Declarative config
Hi,
loving Immich, it's really great!
I'm setting up a config for immich to run on my NixOS server on SelfHostBlocks (https://github.com/ibizaman/selfhostblocks/pull/523).
What I'm trying to achieve is declarative setup with SSO, so ideally the users of SelfHostBlocks should be able to just declaratively config the service and SSO works out of the box with the correct roleClaim etc. One minor snag is that Immich seems to require onboarding and the creation of an admin user on first launch, so the question is whether there is a way to avoid that? Can I config an admin user from the config.json, or otherwise avoid the creation of the initial admin user? Or perhaps it can be done with the API?
6 Replies
[Pull Request] #100 Implementation of Immich service (ibizaman/selfhostblocks#523)
:wave: Hey @sivertism,
Thanks for reaching out to us. Please carefully read this message and follow the recommended actions. This will help us be more effective in our support effort and leave more time for building Immich :immich:.
References
- Container Logs:
docker compose logs docs
- Container Status: docker ps -a docs
- Reverse Proxy: https://immich.app/docs/administration/reverse-proxy
- Code Formatting https://support.discord.com/hc/en-us/articles/210298617-Markdown-Text-101-Chat-Formatting-Bold-Italic-Underline#h_01GY0DAKGXDEHE263BCAYEGFJA
Checklist
I have...
1. :blue_square: verified I'm on the latest release(note that mobile app releases may take some time).
2. :blue_square: read applicable release notes.
3. :blue_square: reviewed the FAQs for known issues.
4. :blue_square: reviewed Github for known issues.
5. :blue_square: tried accessing Immich via local ip (without a custom reverse proxy).
6. :blue_square: uploaded the relevant information (see below).
7. :blue_square: tried an incognito window, disabled extensions, cleared mobile app cache, logged out and back in, different browsers, etc. as applicable
(an item can be marked as "complete" by reacting with the appropriate number)
Information
In order to be able to effectively help you, we need you to provide clear information to show what the problem is. The exact details needed vary per case, but here is a list of things to consider:
- Your docker-compose.yml and .env files.
- Logs from all the containers and their status (see above).
- All the troubleshooting steps you've tried so far.
- Any recent changes you've made to Immich or your system.
- Details about your system (both software/OS and hardware).
- Details about your storage (filesystems, type of disks, output of commands like fdisk -l and df -h).
- The version of the Immich server, mobile app, and other relevant pieces.
- Any other information that you think might be relevant.
Please paste files and logs with proper code formatting, and especially avoid blurry screenshots.
Without the right information we can't work out what the problem is. Help us help you ;)
If this ticket can be closed you can use the /close command, and re-open it later if needed.Just from a brief look at the code, you can call the https://immich.app/docs/api/sign-up-admin if there's no admin already registered on the server
aah, that's cool -- it worked. Thank you!
You can use roles in the oauth claims w/ autoRegister to automatically have users log in as admin
No need to do any API calls
When a real dev chimes in 😂
@bo0tzz That's what I tried initially, but the first load of the page will still take me to the admin user creation page. Only after creating the admin user will the sso login work. Yesterday, I tried launching a fresh instance (with SSO configured in config.json with roles, password login disabled). On first load it asked me to create an admin user. I closed the page, then used curl to issue the sign-up-admin API call. After that the SSO + autolaunch worked.