Further adventures with Immich - external access

 Astute readers and users of this software will note that when self-hosting access is naturally limited to whatever you've got on your personal, home network. While this is great, I'd like to still back my photos up to Immich when I'm out and about.

I use Cloudflare tunnels for access to other handy bits of software like The Hive (for digital forensics) and BookShelf (for documents etc). So setting up a Cloudflare tunnel for Immich seems like an easy thing to do. Except of course when it comes to authentication. You do not want to implement a tunnel without authentication and I really prefer to use Zero Trust wherever possible. I am a child of the X-Files after all, so trusting no-one is par for the course.

I found an excellent guide to help by Thomas Wilde on Youtube here: https://www.youtube.com/watch?v=J4vVYFVWu5Q and this really got the party started. Configuring the service token and getting it into the Immich app is quite straightforward and Thomas explains it well.

I then changed the app to sync as soon as the phone is plugged into power and voila! It all works brilliantly. 

OK, so we've solved the external access trickiness, and that's great. Keeping up with the updates is a bit of a challenge - Immich is being *very* actively developed so there's frequent updates. I usually try to update the docker image about once a fortnight and that seems to be manageable cadence.

It's worked so well that I have now moved my wife and daughter's images across. My child takes many many photos so I'm working with her to understand that the crap ones really need to be deleted - I don't want gigabytes of crap everywhere.

And of course, I snapshot the server before upgrading via Proxmox and backup using my Proxmox backup server. A restore of my Immich server was quite successful after a poorly executed attempt to change some settings for another project - oops! Thankfully, it was quick and relatively straightforward to get back to where I was, with only 18 hours and no data lost.

I still recommend this excellent app - you will need to learn some docker and some general systems admin skills. I would not recommend opening it up to the world - and why would you when you can make use of Cloudflare tunnels, or failing that - Twingate which I discovered and have been playing a bit with - more on that later. Enjoy your computing!

Adventures with Immich

With the implementation of my Proxmox server it's now time to play with some new applications - and we'll start with Immich, a replacement for Google Photos. What is Immich according to their website: 

You can find the delightfully comprehensive website at https://immich.app/ 

Now a quick note of care - Immich's website states that you should not use this as the only way to store your photos and videos - it's under *active* development and does occasionally break stuff. So with that in mind, let's get into it and have a play.

To implement Immich in my environment I definitely had some options to explore. I could install it using Docker, the All-In-One Community installation, TrueNAS (oh I don't have that yet) or Unraid (dang I don't have that either). I decided to go with the Portainer installation - that would give me a nice interface via the Portainer container management, and some stats and stuff later on. Installing Portainer means that I can't use a Proxmox container - it's not recommended, and I was keen to not screw this up. So here's the quick and nasty installation activity:

• Create the VM in Proxmox
• 4 vCPU
• 4GB of RAM (I really should have gone 8GB and now I'm updating it)
• 500GB of disk space on two brand new Corsair SSD's (both 1TB for plenty of headroom)
• Install Ubuntu 24.04LTS Server
• Install Docker from here: https://docs.docker.com/engine/install/ubuntu/ 
• Install Portainer following the instructions from here: https://docs.portainer.io/start/install-ce/server/docker/linux

Before I set up Immich I noticed that my install of Ubuntu Server hadn't used the entirety of the 500GB disk. So I found this handy command to fix it:

lvextend -l +100%FREE -r /dev/mapper/ubuntu--vg-ubuntu--lv

Right, now we'll get onto the installation of Immich and get into it here: https://immich.app/docs/install/portainer 

The long and short is, set up a Stack so that all the Immich bits and pieces sit under it and then off we go. The guide is quite good so follow it and there are plenty of resources. The stack ends up looking like this: 

From the Portainer home page it looks like this:

Happily it's all running. Now here's the thing - this is the third time I've tried to get Immich to work and previously it was busted and wouldn't work properly - no access to the website and it appeared that the immich-server component wouldn't launch properly. I think that there was an issue with the database server not running properly with a previous version of the docker image. This time around, it all worked as advertised and it's running better. 

So now we're onto the use of the system and here's where I got really impressed. On the initial upload of photos it started to pick out faces, locations and organise things neatly according to the age of the photo. It here I discovered some of the photos had a wildly inaccurate timeframe assigned to them. Bugger - this means I've gotta manually fix things up, but it was pulling the images in, working through the metadata and putting it together into a nice timeline.

Here's the impressive part, there's a mix of photos of my kids that I uploaded started with my child almost at birth and all the way through to 13 - and the machine intelligence detected her face correctly the whole way through to now! From a cute little squishy baby face to the perpetually annoyed teenage face Immich got it right nearly every time on the full frontal face images. Really impressive stuff.

Here's a little snip of what my system looks like (hiding most of the evidence): 

The menu is nice, easy to manage and gives you all the stats. I'm still building this system out, but here's a few things I've found:

• uploading photos to the system was easy - via the file upload, and you can do bulk but not folders
• uploading photos is VERY CPU intensive - I had the 4vCPU's maxed out during the upload and for a while afterwards as the system processed - it was cracking along and the server's fans were making a real racket.
• it's much better to do the upload via ethernet than Wi-Fi - it's quicker (on my network anyway)

Once I finished the upload from our computers and other servers in the house, I installed the app on my phone (the Pixel 7 Pro) and started the upload. There was a difference in the experience - the upload from the computer detected and skipped duplicates while the phone upload did not and I had to do this manually (over 600 dang it). Happily now, I've got a backup of my phone (although it's definitely still not recommended to only have the two copies - remember 3 is 2 and 2 is 1 and 1 is none from a backup perspective. 

After a couple of days playing with Immich, and running an upgrade via Portainer, I'm delighted with it. What a great piece of open source software. Get around it if you're looking for a nice image management system. 

Playing with Proxmox

 Up until recently I've used Hyper-V for most of my virtualisation needs. Hyper-V is a fully integrated Type 1 hypervisor and comes with most "Pro" versions of Windows 10 and Windows 11, and of course Windows Server. There's plenty of nice stuff with Hyper-V, don't get me wrong - I do like it and retain it. The trouble is - you need Windows for it, and if you don't have a copy of Windows Server, well - that's a bit of a problem. Enter then - PROXMOX! (That's supposed to be dramatic). 

Proxmox Virtual Environment - or Proxmox VE to be precise. Details are here: https://www.proxmox.com/en/proxmox-virtual-environment/overview but the summary is this:

Proxmox Virtual Environment is a complete, open-source server management platform for enterprise virtualization. It tightly integrates the KVM hypervisor and Linux Containers (LXC), software-defined storage and networking functionality, on a single platform. With the integrated web-based user interface you can manage VMs and containers, high availability for clusters, or the integrated disaster recovery tools with ease.

 I can hear you now - that's freaking amazing, but so what? Well, a Type 1 hypervisor with a full feature set is very nice to have - management of all your resources is very good, and you get access to ZFS for managing disk - oh and Ceph is built in! If you don't know what Ceph is, then Network Chuck has a great video on it here: https://youtu.be/jJrnJ9rj6fs?si=3KOunfnbodFLnFlw 

I haven't had time to play with ceph much yet, but I look forward to doing so shortly. Back to proxmox. I recently acquire a HPE ML30 server. The specs are reasonably modest:

• 8 x Intel(R) Xeon(R) CPU E3-1240 v6 @ 3.70GHz (1 Socket)
• 24 GB of RAM (now 32)
• 3 x 960GB SSDs on a SAS RAID array.
• along with all the normal HPE server stuff - a neat and tidy lay out, with extra SATA and plenty of power for extra disks.

In the Proxmox console it looks like this:

The ML30 came with Windows Server 2016 - and this isn't ideal. Installing Proxmox was a bit of challenge though - the 3 SSDs were in RAID5, and Proxmox did not recognise or acknowledge this array. So adios array - I deleted it and set up a ZFS array. I also put a 10TB HDD in from an external drive I had floating around. The end array looks like this:

Now here's something that is a bit cooler than good old Hyper-V - you can run virtual machines and containers:

I haven't messed much with containers - but now I have, I am really impressed. And here's why - this server hasn't got a huge amount of RAM, so when I run a virtualised server I have to make sure I'm not running out of memory. Using containers means that the virtual machine shares elements of the hypervisor, which reduces the amount of RAM (and CPU) that one needs to expend on a virtual machine. Happily, this means that even with a fairly modest 32GB of RAM, I can run the following servers in containers:

• Linux server for secure connections to other servers
• Linux server to manage my Cloudflare tunnels (more on this later - so awesome!)
• Linux server running Jellyfin - this is the heaviest container I've got and runs really well with 4 vCPUs and 4GB of RAM.
• Linux server running NextCloud and helpfully set up using an LXC script. This was a very easy way to set up a Debian server, and all the necessary bits and pieces. I'm playing with NextCloud a bit - I'll write up some stuff down the track on it once I've worked with it a bit.
• Linux server running torrent management for the legitimate torrents I download (like Mint and Ubuntu Server).
• and finally, a Wazuh SIEM server running as a full VM. This is the big momma of all my VMs with 8GB of RAM and 4 vCPUs. This thing pushes the server load up when it boots quite significantly. 

This runs on the server at about 50% of the available RAM. CPU is up and down but rarely sits above 20% even when I've got a couple of movies or TV shows being streamed. 

In this image you can see I've got a container as a template. I set up an Ubuntu server, set password, SSH config and a couple of other things. I patched it up, and then shut it down for later on. I've used it to create all the container VMs, except the Cloudflared and NextCloud VMs - you can search up a script that you run and it downloads/configures the server. This was excellent as a quick way to get started - especially after I screwed up the first implementation and had to start all over. Oops.

So the final word is this - the problem I had with choosing a hypervisor with plenty of features has been solved with Proxmox. I've got a few other bits to work up now - messing with ceph, installing the Proxmox backup system from here: https://www.proxmox.com/en/proxmox-backup-server/overview and pushing this server to its limit. It needs more disk, and I've given up on trying to find RAM for it - bastard of a thing must have the most rare memory type ever. At any rate, it's a solid server, and now it's running reasonably well I'm quite happy with it. If you're looking to try something new out, I can recommend giving proxmox the once over. Some of the home lab projets on YouTube are wild - guys running NAS servers using passthrough for disk, other guys running AI systems with video card passthrough and all kinds of other stuff. 

GT7 - Super Formula challenge

 Holy moly these freaking cars are something else to drive. Forget all your old brake points, drive lines change and acceleration and handling are next level. I have had many accidents, spins, crashes and just generally crap driving in the SF19 Super Formula / Toyota '19 it's been wild.

One does have to complete this series though, so I have put myself to the task. At Watkins Glen, racing on medium racing tyres and with the AI set to normal (not easy) I've finally managed to chalk up not only my first podium, but my first win as well! Yes indeed - with a 17:49.888 for the 12 lap race and the nearest rival at +18.749 I am pretty damn happy about that. It was by no means the first attempt, or the within the first 5 and my previous best was 6th place so I'm quite pleased.

Brake late, and brake hard, carry a heap of speed through the corners - easy acceleration and then pounce on it - flog it all the way through to the next braking zone and back the car to handle itself with maximum throttle and inputs. Woohoo! Great fun.

Now on to the remainder of this series - pedal to the metal and all that. Happy racing!

GT7 Race Log - Weekly Challenges

 Ah the weekly challenges - lots of fun and great for topping up the credit balance! This week's had a single vehicle type race - the Tesla Model 3 Performance on the GT circuit at Nurburg, then Kei car racing and finally the 800 PP racecars at Watkins Glen in a 10 lap, tyre wearing, fuel burning race for the cash.

I took the ever reliable and wonderful Nissan GT-R NISMO GT500 '16 around Watkins Glen. There's a tune on Reddit to get it down to 799PP and this car is just so enjoyable to drive. The performance and long range are nice, but the handling, braking and speed are altogether excellent. By the 4th lap I was in front and dialled the fuel economy all the way down to 6, cruising home with a 40sec plus win and no pits. 

The Porsche Cup challenge race I took the Cayman GT4 Clubsport '16 for a spin and it's another really enjoyable car to drive. Not quite tearing the doors off performance, but very nice and in for an easy win in that race. I really like the handling and braking of this vehicle and I'll be doing more with it in the future.

Another element of the weekly challenge - the American Sunday Cup 600 at Michelin Raceway was fun too. I too the Corvette C7 Gr.3 Road Car out for it's maiden drive and I was pleasantly surprised. I do enjoy the growl of the big American engines and it's a good car to drive once you lock in the handling. Won handily and enjoyed the race to boot.

Next up I need to grind a bit - nearly finished all the Cafe extras but still have a few white whales to catch out there. Enjoy your racing!

GT7 - many races and lots of fun!

 Ah it's been a fruitful and fun few days. After slogging through racing the Red Bull cars, I needed extra cash to get the Super Formula car and get into that last Cafe ticket. On the way though, I've had a bit of fun with three cars in particular - the Porsche Cayman, the R34 Nissan and the BMW M3 - engine swapping all three. Holy moly that Cayman is a beast with 1199HP - it's drivable, but one needs to add a bunch a extra bits to make this weapon stop! So much fun.... thought I'd try it at Sardegna in the 15 lap race, but the fuel economy is terrible. 2 laps and it wants to refill - that's probably a bit crappy for that race :-)

The R34 Nissan and the BMW are heaps of fun to drive. Took them around the Le Mans 24 hour circuit in the 30 minute 700PP race. The R34 monstered everyone else - especially on RM tyres. I was also lucky enough to get a race on this track with only threatening rain. Stopped once for fuel and powered onwards. Loved it. The race in the BMW 03 was a different story. Same track, same race and it pissed down - swapped to IM tyres after the second lap and probably should have gone to heavy wets - it was really wet! It was probably the 6th lap before I managed to get under 5 minutes - and no-one else was quicker. Crazy wet. Love this car too - make sure you stick front, side and rear spoilers on it - otherwise it floats along a bit and doesn't bite into the corners very well with plenty of power understeer (eww!). Turn the fuel management down on both cars to get plenty of laps in, although this race usually has rain in the second or third laptop so change tyres and top up then. The race in the R34 was notable that there was no rain, so I smashed around the track in great time! Expect 7 laps on this race. Usually I take the Aston Martin Group 3 car with a little bit of detuning on this race. It's $550K to win and an interesting race to run. 

The final race I took on was the 15 lapper at Sardegna in the Porsche 917 "Living Legend". Had to slightly back the ECU off to get under the 800PP (back to 97 or 98%) and then off we went. Set the fuel management to 6 (so leanest possible), turned up the traction control a bit, and then short shifted a bunch - getting 8 laps out of this thing and doing the race on a single fuel stop. Didn't love this car all that much to drive, it was flighty in corners and the nose lifted up a bit here and there under too much power making it hard to really rip through corners. Ordinarily I take a tuned down Nissan GT500 (I think) on this track - the Group 2 one if you're looking. There's a great method to tune it down online somewhere - I'll have to dig it up and link to it. It's a ripper anyway. This is also the car I like to drive in the 60 minute race at Spa.

You can't do engine swaps until Level 50, but once you can it's a lot of fun. I'm aiming to do a few more cars over time. Enjoy! 

GT7: Neo-Classic Competition - Fuji International Speedway

 So I've saved up and got myself the Mercedes CLK-LM, a car I had as a model when I was a boy, although it may have been the CLK-GTR but very close. I've been working through the Neo-Classic competition. It took two tries at the Redbull Ring to get that one over the line - I totally blew the tyre choice as it looked like it was going to rain and then didn't - I had already pitted and came out on IM tyres which buggered me for the rest of the race. Attempt two and I pitted about lap 7 and then just drove the big ole' Merc home.

Here at Fuji Speedway, finishing lap 9 with a very quick XJR-9 in front of me and I thought I was stuffed for first place, but still, happy to finish second. I've got the difficulty turned up a bit and so I reckon any placing is pretty good. Bizarrely though, on that last lap, old mate in the XJR-9 decides to pit with one lap to go, so I sail through into P1 and hold it to the end? I had a bit of extra fuel, he had 14 and was on M race tyres so I don't know what happened there. I had thought I was stuffed - the previous lap I ripped straight up the Supra's backside at 300km/h because I wasn't paying attention and dropped from P1 to P2 with 2 laps left.

I'll take - I'm not saying I won't, but it was a weird way to get the win....