to the gallery. Modify your docker compose file as follows
 
 ```diff title="docker-compose.yml"
   immich-server:
@@ -107,24 +107,17 @@ First, we need to plan how we want to organize the libraries. The christmas trip
 +     - /mnt/nas/christmas-trip:/mnt/media/christmas-trip:ro
 +     - /home/user/old-pics:/mnt/media/old-pics:ro
 +     - /mnt/media/videos:/mnt/media/videos:ro
-+     - "C:/Users/user_name/Desktop/my media:/mnt/media/my-media:ro" # import path in Windows system.
-
-
-  immich-microservices:
-    volumes:
-      - ${UPLOAD_LOCATION}:/usr/src/app/upload
-+     - /mnt/nas/christmas-trip:/mnt/media/christmas-trip:ro
-+     - /home/user/old-pics:/mnt/media/old-pics:ro
-+     - /mnt/media/videos:/mnt/media/videos:ro
++     - /mnt/media/videos2:/mnt/media/videos2 # the files in this folder can be deleted, as it does not end with :ro
 +     - "C:/Users/user_name/Desktop/my media:/mnt/media/my-media:ro" # import path in Windows system.
 ```
 
 :::tip
-The `ro` flag at the end only gives read-only access to the volumes. While Immich does not modify files, it's a good practice to mount read-only.
+The `ro` flag at the end only gives read-only access to the volumes.
+This will disallow the images from being deleted in the web UI, or adding metadata to the library ([XMP sidecars](/docs/features/xmp-sidecars)).
 :::
 
 :::info
-_Remember to bring the container `docker compose down/up` to register the changes. Make sure you can see the mounted path in the container._
+_Remember to run `docker compose up -d` to register the changes. Make sure you can see the mounted path in the container._
 :::
 
 ### Create External Libraries

docs/docs/features/ml-hardware-acceleration.md

@@ -32,12 +32,13 @@ You do not need to redo any machine learning jobs after enabling hardware accele
   - Where and how you can get this file depends on device and vendor, but typically, the device vendor also supplies these
   - The `hwaccel.ml.yml` file assumes the path to it is `/usr/lib/libmali.so`, so update accordingly if it is elsewhere
   - The `hwaccel.ml.yml` file assumes an additional file `/lib/firmware/mali_csffw.bin`, so update accordingly if your device's driver does not require this file
+- Optional: Configure your `.env` file, see [environment variables](/docs/install/environment-variables) for ARM NN specific settings
 
 #### CUDA
 
 - The GPU must have compute capability 5.2 or greater.
 - The server must have the official NVIDIA driver installed.
-- The installed driver must be >= 535 (it must support CUDA 12.2).
+- The installed driver must be >= 545 (it must support CUDA 12.3.2).
 - On Linux (except for WSL2), you also need to have [NVIDIA Container Toolkit][nvct] installed.
 
 #### OpenVINO