drift(mobile): drift auth user sync

2026-01-24 10:24:39 -08:00 · 2025-07-25 12:28:02 +08:00
1840 changed files with 124020 additions and 155797 deletions
--- a/.devcontainer/mobile/container-compose-overrides.yml
+++ b/.devcontainer/mobile/container-compose-overrides.yml
@@ -11,7 +11,8 @@ services:
      - open_api_node_modules:/workspaces/immich/open-api/typescript-sdk/node_modules
      - server_node_modules:/workspaces/immich/server/node_modules
      - web_node_modules:/workspaces/immich/web/node_modules
-      - ${UPLOAD_LOCATION}/photos:/data
+      - ${UPLOAD_LOCATION}/photos:/usr/src/app/upload
+      - ${UPLOAD_LOCATION}/photos/upload:/usr/src/app/upload
      - /etc/localtime:/etc/localtime:ro

  database:
--- a/.devcontainer/server/container-common.sh
+++ b/.devcontainer/server/container-common.sh
@@ -49,11 +49,10 @@ fix_permissions() {

    log "Fixing permissions for ${IMMICH_WORKSPACE}"

+    run_cmd sudo find "${IMMICH_WORKSPACE}/server/upload" -not -path "${IMMICH_WORKSPACE}/server/upload/postgres/*" -not -path "${IMMICH_WORKSPACE}/server/upload/postgres" -exec chown node {} +
+
    # Change ownership for directories that exist
    for dir in "${IMMICH_WORKSPACE}/.vscode" \
-        "${IMMICH_WORKSPACE}/server/upload" \
-        "${IMMICH_WORKSPACE}/.pnpm-store" \
-        "${IMMICH_WORKSPACE}/.github/node_modules" \
        "${IMMICH_WORKSPACE}/cli/node_modules" \
        "${IMMICH_WORKSPACE}/e2e/node_modules" \
        "${IMMICH_WORKSPACE}/open-api/typescript-sdk/node_modules" \
--- a/.devcontainer/server/container-compose-overrides.yml
+++ b/.devcontainer/server/container-compose-overrides.yml
@@ -8,23 +8,21 @@ services:
      - IMMICH_SERVER_URL=http://127.0.0.1:2283/
    volumes: !override
      - ..:/workspaces/immich
-      - ${UPLOAD_LOCATION:-upload-devcontainer-volume}${UPLOAD_LOCATION:+/photos}:/data
+      - cli_node_modules:/workspaces/immich/cli/node_modules
+      - e2e_node_modules:/workspaces/immich/e2e/node_modules
+      - open_api_node_modules:/workspaces/immich/open-api/typescript-sdk/node_modules
+      - server_node_modules:/workspaces/immich/server/node_modules
+      - web_node_modules:/workspaces/immich/web/node_modules
+      - ${UPLOAD_LOCATION:-upload1-devcontainer-volume}${UPLOAD_LOCATION:+/photos}:/usr/src/app/upload
+      - ${UPLOAD_LOCATION:-upload2-devcontainer-volume}${UPLOAD_LOCATION:+/photos/upload}:/usr/src/app/upload/upload
      - /etc/localtime:/etc/localtime:ro
-      - pnpm-store:/usr/src/app/.pnpm-store
-      - server-node_modules:/usr/src/app/server/node_modules
-      - web-node_modules:/usr/src/app/web/node_modules
-      - github-node_modules:/usr/src/app/.github/node_modules
-      - cli-node_modules:/usr/src/app/cli/node_modules
-      - docs-node_modules:/usr/src/app/docs/node_modules
-      - e2e-node_modules:/usr/src/app/e2e/node_modules
-      - sdk-node_modules:/usr/src/app/open-api/typescript-sdk/node_modules
-      - app-node_modules:/usr/src/app/node_modules
-      - sveltekit:/usr/src/app/web/.svelte-kit
-      - coverage:/usr/src/app/web/coverage
+
  immich-web:
    env_file: !reset []
+
  immich-machine-learning:
    env_file: !reset []
+
  database:
    env_file: !reset []
    environment: !override
@@ -35,8 +33,17 @@ services:
      POSTGRES_HOST_AUTH_METHOD: md5
    volumes:
      - ${UPLOAD_LOCATION:-postgres-devcontainer-volume}${UPLOAD_LOCATION:+/postgres}:/var/lib/postgresql/data
+
  redis:
    env_file: !reset []
+
 volumes:
-  upload-devcontainer-volume:
+  # Node modules for each service to avoid conflicts and ensure consistent dependencies
+  cli_node_modules:
+  e2e_node_modules:
+  open_api_node_modules:
+  server_node_modules:
+  web_node_modules:
+  upload1-devcontainer-volume:
+  upload2-devcontainer-volume:
  postgres-devcontainer-volume:
--- a/.devcontainer/server/container-start-backend.sh
+++ b/.devcontainer/server/container-start-backend.sh
@@ -3,11 +3,6 @@
 # shellcheck disable=SC1091
 source /immich-devcontainer/container-common.sh

-log "Preparing Immich Nest API Server"
-log ""
-export CI=1
-run_cmd pnpm --filter immich install
-
 log "Starting Nest API Server"
 log ""
 cd "${IMMICH_WORKSPACE}/server" || (
@@ -16,7 +11,7 @@ cd "${IMMICH_WORKSPACE}/server" || (
 )

 while true; do
-    run_cmd pnpm --filter immich exec nest start --debug "0.0.0.0:9230" --watch
+    run_cmd node ./node_modules/.bin/nest start --debug "0.0.0.0:9230" --watch
    log "Nest API Server crashed with exit code $?.  Respawning in 3s ..."
    sleep 3
 done
--- a/.devcontainer/server/container-start-frontend.sh
+++ b/.devcontainer/server/container-start-frontend.sh
@@ -3,13 +3,6 @@
 # shellcheck disable=SC1091
 source /immich-devcontainer/container-common.sh

-export CI=1
-log "Preparing Immich Web Frontend"
-log ""
-run_cmd pnpm --filter @immich/sdk install
-run_cmd pnpm --filter @immich/sdk build
-run_cmd pnpm --filter immich-web install
-
 log "Starting Immich Web Frontend"
 log ""
 cd "${IMMICH_WORKSPACE}/web" || (
@@ -23,7 +16,7 @@ until curl --output /dev/null --silent --head --fail "http://127.0.0.1:${IMMICH_
 done

 while true; do
-    run_cmd pnpm --filter immich-web exec vite dev --host 0.0.0.0 --port "${DEV_PORT}"
+    run_cmd node ./node_modules/.bin/vite dev --host 0.0.0.0 --port "${DEV_PORT}"
    log "Web crashed with exit code $?.  Respawning in 3s ..."
    sleep 3
 done
--- a/.devcontainer/server/container-start.sh
+++ b/.devcontainer/server/container-start.sh
@@ -6,6 +6,9 @@ source /immich-devcontainer/container-common.sh
 log "Setting up Immich dev container..."
 fix_permissions

+log "Installing npm dependencies (node_modules)..."
+install_dependencies
+
 log "Setup complete, please wait while backend and frontend services automatically start"
 log
 log "If necessary, the services may be manually started using"
--- a/.github/.nvmrc
+++ b/.github/.nvmrc
@@ -1 +1 @@
-22.19.0
+22.17.1
--- a/.github/ISSUE_TEMPLATE/bug_report.yaml
+++ b/.github/ISSUE_TEMPLATE/bug_report.yaml
@@ -64,11 +64,6 @@ body:
        - label: Web
        - label: Mobile

-  - type: input
-    attributes:
-      label: Device make and model
-      placeholder: Samsung S25 Android 16
-
  - type: textarea
    validations:
      required: true
--- a/.github/labeler.yml
+++ b/.github/labeler.yml
@@ -6,6 +6,7 @@ cli:
 documentation:
  - changed-files:
      - any-glob-to-any-file:
+          - docs/blob/**
          - docs/docs/**
          - docs/src/**
          - docs/static/**
--- a/.github/package-lock.json
+++ b/.github/package-lock.json
@@ -0,0 +1,28 @@
+{
+  "name": ".github",
+  "lockfileVersion": 3,
+  "requires": true,
+  "packages": {
+    "": {
+      "devDependencies": {
+        "prettier": "^3.5.3"
+      }
+    },
+    "node_modules/prettier": {
+      "version": "3.6.2",
+      "resolved": "https://registry.npmjs.org/prettier/-/prettier-3.6.2.tgz",
+      "integrity": "sha512-I7AIg5boAr5R0FFtJ6rCfD+LFsWHp81dolrFD8S79U9tb8Az2nGrJncnMSnys+bpQJfRUzqs9hnA81OAA3hCuQ==",
+      "dev": true,
+      "license": "MIT",
+      "bin": {
+        "prettier": "bin/prettier.cjs"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "funding": {
+        "url": "https://github.com/prettier/prettier?sponsor=1"
+      }
+    }
+  }
+}
--- a/.github/pull_request_template.md
+++ b/.github/pull_request_template.md
@@ -34,7 +34,3 @@ The `/api/something` endpoint is now `/api/something-else`
 - [ ] I have followed naming conventions/patterns in the surrounding code
 - [ ] All code in `src/services/` uses repositories implementations for database calls, filesystem operations, etc.
 - [ ] All code in `src/repositories/` is pretty basic/simple and does not have any immich specific logic (that belongs in `src/services/`)
-
-## Please describe to which degree, if any, an LLM was used in creating this pull request.
-
-...
--- a/.github/workflows/build-mobile.yml
+++ b/.github/workflows/build-mobile.yml
@@ -32,18 +32,24 @@ jobs:
    permissions:
      contents: read
    outputs:
-      should_run: ${{ steps.check.outputs.should_run }}
+      should_run: ${{ steps.found_paths.outputs.mobile == 'true' || steps.should_force.outputs.should_force == 'true' }}
    steps:
-      - name: Check what should run
-        id: check
-        uses: immich-app/devtools/actions/pre-job@24820aa4ef67959b0dcf69a438cccf00d7c7042b # pre-job-action-v1.0.1
+      - name: Checkout code
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          persist-credentials: false
+
+      - id: found_paths
+        uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
        with:
          filters: |
            mobile:
              - 'mobile/**'
-          force-filters: |
-            - '.github/workflows/build-mobile.yml'
-          force-events: 'workflow_call,workflow_dispatch'
+            workflow:
+              - '.github/workflows/build-mobile.yml'
+      - name: Check if we should force jobs to run
+        id: should_force
+        run: echo "should_force=${{ steps.found_paths.outputs.workflow == 'true' || github.event_name == 'workflow_call' || github.event_name == 'workflow_dispatch' }}" >> "$GITHUB_OUTPUT"

  build-sign-android:
    name: Build and sign Android
@@ -51,11 +57,11 @@ jobs:
    permissions:
      contents: read
    # Skip when PR from a fork
-    if: ${{ !github.event.pull_request.head.repo.fork && github.actor != 'dependabot[bot]' && fromJSON(needs.pre-job.outputs.should_run).mobile == true }}
+    if: ${{ !github.event.pull_request.head.repo.fork && github.actor != 'dependabot[bot]' && needs.pre-job.outputs.should_run == 'true' }}
    runs-on: mich

    steps:
-      - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          ref: ${{ inputs.ref || github.sha }}
          persist-credentials: false
@@ -73,7 +79,7 @@ jobs:

      - name: Restore Gradle Cache
        id: cache-gradle-restore
-        uses: actions/cache/restore@0400d5f644dc74513175e3cd8d07132dd4860809 # v4
+        uses: actions/cache/restore@5a3ec84eff668545956fd18022155c47e93e2684 # v4
        with:
          path: |
            ~/.gradle/caches
@@ -100,7 +106,7 @@ jobs:
        run: flutter pub get

      - name: Generate translation file
-        run: dart run easy_localization:generate -S ../i18n && dart run bin/generate_keys.dart
+        run: make translation
        working-directory: ./mobile

      - name: Generate platform APIs
@@ -130,7 +136,7 @@ jobs:

      - name: Save Gradle Cache
        id: cache-gradle-save
-        uses: actions/cache/save@0400d5f644dc74513175e3cd8d07132dd4860809 # v4
+        uses: actions/cache/save@5a3ec84eff668545956fd18022155c47e93e2684 # v4
        if: github.ref == 'refs/heads/main'
        with:
          path: |
--- a/.github/workflows/cache-cleanup.yml
+++ b/.github/workflows/cache-cleanup.yml
@@ -19,7 +19,7 @@ jobs:
      actions: write
    steps:
      - name: Check out code
-        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          persist-credentials: false

--- a/.github/workflows/cli.yml
+++ b/.github/workflows/cli.yml
@@ -29,28 +29,25 @@ jobs:
        working-directory: ./cli

    steps:
-      - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          persist-credentials: false

-      - name: Setup pnpm
-        uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0
-
-      - name: Setup Node
-        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
+      # Setup .npmrc file to publish to npm
+      - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
        with:
          node-version-file: './cli/.nvmrc'
          registry-url: 'https://registry.npmjs.org'
-          cache: 'pnpm'
-          cache-dependency-path: '**/pnpm-lock.yaml'
+          cache: 'npm'
+          cache-dependency-path: '**/package-lock.json'

-      - name: Setup typescript-sdk
-        run: pnpm install && pnpm run build
-        working-directory: ./open-api/typescript-sdk
-
-      - run: pnpm install --frozen-lockfile
-      - run: pnpm build
-      - run: pnpm publish
+      - name: Prepare SDK
+        run: npm ci --prefix ../open-api/typescript-sdk/
+      - name: Build SDK
+        run: npm run build --prefix ../open-api/typescript-sdk/
+      - run: npm ci
+      - run: npm run build
+      - run: npm publish
        if: ${{ github.event_name == 'release' }}
        env:
          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
@@ -65,7 +62,7 @@ jobs:

    steps:
      - name: Checkout
-        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          persist-credentials: false

@@ -76,7 +73,7 @@ jobs:
        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1

      - name: Login to GitHub Container Registry
-        uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0
+        uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
        if: ${{ !github.event.pull_request.head.repo.fork }}
        with:
          registry: ghcr.io
@@ -91,7 +88,7 @@ jobs:

      - name: Generate docker image tags
        id: metadata
-        uses: docker/metadata-action@c1e51972afc2121e065aed6d45c65596fe445f3f # v5.8.0
+        uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0
        with:
          flavor: |
            latest=false
--- a/.github/workflows/close-duplicates.yml
+++ b/.github/workflows/close-duplicates.yml
@@ -1,107 +0,0 @@
-on:
-  issues:
-    types: [opened]
-  discussion:
-    types: [created]
-
-name: Close likely duplicates
-permissions: {}
-
-jobs:
-  should_run:
-    runs-on: ubuntu-latest
-    outputs:
-      should_run: ${{ steps.should_run.outputs.run }}
-    steps:
-      - id: should_run
-        run: echo "run=${{ github.event_name == 'issues' || github.event.discussion.category.name == 'Feature Request' }}" >> $GITHUB_OUTPUT
-
-  get_body:
-    runs-on: ubuntu-latest
-    needs: should_run
-    if: ${{ needs.should_run.outputs.should_run == 'true' }}
-    env:
-      EVENT: ${{ toJSON(github.event) }}
-    outputs:
-      body: ${{ steps.get_body.outputs.body }}
-    steps:
-      - id: get_body
-        run: |
-          BODY=$(echo """$EVENT""" | jq -r '.issue // .discussion | .body' | base64 -w 0)
-          echo "body=$BODY" >> $GITHUB_OUTPUT
-
-  get_checkbox_json:
-    runs-on: ubuntu-latest
-    needs: [get_body, should_run]
-    if: ${{ needs.should_run.outputs.should_run == 'true' }}
-    container:
-      image: ghcr.io/immich-app/mdq:main@sha256:d8ae47cf2e6cf4e2559bd57a60b73674fe44f897cba2c2bddff2987a05be10a4
-    outputs:
-      checked: ${{ steps.get_checkbox.outputs.checked }}
-    steps:
-      - id: get_checkbox
-        env:
-          BODY: ${{ needs.get_body.outputs.body }}
-        run: |
-          CHECKED=$(echo "$BODY" | base64 -d | /mdq --output json '# I have searched | - [?] Yes' | jq '.items[0].list[0].checked // false')
-          echo "checked=$CHECKED" >> $GITHUB_OUTPUT
-
-  close_and_comment:
-    runs-on: ubuntu-latest
-    needs: [get_checkbox_json, should_run]
-    if: ${{ needs.should_run.outputs.should_run == 'true' && needs.get_checkbox_json.outputs.checked != 'true' }}
-    permissions:
-      issues: write
-      discussions: write
-    steps:
-      - name: Close issue
-        if: ${{ github.event_name == 'issues' }}
-        env:
-          GH_TOKEN: ${{ github.token }}
-          NODE_ID: ${{ github.event.issue.node_id }}
-        run: |
-          gh api graphql \
-            -f issueId="$NODE_ID" \
-            -f body="This issue has automatically been closed as it is likely a duplicate. We get a lot of duplicate threads each day, which is why we ask you in the template to confirm that you searched for duplicates before opening one. If you're sure this is not a duplicate, please leave a comment and we will reopen the thread if necessary." \
-            -f query='
-              mutation CommentAndCloseIssue($issueId: ID!, $body: String!) {
-                addComment(input: {
-                  subjectId: $issueId, 
-                  body: $body
-                }) {
-                  __typename
-                }
-              
-                closeIssue(input: {
-                  issueId: $issueId,
-                  stateReason: DUPLICATE
-                }) {
-                  __typename
-                }
-              }'
-
-      - name: Close discussion
-        if: ${{ github.event_name == 'discussion' && github.event.discussion.category.name == 'Feature Request' }}
-        env:
-          GH_TOKEN: ${{ github.token }}
-          NODE_ID: ${{ github.event.discussion.node_id }}
-        run: |
-          gh api graphql \
-            -f discussionId="$NODE_ID" \
-            -f body="This discussion has automatically been closed as it is likely a duplicate. We get a lot of duplicate threads each day, which is why we ask you in the template to confirm that you searched for duplicates before opening one. If you're sure this is not a duplicate, please leave a comment and we will reopen the thread if necessary." \
-            -f query='
-              mutation CommentAndCloseDiscussion($discussionId: ID!, $body: String!) {
-                addDiscussionComment(input: {
-                  discussionId: $discussionId,
-                  body: $body
-                }) {
-                  __typename
-                }
-              
-                closeDiscussion(input: {
-                  discussionId: $discussionId,
-                  reason: DUPLICATE
-                }) {
-                  __typename
-                }
-              }'
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -44,13 +44,13 @@ jobs:

    steps:
      - name: Checkout repository
-        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          persist-credentials: false

      # Initializes the CodeQL tools for scanning.
      - name: Initialize CodeQL
-        uses: github/codeql-action/init@192325c86100d080feab897ff886c34abd4c83a3 # v3.30.3
+        uses: github/codeql-action/init@181d5eefc20863364f96762470ba6f862bdef56b # v3.29.2
        with:
          languages: ${{ matrix.language }}
          # If you wish to specify custom queries, you can do so here or in a config file.
@@ -63,7 +63,7 @@ jobs:
      # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
      # If this step fails, then you should remove it and run the build manually (see below)
      - name: Autobuild
-        uses: github/codeql-action/autobuild@192325c86100d080feab897ff886c34abd4c83a3 # v3.30.3
+        uses: github/codeql-action/autobuild@181d5eefc20863364f96762470ba6f862bdef56b # v3.29.2

      # ℹ️ Command-line programs to run using the OS shell.
      # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
@@ -76,6 +76,6 @@ jobs:
      #   ./location_of_script_within_repo/buildscript.sh

      - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@192325c86100d080feab897ff886c34abd4c83a3 # v3.30.3
+        uses: github/codeql-action/analyze@181d5eefc20863364f96762470ba6f862bdef56b # v3.29.2
        with:
          category: '/language:${{matrix.language}}'
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@@ -20,11 +20,15 @@ jobs:
    permissions:
      contents: read
    outputs:
-      should_run: ${{ steps.check.outputs.should_run }}
+      should_run_server: ${{ steps.found_paths.outputs.server == 'true' || steps.should_force.outputs.should_force == 'true' }}
+      should_run_ml: ${{ steps.found_paths.outputs.machine-learning == 'true' || steps.should_force.outputs.should_force == 'true' }}
    steps:
-      - name: Check what should run
-        id: check
-        uses: immich-app/devtools/actions/pre-job@24820aa4ef67959b0dcf69a438cccf00d7c7042b # pre-job-action-v1.0.1
+      - name: Checkout code
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          persist-credentials: false
+      - id: found_paths
+        uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
        with:
          filters: |
            server:
@@ -34,11 +38,14 @@ jobs:
              - 'i18n/**'
            machine-learning:
              - 'machine-learning/**'
-          force-filters: |
-            - '.github/workflows/docker.yml'
-            - '.github/workflows/multi-runner-build.yml'
-            - '.github/actions/image-build'
-          force-events: 'workflow_dispatch,release'
+            workflow:
+              - '.github/workflows/docker.yml'
+              - '.github/workflows/multi-runner-build.yml'
+              - '.github/actions/image-build'
+
+      - name: Check if we should force jobs to run
+        id: should_force
+        run: echo "should_force=${{ steps.found_paths.outputs.workflow == 'true' || github.event_name == 'workflow_dispatch' || github.event_name == 'release' }}" >> "$GITHUB_OUTPUT"

  retag_ml:
    name: Re-Tag ML
@@ -46,14 +53,14 @@ jobs:
    permissions:
      contents: read
      packages: write
-    if: ${{ fromJSON(needs.pre-job.outputs.should_run).machine-learning == false && !github.event.pull_request.head.repo.fork }}
+    if: ${{ needs.pre-job.outputs.should_run_ml == 'false' && !github.event.pull_request.head.repo.fork }}
    runs-on: ubuntu-latest
    strategy:
      matrix:
        suffix: ['', '-cuda', '-rocm', '-openvino', '-armnn', '-rknn']
    steps:
      - name: Login to GitHub Container Registry
-        uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0
+        uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
        with:
          registry: ghcr.io
          username: ${{ github.repository_owner }}
@@ -75,14 +82,14 @@ jobs:
    permissions:
      contents: read
      packages: write
-    if: ${{ fromJSON(needs.pre-job.outputs.should_run).server == false && !github.event.pull_request.head.repo.fork }}
+    if: ${{ needs.pre-job.outputs.should_run_server == 'false' && !github.event.pull_request.head.repo.fork }}
    runs-on: ubuntu-latest
    strategy:
      matrix:
        suffix: ['']
    steps:
      - name: Login to GitHub Container Registry
-        uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0
+        uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
        with:
          registry: ghcr.io
          username: ${{ github.repository_owner }}
@@ -101,7 +108,7 @@ jobs:
  machine-learning:
    name: Build and Push ML
    needs: pre-job
-    if: ${{ fromJSON(needs.pre-job.outputs.should_run).machine-learning == true }}
+    if: ${{ needs.pre-job.outputs.should_run_ml == 'true' }}
    strategy:
      fail-fast: false
      matrix:
@@ -146,7 +153,7 @@ jobs:
  server:
    name: Build and Push Server
    needs: pre-job
-    if: ${{ fromJSON(needs.pre-job.outputs.should_run).server == true }}
+    if: ${{ needs.pre-job.outputs.should_run_server == 'true' }}
    uses: immich-app/devtools/.github/workflows/multi-runner-build.yml@129aeda75a450666ce96e8bc8126652e717917a7 # multi-runner-build-workflow-0.1.1
    permissions:
      contents: read
--- a/.github/workflows/docs-build.yml
+++ b/.github/workflows/docs-build.yml
@@ -18,28 +18,30 @@ jobs:
    permissions:
      contents: read
    outputs:
-      should_run: ${{ steps.check.outputs.should_run }}
+      should_run: ${{ steps.found_paths.outputs.docs == 'true' ||  steps.should_force.outputs.should_force == 'true' }}
    steps:
-      - name: Check what should run
-        id: check
-        uses: immich-app/devtools/actions/pre-job@24820aa4ef67959b0dcf69a438cccf00d7c7042b # pre-job-action-v1.0.1
+      - name: Checkout code
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          persist-credentials: false
+      - id: found_paths
+        uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
        with:
          filters: |
            docs:
              - 'docs/**'
-            open-api:
-              - 'open-api/immich-openapi-specs.json'
-          force-filters: |
-            - '.github/workflows/docs-build.yml'
-          force-events: 'release'
-          force-branches: 'main'
+            workflow:
+              - '.github/workflows/docs-build.yml'
+      - name: Check if we should force jobs to run
+        id: should_force
+        run: echo "should_force=${{ steps.found_paths.outputs.workflow == 'true' || github.event_name == 'release' || github.ref_name == 'main' }}" >> "$GITHUB_OUTPUT"

  build:
    name: Docs Build
    needs: pre-job
    permissions:
      contents: read
-    if: ${{ fromJSON(needs.pre-job.outputs.should_run).docs == true }}
+    if: ${{ needs.pre-job.outputs.should_run == 'true' }}
    runs-on: ubuntu-latest
    defaults:
      run:
@@ -47,28 +49,25 @@ jobs:

    steps:
      - name: Checkout code
-        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          persist-credentials: false

-      - name: Setup pnpm
-        uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0
-
      - name: Setup Node
        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
        with:
          node-version-file: './docs/.nvmrc'
-          cache: 'pnpm'
-          cache-dependency-path: '**/pnpm-lock.yaml'
+          cache: 'npm'
+          cache-dependency-path: '**/package-lock.json'

-      - name: Run install
-        run: pnpm install
+      - name: Run npm install
+        run: npm ci

      - name: Check formatting
-        run: pnpm format
+        run: npm run format

      - name: Run build
-        run: pnpm build
+        run: npm run build

      - name: Upload build output
        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
--- a/.github/workflows/docs-deploy.yml
+++ b/.github/workflows/docs-deploy.yml
@@ -20,7 +20,7 @@ jobs:
        run: echo 'The triggering workflow did not succeed' && exit 1
      - name: Get artifact
        id: get-artifact
-        uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7.1.0
+        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
        with:
          script: |
            let allArtifacts = await github.rest.actions.listWorkflowRunArtifacts({
@@ -38,7 +38,7 @@ jobs:
            return { found: true, id: matchArtifact.id };
      - name: Determine deploy parameters
        id: parameters
-        uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7.1.0
+        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
        env:
          HEAD_SHA: ${{ github.event.workflow_run.head_sha }}
        with:
@@ -108,13 +108,13 @@ jobs:
    if: ${{ fromJson(needs.checks.outputs.artifact).found && fromJson(needs.checks.outputs.parameters).shouldDeploy }}
    steps:
      - name: Checkout code
-        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          persist-credentials: false

      - name: Load parameters
        id: parameters
-        uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7.1.0
+        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
        env:
          PARAM_JSON: ${{ needs.checks.outputs.parameters }}
        with:
@@ -125,7 +125,7 @@ jobs:
            core.setOutput("shouldDeploy", parameters.shouldDeploy);

      - name: Download artifact
-        uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7.1.0
+        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
        env:
          ARTIFACT_JSON: ${{ needs.checks.outputs.artifact }}
        with:
--- a/.github/workflows/docs-destroy.yml
+++ b/.github/workflows/docs-destroy.yml
@@ -14,7 +14,7 @@ jobs:
      pull-requests: write
    steps:
      - name: Checkout code
-        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          persist-credentials: false

--- a/.github/workflows/fix-format.yml
+++ b/.github/workflows/fix-format.yml
@@ -16,27 +16,24 @@ jobs:
    steps:
      - name: Generate a token
        id: generate-token
-        uses: actions/create-github-app-token@a8d616148505b5069dccd32f177bb87d7f39123b # v2.1.1
+        uses: actions/create-github-app-token@df432ceedc7162793a195dd1713ff69aefc7379e # v2.0.6
        with:
          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}

      - name: 'Checkout'
-        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          ref: ${{ github.event.pull_request.head.ref }}
          token: ${{ steps.generate-token.outputs.token }}
          persist-credentials: true

-      - name: Setup pnpm
-        uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0
-
      - name: Setup Node
        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
        with:
          node-version-file: './server/.nvmrc'
-          cache: 'pnpm'
-          cache-dependency-path: '**/pnpm-lock.yaml'
+          cache: 'npm'
+          cache-dependency-path: '**/package-lock.json'

      - name: Fix formatting
        run: make install-all && make format-all
@@ -48,7 +45,7 @@ jobs:
          message: 'chore: fix formatting'

      - name: Remove label
-        uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7.1.0
+        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
        if: always()
        with:
          script: |
--- a/.github/workflows/merge-translations.yml
+++ b/.github/workflows/merge-translations.yml
@@ -1,128 +0,0 @@
-name: Merge translations
-
-on:
-  workflow_dispatch:
-  workflow_call:
-    secrets:
-      PUSH_O_MATIC_APP_ID:
-        required: true
-      PUSH_O_MATIC_APP_KEY:
-        required: true
-      WEBLATE_TOKEN:
-        required: true
-    inputs:
-      skip:
-        description: 'Skip translations'
-        required: false
-        type: boolean
-
-permissions: {}
-
-env:
-  WEBLATE_HOST: 'https://hosted.weblate.org'
-  WEBLATE_COMPONENT: 'immich/immich'
-
-jobs:
-  merge:
-    runs-on: ubuntu-latest
-    permissions:
-      pull-requests: write
-    steps:
-      - name: Find translation PR
-        id: find_pr
-        if: ${{ inputs.skip != true }}
-        env:
-          GH_TOKEN: ${{ github.token }}
-        run: |
-          set -euo pipefail
-
-          PR=$(gh pr list --repo $GITHUB_REPOSITORY --author weblate --json number,mergeable)
-          echo "$PR"
-
-          PR_NUMBER=$(echo "$PR" | jq '
-            if length == 1 then
-              .[0].number
-            else
-              error("Expected exactly 1 entry, got \(length)")
-            end
-          ' 2>&1) || exit 1
-
-          echo "PR_NUMBER=$PR_NUMBER" >> $GITHUB_OUTPUT
-          echo "Selected PR $PR_NUMBER"
-
-          if ! echo "$PR" | jq -e '.[0].mergeable == "MERGEABLE"'; then
-            echo "PR is not mergeable"
-            exit 1
-          fi
-
-      - name: Generate a token
-        id: generate_token
-        if: ${{ inputs.skip != true }}
-        uses: actions/create-github-app-token@a8d616148505b5069dccd32f177bb87d7f39123b # v2.1.1
-        with:
-          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
-          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
-
-      - name: Lock weblate
-        if: ${{ inputs.skip != true }}
-        env:
-          WEBLATE_TOKEN: ${{ secrets.WEBLATE_TOKEN }}
-        run: |
-          curl --fail-with-body -X POST -H "Authorization: Token $WEBLATE_TOKEN" "$WEBLATE_HOST/api/components/$WEBLATE_COMPONENT/lock/" -d lock=true
-
-      - name: Commit translations
-        if: ${{ inputs.skip != true }}
-        env:
-          WEBLATE_TOKEN: ${{ secrets.WEBLATE_TOKEN }}
-        run: |
-          curl --fail-with-body -X POST -H "Authorization: Token $WEBLATE_TOKEN" "$WEBLATE_HOST/api/components/$WEBLATE_COMPONENT/repository/" -d operation=commit
-          curl --fail-with-body -X POST -H "Authorization: Token $WEBLATE_TOKEN" "$WEBLATE_HOST/api/components/$WEBLATE_COMPONENT/repository/" -d operation=push
-
-      - name: Merge PR
-        id: merge_pr
-        if: ${{ inputs.skip != true }}
-        env:
-          GH_TOKEN: ${{ steps.generate_token.outputs.token }}
-          PR_NUMBER: ${{ steps.find_pr.outputs.PR_NUMBER }}
-        run: |
-          set -euo pipefail
-
-          REVIEW_ID=$(gh api -X POST "repos/$GITHUB_REPOSITORY/pulls/$PR_NUMBER/reviews" --field event='APPROVE' --field body='Automatically merging translations PR' \
-            | jq '.id')
-          echo "REVIEW_ID=$REVIEW_ID" >> $GITHUB_OUTPUT
-          gh pr merge "$PR_NUMBER" --repo "$GITHUB_REPOSITORY" --auto --squash
-
-      - name: Wait for PR to merge
-        if: ${{ inputs.skip != true }}
-        env:
-          GH_TOKEN: ${{ steps.generate_token.outputs.token }}
-          PR_NUMBER: ${{ steps.find_pr.outputs.PR_NUMBER }}
-          REVIEW_ID: ${{ steps.merge_pr.outputs.REVIEW_ID }}
-        run: |
-          # So we clean up no matter what
-          set +e
-
-          for i in {1..100}; do
-            if gh pr view "$PR_NUMBER" --repo "$GITHUB_REPOSITORY" --json state | jq -e '.state == "MERGED"'; then
-              echo "PR merged"
-              exit 0
-            else
-              echo "PR not merged yet, waiting..."
-              sleep 6
-            fi
-          done
-          echo "PR did not merge in time"
-          gh api -X PUT "repos/$GITHUB_REPOSITORY/pulls/$PR_NUMBER/reviews/$REVIEW_ID/dismissals" --field message='Merge attempt timed out' --field event='DISMISS'
-          gh pr merge "$PR_NUMBER" --repo "$GITHUB_REPOSITORY" --disable-auto
-          exit 1
-
-      - name: Unlock weblate
-        if: ${{ inputs.skip != true }}
-        env:
-          WEBLATE_TOKEN: ${{ secrets.WEBLATE_TOKEN }}
-        run: |
-          curl --fail-with-body -X POST -H "Authorization: Token $WEBLATE_TOKEN" "$WEBLATE_HOST/api/components/$WEBLATE_COMPONENT/lock/" -d lock=false
-
-      - name: Report success
-        run: |
-          echo "Workflow completed successfully (or was skipped)"
--- a/.github/workflows/org-checks.yml
+++ b/.github/workflows/org-checks.yml
@@ -0,0 +1,13 @@
+name: Org Checks
+
+on:
+  pull_request_review:
+  pull_request:
+
+jobs:
+  check-approvals:
+    name: Check for Team/Admin Review
+    uses: immich-app/devtools/.github/workflows/required-approval.yml@main
+    permissions:
+      pull-requests: read
+      contents: read
--- a/.github/workflows/org-pr-require-conventional-commit.yml
+++ b/.github/workflows/org-pr-require-conventional-commit.yml
@@ -1,12 +0,0 @@
-name: PR Conventional Commit
-
-on:
-  pull_request:
-    types: [opened, synchronize, reopened, edited]
-
-jobs:
-  validate-pr-title:
-    name: Validate PR Title (conventional commit)
-    uses: immich-app/devtools/.github/workflows/shared-pr-require-conventional-commit.yml@main
-    permissions:
-      pull-requests: write
--- a/.github/workflows/org-zizmor.yml
+++ b/.github/workflows/org-zizmor.yml
@@ -1,15 +0,0 @@
-name: Zizmor
-
-on:
-  pull_request:
-  push:
-    branches: [main]
-
-jobs:
-  zizmor:
-    name: Zizmor
-    uses: immich-app/devtools/.github/workflows/shared-zizmor.yml@main
-    permissions:
-      actions: read
-      contents: read
-      security-events: write
--- a/.github/workflows/pr-require-conventional-commit.yml
+++ b/.github/workflows/pr-require-conventional-commit.yml
@@ -0,0 +1,19 @@
+name: PR Conventional Commit Validation
+
+on:
+  pull_request:
+    types: [opened, synchronize, reopened, edited]
+
+permissions: {}
+
+jobs:
+  validate-pr-title:
+    runs-on: ubuntu-latest
+    permissions:
+      pull-requests: write
+    steps:
+      - name: PR Conventional Commit Validation
+        uses: ytanikin/PRConventionalCommits@b628c5a234cc32513014b7bfdd1e47b532124d98 # 1.3.0
+        with:
+          task_types: '["feat","fix","docs","test","ci","refactor","perf","chore","revert"]'
+          add_label: 'false'
--- a/.github/workflows/prepare-release.yml
+++ b/.github/workflows/prepare-release.yml
@@ -10,17 +10,12 @@ on:
        type: choice
        options:
          - 'false'
-          - major
          - minor
          - patch
      mobileBump:
        description: 'Bump mobile build number'
        required: false
        type: boolean
-      skipTranslations:
-        description: 'Skip translations'
-        required: false
-        type: boolean

 concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}-root
@@ -29,51 +24,28 @@ concurrency:
 permissions: {}

 jobs:
-  merge_translations:
-    uses: ./.github/workflows/merge-translations.yml
-    with:
-      skip: ${{ inputs.skipTranslations }}
-    permissions:
-      pull-requests: write
-    secrets:
-      PUSH_O_MATIC_APP_ID: ${{ secrets.PUSH_O_MATIC_APP_ID }}
-      PUSH_O_MATIC_APP_KEY: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
-      WEBLATE_TOKEN: ${{ secrets.WEBLATE_TOKEN }}
-
  bump_version:
    runs-on: ubuntu-latest
-    needs: [merge_translations]
    outputs:
      ref: ${{ steps.push-tag.outputs.commit_long_sha }}
    permissions: {} # No job-level permissions are needed because it uses the app-token
    steps:
      - name: Generate a token
        id: generate-token
-        uses: actions/create-github-app-token@a8d616148505b5069dccd32f177bb87d7f39123b # v2.1.1
+        uses: actions/create-github-app-token@df432ceedc7162793a195dd1713ff69aefc7379e # v2.0.6
        with:
          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}

      - name: Checkout
-        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          token: ${{ steps.generate-token.outputs.token }}
          persist-credentials: true
-          ref: main

      - name: Install uv
        uses: astral-sh/setup-uv@d4b2f3b6ecc6e67c4457f6d3e41ec42d3d0fcb86 # v5.4.2

-      - name: Setup pnpm
-        uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0
-
-      - name: Setup Node
-        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
-        with:
-          node-version-file: './server/.nvmrc'
-          cache: 'pnpm'
-          cache-dependency-path: '**/pnpm-lock.yaml'
-
      - name: Bump version
        env:
          SERVER_BUMP: ${{ inputs.serverBump }}
@@ -111,13 +83,13 @@ jobs:
    steps:
      - name: Generate a token
        id: generate-token
-        uses: actions/create-github-app-token@a8d616148505b5069dccd32f177bb87d7f39123b # v2.1.1
+        uses: actions/create-github-app-token@df432ceedc7162793a195dd1713ff69aefc7379e # v2.0.6
        with:
          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}

      - name: Checkout
-        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          token: ${{ steps.generate-token.outputs.token }}
          persist-credentials: false
@@ -128,7 +100,7 @@ jobs:
          name: release-apk-signed

      - name: Create draft release
-        uses: softprops/action-gh-release@6cbd405e2c4e67a21c47fa9e383d020e4e28b836 # v2.3.3
+        uses: softprops/action-gh-release@72f2c25fcb47643c292f7107632f7a47c1df5cd8 # v2.3.2
        with:
          draft: true
          tag_name: ${{ env.IMMICH_VERSION }}
--- a/.github/workflows/preview-label.yaml
+++ b/.github/workflows/preview-label.yaml
@@ -20,11 +20,11 @@ jobs:

  remove-label:
    runs-on: ubuntu-latest
-    if: ${{ (github.event.action == 'closed' || github.event.pull_request.head.repo.fork) && contains(github.event.pull_request.labels.*.name, 'preview') }}
+    if: ${{ github.event.action == 'closed' && contains(github.event.pull_request.labels.*.name, 'preview') }}
    permissions:
      pull-requests: write
    steps:
-      - uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7.1.0
+      - uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
        with:
          script: |
            github.rest.issues.removeLabel({
@@ -33,15 +33,3 @@ jobs:
              repo: context.repo.repo,
              name: 'preview'
            })
-
-      - uses: mshick/add-pr-comment@b8f338c590a895d50bcbfa6c5859251edc8952fc # v2.8.2
-        if: ${{ github.event.pull_request.head.repo.fork }}
-        with:
-          message-id: 'preview-status'
-          message: 'PRs from forks cannot have preview environments.'
-
-      - uses: mshick/add-pr-comment@b8f338c590a895d50bcbfa6c5859251edc8952fc # v2.8.2
-        if: ${{ !github.event.pull_request.head.repo.fork }}
-        with:
-          message-id: 'preview-status'
-          message: 'Preview environment has been removed.'
--- a/.github/workflows/sdk.yml
+++ b/.github/workflows/sdk.yml
@@ -16,25 +16,22 @@ jobs:
      run:
        working-directory: ./open-api/typescript-sdk
    steps:
-      - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          persist-credentials: false

-      - name: Setup pnpm
-        uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0
-
      # Setup .npmrc file to publish to npm
      - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
        with:
          node-version-file: './open-api/typescript-sdk/.nvmrc'
          registry-url: 'https://registry.npmjs.org'
-          cache: 'pnpm'
-          cache-dependency-path: '**/pnpm-lock.yaml'
+          cache: 'npm'
+          cache-dependency-path: '**/package-lock.json'
      - name: Install deps
-        run: pnpm install --frozen-lockfile
+        run: npm ci
      - name: Build
-        run: pnpm build
+        run: npm run build
      - name: Publish
-        run: pnpm publish
+        run: npm publish
        env:
          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
--- a/.github/workflows/static_analysis.yml
+++ b/.github/workflows/static_analysis.yml
@@ -17,23 +17,28 @@ jobs:
    permissions:
      contents: read
    outputs:
-      should_run: ${{ steps.check.outputs.should_run }}
+      should_run: ${{ steps.found_paths.outputs.mobile == 'true' || steps.should_force.outputs.should_force == 'true' }}
    steps:
-      - name: Check what should run
-        id: check
-        uses: immich-app/devtools/actions/pre-job@24820aa4ef67959b0dcf69a438cccf00d7c7042b # pre-job-action-v1.0.1
+      - name: Checkout code
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          persist-credentials: false
+      - id: found_paths
+        uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
        with:
          filters: |
            mobile:
              - 'mobile/**'
-          force-filters: |
-            - '.github/workflows/static_analysis.yml'
-          force-events: 'workflow_dispatch,release'
+            workflow:
+              - '.github/workflows/static_analysis.yml'
+      - name: Check if we should force jobs to run
+        id: should_force
+        run: echo "should_force=${{ steps.found_paths.outputs.workflow == 'true' || github.event_name == 'release' }}" >> "$GITHUB_OUTPUT"

  mobile-dart-analyze:
    name: Run Dart Code Analysis
    needs: pre-job
-    if: ${{ fromJSON(needs.pre-job.outputs.should_run).mobile == true }}
+    if: ${{ needs.pre-job.outputs.should_run == 'true' }}
    runs-on: ubuntu-latest
    permissions:
      contents: read
@@ -42,7 +47,7 @@ jobs:
        working-directory: ./mobile
    steps:
      - name: Checkout code
-        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          persist-credentials: false

@@ -63,7 +68,7 @@ jobs:
          working-directory: ./mobile

      - name: Generate translation file
-        run: dart run easy_localization:generate -S ../i18n && dart run bin/generate_keys.dart
+        run: make translation

      - name: Run Build Runner
        run: make build
@@ -85,7 +90,7 @@ jobs:
        env:
          CHANGED_FILES: ${{ steps.verify-changed-files.outputs.changed_files }}
        run: |
-          echo "ERROR: Generated files not up to date! Run 'make build' and 'make pigeon' inside the mobile directory"
+          echo "ERROR: Generated files not up to date! Run make_build inside the mobile directory"
          echo "Changed files: ${CHANGED_FILES}"
          exit 1

@@ -93,12 +98,39 @@ jobs:
        run: dart analyze --fatal-infos

      - name: Run dart format
-        run: make format
+        # Ignore generated files manually until https://github.com/dart-lang/dart_style/issues/864 is resolved
+        run: dart format --set-exit-if-changed $(find lib -name '*.dart' -not \( -name 'generated_plugin_registrant.dart' -o -name '*.g.dart' -o -name '*.drift.dart' \))

-      # TODO: Re-enable after upgrading custom_lint
-      # - name: Run dart custom_lint
-      #   run: dart run custom_lint
+      - name: Run dart custom_lint
+        run: dart run custom_lint

      # TODO: Use https://github.com/CQLabs/dcm-action
      - name: Run DCM
        run: dcm analyze lib --fatal-style --fatal-warnings
+
+  zizmor:
+    name: zizmor
+    runs-on: ubuntu-latest
+    permissions:
+      security-events: write
+      contents: read
+      actions: read
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          persist-credentials: false
+
+      - name: Install the latest version of uv
+        uses: astral-sh/setup-uv@d4b2f3b6ecc6e67c4457f6d3e41ec42d3d0fcb86 # v5.4.2
+
+      - name: Run zizmor 🌈
+        run: uvx zizmor --format=sarif . > results.sarif
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Upload SARIF file
+        uses: github/codeql-action/upload-sarif@181d5eefc20863364f96762470ba6f862bdef56b # v3.29.2
+        with:
+          sarif_file: results.sarif
+          category: zizmor
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -4,21 +4,37 @@ on:
  pull_request:
  push:
    branches: [main]
+
 concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true
+
 permissions: {}
+
 jobs:
  pre-job:
    runs-on: ubuntu-latest
    permissions:
      contents: read
    outputs:
-      should_run: ${{ steps.check.outputs.should_run }}
+      should_run_i18n: ${{ steps.found_paths.outputs.i18n == 'true' || steps.should_force.outputs.should_force == 'true' }}
+      should_run_web: ${{ steps.found_paths.outputs.web == 'true' || steps.should_force.outputs.should_force == 'true' }}
+      should_run_server: ${{ steps.found_paths.outputs.server == 'true' || steps.should_force.outputs.should_force == 'true' }}
+      should_run_cli: ${{ steps.found_paths.outputs.cli == 'true' || steps.should_force.outputs.should_force == 'true' }}
+      should_run_e2e: ${{ steps.found_paths.outputs.e2e == 'true' || steps.should_force.outputs.should_force == 'true' }}
+      should_run_mobile: ${{ steps.found_paths.outputs.mobile == 'true' || steps.should_force.outputs.should_force == 'true' }}
+      should_run_ml: ${{ steps.found_paths.outputs.machine-learning == 'true' || steps.should_force.outputs.should_force == 'true' }}
+      should_run_e2e_web: ${{ steps.found_paths.outputs.e2e == 'true' || steps.found_paths.outputs.web == 'true' || steps.should_force.outputs.should_force == 'true' }}
+      should_run_e2e_server_cli: ${{ steps.found_paths.outputs.e2e == 'true' || steps.found_paths.outputs.server == 'true' || steps.found_paths.outputs.cli == 'true' || steps.should_force.outputs.should_force == 'true' }}
+      should_run_.github: ${{ steps.found_paths.outputs['.github'] == 'true' || steps.should_force.outputs.should_force == 'true' }} # redundant to have should_force but if someone changes the trigger then this won't have to be changed
    steps:
-      - name: Check what should run
-        id: check
-        uses: immich-app/devtools/actions/pre-job@24820aa4ef67959b0dcf69a438cccf00d7c7042b # pre-job-action-v1.0.1
+      - name: Checkout code
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          persist-credentials: false
+
+      - id: found_paths
+        uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
        with:
          filters: |
            i18n:
@@ -38,225 +54,260 @@ jobs:
              - 'mobile/**'
            machine-learning:
              - 'machine-learning/**'
+            workflow:
+              - '.github/workflows/test.yml'
            .github:
              - '.github/**'
-          force-filters: |
-            - '.github/workflows/test.yml'
-          force-events: 'workflow_dispatch'
+
+      - name: Check if we should force jobs to run
+        id: should_force
+        run: echo "should_force=${{ steps.found_paths.outputs.workflow == 'true' || github.event_name == 'workflow_dispatch' }}" >> "$GITHUB_OUTPUT"

  server-unit-tests:
    name: Test & Lint Server
    needs: pre-job
-    if: ${{ fromJSON(needs.pre-job.outputs.should_run).server == true }}
+    if: ${{ needs.pre-job.outputs.should_run_server == 'true' }}
    runs-on: ubuntu-latest
    permissions:
      contents: read
    defaults:
      run:
        working-directory: ./server
+
    steps:
      - name: Checkout code
-        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          persist-credentials: false
-      - name: Setup pnpm
-        uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0
+
      - name: Setup Node
        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
        with:
          node-version-file: './server/.nvmrc'
-          cache: 'pnpm'
-          cache-dependency-path: '**/pnpm-lock.yaml'
-      - name: Run package manager install
-        run: pnpm install
+          cache: 'npm'
+          cache-dependency-path: '**/package-lock.json'
+
+      - name: Run npm install
+        run: npm ci
+
      - name: Run linter
-        run: pnpm lint
+        run: npm run lint
        if: ${{ !cancelled() }}
+
      - name: Run formatter
-        run: pnpm format
+        run: npm run format
        if: ${{ !cancelled() }}
+
      - name: Run tsc
-        run: pnpm check
+        run: npm run check
        if: ${{ !cancelled() }}
+
      - name: Run small tests & coverage
-        run: pnpm test
+        run: npm test
        if: ${{ !cancelled() }}
+
  cli-unit-tests:
    name: Unit Test CLI
    needs: pre-job
-    if: ${{ fromJSON(needs.pre-job.outputs.should_run).cli == true }}
+    if: ${{ needs.pre-job.outputs.should_run_cli == 'true' }}
    runs-on: ubuntu-latest
    permissions:
      contents: read
    defaults:
      run:
        working-directory: ./cli
+
    steps:
      - name: Checkout code
-        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          persist-credentials: false
-      - name: Setup pnpm
-        uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0
+
      - name: Setup Node
        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
        with:
          node-version-file: './cli/.nvmrc'
-          cache: 'pnpm'
-          cache-dependency-path: '**/pnpm-lock.yaml'
+          cache: 'npm'
+          cache-dependency-path: '**/package-lock.json'
+
      - name: Setup typescript-sdk
-        run: pnpm install && pnpm run build
+        run: npm ci && npm run build
        working-directory: ./open-api/typescript-sdk
+
      - name: Install deps
-        run: pnpm install
+        run: npm ci
+
      - name: Run linter
-        run: pnpm lint
+        run: npm run lint
        if: ${{ !cancelled() }}
+
      - name: Run formatter
-        run: pnpm format
+        run: npm run format
        if: ${{ !cancelled() }}
+
      - name: Run tsc
-        run: pnpm check
+        run: npm run check
        if: ${{ !cancelled() }}
+
      - name: Run unit tests & coverage
-        run: pnpm test
+        run: npm run test
        if: ${{ !cancelled() }}
+
  cli-unit-tests-win:
    name: Unit Test CLI (Windows)
    needs: pre-job
-    if: ${{ fromJSON(needs.pre-job.outputs.should_run).cli == true }}
+    if: ${{ needs.pre-job.outputs.should_run_cli == 'true' }}
    runs-on: windows-latest
    permissions:
      contents: read
    defaults:
      run:
        working-directory: ./cli
+
    steps:
      - name: Checkout code
-        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          persist-credentials: false
-      - name: Setup pnpm
-        uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0
+
      - name: Setup Node
        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
        with:
          node-version-file: './cli/.nvmrc'
-          cache: 'pnpm'
-          cache-dependency-path: '**/pnpm-lock.yaml'
+          cache: 'npm'
+          cache-dependency-path: '**/package-lock.json'
+
      - name: Setup typescript-sdk
-        run: pnpm install --frozen-lockfile && pnpm build
+        run: npm ci && npm run build
        working-directory: ./open-api/typescript-sdk
+
      - name: Install deps
-        run: pnpm install --frozen-lockfile
+        run: npm ci
+
      # Skip linter & formatter in Windows test.
      - name: Run tsc
-        run: pnpm check
+        run: npm run check
        if: ${{ !cancelled() }}
+
      - name: Run unit tests & coverage
-        run: pnpm test
+        run: npm run test
        if: ${{ !cancelled() }}
+
  web-lint:
    name: Lint Web
    needs: pre-job
-    if: ${{ fromJSON(needs.pre-job.outputs.should_run).web == true }}
+    if: ${{ needs.pre-job.outputs.should_run_web == 'true' }}
    runs-on: mich
    permissions:
      contents: read
    defaults:
      run:
        working-directory: ./web
+
    steps:
      - name: Checkout code
-        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          persist-credentials: false
-      - name: Setup pnpm
-        uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0
+
      - name: Setup Node
        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
        with:
          node-version-file: './web/.nvmrc'
-          cache: 'pnpm'
-          cache-dependency-path: '**/pnpm-lock.yaml'
+          cache: 'npm'
+          cache-dependency-path: '**/package-lock.json'
+
      - name: Run setup typescript-sdk
-        run: pnpm install --frozen-lockfile && pnpm build
+        run: npm ci && npm run build
        working-directory: ./open-api/typescript-sdk
-      - name: Run pnpm install
-        run: pnpm rebuild && pnpm install --frozen-lockfile
+
+      - name: Run npm install
+        run: npm ci
+
      - name: Run linter
-        run: pnpm lint:p
+        run: npm run lint:p
        if: ${{ !cancelled() }}
+
      - name: Run formatter
-        run: pnpm format
+        run: npm run format
        if: ${{ !cancelled() }}
+
      - name: Run svelte checks
-        run: pnpm check:svelte
+        run: npm run check:svelte
        if: ${{ !cancelled() }}
+
  web-unit-tests:
    name: Test Web
    needs: pre-job
-    if: ${{ fromJSON(needs.pre-job.outputs.should_run).web == true }}
+    if: ${{ needs.pre-job.outputs.should_run_web == 'true' }}
    runs-on: ubuntu-latest
    permissions:
      contents: read
    defaults:
      run:
        working-directory: ./web
+
    steps:
      - name: Checkout code
-        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          persist-credentials: false
-      - name: Setup pnpm
-        uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0
+
      - name: Setup Node
        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
        with:
          node-version-file: './web/.nvmrc'
-          cache: 'pnpm'
-          cache-dependency-path: '**/pnpm-lock.yaml'
+          cache: 'npm'
+          cache-dependency-path: '**/package-lock.json'
+
      - name: Run setup typescript-sdk
-        run: pnpm install --frozen-lockfile && pnpm build
+        run: npm ci && npm run build
        working-directory: ./open-api/typescript-sdk
+
      - name: Run npm install
-        run: pnpm install --frozen-lockfile
+        run: npm ci
+
      - name: Run tsc
-        run: pnpm check:typescript
+        run: npm run check:typescript
        if: ${{ !cancelled() }}
+
      - name: Run unit tests & coverage
-        run: pnpm test
+        run: npm run test
        if: ${{ !cancelled() }}
+
  i18n-tests:
    name: Test i18n
    needs: pre-job
-    if: ${{ fromJSON(needs.pre-job.outputs.should_run).i18n == true }}
+    if: ${{ needs.pre-job.outputs.should_run_i18n == 'true' }}
    runs-on: ubuntu-latest
    permissions:
      contents: read
    steps:
      - name: Checkout code
-        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          persist-credentials: false
-      - name: Setup pnpm
-        uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0
+
      - name: Setup Node
        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
        with:
          node-version-file: './web/.nvmrc'
-          cache: 'pnpm'
-          cache-dependency-path: '**/pnpm-lock.yaml'
+          cache: 'npm'
+          cache-dependency-path: '**/package-lock.json'
+
      - name: Install dependencies
-        run: pnpm --filter=immich-web install --frozen-lockfile
+        run: npm --prefix=web ci
+
      - name: Format
-        run: pnpm --filter=immich-web format:i18n
+        run: npm --prefix=web run format:i18n
+
      - name: Find file changes
        uses: tj-actions/verify-changed-files@a1c6acee9df209257a246f2cc6ae8cb6581c1edf # v20.0.4
        id: verify-changed-files
        with:
          files: |
            i18n/**
+
      - name: Verify files have not changed
        if: steps.verify-changed-files.outputs.files_changed == 'true'
        env:
@@ -265,77 +316,87 @@ jobs:
          echo "ERROR: i18n files not up to date!"
          echo "Changed files: ${CHANGED_FILES}"
          exit 1
+
  e2e-tests-lint:
    name: End-to-End Lint
    needs: pre-job
-    if: ${{ fromJSON(needs.pre-job.outputs.should_run).e2e == true }}
+    if: ${{ needs.pre-job.outputs.should_run_e2e == 'true' }}
    runs-on: ubuntu-latest
    permissions:
      contents: read
    defaults:
      run:
        working-directory: ./e2e
+
    steps:
      - name: Checkout code
-        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          persist-credentials: false
-      - name: Setup pnpm
-        uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0
+
      - name: Setup Node
        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
        with:
          node-version-file: './e2e/.nvmrc'
-          cache: 'pnpm'
-          cache-dependency-path: '**/pnpm-lock.yaml'
+          cache: 'npm'
+          cache-dependency-path: '**/package-lock.json'
+
      - name: Run setup typescript-sdk
-        run: pnpm install --frozen-lockfile && pnpm build
+        run: npm ci && npm run build
        working-directory: ./open-api/typescript-sdk
        if: ${{ !cancelled() }}
+
      - name: Install dependencies
-        run: pnpm install --frozen-lockfile
+        run: npm ci
        if: ${{ !cancelled() }}
+
      - name: Run linter
-        run: pnpm lint
+        run: npm run lint
        if: ${{ !cancelled() }}
+
      - name: Run formatter
-        run: pnpm format
+        run: npm run format
        if: ${{ !cancelled() }}
+
      - name: Run tsc
-        run: pnpm check
+        run: npm run check
        if: ${{ !cancelled() }}
+
  server-medium-tests:
    name: Medium Tests (Server)
    needs: pre-job
-    if: ${{ fromJSON(needs.pre-job.outputs.should_run).server == true }}
+    if: ${{ needs.pre-job.outputs.should_run_server == 'true' }}
    runs-on: ubuntu-latest
    permissions:
      contents: read
    defaults:
      run:
        working-directory: ./server
+
    steps:
      - name: Checkout code
-        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          persist-credentials: false
-      - name: Setup pnpm
-        uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0
+
      - name: Setup Node
        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
        with:
          node-version-file: './server/.nvmrc'
-          cache: 'pnpm'
-          cache-dependency-path: '**/pnpm-lock.yaml'
-      - name: Run pnpm install
-        run: SHARP_IGNORE_GLOBAL_LIBVIPS=true pnpm install --frozen-lockfile
+          cache: 'npm'
+          cache-dependency-path: '**/package-lock.json'
+
+      - name: Run npm install
+        run: npm ci
+
      - name: Run medium tests
-        run: pnpm test:medium
+        run: npm run test:medium
        if: ${{ !cancelled() }}
+
  e2e-tests-server-cli:
    name: End-to-End Tests (Server & CLI)
    needs: pre-job
-    if: ${{ fromJSON(needs.pre-job.outputs.should_run).e2e == true || fromJSON(needs.pre-job.outputs.should_run).server == true || fromJSON(needs.pre-job.outputs.should_run).cli == true }}
+    if: ${{ needs.pre-job.outputs.should_run_e2e_server_cli == 'true' }}
    runs-on: ${{ matrix.runner }}
    permissions:
      contents: read
@@ -345,45 +406,47 @@ jobs:
    strategy:
      matrix:
        runner: [ubuntu-latest, ubuntu-24.04-arm]
+
    steps:
      - name: Checkout code
-        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          persist-credentials: false
          submodules: 'recursive'
-      - name: Setup pnpm
-        uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0
+
      - name: Setup Node
        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
        with:
          node-version-file: './e2e/.nvmrc'
-          cache: 'pnpm'
-          cache-dependency-path: '**/pnpm-lock.yaml'
+          cache: 'npm'
+          cache-dependency-path: '**/package-lock.json'
+
      - name: Run setup typescript-sdk
-        run: pnpm install --frozen-lockfile && pnpm build
+        run: npm ci && npm run build
        working-directory: ./open-api/typescript-sdk
        if: ${{ !cancelled() }}
-      - name: Run setup web
-        run: pnpm install --frozen-lockfile && pnpm exec svelte-kit sync
-        working-directory: ./web
-        if: ${{ !cancelled() }}
+
      - name: Run setup cli
-        run: pnpm install --frozen-lockfile && pnpm build
+        run: npm ci && npm run build
        working-directory: ./cli
        if: ${{ !cancelled() }}
+
      - name: Install dependencies
-        run: pnpm install --frozen-lockfile
+        run: npm ci
        if: ${{ !cancelled() }}
+
      - name: Docker build
        run: docker compose build
        if: ${{ !cancelled() }}
+
      - name: Run e2e tests (api & cli)
-        run: pnpm test
+        run: npm run test
        if: ${{ !cancelled() }}
+
  e2e-tests-web:
    name: End-to-End Tests (Web)
    needs: pre-job
-    if: ${{ fromJSON(needs.pre-job.outputs.should_run).e2e == true || fromJSON(needs.pre-job.outputs.should_run).web == true }}
+    if: ${{ needs.pre-job.outputs.should_run_e2e_web == 'true' }}
    runs-on: ${{ matrix.runner }}
    permissions:
      contents: read
@@ -393,36 +456,42 @@ jobs:
    strategy:
      matrix:
        runner: [ubuntu-latest, ubuntu-24.04-arm]
+
    steps:
      - name: Checkout code
-        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          persist-credentials: false
          submodules: 'recursive'
-      - name: Setup pnpm
-        uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0
+
      - name: Setup Node
        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
        with:
          node-version-file: './e2e/.nvmrc'
-          cache: 'pnpm'
-          cache-dependency-path: '**/pnpm-lock.yaml'
+          cache: 'npm'
+          cache-dependency-path: '**/package-lock.json'
+
      - name: Run setup typescript-sdk
-        run: pnpm install --frozen-lockfile && pnpm build
+        run: npm ci && npm run build
        working-directory: ./open-api/typescript-sdk
        if: ${{ !cancelled() }}
+
      - name: Install dependencies
-        run: pnpm install --frozen-lockfile
+        run: npm ci
        if: ${{ !cancelled() }}
+
      - name: Install Playwright Browsers
        run: npx playwright install chromium --only-shell
        if: ${{ !cancelled() }}
+
      - name: Docker build
        run: docker compose build
        if: ${{ !cancelled() }}
+
      - name: Run e2e tests (web)
        run: npx playwright test
        if: ${{ !cancelled() }}
+
  success-check-e2e:
    name: End-to-End Tests Success
    needs: [e2e-tests-server-cli, e2e-tests-web]
@@ -433,32 +502,37 @@ jobs:
      - uses: immich-app/devtools/actions/success-check@68f10eb389bb02a3cf9d1156111964c549eb421b # 0.0.4
        with:
          needs: ${{ toJSON(needs) }}
+
  mobile-unit-tests:
    name: Unit Test Mobile
    needs: pre-job
-    if: ${{ fromJSON(needs.pre-job.outputs.should_run).mobile == true }}
+    if: ${{ needs.pre-job.outputs.should_run_mobile == 'true' }}
    runs-on: ubuntu-latest
    permissions:
      contents: read
    steps:
-      - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          persist-credentials: false
+
      - name: Setup Flutter SDK
        uses: subosito/flutter-action@fd55f4c5af5b953cc57a2be44cb082c8f6635e8e # v2.21.0
        with:
          channel: 'stable'
          flutter-version-file: ./mobile/pubspec.yaml
+
      - name: Generate translation file
-        run: dart run easy_localization:generate -S ../i18n && dart run bin/generate_keys.dart
+        run: make translation
        working-directory: ./mobile
+
      - name: Run tests
        working-directory: ./mobile
        run: flutter test -j 1
+
  ml-unit-tests:
    name: Unit Test ML
    needs: pre-job
-    if: ${{ fromJSON(needs.pre-job.outputs.should_run).machine-learning == true }}
+    if: ${{ needs.pre-job.outputs.should_run_ml == 'true' }}
    runs-on: ubuntu-latest
    permissions:
      contents: read
@@ -466,9 +540,10 @@ jobs:
      run:
        working-directory: ./machine-learning
    steps:
-      - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          persist-credentials: false
+
      - name: Install uv
        uses: astral-sh/setup-uv@d4b2f3b6ecc6e67c4457f6d3e41ec42d3d0fcb86 # v5.4.2
      - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
@@ -491,48 +566,56 @@ jobs:
      - name: Run tests and coverage
        run: |
          uv run pytest --cov=immich_ml --cov-report term-missing
+
  github-files-formatting:
    name: .github Files Formatting
    needs: pre-job
-    if: ${{ fromJSON(needs.pre-job.outputs.should_run)['.github'] == true }}
+    if: ${{ needs.pre-job.outputs['should_run_.github'] == 'true' }}
    runs-on: ubuntu-latest
    permissions:
      contents: read
    defaults:
      run:
        working-directory: ./.github
+
    steps:
      - name: Checkout code
-        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          persist-credentials: false
-      - name: Setup pnpm
-        uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0
+
      - name: Setup Node
        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
        with:
          node-version-file: './.github/.nvmrc'
-          cache: 'pnpm'
-          cache-dependency-path: '**/pnpm-lock.yaml'
-      - name: Run pnpm install
-        run: pnpm install --frozen-lockfile
+          cache: 'npm'
+          cache-dependency-path: '**/package-lock.json'
+
+      - name: Run npm install
+        run: npm ci
+
      - name: Run formatter
-        run: pnpm format
+        run: npm run format
        if: ${{ !cancelled() }}
+
  shellcheck:
    name: ShellCheck
    runs-on: ubuntu-latest
    permissions:
      contents: read
    steps:
-      - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          persist-credentials: false
+
      - name: Run ShellCheck
        uses: ludeeus/action-shellcheck@00cae500b08a931fb5698e11e79bfbd38e612a38 # 2.0.0
        with:
          ignore_paths: >-
-            **/open-api/** **/openapi** **/node_modules/**
+            **/open-api/**
+            **/openapi**
+            **/node_modules/**
+
  generated-api-up-to-date:
    name: OpenAPI Clients
    runs-on: ubuntu-latest
@@ -540,24 +623,26 @@ jobs:
      contents: read
    steps:
      - name: Checkout code
-        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          persist-credentials: false
-      - name: Setup pnpm
-        uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0
+
      - name: Setup Node
        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
        with:
          node-version-file: './server/.nvmrc'
-          cache: 'pnpm'
-          cache-dependency-path: '**/pnpm-lock.yaml'
+          cache: 'npm'
+          cache-dependency-path: '**/package-lock.json'
+
      - name: Install server dependencies
-        run: SHARP_IGNORE_GLOBAL_LIBVIPS=true pnpm --filter immich install --frozen-lockfile
+        run: npm --prefix=server ci
+
      - name: Build the app
-        run: pnpm --filter immich build
+        run: npm --prefix=server run build
+
      - name: Run API generation
-        run: ./bin/generate-open-api.sh
-        working-directory: open-api
+        run: make open-api
+
      - name: Find file changes
        uses: tj-actions/verify-changed-files@a1c6acee9df209257a246f2cc6ae8cb6581c1edf # v20.0.4
        id: verify-changed-files
@@ -566,6 +651,7 @@ jobs:
            mobile/openapi
            open-api/typescript-sdk
            open-api/immich-openapi-specs.json
+
      - name: Verify files have not changed
        if: steps.verify-changed-files.outputs.files_changed == 'true'
        env:
@@ -574,6 +660,7 @@ jobs:
          echo "ERROR: Generated files not up to date!"
          echo "Changed files: ${CHANGED_FILES}"
          exit 1
+
  sql-schema-up-to-date:
    name: SQL Schema Checks
    runs-on: ubuntu-latest
@@ -581,42 +668,51 @@ jobs:
      contents: read
    services:
      postgres:
-        image: ghcr.io/immich-app/postgres:14-vectorchord0.4.3@sha256:da52bbead5d818adaa8077c8dcdaad0aaf93038c31ad8348b51f9f0ec1310a4d
+        image: ghcr.io/immich-app/postgres:14-vectorchord0.4.3@sha256:1f5583fe3397210a0fbc7f11b0cec18bacc4a99e3e8ea0548e9bd6bcf26ec37a
        env:
          POSTGRES_PASSWORD: postgres
          POSTGRES_USER: postgres
          POSTGRES_DB: immich
        options: >-
-          --health-cmd pg_isready --health-interval 10s --health-timeout 5s --health-retries 5
+          --health-cmd pg_isready
+          --health-interval 10s
+          --health-timeout 5s
+          --health-retries 5
        ports:
          - 5432:5432
    defaults:
      run:
        working-directory: ./server
+
    steps:
      - name: Checkout code
-        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          persist-credentials: false
-      - name: Setup pnpm
-        uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0
+
      - name: Setup Node
        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
        with:
          node-version-file: './server/.nvmrc'
-          cache: 'pnpm'
-          cache-dependency-path: '**/pnpm-lock.yaml'
+          cache: 'npm'
+          cache-dependency-path: '**/package-lock.json'
+
      - name: Install server dependencies
-        run: SHARP_IGNORE_GLOBAL_LIBVIPS=true pnpm install --frozen-lockfile
+        run: npm ci
+
      - name: Build the app
-        run: pnpm build
+        run: npm run build
+
      - name: Run existing migrations
-        run: pnpm migrations:run
+        run: npm run migrations:run
+
      - name: Test npm run schema:reset command works
-        run: pnpm schema:reset
+        run: npm run schema:reset
+
      - name: Generate new migrations
        continue-on-error: true
-        run: pnpm migrations:generate src/TestMigration
+        run: npm run migrations:generate src/TestMigration
+
      - name: Find file changes
        uses: tj-actions/verify-changed-files@a1c6acee9df209257a246f2cc6ae8cb6581c1edf # v20.0.4
        id: verify-changed-files
@@ -632,16 +728,19 @@ jobs:
          echo "Changed files: ${CHANGED_FILES}"
          cat ./src/*-TestMigration.ts
          exit 1
+
      - name: Run SQL generation
-        run: pnpm sync:sql
+        run: npm run sync:sql
        env:
          DB_URL: postgres://postgres:postgres@localhost:5432/immich
+
      - name: Find file changes
        uses: tj-actions/verify-changed-files@a1c6acee9df209257a246f2cc6ae8cb6581c1edf # v20.0.4
        id: verify-changed-sql-files
        with:
          files: |
            server/src/queries
+
      - name: Verify SQL files have not changed
        if: steps.verify-changed-sql-files.outputs.files_changed == 'true'
        env:
@@ -652,77 +751,77 @@ jobs:
          git diff
          exit 1

-# mobile-integration-tests:
-#   name: Run mobile end-to-end integration tests
-#   runs-on: macos-latest
-#   steps:
-#     - uses: actions/checkout@v4
-#     - uses: actions/setup-java@v3
-#       with:
-#         distribution: 'zulu'
-#         java-version: '12.x'
-#         cache: 'gradle'
-#     - name: Cache android SDK
-#       uses: actions/cache@v3
-#       id: android-sdk
-#       with:
-#         key: android-sdk
-#         path: |
-#           /usr/local/lib/android/
-#           ~/.android
-#     - name: Cache Gradle
-#       uses: actions/cache@v3
-#       with:
-#         path: |
-#           ./mobile/build/
-#           ./mobile/android/.gradle/
-#         key: ${{ runner.os }}-flutter-${{ hashFiles('**/*.gradle*', 'pubspec.lock') }}
-#     - name: Setup Android SDK
-#       if: steps.android-sdk.outputs.cache-hit != 'true'
-#       uses: android-actions/setup-android@v2
-#     - name: AVD cache
-#       uses: actions/cache@v3
-#       id: avd-cache
-#       with:
-#         path: |
-#           ~/.android/avd/*
-#           ~/.android/adb*
-#         key: avd-29
-#     - name: create AVD and generate snapshot for caching
-#       if: steps.avd-cache.outputs.cache-hit != 'true'
-#       uses: reactivecircus/android-emulator-runner@v2.27.0
-#       with:
-#         working-directory: ./mobile
-#         cores: 2
-#         api-level: 29
-#         arch: x86_64
-#         profile: pixel
-#         target: default
-#         force-avd-creation: false
-#         emulator-options: -no-window -gpu swiftshader_indirect -noaudio -no-boot-anim -camera-back none
-#         disable-animations: false
-#         script: echo "Generated AVD snapshot for caching."
-#     - name: Setup Flutter SDK
-#       uses: subosito/flutter-action@v2
-#       with:
-#         channel: 'stable'
-#         flutter-version: '3.7.3'
-#         cache: true
-#     - name: Run integration tests
-#       uses: Wandalen/wretry.action@master
-#       with:
-#         action: reactivecircus/android-emulator-runner@v2.27.0
-#         with: |
-#           working-directory: ./mobile
-#           cores: 2
-#           api-level: 29
-#           arch: x86_64
-#           profile: pixel
-#           target: default
-#           force-avd-creation: false
-#           emulator-options: -no-snapshot-save -no-window -gpu swiftshader_indirect -noaudio -no-boot-anim -camera-back none
-#           disable-animations: true
-#           script: |
-#             flutter pub get
-#             flutter test integration_test
-#         attempt_limit: 3
+  # mobile-integration-tests:
+  #   name: Run mobile end-to-end integration tests
+  #   runs-on: macos-latest
+  #   steps:
+  #     - uses: actions/checkout@v4
+  #     - uses: actions/setup-java@v3
+  #       with:
+  #         distribution: 'zulu'
+  #         java-version: '12.x'
+  #         cache: 'gradle'
+  #     - name: Cache android SDK
+  #       uses: actions/cache@v3
+  #       id: android-sdk
+  #       with:
+  #         key: android-sdk
+  #         path: |
+  #           /usr/local/lib/android/
+  #           ~/.android
+  #     - name: Cache Gradle
+  #       uses: actions/cache@v3
+  #       with:
+  #         path: |
+  #           ./mobile/build/
+  #           ./mobile/android/.gradle/
+  #         key: ${{ runner.os }}-flutter-${{ hashFiles('**/*.gradle*', 'pubspec.lock') }}
+  #     - name: Setup Android SDK
+  #       if: steps.android-sdk.outputs.cache-hit != 'true'
+  #       uses: android-actions/setup-android@v2
+  #     - name: AVD cache
+  #       uses: actions/cache@v3
+  #       id: avd-cache
+  #       with:
+  #         path: |
+  #           ~/.android/avd/*
+  #           ~/.android/adb*
+  #         key: avd-29
+  #     - name: create AVD and generate snapshot for caching
+  #       if: steps.avd-cache.outputs.cache-hit != 'true'
+  #       uses: reactivecircus/android-emulator-runner@v2.27.0
+  #       with:
+  #         working-directory: ./mobile
+  #         cores: 2
+  #         api-level: 29
+  #         arch: x86_64
+  #         profile: pixel
+  #         target: default
+  #         force-avd-creation: false
+  #         emulator-options: -no-window -gpu swiftshader_indirect -noaudio -no-boot-anim -camera-back none
+  #         disable-animations: false
+  #         script: echo "Generated AVD snapshot for caching."
+  #     - name: Setup Flutter SDK
+  #       uses: subosito/flutter-action@v2
+  #       with:
+  #         channel: 'stable'
+  #         flutter-version: '3.7.3'
+  #         cache: true
+  #     - name: Run integration tests
+  #       uses: Wandalen/wretry.action@master
+  #       with:
+  #         action: reactivecircus/android-emulator-runner@v2.27.0
+  #         with: |
+  #           working-directory: ./mobile
+  #           cores: 2
+  #           api-level: 29
+  #           arch: x86_64
+  #           profile: pixel
+  #           target: default
+  #           force-avd-creation: false
+  #           emulator-options: -no-snapshot-save -no-window -gpu swiftshader_indirect -noaudio -no-boot-anim -camera-back none
+  #           disable-animations: true
+  #           script: |
+  #             flutter pub get
+  #             flutter test integration_test
+  #         attempt_limit: 3
--- a/.github/workflows/weblate-lock.yml
+++ b/.github/workflows/weblate-lock.yml
@@ -3,52 +3,48 @@ name: Weblate checks
 on:
  pull_request:
    branches: [main]
-    types:
-      - opened
-      - synchronize
-      - ready_for_review
-      - auto_merge_enabled
-      - auto_merge_disabled

 permissions: {}

-env:
-  BOT_NAME: immich-push-o-matic
-
 jobs:
  pre-job:
    runs-on: ubuntu-latest
    permissions:
      contents: read
    outputs:
-      should_run: ${{ steps.check.outputs.should_run }}
+      should_run: ${{ steps.found_paths.outputs.i18n == 'true' && github.head_ref != 'chore/translations'}}
    steps:
-      - name: Check what should run
-        id: check
-        uses: immich-app/devtools/actions/pre-job@24820aa4ef67959b0dcf69a438cccf00d7c7042b # pre-job-action-v1.0.1
+      - name: Checkout code
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          persist-credentials: false
+      - id: found_paths
+        uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
        with:
          filters: |
            i18n:
              - 'i18n/!(en)**\.json'
-          exclude-branches: 'chore/translations'
-          skip-force-logic: 'true'

  enforce-lock:
    name: Check Weblate Lock
    needs: [pre-job]
    runs-on: ubuntu-latest
    permissions: {}
-    if: ${{ fromJSON(needs.pre-job.outputs.should_run).i18n == true }}
+    if: ${{ needs.pre-job.outputs.should_run == 'true' }}
    steps:
-      - name: Bot review status
-        env:
-          PR_NUMBER: ${{ github.event.pull_request.number || github.event.pull_request_review.pull_request.number }}
-          GH_TOKEN: ${{ github.token }}
+      - name: Check weblate lock
        run: |
-          # Then check for APPROVED by the bot, if absent fail
-          gh pr view "$PR_NUMBER" --repo "$GITHUB_REPOSITORY" --json reviews | jq -e '.reviews | map(select(.author.login == env.BOT_NAME and .state == "APPROVED")) | length > 0' \
-            || (echo "The push-o-matic bot has not approved this PR yet" && exit 1)
-
+          if [[ "false" = $(curl https://hosted.weblate.org/api/components/immich/immich/lock/ | jq .locked) ]]; then
+            exit 1
+          fi
+      - name: Find Pull Request
+        uses: juliangruber/find-pull-request-action@48b6133aa6c826f267ebd33aa2d29470f9d9e7d0 # v1.9.0
+        id: find-pr
+        with:
+          branch: chore/translations
+      - name: Fail if existing weblate PR
+        if: ${{ steps.find-pr.outputs.number }}
+        run: exit 1
  success-check-lock:
    name: Weblate Lock Check Success
    needs: [enforce-lock]
--- a/.gitignore
+++ b/.gitignore
@@ -18,7 +18,6 @@ mobile/libisar.dylib
 mobile/openapi/test
 mobile/openapi/doc
 mobile/openapi/.openapi-generator/FILES
-mobile/ios/build

 open-api/typescript-sdk/build
 mobile/android/fastlane/report.xml
@@ -26,5 +25,3 @@ mobile/ios/fastlane/report.xml

 vite.config.js.timestamp-*
 .pnpm-store
-.devcontainer/library
-.devcontainer/.env*
--- a/.pnpmfile.cjs
+++ b/.pnpmfile.cjs
@@ -1,18 +0,0 @@
-module.exports = {
-  hooks: {
-    readPackage: (pkg) => {
-      if (!pkg.name) {
-        return pkg;
-      }
-      if (pkg.name === "exiftool-vendored") {
-        if (pkg.optionalDependencies["exiftool-vendored.pl"]) {
-          // make exiftool-vendored.pl a regular dependency
-          pkg.dependencies["exiftool-vendored.pl"] =
-            pkg.optionalDependencies["exiftool-vendored.pl"];
-          delete pkg.optionalDependencies["exiftool-vendored.pl"];
-        }
-      }
-      return pkg;
-    },
-  },
-};
--- a/.vscode/launch.json
+++ b/.vscode/launch.json
@@ -7,7 +7,7 @@
      "restart": true,
      "port": 9231,
      "name": "Immich API Server",
-      "remoteRoot": "/usr/src/app/server",
+      "remoteRoot": "/usr/src/app",
      "localRoot": "${workspaceFolder}/server"
    },
    {
@@ -16,7 +16,7 @@
      "restart": true,
      "port": 9230,
      "name": "Immich Workers",
-      "remoteRoot": "/usr/src/app/server",
+      "remoteRoot": "/usr/src/app",
      "localRoot": "${workspaceFolder}/server"
    }
  ]
--- a/.vscode/settings.json
+++ b/.vscode/settings.json
@@ -56,8 +56,7 @@
  "explorer.fileNesting.enabled": true,
  "explorer.fileNesting.patterns": {
    "*.dart": "${capture}.g.dart,${capture}.gr.dart,${capture}.drift.dart",
-    "*.ts": "${capture}.spec.ts,${capture}.mock.ts",
-    "package.json": "package-lock.json, yarn.lock, pnpm-lock.yaml, bun.lockb, bun.lock, pnpm-workspace.yaml, .pnpmfile.cjs"
+    "*.ts": "${capture}.spec.ts,${capture}.mock.ts"
  },
  "svelte.enable-ts-plugin": true,
  "typescript.preferences.importModuleSpecifier": "non-relative"
--- a/2
+++ b/2
@@ -1,7 +1,5 @@
 /.github/ @bo0tzz
 /docker/ @bo0tzz
 /server/ @danieldietzler
-/web/ @danieldietzler
 /machine-learning/ @mertalev
 /e2e/ @danieldietzler
-/mobile/ @shenlong-tanwen
--- a/101
+++ b/101
@@ -8,14 +8,11 @@ dev-update:
 	@trap 'make dev-down' EXIT; COMPOSE_BAKE=true docker compose -f ./docker/docker-compose.dev.yml up --build -V --remove-orphans

 dev-scale:
-	@trap 'make dev-down' EXIT; COMPOSE_BAKE=true docker compose -f ./docker/docker-compose.dev.yml up --build -V --scale immich-server=3 --remove-orphans
-
-dev-docs:
-	npm --prefix docs run start
+	@trap 'make dev-down' EXIT; COMPOSE_BAKE=true docker compose -f ./docker/docker-compose.dev.yml up --build -V  --scale immich-server=3 --remove-orphans

 .PHONY: e2e
 e2e:
-	@trap 'make e2e-down' EXIT; COMPOSE_BAKE=true docker compose -f ./e2e/docker-compose.yml up --remove-orphans
+	@trap 'make e2e-down' EXIT; COMPOSE_BAKE=true docker compose -f ./e2e/docker-compose.yml up --build -V --remove-orphans

 e2e-update:
 	@trap 'make e2e-down' EXIT; COMPOSE_BAKE=true docker compose -f ./e2e/docker-compose.yml up --build -V --remove-orphans
@@ -43,7 +40,7 @@ open-api-typescript:
 	cd ./open-api && bash ./bin/generate-open-api.sh typescript

 sql:
-	pnpm --filter immich run sync:sql
+	npm --prefix server run sync:sql

 attach-server:
 	docker exec -it docker_immich-server_1 sh
@@ -51,59 +48,33 @@ attach-server:
 renovate:
  LOG_LEVEL=debug npx renovate --platform=local --repository-cache=reset

-# Directories that need to be created for volumes or build output
-VOLUME_DIRS = \
-	./.pnpm-store \
-	./web/.svelte-kit \
-	./web/node_modules \
-	./web/coverage \
-	./e2e/node_modules \
-	./docs/node_modules \
-	./server/node_modules \
-	./open-api/typescript-sdk/node_modules \
-	./.github/node_modules \
-	./node_modules \
-	./cli/node_modules
-
-# Include .env file if it exists
-include docker/.env
-
 MODULES = e2e server web cli sdk docs .github

-# directory to package name mapping function
-#   cli     = @immich/cli
-#   docs    = documentation
-#   e2e     = immich-e2e
-#   open-api/typescript-sdk = @immich/sdk
-#   server  = immich
-#   web     = immich-web
-map-package = $(subst sdk,@immich/sdk,$(subst cli,@immich/cli,$(subst docs,documentation,$(subst e2e,immich-e2e,$(subst server,immich,$(subst web,immich-web,$1))))))
-
 audit-%:
-	pnpm --filter $(call map-package,$*) audit fix
+	npm --prefix $(subst sdk,open-api/typescript-sdk,$*) audit fix
 install-%:
-	pnpm --filter $(call map-package,$*) install $(if $(FROZEN),--frozen-lockfile) $(if $(OFFLINE),--offline)
+	npm --prefix $(subst sdk,open-api/typescript-sdk,$*) i
+ci-%:
+	npm --prefix $(subst sdk,open-api/typescript-sdk,$*) ci
 build-cli: build-sdk
 build-web: build-sdk
 build-%: install-%
-	pnpm --filter $(call map-package,$*) run build
+	npm --prefix $(subst sdk,open-api/typescript-sdk,$*) run build
 format-%:
-	pnpm --filter $(call map-package,$*) run format:fix
+	npm --prefix $* run format:fix
 lint-%:
-	pnpm --filter $(call map-package,$*) run lint:fix
-lint-web:
-	pnpm --filter $(call map-package,$*) run lint:p
+	npm --prefix $* run lint:fix
 check-%:
-	pnpm --filter $(call map-package,$*) run check
+	npm --prefix $* run check
 check-web:
-	pnpm --filter immich-web run check:typescript
-	pnpm --filter immich-web run check:svelte
+	npm --prefix web run check:typescript
+	npm --prefix web run check:svelte
 test-%:
-	pnpm --filter $(call map-package,$*) run test
+	npm --prefix $* run test
 test-e2e:
 	docker compose -f ./e2e/docker-compose.yml build
-	pnpm --filter immich-e2e run test
-	pnpm --filter immich-e2e run test:web
+	npm --prefix e2e run test
+	npm --prefix e2e run test:web
 test-medium:
 	docker run \
    --rm \
@@ -113,39 +84,27 @@ test-medium:
    -v ./server/tsconfig.json:/usr/src/app/tsconfig.json \
    -e NODE_ENV=development \
    immich-server:latest \
-    -c "pnpm test:medium -- --run"
+    -c "npm ci && npm run test:medium -- --run"
 test-medium-dev:
-	docker exec -it immich_server /bin/sh -c "pnpm run test:medium"
+	docker exec -it immich_server /bin/sh -c "npm run test:medium"

-install-all:
-	pnpm -r --filter '!documentation' install
-
-build-all: $(foreach M,$(filter-out e2e docs .github,$(MODULES)),build-$M) ;
-
-check-all:
-	pnpm -r --filter '!documentation' run "/^(check|check\:svelte|check\:typescript)$/"
-lint-all:
-	pnpm -r --filter '!documentation' run lint:fix
-format-all:
-	pnpm -r --filter '!documentation' run format:fix
-audit-all:
-	pnpm -r --filter '!documentation' audit fix
-hygiene-all: audit-all
-	pnpm -r --filter '!documentation' run "/(format:fix|check|check:svelte|check:typescript|sql)/"
-
-test-all:
-	pnpm -r --filter '!documentation' run "/^test/"
+build-all: $(foreach M,$(filter-out e2e .github,$(MODULES)),build-$M) ;
+install-all: $(foreach M,$(MODULES),install-$M) ;
+ci-all: $(foreach M,$(filter-out .github,$(MODULES)),ci-$M) ;
+check-all: $(foreach M,$(filter-out sdk cli docs .github,$(MODULES)),check-$M) ;
+lint-all: $(foreach M,$(filter-out sdk docs .github,$(MODULES)),lint-$M) ;
+format-all: $(foreach M,$(filter-out sdk,$(MODULES)),format-$M) ;
+audit-all:  $(foreach M,$(MODULES),audit-$M) ;
+hygiene-all: lint-all format-all check-all sql audit-all;
+test-all: $(foreach M,$(filter-out sdk docs .github,$(MODULES)),test-$M) ;

 clean:
 	find . -name "node_modules" -type d -prune -exec rm -rf {} +
 	find . -name "dist" -type d -prune -exec rm -rf '{}' +
 	find . -name "build" -type d -prune -exec rm -rf '{}' +
-	find . -name ".svelte-kit" -type d -prune -exec rm -rf '{}' +
-	find . -name "coverage" -type d -prune -exec rm -rf '{}' +
-	find . -name ".pnpm-store" -type d -prune -exec rm -rf '{}' +
-	command -v docker >/dev/null 2>&1 && docker compose -f ./docker/docker-compose.dev.yml down -v --remove-orphans || true
-	command -v docker >/dev/null 2>&1 && docker compose -f ./e2e/docker-compose.yml down -v --remove-orphans || true
-
+	find . -name "svelte-kit" -type d -prune -exec rm -rf '{}' +
+	command -v docker >/dev/null 2>&1 && docker compose -f ./docker/docker-compose.dev.yml rm -v -f || true
+	command -v docker >/dev/null 2>&1 && docker compose -f ./e2e/docker-compose.yml rm -v -f || true

 setup-server-dev: install-server
 setup-web-dev: install-sdk build-sdk install-web
--- a/cli/.nvmrc
+++ b/cli/.nvmrc
@@ -1 +1 @@
-22.19.0
+22.17.1
--- a/cli/Dockerfile
+++ b/cli/Dockerfile
@@ -1,14 +1,19 @@
 FROM node:22.16.0-alpine3.20@sha256:2289fb1fba0f4633b08ec47b94a89c7e20b829fc5679f9b7b298eaa2f1ed8b7e AS core

+WORKDIR /usr/src/open-api/typescript-sdk
+COPY open-api/typescript-sdk/package*.json open-api/typescript-sdk/tsconfig*.json ./
+RUN npm ci
+COPY open-api/typescript-sdk/ ./
+RUN npm run build
+
 WORKDIR /usr/src/app
-COPY package* pnpm* .pnpmfile.cjs ./
-COPY ./cli ./cli/
-COPY ./open-api/typescript-sdk ./open-api/typescript-sdk/
-RUN corepack enable pnpm && \
-  pnpm install --filter @immich/sdk --filter @immich/cli --frozen-lockfile && \
-  pnpm --filter @immich/sdk build && \
-  pnpm --filter @immich/cli build
+
+COPY cli/package.json cli/package-lock.json ./
+RUN npm ci
+
+COPY cli .
+RUN npm run build

 WORKDIR /import

-ENTRYPOINT ["node", "/usr/src/app/cli/dist"]
+ENTRYPOINT ["node", "/usr/src/app/dist"]
--- a/cli/package-lock.json
+++ b/cli/package-lock.json
--- a/cli/package.json
+++ b/cli/package.json
@@ -1,6 +1,6 @@
 {
  "name": "@immich/cli",
-  "version": "2.2.92",
+  "version": "2.2.73",
  "description": "Command Line Interface (CLI) for Immich",
  "type": "module",
  "exports": "./dist/index.js",
@@ -13,6 +13,7 @@
    "cli"
  ],
  "devDependencies": {
+    "@eslint/eslintrc": "^3.1.0",
    "@eslint/js": "^9.8.0",
    "@immich/sdk": "file:../open-api/typescript-sdk",
    "@types/byte-size": "^8.1.0",
@@ -20,15 +21,15 @@
    "@types/lodash-es": "^4.17.12",
    "@types/micromatch": "^4.0.9",
    "@types/mock-fs": "^4.13.1",
-    "@types/node": "^22.18.1",
+    "@types/node": "^22.16.4",
    "@vitest/coverage-v8": "^3.0.0",
    "byte-size": "^9.0.0",
    "cli-progress": "^3.12.0",
    "commander": "^12.0.0",
    "eslint": "^9.14.0",
-    "eslint-config-prettier": "^10.1.8",
+    "eslint-config-prettier": "^10.0.0",
    "eslint-plugin-prettier": "^5.1.3",
-    "eslint-plugin-unicorn": "^60.0.0",
+    "eslint-plugin-unicorn": "^59.0.0",
    "globals": "^16.0.0",
    "mock-fs": "^5.2.0",
    "prettier": "^3.2.5",
@@ -68,6 +69,6 @@
    "micromatch": "^4.0.8"
  },
  "volta": {
-    "node": "22.19.0"
+    "node": "22.17.1"
  }
 }
--- a/deployment/modules/cloudflare/docs-release/.terraform.lock.hcl
+++ b/deployment/modules/cloudflare/docs-release/.terraform.lock.hcl
@@ -2,37 +2,37 @@
 # Manual edits may be lost in future updates.

 provider "registry.opentofu.org/cloudflare/cloudflare" {
-  version     = "4.52.5"
-  constraints = "4.52.5"
+  version     = "4.52.0"
+  constraints = "4.52.0"
  hashes = [
-    "h1:+rfzF+16ZcWZWnTyW/p1HHTzYbPKX8Zt2nIFtR/+f+E=",
-    "h1:18bXaaOSq8MWKuMxo/4y7EB7/i7G90y5QsKHZRmkoDo=",
-    "h1:4vZVOpKeEQZsF2VrARRZFeL37Ed/gD4rRMtfnvWQres=",
-    "h1:BZOsTF83QPKXTAaYqxPKzdl1KRjk/L2qbPpFjM0w28A=",
-    "h1:CDuC+HXLvc1z6wkCRsSDcc/+QENIHEtssYshiWg3opA=",
-    "h1:DE+YFzLnqSe79pI2R4idRGx5QzLdrA7RXvngTkGfZ30=",
-    "h1:DfaJwH3Ml4yrRbdAY4AcDVy0QTQk5T3A622TXzS/u2E=",
-    "h1:EIDXP0W3kgIv2pecrFmqtK/DnlqkyckzBzhxKaXU+4A=",
-    "h1:EV4kYyaOnwGA0bh/3hU6Ezqnt1PFDxopH7i85e48IzY=",
-    "h1:M0iXabfzamU+MPDi0G9XACpbacFKMakmM+Z9HZ8HrsM=",
-    "h1:YWmCbGF/KbsrUzcYVBLscwLizidbp95TDQa0N2qpmVo=",
-    "h1:cxPcCB5gbrpUO1+IXkQYs1YTY50/0IlApCzGea0cwuQ=",
-    "h1:g6DldikTV2HXUu9uoeNY5FuLufgaYWF4ufgZg7wq62s=",
-    "h1:oi/Hrx9pwoQ+Z52CBC+rrowVH387EIj0qvnxQgDeI+0=",
-    "zh:1a3400cb38863b2585968d1876706bcfc67a148e1318a1d325c6c7704adc999b",
-    "zh:4c5062cb9e9da1676f06ae92b8370186d98976cc4c7030d3cd76df12af54282a",
-    "zh:52110f493b5f0587ef77a1cfd1a67001fd4c617b14c6502d732ab47352bdc2f7",
-    "zh:5aa536f9eaeb43823aaf2aa80e7d39b25ef2b383405ed034aa16a28b446a9238",
-    "zh:5cc39459a1c6be8a918f17054e4fbba573825ed5597dcada588fe99614d98a5b",
-    "zh:629ae6a7ba298815131da826474d199312d21cec53a4d5ded4fa56a692e6f072",
-    "zh:719cc7c75dc1d3eb30c22ff5102a017996d9788b948078c7e1c5b3446aeca661",
-    "zh:8698635a3ca04383c1e93b21d6963346bdae54d27177a48e4b1435b7f731731c",
+    "h1:2BEJyXJtYC4B4nda/WCYUmuJYDaYk88F8t1pwPzr0iQ=",
+    "h1:4IASk5SESeWKQ7JU0+M7KApuF5mZyklvwMXPBabim3c=",
+    "h1:5ImZxxALSnWfH/4EXw/wFirSmk5Tr0ACmcysy51AafE=",
+    "h1:6TJ3dxLSin4ZKBJLsZDn95H2ZYnGm8S7GGHvvXuuMQU=",
+    "h1:IzTUjg9kQ4N3qizP9CjYLeHwjsuGgtxwXvfUQWyOLcA=",
+    "h1:NTaOQfYINA0YTG/V1/9+SYtgX1it63+cBugj4WK4FWc=",
+    "h1:PXH48LuJn329sCfMXprdMDk51EZaWFyajVvS03qhQLs=",
+    "h1:Pi5M+GeoMSN2eJ6QnIeXjBf19O+rby/74CfB2ocpv20=",
+    "h1:ShXZ2ZjBvm3thfoPPzPT8+OhyismnydQVkUAfI8X12w=",
+    "h1:WQ9hu0Wge2msBbODfottCSKgu8oKUrw4Opz+fDPVVHk=",
+    "h1:Z5yXML2DE0uH9UU+M0ut9JMQAORcwVZz1CxBHzeBmao=",
+    "h1:jqI2qKknpleS3JDSplyGYHMu0u9K/tor1ZOjFwDgEMk=",
+    "h1:kgfutDh14Q5nw4eg6qGFamFxIiY8Ae0FPKRBLDOzpcI=",
+    "h1:zCAO7GZmfYhWb+i6TfqlqhMeDyPZWGio2IzEzAh3YTs=",
+    "zh:19be1a91c982b902c42aba47766860dfa5dc151eed1e95fd39ca642229381ef0",
+    "zh:1de451c4d1ecf7efbe67b6dace3426ba810711afdd644b0f1b870364c8ae91f8",
+    "zh:352b4a2120173298622e669258744554339d959ac3a95607b117a48ee4a83238",
+    "zh:3c6f1346d9154afbd2d558fabb4b0150fc8d559aa961254144fe1bc17fe6032f",
+    "zh:4c4c92d53fb535b1e0eff26f222bbd627b97d3b4c891ec9c321268676d06152f",
+    "zh:53276f68006c9ceb7cdb10a6ccf91a5c1eadd1407a28edb5741e84e88d7e29e8",
+    "zh:7925a97773948171a63d4f65bb81ee92fd6d07a447e36012977313293a5435c9",
+    "zh:7dfb0a4496cfe032437386d0a2cd9229a1956e9c30bd920923c141b0f0440060",
    "zh:890df766e9b839623b1f0437355032a3c006226a6c200cd911e15ee1a9014e9f",
-    "zh:8a9993f1dcadf1dd6ca43b23348abe374605d29945a2fafc07fb3457644e6a54",
-    "zh:b1b9a1e6bcc24d5863a664a411d2dc906373ae7a2399d2d65548ce7377057852",
-    "zh:b270184cdeec277218e84b94cb136fead753da717f9b9dc378e51907f3f00bb0",
-    "zh:dff2bc10071210181726ce270f954995fe42c696e61e2e8f874021fed02521e5",
-    "zh:e8e87b40b6a87dc097b0fdc20d3f725cec0d82abc9cc3755c1f89f8f6e8b0036",
-    "zh:ee964a6573d399a5dd22ce328fb38ca1207797a02248f14b2e4913ee390e7803",
+    "zh:8d4aa79f0a414bb4163d771063c70cd991c8fac6c766e685bac2ee12903c5bd6",
+    "zh:a67540c13565616a7e7e51ee9366e88b0dc60046e1d75c72680e150bd02725bb",
+    "zh:a936383a4767f5393f38f622e92bf2d0c03fe04b69c284951f27345766c7b31b",
+    "zh:d4887d73c466ff036eecf50ad6404ba38fd82ea4855296b1846d244b0f13c380",
+    "zh:e9093c8bd5b6cd99c81666e315197791781b8f93afa14fc2e0f732d1bb2a44b7",
+    "zh:efd3b3f1ec59a37f635aa1d4efcf178734c2fcf8ddb0d56ea690bec342da8672",
  ]
 }
--- a/deployment/modules/cloudflare/docs-release/config.tf
+++ b/deployment/modules/cloudflare/docs-release/config.tf
@@ -5,7 +5,7 @@ terraform {
  required_providers {
    cloudflare = {
      source = "cloudflare/cloudflare"
-      version = "4.52.5"
+      version = "4.52.0"
    }
  }
 }
--- a/deployment/modules/cloudflare/docs/.terraform.lock.hcl
+++ b/deployment/modules/cloudflare/docs/.terraform.lock.hcl
@@ -2,37 +2,37 @@
 # Manual edits may be lost in future updates.

 provider "registry.opentofu.org/cloudflare/cloudflare" {
-  version     = "4.52.5"
-  constraints = "4.52.5"
+  version     = "4.52.0"
+  constraints = "4.52.0"
  hashes = [
-    "h1:+rfzF+16ZcWZWnTyW/p1HHTzYbPKX8Zt2nIFtR/+f+E=",
-    "h1:18bXaaOSq8MWKuMxo/4y7EB7/i7G90y5QsKHZRmkoDo=",
-    "h1:4vZVOpKeEQZsF2VrARRZFeL37Ed/gD4rRMtfnvWQres=",
-    "h1:BZOsTF83QPKXTAaYqxPKzdl1KRjk/L2qbPpFjM0w28A=",
-    "h1:CDuC+HXLvc1z6wkCRsSDcc/+QENIHEtssYshiWg3opA=",
-    "h1:DE+YFzLnqSe79pI2R4idRGx5QzLdrA7RXvngTkGfZ30=",
-    "h1:DfaJwH3Ml4yrRbdAY4AcDVy0QTQk5T3A622TXzS/u2E=",
-    "h1:EIDXP0W3kgIv2pecrFmqtK/DnlqkyckzBzhxKaXU+4A=",
-    "h1:EV4kYyaOnwGA0bh/3hU6Ezqnt1PFDxopH7i85e48IzY=",
-    "h1:M0iXabfzamU+MPDi0G9XACpbacFKMakmM+Z9HZ8HrsM=",
-    "h1:YWmCbGF/KbsrUzcYVBLscwLizidbp95TDQa0N2qpmVo=",
-    "h1:cxPcCB5gbrpUO1+IXkQYs1YTY50/0IlApCzGea0cwuQ=",
-    "h1:g6DldikTV2HXUu9uoeNY5FuLufgaYWF4ufgZg7wq62s=",
-    "h1:oi/Hrx9pwoQ+Z52CBC+rrowVH387EIj0qvnxQgDeI+0=",
-    "zh:1a3400cb38863b2585968d1876706bcfc67a148e1318a1d325c6c7704adc999b",
-    "zh:4c5062cb9e9da1676f06ae92b8370186d98976cc4c7030d3cd76df12af54282a",
-    "zh:52110f493b5f0587ef77a1cfd1a67001fd4c617b14c6502d732ab47352bdc2f7",
-    "zh:5aa536f9eaeb43823aaf2aa80e7d39b25ef2b383405ed034aa16a28b446a9238",
-    "zh:5cc39459a1c6be8a918f17054e4fbba573825ed5597dcada588fe99614d98a5b",
-    "zh:629ae6a7ba298815131da826474d199312d21cec53a4d5ded4fa56a692e6f072",
-    "zh:719cc7c75dc1d3eb30c22ff5102a017996d9788b948078c7e1c5b3446aeca661",
-    "zh:8698635a3ca04383c1e93b21d6963346bdae54d27177a48e4b1435b7f731731c",
+    "h1:2BEJyXJtYC4B4nda/WCYUmuJYDaYk88F8t1pwPzr0iQ=",
+    "h1:4IASk5SESeWKQ7JU0+M7KApuF5mZyklvwMXPBabim3c=",
+    "h1:5ImZxxALSnWfH/4EXw/wFirSmk5Tr0ACmcysy51AafE=",
+    "h1:6TJ3dxLSin4ZKBJLsZDn95H2ZYnGm8S7GGHvvXuuMQU=",
+    "h1:IzTUjg9kQ4N3qizP9CjYLeHwjsuGgtxwXvfUQWyOLcA=",
+    "h1:NTaOQfYINA0YTG/V1/9+SYtgX1it63+cBugj4WK4FWc=",
+    "h1:PXH48LuJn329sCfMXprdMDk51EZaWFyajVvS03qhQLs=",
+    "h1:Pi5M+GeoMSN2eJ6QnIeXjBf19O+rby/74CfB2ocpv20=",
+    "h1:ShXZ2ZjBvm3thfoPPzPT8+OhyismnydQVkUAfI8X12w=",
+    "h1:WQ9hu0Wge2msBbODfottCSKgu8oKUrw4Opz+fDPVVHk=",
+    "h1:Z5yXML2DE0uH9UU+M0ut9JMQAORcwVZz1CxBHzeBmao=",
+    "h1:jqI2qKknpleS3JDSplyGYHMu0u9K/tor1ZOjFwDgEMk=",
+    "h1:kgfutDh14Q5nw4eg6qGFamFxIiY8Ae0FPKRBLDOzpcI=",
+    "h1:zCAO7GZmfYhWb+i6TfqlqhMeDyPZWGio2IzEzAh3YTs=",
+    "zh:19be1a91c982b902c42aba47766860dfa5dc151eed1e95fd39ca642229381ef0",
+    "zh:1de451c4d1ecf7efbe67b6dace3426ba810711afdd644b0f1b870364c8ae91f8",
+    "zh:352b4a2120173298622e669258744554339d959ac3a95607b117a48ee4a83238",
+    "zh:3c6f1346d9154afbd2d558fabb4b0150fc8d559aa961254144fe1bc17fe6032f",
+    "zh:4c4c92d53fb535b1e0eff26f222bbd627b97d3b4c891ec9c321268676d06152f",
+    "zh:53276f68006c9ceb7cdb10a6ccf91a5c1eadd1407a28edb5741e84e88d7e29e8",
+    "zh:7925a97773948171a63d4f65bb81ee92fd6d07a447e36012977313293a5435c9",
+    "zh:7dfb0a4496cfe032437386d0a2cd9229a1956e9c30bd920923c141b0f0440060",
    "zh:890df766e9b839623b1f0437355032a3c006226a6c200cd911e15ee1a9014e9f",
-    "zh:8a9993f1dcadf1dd6ca43b23348abe374605d29945a2fafc07fb3457644e6a54",
-    "zh:b1b9a1e6bcc24d5863a664a411d2dc906373ae7a2399d2d65548ce7377057852",
-    "zh:b270184cdeec277218e84b94cb136fead753da717f9b9dc378e51907f3f00bb0",
-    "zh:dff2bc10071210181726ce270f954995fe42c696e61e2e8f874021fed02521e5",
-    "zh:e8e87b40b6a87dc097b0fdc20d3f725cec0d82abc9cc3755c1f89f8f6e8b0036",
-    "zh:ee964a6573d399a5dd22ce328fb38ca1207797a02248f14b2e4913ee390e7803",
+    "zh:8d4aa79f0a414bb4163d771063c70cd991c8fac6c766e685bac2ee12903c5bd6",
+    "zh:a67540c13565616a7e7e51ee9366e88b0dc60046e1d75c72680e150bd02725bb",
+    "zh:a936383a4767f5393f38f622e92bf2d0c03fe04b69c284951f27345766c7b31b",
+    "zh:d4887d73c466ff036eecf50ad6404ba38fd82ea4855296b1846d244b0f13c380",
+    "zh:e9093c8bd5b6cd99c81666e315197791781b8f93afa14fc2e0f732d1bb2a44b7",
+    "zh:efd3b3f1ec59a37f635aa1d4efcf178734c2fcf8ddb0d56ea690bec342da8672",
  ]
 }
--- a/deployment/modules/cloudflare/docs/config.tf
+++ b/deployment/modules/cloudflare/docs/config.tf
@@ -5,7 +5,7 @@ terraform {
  required_providers {
    cloudflare = {
      source = "cloudflare/cloudflare"
-      version = "4.52.5"
+      version = "4.52.0"
    }
  }
 }
--- a/docker/docker-compose.dev.yml
+++ b/docker/docker-compose.dev.yml
@@ -23,24 +23,16 @@ services:
    #   service: cpu # set to one of [nvenc, quicksync, rkmpp, vaapi, vaapi-wsl] for accelerated transcoding
    build:
      context: ../
-      dockerfile: server/Dockerfile.dev
+      dockerfile: server/Dockerfile
      target: dev
    restart: unless-stopped
    volumes:
-      - ..:/usr/src/app
-      - ${UPLOAD_LOCATION}/photos:/data
+      - ../server:/usr/src/app/server
+      - ../open-api:/usr/src/app/open-api
+      - ${UPLOAD_LOCATION}/photos:/usr/src/app/upload
+      - ${UPLOAD_LOCATION}/photos/upload:/usr/src/app/upload/upload
+      - /usr/src/app/server/node_modules
      - /etc/localtime:/etc/localtime:ro
-      - pnpm-store:/usr/src/app/.pnpm-store
-      - server-node_modules:/usr/src/app/server/node_modules
-      - web-node_modules:/usr/src/app/web/node_modules
-      - github-node_modules:/usr/src/app/.github/node_modules
-      - cli-node_modules:/usr/src/app/cli/node_modules
-      - docs-node_modules:/usr/src/app/docs/node_modules
-      - e2e-node_modules:/usr/src/app/e2e/node_modules
-      - sdk-node_modules:/usr/src/app/open-api/typescript-sdk/node_modules
-      - app-node_modules:/usr/src/app/node_modules
-      - sveltekit:/usr/src/app/web/.svelte-kit
-      - coverage:/usr/src/app/web/coverage
    env_file:
      - .env
    environment:
@@ -66,20 +58,19 @@ services:
      - 9231:9231
      - 2283:2283
    depends_on:
-      redis:
-        condition: service_started
-      database:
-        condition: service_started
+      - redis
+      - database
    healthcheck:
      disable: false

  immich-web:
    container_name: immich_web
    image: immich-web-dev:latest
+    # Needed for rootless docker setup, see https://github.com/moby/moby/issues/45919
+    # user: 0:0
    build:
      context: ../
-      dockerfile: server/Dockerfile.dev
-      target: dev
+      dockerfile: web/Dockerfile
    command: ['immich-web']
    env_file:
      - .env
@@ -87,26 +78,18 @@ services:
      - 3000:3000
      - 24678:24678
    volumes:
-      - ..:/usr/src/app
-      - pnpm-store:/usr/src/app/.pnpm-store
-      - server-node_modules:/usr/src/app/server/node_modules
-      - web-node_modules:/usr/src/app/web/node_modules
-      - github-node_modules:/usr/src/app/.github/node_modules
-      - cli-node_modules:/usr/src/app/cli/node_modules
-      - docs-node_modules:/usr/src/app/docs/node_modules
-      - e2e-node_modules:/usr/src/app/e2e/node_modules
-      - sdk-node_modules:/usr/src/app/open-api/typescript-sdk/node_modules
-      - app-node_modules:/usr/src/app/node_modules
-      - sveltekit:/usr/src/app/web/.svelte-kit
-      - coverage:/usr/src/app/web/coverage
+      - ../web:/usr/src/app/web
+      - ../i18n:/usr/src/app/i18n
+      - ../open-api/:/usr/src/app/open-api/
+      # - ../../ui:/usr/ui
+      - /usr/src/app/web/node_modules
    ulimits:
      nofile:
        soft: 1048576
        hard: 1048576
    restart: unless-stopped
    depends_on:
-      immich-server:
-        condition: service_started
+      - immich-server

  immich-machine-learning:
    container_name: immich_machine_learning
@@ -134,13 +117,13 @@ services:

  redis:
    container_name: immich_redis
-    image: docker.io/valkey/valkey:8-bookworm@sha256:fea8b3e67b15729d4bb70589eb03367bab9ad1ee89c876f54327fc7c6e618571
+    image: docker.io/valkey/valkey:8-bookworm@sha256:facc1d2c3462975c34e10fccb167bfa92b0e0dbd992fc282c29a61c3243afb11
    healthcheck:
      test: redis-cli ping || exit 1

  database:
    container_name: immich_postgres
-    image: ghcr.io/immich-app/postgres:14-vectorchord0.4.3-pgvectors0.2.0@sha256:c44be5f2871c59362966d71eab4268170eb6f5653c0e6170184e72b38ffdf107
+    image: ghcr.io/immich-app/postgres:14-vectorchord0.4.3-pgvectors0.2.0@sha256:5f6a838e4e44c8e0e019d0ebfe3ee8952b69afc2809b2c25f7b0119641978e91
    env_file:
      - .env
    environment:
@@ -178,14 +161,3 @@ volumes:
  model-cache:
  prometheus-data:
  grafana-data:
-  pnpm-store:
-  server-node_modules:
-  web-node_modules:
-  github-node_modules:
-  cli-node_modules:
-  docs-node_modules:
-  e2e-node_modules:
-  sdk-node_modules:
-  app-node_modules:
-  sveltekit:
-  coverage:
--- a/docker/docker-compose.prod.yml
+++ b/docker/docker-compose.prod.yml
@@ -20,7 +20,7 @@ services:
      context: ../
      dockerfile: server/Dockerfile
    volumes:
-      - ${UPLOAD_LOCATION}/photos:/data
+      - ${UPLOAD_LOCATION}/photos:/usr/src/app/upload
      - /etc/localtime:/etc/localtime:ro
    env_file:
      - .env
@@ -56,14 +56,14 @@ services:

  redis:
    container_name: immich_redis
-    image: docker.io/valkey/valkey:8-bookworm@sha256:fea8b3e67b15729d4bb70589eb03367bab9ad1ee89c876f54327fc7c6e618571
+    image: docker.io/valkey/valkey:8-bookworm@sha256:facc1d2c3462975c34e10fccb167bfa92b0e0dbd992fc282c29a61c3243afb11
    healthcheck:
      test: redis-cli ping || exit 1
    restart: always

  database:
    container_name: immich_postgres
-    image: ghcr.io/immich-app/postgres:14-vectorchord0.4.3-pgvectors0.2.0@sha256:c44be5f2871c59362966d71eab4268170eb6f5653c0e6170184e72b38ffdf107
+    image: ghcr.io/immich-app/postgres:14-vectorchord0.4.3-pgvectors0.2.0@sha256:5f6a838e4e44c8e0e019d0ebfe3ee8952b69afc2809b2c25f7b0119641978e91
    env_file:
      - .env
    environment:
@@ -95,7 +95,7 @@ services:
    command: ['./run.sh', '-disable-reporting']
    ports:
      - 3000:3000
-    image: grafana/grafana:12.1.1-ubuntu@sha256:d1da838234ff2de93e0065ee1bf0e66d38f948dcc5d718c25fa6237e14b4424a
+    image: grafana/grafana:12.0.2-ubuntu@sha256:0512d81cdeaaff0e370a9aa66027b465d1f1f04379c3a9c801a905fabbdbc7a5
    volumes:
      - grafana-data:/var/lib/grafana

--- a/docker/docker-compose.yml
+++ b/docker/docker-compose.yml
@@ -18,7 +18,7 @@ services:
    #   service: cpu # set to one of [nvenc, quicksync, rkmpp, vaapi, vaapi-wsl] for accelerated transcoding
    volumes:
      # Do not edit the next line. If you want to change the media storage location on your system, edit the value of UPLOAD_LOCATION in the .env file
-      - ${UPLOAD_LOCATION}:/data
+      - ${UPLOAD_LOCATION}:/usr/src/app/upload
      - /etc/localtime:/etc/localtime:ro
    env_file:
      - .env
@@ -49,14 +49,14 @@ services:

  redis:
    container_name: immich_redis
-    image: docker.io/valkey/valkey:8-bookworm@sha256:fea8b3e67b15729d4bb70589eb03367bab9ad1ee89c876f54327fc7c6e618571
+    image: docker.io/valkey/valkey:8-bookworm@sha256:facc1d2c3462975c34e10fccb167bfa92b0e0dbd992fc282c29a61c3243afb11
    healthcheck:
      test: redis-cli ping || exit 1
    restart: always

  database:
    container_name: immich_postgres
-    image: ghcr.io/immich-app/postgres:14-vectorchord0.4.3-pgvectors0.2.0@sha256:c44be5f2871c59362966d71eab4268170eb6f5653c0e6170184e72b38ffdf107
+    image: ghcr.io/immich-app/postgres:14-vectorchord0.4.3-pgvectors0.2.0@sha256:5f6a838e4e44c8e0e019d0ebfe3ee8952b69afc2809b2c25f7b0119641978e91
    environment:
      POSTGRES_PASSWORD: ${DB_PASSWORD}
      POSTGRES_USER: ${DB_USERNAME}
--- a/docs/.gitignore
+++ b/docs/.gitignore
@@ -18,6 +18,4 @@
 npm-debug.log*
 yarn-debug.log*
 yarn-error.log*
-yarn.lock
-
-/static/openapi.json
+yarn.lock
--- a/docs/.nvmrc
+++ b/docs/.nvmrc
@@ -1 +1 @@
-22.19.0
+22.17.1
--- a/docs/README.md
+++ b/docs/README.md
@@ -5,13 +5,13 @@ This website is built using [Docusaurus](https://docusaurus.io/), a modern stati
 ### Installation

 ```
-$ pnpm install
+$ npm install
 ```

 ### Local Development

 ```
-$ pnpm run start
+$ npm run start
 ```

 This command starts a local development server and opens up a browser window. Most changes are reflected live without having to restart the server.
@@ -19,7 +19,7 @@ This command starts a local development server and opens up a browser window. Mo
 ### Build

 ```
-$ pnpm run build
+$ npm run build
 ```

 This command generates static content into the `build` directory and can be served using any static contents hosting service.
@@ -29,13 +29,13 @@ This command generates static content into the `build` directory and can be serv
 Using SSH:

 ```
-$ USE_SSH=true pnpm run deploy
+$ USE_SSH=true npm run deploy
 ```

 Not using SSH:

 ```
-$ GIT_USER=<Your GitHub username> pnpm run deploy
+$ GIT_USER=<Your GitHub username> npm run deploy
 ```

 If you are using GitHub pages for hosting, this command is a convenient way to build the website and push to the `gh-pages` branch.
--- a/docs/blog/2022/11-10/release-1.36.mdx
+++ b/docs/blog/2022/11-10/release-1.36.mdx
@@ -0,0 +1,110 @@
+---
+slug: release-1-36
+title: Release v1.36.0
+authors: [alextran]
+tags: [release]
+date: 2022-11-10
+---
+
+Hello everyone, it is my pleasure to deliver the new release of Immich to you. The team has been working hard to bring you the new features and improvements. This release includes some big features that the community has been asking since the beginning of Immich. We hope you will enjoy it.
+
+Some notable features are:
+
+- OAuth integration
+- LivePhoto support on iOS
+- User config system
+
+<!--truncate-->
+
+## LivePhoto iOS Support 🎉
+
+LivePhoto on iOS is now supported in Immich.
+
+The motion part will now be uploaded and can be played on the mobile app and the web.
+
+:::caution
+
+- The server and the app has to be on version **1.36.x** for the application to work correctly.
+- Previous uploaded photos will not be updated automatically, you will have to remove and reupload them if you want to keep the LivePhoto functionality.
+
+:::
+
+<img
+  src="https://media.giphy.com/media/fTrGceZd7t1ewi8ESc/giphy.gif"
+  width="100%"
+  style={{
+    borderRadius: '10px',
+    boxShadow: 'rgba(9, 30, 66, 0.25) 0px 1px 1px, rgba(9, 30, 66, 0.13) 0px 0px 1px 1px',
+  }}
+  title="LivePhoto playback on the web"
+/>
+
+## OAuth Integration 🎉
+
+I want to borrow this chance to express my gratitude to [@EnricoBilla](https://github.com/EnricoBilla), who has been the trailblazer for this feature since the beginning days of Immich. His PR has sparked ideas, suggestions, and discussion among the team member on how to integrate this feature successfully into the app. Thank you so much for your work and your time.
+
+OAuth is now integrated into the system. Please follow the guide [here](https://immich.app/docs/usage/oauth) to set up your OAuth integration
+
+After setting up the correct environment variables in the `.env` file, as shown below
+
+| Key                 | Type    | Default              | Description                                                               |
+| ------------------- | ------- | -------------------- | ------------------------------------------------------------------------- |
+| OAUTH_ENABLED       | boolean | false                | Enable/disable OAuth2                                                     |
+| OAUTH_ISSUER_URL    | URL     | (required)           | Required. Self-discovery URL for client                                   |
+| OAUTH_CLIENT_ID     | string  | (required)           | Required. Client ID                                                       |
+| OAUTH_CLIENT_SECRET | string  | (required)           | Required. Client Secret                                                   |
+| OAUTH_SCOPE         | string  | openid email profile | Full list of scopes to send with the request (space delimited)            |
+| OAUTH_AUTO_REGISTER | boolean | true                 | When true, will automatically register a user the first time they sign in |
+| OAUTH_BUTTON_TEXT   | string  | Login with OAuth     | Text for the OAuth button on the web                                      |
+
+```bash title="Authentik Example"
+OAUTH_ENABLED=true
+OAUTH_ISSUER_URL=http://10.1.15.216:9000/application/o/immich-test/
+OAUTH_CLIENT_ID=30596v8f78a4b6a97d5985c3076b6b4c4d12ddc33
+OAUTH_CLIENT_SECRET=50f1eafdec353b95b1c638db390db4ab67ef035a51212dbec2f56175e2eb272b5d572c099176e6fe116ecf47ffdd544bgdb9e2edc588307ee0339d25eeccd88
+OAUTH_BUTTON_TEXT=Login with Authentik
+```
+
+The web will have the option to sign in with OAuth.
+
+<img
+  src="https://user-images.githubusercontent.com/27055614/202923726-f43fa148-47f5-4182-8f29-b0b87e4586fa.png"
+  width="50%"
+  title="Web Sign in with OAuth"
+  style={{
+    borderRadius: '10px',
+    boxShadow: 'rgba(9, 30, 66, 0.25) 0px 1px 1px, rgba(9, 30, 66, 0.13) 0px 0px 1px 1px',
+  }}
+/>
+
+The mobile app will check if the server has OAuth enabled before displaying the OAuth
+sign-in button.
+
+<img
+  src="https://media.giphy.com/media/3iy3SaNkVYtlkEiw06/giphy.gif"
+  title="Mobile sign in with OAuth"
+  style={{
+    borderRadius: '10px',
+    boxShadow: 'rgba(9, 30, 66, 0.25) 0px 1px 1px, rgba(9, 30, 66, 0.13) 0px 0px 1px 1px',
+  }}
+/>
+
+## Support
+
+<img
+  src="https://media.giphy.com/media/LStqgGESXW8XnuCv5y/giphy.gif"
+  width="300"
+  style={{
+    borderRadius: '10px',
+    boxShadow: 'rgba(9, 30, 66, 0.25) 0px 1px 1px, rgba(9, 30, 66, 0.13) 0px 0px 1px 1px',
+  }}
+  title="Support the project"
+/>
+
+If you find the project helpful and it helps you in some ways, you can support the project [one time](https://github.com/sponsors/alextran1502?frequency=one-time&sponsor=alextran1502) or [monthly](https://github.com/sponsors/alextran1502) from GitHub Sponsor
+
+It is a great way to let me know that you want me to continue developing and working on this project for years to come.
+
+## Details
+
+For more details, please check out the [release note](https://github.com/immich-app/immich/releases/tag/v1.36.0_55-dev)
--- a/docs/blog/2023/06-24/update.mdx
+++ b/docs/blog/2023/06-24/update.mdx
@@ -0,0 +1,103 @@
+---
+title: Immich Update - June 2023
+authors: [alextran]
+tags: [update]
+---
+
+Hello everybody, Alex here!
+
+I am back with another update on Immich. It has been only a month since my last update (May 18th, 2023), but it seems forever. I think the rapid releases of Immich and the amount of work make the perspective of time change in Immich’s world. We have some exciting updates that I think you will like.
+
+Before going into detail, on behalf of the core team, I would like to thank all of you for loving Immich and contributing to the project. Thank you for helping me make Immich an enjoyable alternative solution to Google Photos so that you have complete control of your data and privacy. I know we are still young and have a lot of work to do, but I am confident we will get there with help from the community. I appreciate all of you from the bottom of my heart!
+
+<!--truncate-->
+
+And now, to the exciting part, what is new in Immich’s world?
+
+- Initial support for existing gallery.
+- Memory feature.
+- Support XMP sidecar.
+- Support more raw formats.
+- Justified layout for web timeline and blurred thumbnail hash.
+- Mechanism to host machine learning on a completely different machine.
+
+## Support for existing gallery
+
+I know this is the most controversial feature when it comes to Immich’s way of ingesting photos and videos. For many users, having to upload photos and videos to Immich is simply not working. We listen, discuss, and digest this feature internally more than you imagine because it is not a simple feature to tackle while keeping the performance and the user experience at the top level, which is Immich’s primary goal.
+
+Thankfully, we have many great contributors and developers that want to make this come true. So we came up with an initial implementation of this feature in the form of a supporting read-only gallery.
+
+To be concise, Immich can now read in the gallery files, register the path into the database, and then generate necessary files and put them through Immich’s machine learning pipeline so you can use all the goodness of Immich without the need to upload them. Since this is the initial implementation, some actions/behavior are not yet supported, and we aim to build toward them in future releases, namely:
+
+- Assets are not automatically synced and must instead be manually synced with the CLI tool.
+- Only new files that are added to the gallery will be detected.
+- Deleted and moved files will not be detected.
+
+## Memory feature
+
+This is considered a fun feature that the team and I wanted to build for so long, but we had to put it off because of the refactoring of the code base. The code base is now in a good enough form to circle back and add more exciting features.
+
+This memory feature is very much similar to GPhotos' implementation of “x years since…”. We are aiming to add more categories of memories in the future, such as “Spotlight of the day” or “Day of the Week highlights”
+
+<iframe
+  width="560"
+  height="315"
+  src="https://www.youtube.com/embed/j5XZKvViPew"
+  title="YouTube video player"
+  frameborder="0"
+  allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share"
+  allowfullscreen
+></iframe>
+
+This feature is now available on the web and will be ported to the mobile app in the near future.
+
+## Support XMP Sidecar
+
+Immich can now import/upload XMP sidecars from the CLI and use the information as the metadata of assets.
+
+## Support more raw formats.
+
+With the recent updates on the dependencies of Immich, we are now extending and hardening support for multiple raw formats. So users with DSLR or mirrorless cameras can now upload their original files to Immich and have them displayed in high-quality thumbnails on the web and mobile view.
+
+## Justified layout for web timeline and blurred thumbnail hash
+
+This is an aesthetic improvement in user experience when browsing the timeline. Photos and videos are now displayed correctly with perspective orientation, making the browsing experience more pleasurable.
+
+To further improve the browsing experience, we now added a blur hash to the thumbnail, so the transition is more natural with a dreamy fade in effect, similar to how our brain goes from faded to vivid memory
+
+<iframe
+  width="560"
+  height="315"
+  src="https://www.youtube.com/embed/b95FLmGHRFc"
+  title="YouTube video player"
+  frameborder="0"
+  allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share"
+  allowfullscreen
+></iframe>
+
+## Hosting machine learning container on a different machine
+
+With more capabilities Immich is building toward, machine learning will get more powerful and therefore require more resources to run effectively. However, we understand that users might not have the best server resources where they host the Immich instance. Therefore, we changed how machine learning interacts and receives the photos and videos to run through its inference pipeline.
+
+The machine learning container is now a headless system that can run on any machine. As long as your Immich instance can communicate with the system running the machine learning container, it can send the files and receive the required information to make Immich powerful in terms of searching and intelligence. This helps you to utilize a more powerful machine in your home/infrastructure to perform the CPU-intensive tasks while letting Immich only handle the I/O operations for a pleasant and smooth experience.
+
+---
+
+So, those are the highlights for the team and the community after a busy month. There are a lot more changes and improvements. I encourage you to read some release notes, starting from version [v1.57.0](https://github.com/immich-app/immich/releases/tag/v1.57.0) to now.
+
+Thank you, and I am asking for your support for the project. I hope to be a full-time maintainer of Immich one day to dedicate myself to the project as my life works for the community and my family. You can find the support channels below:
+
+- Monthly donation via [GitHub Sponsors](https://github.com/sponsors/alextran1502)
+- One-time donation via [GitHub Sponsors](https://github.com/sponsors/alextran1502?frequency=one-time&sponsor=alextran1502)
+- [Liberapay](https://liberapay.com/alex.tran1502/)
+- [buymeacoffee](https://www.buymeacoffee.com/altran1502)
+- Bitcoin: 3QVAb9dCHutquVejeNXitPqZX26Yg5kxb7
+- Give a project a star - the contributors love gazing at the stars and seeing their creations shining in the sky.
+
+Join our friendly [Discord](https://discord.immich.app) to talk and discuss Immich, tech, or anything
+
+Cheer!
+
+Until next time!
+
+Alex
--- a/docs/blog/2023/07-29/images/web-shortcuts-panel.png
+++ b/docs/blog/2023/07-29/images/web-shortcuts-panel.png
--- a/docs/blog/2023/07-29/update.mdx
+++ b/docs/blog/2023/07-29/update.mdx
@@ -0,0 +1,151 @@
+---
+title: Immich Update - July 2023
+authors: [alextran]
+tags: [update, v1.64.0-v1.71.0]
+---
+
+Hello, Immich fans, another month, another milestone. We hope you are staying cool and safe in this scorching hot summer across the globe.
+
+Immich recently got some good recognition when getting to the front page of HackerNews, which helped to let more people know about the project's existence. The project will help more and more people find a solution to control the privacy of their most precious moments. And with the gain in popularity and recognition, we have gotten new users and more questions from the community than ever.
+
+I want to express my gratitude to all the contributors and the community who have been tremendously helpful to new users' questions and provided technical support.
+
+Below are the highlights of new features we added to the application over the past month, along with countless bug fixes and improvements across the board, from developer experience to resource optimization and UI/UX improvement. I hope you find these topics as exciting as I am.
+
+## Highlights
+
+- Memories feature.
+- Facial recognition improvements.
+- Improvements on multi selection behavior on the web.
+- Shortcuts for common actions on the web.
+- Support viewer for 360-panorama photos.
+
+<!--truncate-->
+
+---
+
+### Memories feature
+
+We've added the memory feature on the mobile app, so you can reminisce about your past memories.
+
+<iframe
+  width="560"
+  height="315"
+  src="https://youtube.com/embed/c7OTl-RqNRE"
+  title="YouTube video player"
+  frameborder="0"
+  allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share"
+  allowfullscreen
+></iframe>
+
+### Facial recognition improvements
+
+Over the past few releases, we have added many UI improvements to the facial recognition feature to help you manage the recognized people better. Some of the highlights:
+
+#### Choose a new feature photo for a person.
+
+<iframe
+  width="560"
+  height="315"
+  src="https://youtube.com/embed/PmJp8DmSh1U"
+  title="YouTube video player"
+  frameborder="0"
+  allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share"
+  allowfullscreen
+></iframe>
+
+#### Hide and show faces.
+
+You can now select irrelevant faces to hide them. The hidden faces won’t be displayed in search results and the people section in the info panel.
+
+#### Merge faces.
+
+This is useful when you have multiple faces of the same person in your photos, and you want to merge them into one.
+
+<iframe
+  width="560"
+  height="315"
+  src="https://youtube.com/embed/-Xskhw-vpc4"
+  title="YouTube video player"
+  frameborder="0"
+  allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share"
+  allowfullscreen
+></iframe>
+
+We also added a nifty mechanism that when naming a face, similar names will prompt you a merge face option for the convenience.
+
+<iframe
+  width="560"
+  height="315"
+  src="https://youtube.com/embed/XzE6wficbl4"
+  title="YouTube video player"
+  frameborder="0"
+  allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share"
+  allowfullscreen
+></iframe>
+
+### Improvements on multi selection behavior on the web
+
+We have added a new multi selection behavior on the web to help you select multiple items easier. You can now select a range of photos and videos by holding the `Shift` key.
+
+<iframe
+  width="560"
+  height="315"
+  src="https://youtube.com/embed/e_SiuHpVnmM"
+  title="YouTube video player"
+  frameborder="0"
+  allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share"
+  allowfullscreen
+></iframe>
+
+### Shortcuts for common actions on the web.
+
+Some of us only navigate the world and the web with a keyboard (looking at you, Vim and Emacs users). So it would take away the sacred weapon of choice to require many clicks to perform repetitive actions. So we added quick shortcuts for the following action on the web.
+
+<img
+  src={require('./images/web-shortcuts-panel.png').default}
+  width="100%"
+  style={{ borderRadius: '25px' }}
+  alt="Dot Env Example"
+/>
+
+### Support viewer for 360-panorama photos.
+
+Photos with the EXIF property of `ProjectionType` will now have a special viewer on the web to view all the angles of the panorama.
+
+The thumbnail of the 360 degrees panoramas will have a special icon on the top right of the thumbnail
+
+<img
+  src="https://github.com/immich-app/immich/assets/61410067/728ca1b0-375c-4631-8081-a609843e702f"
+  width="50%"
+  style={{ borderRadius: '25px' }}
+  alt="Dot Env Example"
+/>
+
+Panorama in the detail view
+
+<img
+  src="https://github.com/immich-app/immich/assets/61410067/3c89dac4-395d-45fa-9bc5-98a6248fd476"
+  width="50%"
+  style={{ borderRadius: '25px' }}
+  alt="Dot Env Example"
+/>
+
+---
+
+Thank you, and I am asking for your support for the project. I hope to be a full-time maintainer of Immich one day to dedicate myself to the project as my life's work for the community and my family. You can find the support channels below:
+
+- Monthly donation via [GitHub Sponsors](https://github.com/sponsors/alextran1502)
+- One-time donation via [GitHub Sponsors](https://github.com/sponsors/alextran1502?frequency=one-time&sponsor=alextran1502)
+- [Liberapay](https://liberapay.com/alex.tran1502/)
+- [buymeacoffee](https://www.buymeacoffee.com/altran1502)
+- Bitcoin: 3QVAb9dCHutquVejeNXitPqZX26Yg5kxb7
+- Give a project a star - the contributors love gazing at the stars and seeing their creations shining in the sky.
+
+Join our friendly [Discord](https://discord.immich.app) to talk and discuss Immich, tech, or anything
+
+Cheer!
+
+Until next time!
+
+Alex
--- a/docs/blog/2023/2023-recap.mdx
+++ b/docs/blog/2023/2023-recap.mdx
@@ -0,0 +1,71 @@
+---
+title: Immich Recap 2023
+authors: [alextran]
+tags: [update, recap-2023]
+date: 2023-12-30T00:00
+---
+
+Hi everyone,
+
+Alex from Immich here.
+
+We are entering the last few weeks of 2023, and it has been quite a year for Immich. The project has grown so much in terms of users, developers, features, maturity, and the community around it. When I started working on Immich, it was simply a challenge for myself and an opportunity to learn new technologies, crafting something fun and useful for my wife during my free time to satisfy my urge to build and create things. I never thought it would become so popular and help so many people. At the end of the day, all we have is memory. I am proud that the team and I have created something to make storing and viewing those precious memories easier without restrictions and without sacrificing our privacy. As the year closes, here’s a recap of everything the project accomplished in 2023.
+
+# Milestones
+
+- Public shared links
+- Favorites page
+- Immich turned 1
+- Material Design 3 on the mobile app
+- Auto-link LivePhotos server-side
+- iOS background backup
+- Explore page
+- CLIP search
+- Search by metadata
+- Responsive web app
+- Archive page
+- Asset descriptions
+- 10,000 stars on GitHub
+- Manage auth devices
+- Map view
+- Facial recognition, clustering, searching, renaming, and person management
+- Partner sharing and unifying timeline between partners' users
+- Custom storage label
+- XMP sidecar reading
+- RAW file formats
+- Justified layout on the web
+- Memories
+- Multi-select via SHIFT
+- Android Motion Photos
+- 360° Photos
+- Album description
+- Album performance improvements (time buckets)
+- Video hardware transcoding
+- Slideshow mode on the web
+- Configuration file
+- External libraries
+- Trash page
+- Custom theme
+- Asset Stacking
+- 20,000 stars on GitHub
+- Shared album activity and comments
+- CLI v2
+- Down to 5 containers (from 8)
+
+# Fun Statistics
+
+- We have gone from the release version `1.41.0` to `1.90.0` at the time of writing. On average, we see a release every 7 days.
+- According to GitHub's metrics, the `immich-server` container image has been pulled almost _4 million_ times.
+- According to mobile app store metrics, we have 22,000 installations on Android and 6700 installation units on iOS (opt-in only).
+- Immich is making around $1200/month on average from donations. (Thank you all so much!)
+- We were guests on two podcasts:
+  - [Self-hosted](https://selfhosted.show/110)
+  - [The Vergecast](https://www.theverge.com/23938533/self-hosting-local-first-software-vergecast)
+- There are over 4,500 members on the Discord server.
+- We have over 22,000 stars on the main GitHub repository, gaining 15,000 stars since January 2023.
+
+Diving into the next year, the team will continue to build on the foundation we have laid out over the past year, implementing more advanced features for searching, organizing, and sharing between users. Bugs will continue to be squashed and conquered. “Shit Alex wrote'' code will continue to be replaced by beautiful, clean code from Jason, Zack, Boet, Daniel, Osorin, Mert, Fynn, Marty, Martin, and Jonathan. The team has my eternal gratitude for creating a welcoming environment for new contributors, helping, teaching, and learning from each other. I’ve realized that hardly a day has gone by where the team hasn’t been in communication about Immich related topics over the past year.
+
+My long-term goal is to help hone Immich into a diamond in the FOSS space, where the UI, UX, development experiences, documentation, and quality are at a high standard while remaining free for everybody to use.
+
+I hope you enjoy Immich and have a happy and peaceful holiday.
--- a/docs/blog/2024/immich-core-team-goes-fulltime.mdx
+++ b/docs/blog/2024/immich-core-team-goes-fulltime.mdx
@@ -0,0 +1,75 @@
+---
+title: The Immich core team goes full-time
+authors: [alextran]
+tags: [update, announcement, FUTO]
+date: 2024-05-01T00:00
+---
+
+**Immich is joining [FUTO](https://futo.org/)!**
+
+Since the beginning of this adventure, my goal has always been to create a better world for my children. Memories are priceless, and privacy should not be a luxury. However, building quality open source has its challenges. Over the past two years, it has taken significant dedication, time, and effort.
+
+Recently, a company in Austin, Texas, called FUTO contacted the team. FUTO strives to develop quality and sustainable open software. They build software alternatives that focus on giving control to users. From their mission statement:
+
+“Computers should belong to you, the people. We develop and fund technology to give them back.”
+
+FUTO loved Immich and wanted to see if we’d consider working with them to take the project to the next level. In short, FUTO offered to:
+
+- Pay the core team to work on Immich full-time
+- Let us keep full autonomy about the project’s direction and leadership
+- Continue to license Immich under AGPL
+- Keep Immich’s development direction with no paywalled features
+- Keep Immich “built for the people” (no ads, data mining/selling, or alternative motives)
+- Provide us with financial, technical, legal, and administrative support
+
+After careful deliberation, the team decided that FUTO’s vision closely aligns with our own: to build a better future by providing a polished, performant, and privacy-preserving open-source software solution for photo and video management delivered in a sustainable way.
+
+Immich’s future has never looked brighter, and we look forward to realizing our vision for Immich as part of FUTO.
+
+If you have more questions, we’ll host a Q&A live stream on May 9th at 3PM UTC (10AM CST). [You can ask questions here](https://www.live-ask.com/event/01HWP2SB99A1K8EXFBDKZ5Z9CF), and the stream will be live [here on our YouTube channel](https://youtube.com/live/cwz2iZwYpgg).
+
+Cheers,
+
+The Immich Team
+
+---
+
+## FAQs
+
+### What is FUTO?
+
+[https://futo.org/what-is-futo/](https://futo.org/what-is-futo/)
+
+### Will the license change?
+
+No. Immich will continue to be licensed under AGPL without a CLA.
+
+### Will Immich continue to be free?
+
+Yes. The Immich source code will remain freely available under the AGPL license.
+
+### Is Immich getting VC funding?
+
+No. Venture capital implies investment in a business, often with the expectation of a future payout (exit plan). Immich is neither a business that can be acquired nor comes with a money-making exit plan.
+
+### I am currently supporting Immich through GitHub sponsors. What will happen to my donation?
+
+Effective immediately, all donations to the Immich organization will be canceled. In the future, we will offer an optional, modest payment option instead. Thank you to everyone who donated to help us get this far!
+
+### How is funding sustainable?
+
+Immich and FUTO believe a sustainable future requires a model that does not rely on users-as-a-product. To this end, FUTO advocates that users pay for good, open software. In keeping with this model, we will adopt a purchase price. This means we no longer accept donations, but — _without limiting features for those who do not pay_ — we will soon allow you to purchase Immich through a modest payment. We encourage you to pay for the high-quality software you use to foster a healthy software culture where developers build great applications without hidden motives for their users.
+
+### When does this change take effect?
+
+This change takes effect immediately.
+
+### What will change?
+
+The following things will change as Immich joins FUTO:
+
+- The brand, logo, and other Immich trademarks will be transferred to FUTO.
+- We will stop all donations to the project.
+- The core team can now dedicate our full attention to Immich
+- Before the end of the year, we plan to have a roadmap for what it will take to get Immich to a stable release.
+- Bugs will be squashed, and features will be delivered faster.
--- a/docs/blog/2024/immich-licensing.mdx
+++ b/docs/blog/2024/immich-licensing.mdx
@@ -0,0 +1,91 @@
+---
+title: Licensing announcement - Purchase a license to support Immich
+authors: [alextran]
+tags: [update, announcement, FUTO]
+date: 2024-07-18T00:00
+---
+
+Hello everybody,
+
+Firstly, on behalf of the Immich team, I'd like to thank everybody for your continuous support of Immich since the very first day! Your contributions, encouragement, and community engagement have helped bring Immich to its current state. The team and I are forever grateful for that.
+
+Since our [last announcement of the core team joining FUTO to work on Immich full-time](https://immich.app/blog/2024/immich-core-team-goes-fulltime), one of the goals of our new position is to foster a healthy relationship between the developers and the users. We believe that this enables us to create great software, establish transparent policies and build trust.
+
+We want to build a great software application that brings value to you and your loved ones' lives. We are not using you as a product, i.e., selling or tracking your data. We are not putting annoying ads into our software. We respect your privacy. We want to be compensated for the hard work we put in to build Immich for you.
+
+With those notes, we have enabled a way for you to financially support the continued development of Immich, ensuring the software can move forward and will be maintained, by offering a lifetime license of the software. We think if you like and use software, you should pay for it, but _we're never going to force anyone to pay or try to limit Immich for those who don't._
+
+There are two types of license that you can choose to purchase: **Server License** and **Individual License**.
+
+### Server License
+
+This is a lifetime license costing **$99.99**. The license is applied to the whole server. You and all users that use your server are licensed.
+
+### Individual License
+
+This is a lifetime license costing **$24.99**. The license is applied to a single user, and can be used on any server they choose to connect to.
+
+<img
+  width="837"
+  alt="license-social-gh"
+  src="https://github.com/user-attachments/assets/241932ed-ef3b-44ec-a9e2-ee80754e0cca"
+/>
+
+You can purchase the license on [our page - https://buy.immich.app](https://buy.immich.app).
+
+Starting with release `v1.109.0` you can purchase and enter your purchased license key directly in the app.
+
+<img
+  width="1414"
+  alt="license-page-gh"
+  src="https://github.com/user-attachments/assets/364fc32a-f6ef-4594-9fea-28d5a26ad77c"
+/>
+
+## Thank you
+
+Thank you again for your support, this will help create a strong foundation and stability for the Immich team to continue developing and maintaining the project that you love to use.
+
+<p align="center">
+  <img
+    src="https://media.giphy.com/media/v1.Y2lkPTc5MGI3NjExbjY2eWc5Y2F0ZW56MmR4aWE0dDhzZXlidXRmYWZyajl1bWZidXZpcyZlcD12MV9pbnRlcm5hbF9naWZfYnlfaWQmY3Q9Zw/87CKDqErVfMqY/giphy.gif"
+    width="550"
+    title="SUPPORT THE PROJECT!"
+  />
+</p>
+
+<br />
+<br />
+
+Cheers! 🎉
+
+Immich team
+
+# FAQ
+
+### 1. Where can I purchase a license?
+
+There are several places where you can purchase the license from
+
+- [https://buy.immich.app](https://buy.immich.app)
+- [https://pay.futo.org](https://pay.futo.org/)
+- or directly from the app.
+
+### 2. Do I need both _Individual License_ and _Server License_?
+
+No,
+
+If you are the admin and the sole user, or your instance has less than a total of 4 users, you can buy the **Individual License** for each user.
+
+If your instance has more than 4 users, it is more cost-effective to buy the **Server License**, which will license all the users on your instance.
+
+### 3. What do I do if I don't pay?
+
+You can continue using Immich without any restriction.
+
+### 4. Will there be any paywalled features?
+
+No, there will never be any paywalled features.
+
+### 5. Where can I get support regarding payment issues?
+
+You can email us with your `orderId` and your email address `billing@futo.org` or on our Discord server.
--- a/docs/blog/2024/update-july-2024.mdx
+++ b/docs/blog/2024/update-july-2024.mdx
@@ -0,0 +1,78 @@
+---
+title: Immich Update - July 2024
+authors: [alextran]
+date: 2024-07-01T00:00
+tags: [update, v1.106.0]
+---
+
+Hello everybody! Alex from Immich here and I am back with another development progress update for the project.
+
+Summer has returned once again, and the night sky is filled with stars, thank you for **38_000 shining stars** you have sent to our [GitHub repo](https://github.com/immich-app/immich)! Since the last announcement several core contributors have started full time. Everything is going great with development, PRs get merged with _brrrrrrr_ rate, conversation exchange between team members is on a new high, we met and are working with the great engineers at FUTO. The spirit is high and we have a lot of things brewing that we think you will like.
+
+Let's go over some of the updates we had since the last post.
+
+### Container consolidation
+
+Reduced the number of total containers from 5 to 4 by making the microservices thread get spawned directly in the server container. Woohoo, remember when Immich had 7 containers?
+
+### Email notifications
+
+![smtp](https://github.com/immich-app/immich/assets/27055614/949cba85-d3f1-4cd3-b246-a6f5fb5d3ae8)
+
+We added email notifications to the app with SMTP settings that you can configure for the following events
+
+- A new account is created for you.
+- You are added to a shared album.
+- New media is added to an album.
+
+### Versioned docs
+
+You can now jump back into the past or take a peek at the unreleased version of the documentation by selecting the version on the website.
+
+![version-doc](https://github.com/immich-app/immich/assets/27055614/6d22898a-5093-41ad-b416-4573d7ce6e03)
+
+### Similarity deduplication
+
+With more machine learning and CLIP magic, we now have similarity deduplication built into the application where it will search for closely similar images and let you decide what to do with them; i.e keep or trash.
+
+![similarity-deduplication](https://github.com/immich-app/immich/assets/27055614/3cac8478-fbf7-47ea-acb6-0146901dc67e)
+
+### Permanent URL for asset on the web
+
+The detail view for an asset now has a permanent URL so you can easily share them with your loved ones.
+
+### Web app translations
+
+We now have a public Weblate project which the community can use to translate the webapp to their native languages. We are planning to port the mobile app translation to this platform as well. If you would like to contribute, you can take a look [here](https://hosted.weblate.org/projects/immich/immich/). We're already close to 50% translations -- we really appreciate everyone contributing to that!
+
+![web-translation](https://github.com/immich-app/immich/assets/27055614/363df2ed-656c-4584-bd82-0708a693c5bc)
+
+### Read-only/Editor mode on shared album
+
+As the owner of the album, you can choose if the shared user can edit the album or to only view the content of the album without any modification.
+
+![read-only-album](https://github.com/immich-app/immich/assets/27055614/c6f66375-b869-495a-9a86-3e87b316d109)
+
+### Better video thumbnails
+
+Immich now tries to find a descriptive video thumbnail instead of simply using the first frame. No more black images for thumbnails!
+
+### Public Roadmap
+
+We now have a [public roadmap](https://immich.app/roadmap), giving you a high-level overview of things the team is working on. The first goal of this roadmap is to bring Immich to a stable release, which is expected sometime later this year. Some of the highlights include
+
+- Auto stacking - Auto stacking of burst photos
+- Basic editor - Basic photo editing capabilities
+- Workflows - Automate tasks with workflows
+- Fine grained access controls - Granular access controls for users and api keys
+- Better background backups - Rework background backups to be more reliable
+- Private/locked photos - Private assets with extra protections
+
+Beyond the items in the roadmap, we have _many many_ more ideas for Immich. The team and I hope that you are enjoying the application, find it helpful in your life and we have nothing but the intention of building out great software for you all!
+
+Have an amazing Summer or Winter for those in the southern hemisphere! :D
+
+Until next time,
+
+Cheers!
+Alex
--- a/docs/blog/authors.yml
+++ b/docs/blog/authors.yml
@@ -0,0 +1,5 @@
+alextran:
+  name: Alex Tran
+  title: Maintainer of Immich
+  url: https://github.com/alextran1502
+  image_url: https://github.com/alextran1502.png
--- a/docs/docs/FAQ.mdx
+++ b/docs/docs/FAQ.mdx
@@ -1,31 +1,5 @@
 # FAQ

-## Commercial Guidelines
-
-### Are you open to commercial partnerships and collaborations?
-
-We are working to commercialize Immich and we'd love for you to help us by making Immich better. FUTO is dedicated to developing sustainable models for developing open source software for our customers. We want our customers to be delighted by the products our engineers deliver, and we want our engineers to be paid when they succeed.
-
-If you wish to use Immich in a commercial product not owned by FUTO, we have the following requirements:
-
- Plugin Integrations: Integrations for other platforms are typically approved, provided proper notification is given.
-
- Reseller Partnerships: Must adhere to the guidelines outlined below regarding trademark usage, and proper representation.
-
- Strategic Collaborations: We welcome discussions about mutually beneficial partnerships that enhance the value proposition for both organizations.
-
-### What are your guidelines for resellers and trademark usage?
-
-For organizations seeking to resell Immich, we have established the following guidelines to protect our brand integrity and ensure proper representation.
-
- We request that resellers do not display our trademarks on their websites or marketing materials. If such usage is discovered, we will contact you to request removal.
-
- Do not misrepresent your reseller site or services as being officially affiliated with or endorsed by Immich or our development team.
-
- For small resellers who wish to contribute financially to Immich's development, we recommend directing your customers to purchase licenses directy from us rather than attempting to broker revenue-sharing arrangements. We ask that you refrain from misrepresenting reseller activities as directly supporting our development work.
-
-When in doubt or if you have an edge case scenario, we encourage you to contact us directly via email to discuss the use of our trademark. We can provide clear guidance on what is acceptable and what is not. You can reach out at: questions@immich.app
-
 ## User

 ### How can I reset the admin password?
@@ -206,7 +180,7 @@ services:
 ...
    volumes:
      # Do not edit the next line. If you want to change the media storage location on your system, edit the value of UPLOAD_LOCATION in the .env file
-      - ${UPLOAD_LOCATION}:/data
+      - ${UPLOAD_LOCATION}:/usr/src/app/upload
      - /etc/localtime:/etc/localtime:ro
 +     - originals:/usr/src/app/originals
 ...
--- a/docs/docs/administration/oauth.md
+++ b/docs/docs/administration/oauth.md
@@ -10,7 +10,7 @@ Unable to set `app.immich:///oauth-callback` as a valid redirect URI? See [Mobil

 Immich supports 3rd party authentication via [OpenID Connect][oidc] (OIDC), an identity layer built on top of OAuth2. OIDC is supported by most identity providers, including:

- [Authentik](https://integrations.goauthentik.io/media/immich/)
+- [Authentik](https://goauthentik.io/integrations/sources/oauth/#openid-connect)
 - [Authelia](https://www.authelia.com/integration/openid-connect/immich/)
 - [Okta](https://www.okta.com/openid-connect/)
 - [Google](https://developers.google.com/identity/openid-connect/openid-connect)
@@ -64,7 +64,7 @@ Once you have a new OAuth client application configured, Immich can be configure
 | Storage Label Claim                                  | string  | preferred_username   | Claim mapping for the user's storage label**¹**                                     |
 | Role Claim                                           | string  | immich_role          | Claim mapping for the user's role. (should return "user" or "admin")**¹**           |
 | Storage Quota Claim                                  | string  | immich_quota         | Claim mapping for the user's storage**¹**                                           |
-| Default Storage Quota (GiB)                          | number  | 0                    | Default quota for user without storage quota claim (empty for unlimited quota)      |
+| Default Storage Quota (GiB)                          | number  | 0                    | Default quota for user without storage quota claim (Enter 0 for unlimited quota)    |
 | Button Text                                          | string  | Login with OAuth     | Text for the OAuth button on the web                                                |
 | Auto Register                                        | boolean | true                 | When true, will automatically register a user the first time they sign in           |
 | [Auto Launch](#auto-launch)                          | boolean | false                | When true, will skip the login page and automatically start the OAuth login process |
@@ -88,7 +88,7 @@ The `.well-known/openid-configuration` part of the url is optional and will be a
 ## Auto Launch

 When Auto Launch is enabled, the login page will automatically redirect the user to the OAuth authorization url, to login with OAuth. To access the login screen again, use the browser's back button, or navigate directly to `/auth/login?autoLaunch=0`.
-Auto Launch can also be enabled on a per-request basis by navigating to `/auth/login?autoLaunch=1`, this can be useful in situations where Immich is called from e.g. Nextcloud using the _External sites_ app and the _oidc_ app so as to enable users to directly interact with a logged-in instance of Immich.
+Auto Launch can also be enabled on a per-request basis by navigating to `/auth/login?authLaunch=1`, this can be useful in situations where Immich is called from e.g. Nextcloud using the _External sites_ app and the _oidc_ app so as to enable users to directly interact with a logged-in instance of Immich.

 ## Mobile Redirect URI

@@ -106,89 +106,6 @@ Immich has a route (`/api/oauth/mobile-redirect`) that is already configured to

 ## Example Configuration

-<details>
-<summary>Authelia Example</summary>
-
-### Authelia Example
-
-Here's an example of OAuth configured for Authelia:
-
-This assumes there exist an attribute `immichquota` in the user schema, which is used to set the user's storage quota in Immich.
-The configuration concerning the quota is optional.
-
-```yaml
-authentication_backend:
-  ldap:
-    # The LDAP server configuration goes here.
-    # See: https://www.authelia.com/c/ldap
-    attributes:
-      extra:
-        immichquota: # The attribute name from LDAP
-          name: 'immich_quota'
-          multi_valued: false
-          value_type: 'integer'
-identity_providers:
-  oidc:
-    ## The other portions of the mandatory OpenID Connect 1.0 configuration go here.
-    ## See: https://www.authelia.com/c/oidc
-    claims_policies:
-      immich_policy:
-        custom_claims:
-          immich_quota:
-            attribute: 'immich_quota'
-    scopes:
-      immich_scope:
-        claims:
-          - 'immich_quota'
-
-    clients:
-      - client_id: 'immich'
-        client_name: 'Immich'
-        # https://www.authelia.com/integration/openid-connect/frequently-asked-questions/#how-do-i-generate-a-client-identifier-or-client-secret
-        client_secret: $pbkdf2-sha512$310000$c8p78n7pUMln0jzvd4aK4Q$JNRBzwAo0ek5qKn50cFzzvE9RXV88h1wJn5KGiHrD0YKtZaR/nCb2CJPOsKaPK0hjf.9yHxzQGZziziccp6Yng'
-        public: false
-        require_pkce: false
-        redirect_uris:
-          - 'https://example.immich.app/auth/login'
-          - 'https://example.immich.app/user-settings'
-          - 'app.immich:///oauth-callback'
-        scopes:
-          - 'openid'
-          - 'profile'
-          - 'email'
-          - 'immich_scope'
-        claims_policy: 'immich_policy'
-        response_types:
-          - 'code'
-        grant_types:
-          - 'authorization_code'
-        id_token_signed_response_alg: 'RS256'
-        userinfo_signed_response_alg: 'RS256'
-        token_endpoint_auth_method: 'client_secret_post'
-```
-
-Configuration of OAuth in Immich System Settings
-
-| Setting                            | Value                                                               |
-| ---------------------------------- | ------------------------------------------------------------------- |
-| Issuer URL                         | `https://example.immich.app/.well-known/openid-configuration`       |
-| Client ID                          | immich                                                              |
-| Client Secret                      | 0v89FXkQOWO\***\*\*\*\*\***\*\*\***\*\*\*\*\***mprbvXD549HH6s1iw... |
-| Token Endpoint Auth Method         | client_secret_post                                                  |
-| Scope                              | openid email profile immich_scope                                   |
-| ID Token Signed Response Algorithm | RS256                                                               |
-| Userinfo Signed Response Algorithm | RS256                                                               |
-| Storage Label Claim                | uid                                                                 |
-| Storage Quota Claim                | immich_quota                                                        |
-| Default Storage Quota (GiB)        | 0 (empty for unlimited quota)                                       |
-| Button Text                        | Sign in with Authelia (optional)                                    |
-| Auto Register                      | Enabled (optional)                                                  |
-| Auto Launch                        | Enabled (optional)                                                  |
-| Mobile Redirect URI Override       | Disable                                                             |
-| Mobile Redirect URI                |                                                                     |
-
-</details>
-
 <details>
 <summary>Authentik Example</summary>

@@ -211,7 +128,7 @@ Configuration of OAuth in Immich System Settings
 | Signing Algorithm            | RS256                                                                              |
 | Storage Label Claim          | preferred_username                                                                 |
 | Storage Quota Claim          | immich_quota                                                                       |
-| Default Storage Quota (GiB)  | 0 (empty for unlimited quota)                                                      |
+| Default Storage Quota (GiB)  | 0 (0 for unlimited quota)                                                          |
 | Button Text                  | Sign in with Authentik (optional)                                                  |
 | Auto Register                | Enabled (optional)                                                                 |
 | Auto Launch                  | Enabled (optional)                                                                 |
@@ -242,7 +159,7 @@ Configuration of OAuth in Immich System Settings
 | Signing Algorithm            | RS256                                                                        |
 | Storage Label Claim          | preferred_username                                                           |
 | Storage Quota Claim          | immich_quota                                                                 |
-| Default Storage Quota (GiB)  | 0 (empty for unlimited quota)                                                |
+| Default Storage Quota (GiB)  | 0 (0 for unlimited quota)                                                    |
 | Button Text                  | Sign in with Google (optional)                                               |
 | Auto Register                | Enabled (optional)                                                           |
 | Auto Launch                  | Enabled                                                                      |
--- a/docs/docs/administration/reverse-proxy.md
+++ b/docs/docs/administration/reverse-proxy.md
@@ -2,6 +2,10 @@

 Users can deploy a custom reverse proxy that forwards requests to Immich. This way, the reverse proxy can handle TLS termination, load balancing, or other advanced features. All reverse proxies between Immich and the user must forward all headers and set the `Host`, `X-Real-IP`, `X-Forwarded-Proto` and `X-Forwarded-For` headers to their appropriate values. Additionally, your reverse proxy should allow for big enough uploads. By following these practices, you ensure that all custom reverse proxies are fully compatible with Immich.

+:::note
+The Repair page can take a long time to load. To avoid server timeouts or errors, we recommend specifying a timeout of at least 10 minutes on your proxy server.
+:::
+
 :::caution
 Immich does not support being served on a sub-path such as `location /immich {`. It has to be served on the root path of a (sub)domain.
 :::
--- a/docs/docs/administration/server-commands.md
+++ b/docs/docs/administration/server-commands.md
@@ -94,16 +94,19 @@ Change media location

 ```
 immich-admin change-media-location
-? Enter the previous value of IMMICH_MEDIA_LOCATION: /data
-? Enter the new value of IMMICH_MEDIA_LOCATION: /my-data
-...
-  Previous value: /data
-  Current value:  /my-data
+? Enter the previous value of IMMICH_MEDIA_LOCATION: /usr/src/app/upload
+? Enter the new value of IMMICH_MEDIA_LOCATION: /data

-  Changing database paths from "/data/*" to "/my-data/*"
+  Previous value: /usr/src/app/upload
+  Current value:  /data
+
+  Changing database paths from "/usr/src/app/upload/*" to "/data/*"

 ? Do you want to proceed? [Y/n] y

 Database file paths updated successfully! 🎉
-...
+
+You may now set IMMICH_MEDIA_LOCATION=/data and restart!
+
+(please remember to update applicable volume mounts e.g. ${UPLOAD_LOCATION}:/data)
 ```
--- a/docs/docs/developer/database-migrations.md
+++ b/docs/docs/developer/database-migrations.md
@@ -5,7 +5,7 @@ After making any changes in the `server/src/schema`, a database migration need t
 1. Run the command

 ```bash
-pnpm run migrations:generate <migration-name>
+npm run migrations:generate <migration-name>
 ```

 2. Check if the migration file makes sense.
--- a/docs/docs/developer/devcontainers.md
+++ b/docs/docs/developer/devcontainers.md
@@ -204,8 +204,8 @@ When the Dev Container starts, it automatically:

 1. **Runs post-create script** (`container-server-post-create.sh`):
   - Adjusts file permissions for the `node` user
-   - Installs dependencies: `pnpm install` in all packages
-   - Builds TypeScript SDK: `pnpm run build` in `open-api/typescript-sdk`
+   - Installs dependencies: `npm install` in all packages
+   - Builds TypeScript SDK: `npm run build` in `open-api/typescript-sdk`

 2. **Starts development servers** via VS Code tasks:
   - `Immich API Server (Nest)` - API server with hot-reloading on port 2283
@@ -243,7 +243,7 @@ To connect the mobile app to your Dev Container:

 - **Server code** (`/server`): Changes trigger automatic restart
 - **Web code** (`/web`): Changes trigger hot module replacement
- **Database migrations**: Run `pnpm run sync:sql` in the server directory
+- **Database migrations**: Run `npm run sync:sql` in the server directory
 - **API changes**: Regenerate TypeScript SDK with `make open-api`

 ## Testing
@@ -273,19 +273,19 @@ make test-medium-dev    # End-to-end tests
 ```bash
 # Server tests
 cd /workspaces/immich/server
-pnpm test                # Run all tests
-pnpm run test:watch     # Watch mode
-pnpm run test:cov       # Coverage report
+npm test                # Run all tests
+npm run test:watch     # Watch mode
+npm run test:cov       # Coverage report

 # Web tests
 cd /workspaces/immich/web
-pnpm test               # Run all tests
-pnpm run test:watch     # Watch mode
+npm test               # Run all tests
+npm run test:watch     # Watch mode

 # E2E tests
 cd /workspaces/immich/e2e
-pnpm run test           # Run API tests
-pnpm run test:web       # Run web UI tests
+npm run test           # Run API tests
+npm run test:web       # Run web UI tests
 ```

 ### Code Quality Commands
@@ -476,5 +476,5 @@ Recommended minimums:

 - Read the [architecture overview](/docs/developer/architecture)
 - Learn about [database migrations](/docs/developer/database-migrations)
- Explore [API documentation](https://api.immich.app/)
+- Explore [API documentation](/docs/api)
 - Join `#immich` on [Discord](https://discord.immich.app)
--- a/docs/docs/developer/open-api.md
+++ b/docs/docs/developer/open-api.md
@@ -1,6 +1,6 @@
 # OpenAPI

-Immich uses the [OpenAPI](https://swagger.io/specification/) standard to generate API documentation. To view the published docs see [here](https://api.immich.app/).
+Immich uses the [OpenAPI](https://swagger.io/specification/) standard to generate API documentation. To view the published docs see [here](/docs/api).

 ## Generator

--- a/docs/docs/developer/pr-checklist.md
+++ b/docs/docs/developer/pr-checklist.md
@@ -8,47 +8,34 @@ When contributing code through a pull request, please check the following:

 ## Web Checks

- [ ] `pnpm run lint` (linting via ESLint)
- [ ] `pnpm run format` (formatting via Prettier)
- [ ] `pnpm run check:svelte` (Type checking via SvelteKit)
- [ ] `pnpm run check:typescript` (check typescript)
- [ ] `pnpm test` (unit tests)
+- [ ] `npm run lint` (linting via ESLint)
+- [ ] `npm run format` (formatting via Prettier)
+- [ ] `npm run check:svelte` (Type checking via SvelteKit)
+- [ ] `npm run check:typescript` (check typescript)
+- [ ] `npm test` (unit tests)

 ## Documentation

- [ ] `pnpm run format` (formatting via Prettier)
+- [ ] `npm run format` (formatting via Prettier)
 - [ ] Update the `_redirects` file if you have renamed a page or removed it from the documentation.

 :::tip AIO
-Run all web checks with `pnpm run check:all`
+Run all web checks with `npm run check:all`
 :::

 ## Server Checks

- [ ] `pnpm run lint` (linting via ESLint)
- [ ] `pnpm run format` (formatting via Prettier)
- [ ] `pnpm run check` (Type checking via `tsc`)
- [ ] `pnpm test` (unit tests)
+- [ ] `npm run lint` (linting via ESLint)
+- [ ] `npm run format` (formatting via Prettier)
+- [ ] `npm run check` (Type checking via `tsc`)
+- [ ] `npm test` (unit tests)

 :::tip AIO
-Run all server checks with `pnpm run check:all`
+Run all server checks with `npm run check:all`
 :::

 :::info Auto Fix
-You can use `pnpm run __:fix` to potentially correct some issues automatically for `pnpm run format` and `lint`.
-:::
-
-## Mobile Checks
-
-The following commands must be executed from within the mobile app directory of the codebase.
-
- [ ] `make build` (auto-generate files using build_runner)
- [ ] `make analyze` (static analysis via Dart Analyzer and DCM)
- [ ] `make format` (formatting via Dart Formatter)
- [ ] `make test` (unit tests)
-
-:::info Auto Fix
-You can use `dart fix --apply` and `dcm fix lib` to potentially correct some issues automatically for `make analyze`.
+You can use `npm run __:fix` to potentially correct some issues automatically for `npm run format` and `lint`.
 :::

 ## OpenAPI
--- a/docs/docs/developer/setup.md
+++ b/docs/docs/developer/setup.md
@@ -54,20 +54,20 @@ You can access the web from `http://your-machine-ip:3000` or `http://localhost:3

 If you only want to do web development connected to an existing, remote backend, follow these steps:

-1. Build the Immich SDK - `cd open-api/typescript-sdk && pnpm i && pnpm run build && cd -`
+1. Build the Immich SDK - `cd open-api/typescript-sdk && npm i && npm run build && cd -`
 2. Enter the web directory - `cd web/`
-3. Install web dependencies - `pnpm i`
+3. Install web dependencies - `npm i`
 4. Start the web development server

 ```bash
-IMMICH_SERVER_URL=https://demo.immich.app/ pnpm run dev
+IMMICH_SERVER_URL=https://demo.immich.app/ npm run dev
 ```

 If you're using PowerShell on Windows you may need to set the env var separately like so:

 ```powershell
 $env:IMMICH_SERVER_URL = "https://demo.immich.app/"
-pnpm run dev
+npm run dev
 ```

 #### `@immich/ui`
@@ -75,12 +75,12 @@ pnpm run dev
 To see local changes to `@immich/ui` in Immich, do the following:

 1. Install `@immich/ui` as a sibling to `immich/`, for example `/home/user/immich` and `/home/user/ui`
-2. Build the `@immich/ui` project via `pnpm run build`
+2. Build the `@immich/ui` project via `npm run build`
 3. Uncomment the corresponding volume in web service of the `docker/docker-compose.dev.yaml` file (`../../ui:/usr/ui`)
 4. Uncomment the corresponding alias in the `web/vite.config.js` file (`'@immich/ui': path.resolve(\_\_dirname, '../../ui')`)
 5. Uncomment the import statement in `web/src/app.css` file `@import '/usr/ui/dist/theme/default.css';` and comment out `@import '@immich/ui/theme/default.css';`
 6. Start up the stack via `make dev`
-7. After making changes in `@immich/ui`, rebuild it (`pnpm run build`)
+7. After making changes in `@immich/ui`, rebuild it (`npm run build`)

 ### Mobile app

--- a/docs/docs/developer/testing.md
+++ b/docs/docs/developer/testing.md
@@ -4,8 +4,8 @@

 ### Unit tests

-Unit are run by calling `pnpm run test` from the `server/` directory.
-You need to run `pnpm install` (in `server/`) before _once_.
+Unit are run by calling `npm run test` from the `server/` directory.
+You need to run `npm install` (in `server/`) before _once_.

 ### End to end tests

@@ -17,14 +17,14 @@ make e2e

 Before you can run the tests, you need to run the following commands _once_:

- `pnpm install` (in `e2e/`)
+- `npm install` (in `e2e/`)
 - `make open-api` (in the project root `/`)

 Once the test environment is running, the e2e tests can be run via:

 ```bash
 cd e2e/
-pnpm test
+npm test
 ```

 The tests check various things including:
--- a/docs/docs/features/img/xmp-sidecars.webp
+++ b/docs/docs/features/img/xmp-sidecars.webp
--- a/docs/docs/features/libraries.md
+++ b/docs/docs/features/libraries.md
@@ -33,7 +33,7 @@ Sometimes, an external library will not scan correctly. This can happen if Immic
 - Are the permissions set correctly?
 - Make sure you are using forward slashes (`/`) and not backward slashes.

-To validate that Immich can reach your external library, start a shell inside the container. Run `docker exec -it immich_server bash` to a bash shell. If your import path is `/mnt/photos`, check it with `ls /mnt/photos`. If you are using a dedicated microservices container, make sure to add the same mount point and check for availability within the microservices container as well.
+To validate that Immich can reach your external library, start a shell inside the container. Run `docker exec -it immich_server bash` to a bash shell. If your import path is `/data/import/photos`, check it with `ls /data/import/photos`. Do the same check for the same in any microservices containers.

 ### Exclusion Patterns

@@ -58,7 +58,7 @@ Internally, Immich uses the [glob](https://www.npmjs.com/package/glob) package t

 This feature is considered experimental and for advanced users only. If enabled, it will allow automatic watching of the filesystem which means new assets are automatically imported to Immich without needing to rescan.

-If your photos are on a network drive, automatic file watching likely won't work. In that case, you will have to rely on a [periodic library refresh](#set-custom-scan-interval) to pull in your changes.
+If your photos are on a network drive, automatic file watching likely won't work. In that case, you will have to rely on a periodic library refresh to pull in your changes.

 #### Troubleshooting

@@ -72,9 +72,7 @@ In rare cases, the library watcher can hang, preventing Immich from starting up.

 ### Nightly job

-There is an automatic scan job that is scheduled to run once a day. Its schedule is configurable, see [Set Custom Scan Interval](#set-custom-scan-interval).
-
-This job also cleans up any libraries stuck in deletion. It is possible to trigger the cleanup by clicking "Scan all libraries" in the library management page.
+There is an automatic scan job that is scheduled to run once a day. This job also cleans up any libraries stuck in deletion. It is possible to trigger the cleanup by clicking "Scan all libraries" in the library management page.

 ## Usage

@@ -93,7 +91,7 @@ The `immich-server` container will need access to the gallery. Modify your docke
 ```diff title="docker-compose.yml"
  immich-server:
    volumes:
-      - ${UPLOAD_LOCATION}:/data
+      - ${UPLOAD_LOCATION}:/usr/src/app/upload
 +     - /mnt/nas/christmas-trip:/mnt/media/christmas-trip:ro
 +     - /home/user/old-pics:/mnt/media/old-pics:ro
 +     - /mnt/media/videos:/mnt/media/videos:ro
--- a/docs/docs/features/monitoring.md
+++ b/docs/docs/features/monitoring.md
@@ -66,7 +66,7 @@ The provided file is just a starting point. There are a ton of ways to configure
 After bringing down the containers with `docker compose down` and back up with `docker compose up -d`, a Prometheus instance will now collect metrics from the immich server and microservices containers. Note that we didn't need to expose any new ports for these containers - the communication is handled in the internal Docker network.

 :::note
-To see exactly what metrics are made available, you can additionally add `8081:8081` (API metrics) and `8082:8082` (microservices metrics) to the immich_server container's ports.
+To see exactly what metrics are made available, you can additionally add `8081:8081` to the server container's ports and `8082:8082` to the microservices container's ports.
 Visiting the `/metrics` endpoint for these services will show the same raw data that Prometheus collects.
 To configure these ports see [`IMMICH_API_METRICS_PORT` & `IMMICH_MICROSERVICES_METRICS_PORT`](/docs/install/environment-variables/#general).
 :::
--- a/docs/docs/features/tags.md
+++ b/docs/docs/features/tags.md
@@ -1,6 +1,6 @@
 # Tags

-Immich supports hierarchical tags, with the ability to read existing tags from the XMP `TagsList` field and IPTC `Keywords` field. Any changes to tags made through Immich are also written back to a [sidecar](/docs/features/xmp-sidecars) file. You can re-run the metadata extraction jobs for all assets to import your existing tags.
+Immich supports hierarchical tags, with the ability to read existing tags from the `TagList` and `Keywords` EXIF properties. Any changes to tags made through Immich are also written back to a [sidecar](/docs/features/xmp-sidecars) file. You can re-run the metadata extraction jobs for all assets to import your existing tags.

 ## Enable tags feature

--- a/docs/docs/features/xmp-sidecars.md
+++ b/docs/docs/features/xmp-sidecars.md
@@ -1,68 +1,13 @@
 # XMP Sidecars

-Immich supports XMP sidecar files — external `.xmp` files that store metadata for an image or video in XML format. During the metadata extraction job Immich will read & import metadata from `.xmp` files, and during the Sidecar Write job it will _write_ metadata back to `.xmp`.
+Immich can ingest XMP sidecars on file upload (via the CLI) as well as detect new sidecars that are placed in the filesystem for existing images.

-:::tip
-Tools like Lightroom, Darktable, digiKam and other applications can also be configured to write changes to `.xmp` files, in order to avoid modifying the original file.
-:::
+<img src={require('./img/xmp-sidecars.webp').default} title='XMP sidecars' />

-## Metadata Fields
+XMP sidecars are external XML files that contain metadata related to media files. Many applications read and write these files either exclusively or in addition to the metadata written to image files. They can be a powerful tool for editing and storing metadata of a media file without modifying the media file itself. When Immich receives or detects an XMP sidecar for a media file, it will attempt to extract the metadata from both the sidecar as well as the media file. It will prioritize the metadata for fields in the sidecar but will fall back and use the metadata in the media file if necessary.

-Immich does not support _all_ metadata fields. Below is a table showing what fields Immich can _read_ and _write_. It's important to note that writes do not replace the entire file contents, but are merged together with any existing fields.
+When importing files via the CLI bulk uploader or parsing photo metadata for external libraries, Immich will automatically detect XMP sidecar files as files that exist next to the original media file. Immich will look files that have the same name as the photo, but with the `.xmp` file extension. The same name can either include the photo's file extension or without the photo's file extension. For example, for a photo named `PXL_20230401_203352928.MP.jpg`, Immich will look for an XMP file named either `PXL_20230401_203352928.MP.jpg.xmp` or `PXL_20230401_203352928.MP.xmp`. If both `PXL_20230401_203352928.MP.jpg.xmp` and `PXL_20230401_203352928.MP.xmp` are present, Immich will prefer `PXL_20230401_203352928.MP.jpg.xmp`.

-:::info
-Immich automatically queues a Sidecar Write job after editing the description, rating, or updating tags.
-:::
+There are 2 administrator jobs associated with sidecar files: `SYNC` and `DISCOVER`. The sync job will re-scan all media with existing sidecar files and queue them for a metadata refresh. This is a great use case when third-party applications are used to modify the metadata of media. The discover job will attempt to scan the filesystem for new sidecar files for all media that does not currently have a sidecar file associated with it.

-| Metadata        | Immich writes to XMP                             | Immich reads from XMP                                                                                                                                                                                                                          |
-| --------------- | ------------------------------------------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
-| **Description** | `dc:description`, `tiff:ImageDescription`        | `dc:description`, `tiff:ImageDescription`                                                                                                                                                                                                      |
-| **Rating**      | `xmp:Rating`                                     | `xmp:Rating`                                                                                                                                                                                                                                   |
-| **DateTime**    | `exif:DateTimeOriginal`, `photoshop:DateCreated` | In prioritized order:<br/>`exif:SubSecDateTimeOriginal`<br/>`exif:DateTimeOriginal`<br/>`xmp:SubSecCreateDate`<br/>`xmp:CreateDate`<br/>`xmp:CreationDate`<br/>`xmp:MediaCreateDate`<br/>`xmp:SubSecMediaCreateDate`<br/>`xmp:DateTimeCreated` |
-| **Location**    | `exif:GPSLatitude`, `exif:GPSLongitude`          | `exif:GPSLatitude`, `exif:GPSLongitude`                                                                                                                                                                                                        |
-| **Tags**        | `digiKam:TagsList`                               | In prioritized order: <br/>`digiKam:TagsList`<br/>`lr:HierarchicalSubject`<br/>`IPTC:Keywords`                                                                                                                                                 |
-
-:::note
-All other fields (e.g. `Creator`, `Source`, IPTC, Lightroom edits) remain in the `.xmp` file and are **not searchable** in Immich.
-:::
-
-## File Naming Rules
-
-A sidecar must share the base name of the media file:
-
- ✅ `IMG_0001.jpg.xmp` ← preferred
- ✅ `IMG_0001.xmp` ← fallback
- ❌ `myphoto_meta.xmp` ← not recognized
-
-If both `.jpg.xmp` and `.xmp` are present, Immich uses the **`.jpg.xmp`** file.
-
-## CLI Support
-
-1. **Detect** – Immich looks for a `.xmp` file placed next to each media file during upload.
-2. **Copy** – Both the media and the sidecar file are copied into Immich’s internal library folder.  
-   The sidecar is renamed to match the internal filename template, e.g.:  
-   `upload/library/<user>/YYYY/YYYY-MM-DD/IMG_0001.jpg`  
-   `upload/library/<user>/YYYY/YYYY-MM-DD/IMG_0001.jpg.xmp`
-3. **Extract** – Selected metadata (title, description, date, rating, tags) is parsed from the sidecar and saved to the database.
-4. **Write-back** – If you later update tags, rating, or description in the web UI, Immich will update **both** the database _and_ the copied `.xmp` file to stay in sync.
-
-## External Library (Mounted Folder) Support
-
-1. **Detect** – The `DISCOVER` job automatically associates `.xmp` files that sit next to existing media files in your mounted folder. No files are moved or renamed.
-2. **Extract** – Immich reads and saves the same metadata fields from the sidecar to the database.
-3. **Write-back** – If Immich has **write access** to the mount, any future metadata edits (e.g., rating or tags) are also written back to the original `.xmp` file on disk.
-
-:::danger
-If the mount is **read-only**, Immich cannot update either the sidecar **or** the database — **metadata edits will silently fail** with no warning see issue [#10538](https://github.com/immich-app/immich/issues/10538) for more details.
-:::
-
-## Admin Jobs
-
-Immich provides two admin jobs for managing sidecars:
-
-| Job        | What it does                                                                                      |
-| ---------- | ------------------------------------------------------------------------------------------------- |
-| `DISCOVER` | Finds new `.xmp` files next to media that don’t already have one linked                           |
-| `SYNC`     | Re-reads existing `.xmp` files and refreshes metadata in the database (e.g. after external edits) |
-
-![Sidecar Admin Jobs](./img/sidecar-jobs.webp)
+<img src={require('./img/sidecar-jobs.webp').default} title='Sidecar Administrator Jobs' />
--- a/docs/docs/guides/custom-locations.md
+++ b/docs/docs/guides/custom-locations.md
@@ -27,11 +27,11 @@ After defining the locations of these files, we will edit the `docker-compose.ym
 services:
  immich-server:
      volumes:
-      - ${UPLOAD_LOCATION}:/data
-+     - ${THUMB_LOCATION}:/data/thumbs
-+     - ${ENCODED_VIDEO_LOCATION}:/data/encoded-video
-+     - ${PROFILE_LOCATION}:/data/profile
-+     - ${BACKUP_LOCATION}:/data/backups
+      - ${UPLOAD_LOCATION}:/usr/src/app/upload
+     - ${THUMB_LOCATION}:/usr/src/app/upload/thumbs
+     - ${ENCODED_VIDEO_LOCATION}:/usr/src/app/upload/encoded-video
+     - ${PROFILE_LOCATION}:/usr/src/app/upload/profile
+     - ${BACKUP_LOCATION}:/usr/src/app/upload/backups
      - /etc/localtime:/etc/localtime:ro
 ```

@@ -44,7 +44,7 @@ docker compose up -d

 :::note
 Because of the underlying properties of docker bind mounts, it is not recommended to mount the `upload/` and `library/` folders as separate bind mounts if they are on the same device.
-For this reason, we mount the HDD or the network storage (NAS) to `/data` and then mount the folders we want to access under that folder.
+For this reason, we mount the HDD or the network storage (NAS) to `/usr/src/app/upload` and then mount the folders we want to access under that folder.

 The `thumbs/` folder contains both the small thumbnails displayed in the timeline and the larger previews shown when clicking into an image. These cannot be separated.

--- a/docs/docs/guides/database-queries.md
+++ b/docs/docs/guides/database-queries.md
@@ -12,131 +12,105 @@ Run `docker exec -it immich_postgres psql --dbname=<DB_DATABASE_NAME> --username

 ## Assets

-### Name
-
 :::note
 The `"originalFileName"` column is the name of the file at time of upload, including the extension.
 :::

 ```sql title="Find by original filename"
-SELECT * FROM "asset" WHERE "originalFileName" = 'PXL_20230903_232542848.jpg';
-SELECT * FROM "asset" WHERE "originalFileName" LIKE 'PXL_%'; -- all files starting with PXL_
-SELECT * FROM "asset" WHERE "originalFileName" LIKE '%_2023_%'; -- all files with _2023_ in the middle
+SELECT * FROM "assets" WHERE "originalFileName" = 'PXL_20230903_232542848.jpg';
+SELECT * FROM "assets" WHERE "originalFileName" LIKE 'PXL_%'; -- all files starting with PXL_
+SELECT * FROM "assets" WHERE "originalFileName" LIKE '%_2023_%'; -- all files with _2023_ in the middle
 ```

 ```sql title="Find by path"
-SELECT * FROM "asset" WHERE "originalPath" = 'upload/library/admin/2023/2023-09-03/PXL_2023.jpg';
-SELECT * FROM "asset" WHERE "originalPath" LIKE 'upload/library/admin/2023/%';
+SELECT * FROM "assets" WHERE "originalPath" = 'upload/library/admin/2023/2023-09-03/PXL_2023.jpg';
+SELECT * FROM "assets" WHERE "originalPath" LIKE 'upload/library/admin/2023/%';
 ```

-### ID
-
 ```sql title="Find by ID"
-SELECT * FROM "asset" WHERE "id" = '9f94e60f-65b6-47b7-ae44-a4df7b57f0e9';
+SELECT * FROM "assets" WHERE "id" = '9f94e60f-65b6-47b7-ae44-a4df7b57f0e9';
 ```

 ```sql title="Find by partial ID"
-SELECT * FROM "asset" WHERE "id"::text LIKE '%ab431d3a%';
+SELECT * FROM "assets" WHERE "id"::text LIKE '%ab431d3a%';
 ```

-### Checksum
-
 :::note
 You can calculate the checksum for a particular file by using the command `sha1sum <filename>`.
 :::

 ```sql title="Find by checksum (SHA-1)"
-SELECT encode("checksum", 'hex') FROM "asset";
-SELECT * FROM "asset" WHERE "checksum" = decode('69de19c87658c4c15d9cacb9967b8e033bf74dd1', 'hex');
-SELECT * FROM "asset" WHERE "checksum" = '\x69de19c87658c4c15d9cacb9967b8e033bf74dd1'; -- alternate notation
+SELECT encode("checksum", 'hex') FROM "assets";
+SELECT * FROM "assets" WHERE "checksum" = decode('69de19c87658c4c15d9cacb9967b8e033bf74dd1', 'hex');
+SELECT * FROM "assets" WHERE "checksum" = '\x69de19c87658c4c15d9cacb9967b8e033bf74dd1'; -- alternate notation
 ```

 ```sql title="Find duplicate assets with identical checksum (SHA-1) (excluding trashed files)"
-SELECT T1."checksum", array_agg(T2."id") ids FROM "asset" T1
-  INNER JOIN "asset" T2 ON T1."checksum" = T2."checksum" AND T1."id" != T2."id" AND T2."deletedAt" IS NULL
+SELECT T1."checksum", array_agg(T2."id") ids FROM "assets" T1
+  INNER JOIN "assets" T2 ON T1."checksum" = T2."checksum" AND T1."id" != T2."id" AND T2."deletedAt" IS NULL
  WHERE T1."deletedAt" IS NULL GROUP BY T1."checksum";
 ```

-### Metadata
-
 ```sql title="Live photos"
-SELECT * FROM "asset" WHERE "livePhotoVideoId" IS NOT NULL;
+SELECT * FROM "assets" WHERE "livePhotoVideoId" IS NOT NULL;
 ```

 ```sql title="By description"
-SELECT "asset".*, "asset_exif"."description" FROM "asset_exif"
-  JOIN "asset" ON "asset"."id" = "asset_exif"."assetId"
-  WHERE TRIM("asset_exif"."description") <> ''; -- all files with a description
-SELECT "asset".*, "asset_exif"."description" FROM "asset_exif"
-  JOIN "asset" ON "asset"."id" = "asset_exif"."assetId"
-  WHERE "asset_exif"."description" ILIKE '%string to match%'; -- search by string
+SELECT "assets".*, "exif"."description" FROM "exif"
+  JOIN "assets" ON "assets"."id" = "exif"."assetId"
+  WHERE TRIM("exif"."description") <> ''; -- all files with a description
+SELECT "assets".*, "exif"."description" FROM "exif"
+  JOIN "assets" ON "assets"."id" = "exif"."assetId"
+  WHERE "exif"."description" ILIKE '%string to match%'; -- search by string
 ```

 ```sql title="Without metadata"
-SELECT "asset".* FROM "asset_exif"
-  LEFT JOIN "asset" ON "asset"."id" = "asset_exif"."assetId"
-  WHERE "asset_exif"."assetId" IS NULL;
+SELECT "assets".* FROM "exif"
+  LEFT JOIN "assets" ON "assets"."id" = "exif"."assetId"
+  WHERE "exif"."assetId" IS NULL;
 ```

 ```sql title="size < 100,000 bytes, smallest to largest"
-SELECT * FROM "asset"
-  JOIN "asset_exif" ON "asset"."id" = "asset_exif"."assetId"
-  WHERE "asset_exif"."fileSizeInByte" < 100000
-  ORDER BY "asset_exif"."fileSizeInByte" ASC;
+SELECT * FROM "assets"
+  JOIN "exif" ON "assets"."id" = "exif"."assetId"
+  WHERE "exif"."fileSizeInByte" < 100000
+  ORDER BY "exif"."fileSizeInByte" ASC;
 ```

-### Type
+```sql title="Without thumbnails"
+SELECT * FROM "assets" WHERE "assets"."previewPath" IS NULL OR "assets"."thumbnailPath" IS NULL;
+```

 ```sql title="By type"
-SELECT * FROM "asset" WHERE "asset"."type" = 'VIDEO';
-SELECT * FROM "asset" WHERE "asset"."type" = 'IMAGE';
+SELECT * FROM "assets" WHERE "assets"."type" = 'VIDEO';
+SELECT * FROM "assets" WHERE "assets"."type" = 'IMAGE';
 ```

 ```sql title="Count by type"
-SELECT "asset"."type", COUNT(*) FROM "asset" GROUP BY "asset"."type";
+SELECT "assets"."type", COUNT(*) FROM "assets" GROUP BY "assets"."type";
 ```

 ```sql title="Count by type (per user)"
-SELECT "user"."email", "asset"."type", COUNT(*) FROM "asset"
-  JOIN "user" ON "asset"."ownerId" = "user"."id"
-  GROUP BY "asset"."type", "user"."email" ORDER BY "user"."email";
+SELECT "users"."email", "assets"."type", COUNT(*) FROM "assets"
+  JOIN "users" ON "assets"."ownerId" = "users"."id"
+  GROUP BY "assets"."type", "users"."email" ORDER BY "users"."email";
 ```

-## Tags
-
-```sql title="Count by tag"
-SELECT "t"."value" AS "tag_name", COUNT(*) AS "number_assets" FROM "tag" "t"
-  JOIN "tag_asset" "ta" ON "t"."id" = "ta"."tagsId" JOIN "asset" "a" ON "ta"."assetsId" = "a"."id"
-  WHERE "a"."visibility" != 'hidden'
-  GROUP BY "t"."value" ORDER BY "number_assets" DESC;
-```
-
-```sql title="Count by tag (per user)"
-SELECT "t"."value" AS "tag_name", "u"."email" as "user_email", COUNT(*) AS "number_assets" FROM "tag" "t"
-  JOIN "tag_asset" "ta" ON "t"."id" = "ta"."tagsId" JOIN "asset" "a" ON "ta"."assetsId" = "a"."id" JOIN "user" "u" ON "a"."ownerId" = "u"."id"
-  WHERE "a"."visibility" != 'hidden'
-  GROUP BY "t"."value", "u"."email" ORDER BY "number_assets" DESC;
+```sql title="Failed file movements"
+SELECT * FROM "move_history";
 ```

 ## Users

 ```sql title="List all users"
-SELECT * FROM "user";
+SELECT * FROM "users";
 ```

 ```sql title="Get owner info from asset ID"
-SELECT "user".* FROM "user" JOIN "asset" ON "user"."id" = "asset"."ownerId" WHERE "asset"."id" = 'fa310b01-2f26-4b7a-9042-d578226e021f';
+SELECT "users".* FROM "users" JOIN "assets" ON "users"."id" = "assets"."ownerId" WHERE "assets"."id" = 'fa310b01-2f26-4b7a-9042-d578226e021f';
 ```

-## Persons
-
-```sql title="Delete person and unset it for the faces it was associated with"
-DELETE FROM "person" WHERE "name" = 'PersonNameHere';
-```
-
-## System
-
-### Config
+## System Config

 ```sql title="Custom settings"
 SELECT "key", "value" FROM "system_metadata" WHERE "key" = 'system-config';
@@ -144,17 +118,10 @@ SELECT "key", "value" FROM "system_metadata" WHERE "key" = 'system-config';

 (Only used when not using the [config file](/docs/install/config-file))

-### File properties
+## Persons

-```sql title="Without thumbnails"
-SELECT * FROM "asset"
-WHERE (NOT EXISTS (SELECT 1 FROM "asset_file" WHERE "asset"."id" = "asset_file"."assetId" AND "asset_file"."type" = 'thumbnail')
-    OR NOT EXISTS (SELECT 1 FROM "asset_file" WHERE "asset"."id" = "asset_file"."assetId" AND "asset_file"."type" = 'preview'))
-AND "asset"."visibility" = 'timeline';
-```
-
-```sql title="Failed file movements"
-SELECT * FROM "move_history";
+```sql title="Delete person and unset it for the faces it was associated with"
+DELETE FROM "person" WHERE "name" = 'PersonNameHere';
 ```

 ## Postgres internal
--- a/docs/docs/guides/external-library.md
+++ b/docs/docs/guides/external-library.md
@@ -12,7 +12,7 @@ If you want Immich to be able to delete the images in the external library or ad
 ```diff
 immich-server:
    volumes:
-        - ${UPLOAD_LOCATION}:/data
+        - ${UPLOAD_LOCATION}:/usr/src/app/upload
 +       - /home/user/photos1:/home/user/photos1:ro
 +       - /mnt/photos2:/mnt/photos2:ro # you can delete this line if you only have one mount point, or you can add more lines if you have more than two
 ```
--- a/docs/docs/install/environment-variables.md
+++ b/docs/docs/install/environment-variables.md
@@ -34,7 +34,7 @@ These environment variables are used by the `docker-compose.yml` file and do **N
 | `TZ`                                | Timezone                                                                                  |        <sup>\*1</sup>        | server                   | microservices      |
 | `IMMICH_ENV`                        | Environment (production, development)                                                     |         `production`         | server, machine learning | api, microservices |
 | `IMMICH_LOG_LEVEL`                  | Log level (verbose, debug, log, warn, error)                                              |            `log`             | server, machine learning | api, microservices |
-| `IMMICH_MEDIA_LOCATION`             | Media location inside the container ⚠️**You probably shouldn't set this**<sup>\*2</sup>⚠️ |           `/data`            | server                   | api, microservices |
+| `IMMICH_MEDIA_LOCATION`             | Media location inside the container ⚠️**You probably shouldn't set this**<sup>\*2</sup>⚠️ |    `/usr/src/app/upload`     | server                   | api, microservices |
 | `IMMICH_CONFIG_FILE`                | Path to config file                                                                       |                              | server                   | api, microservices |
 | `NO_COLOR`                          | Set to `true` to disable color-coded log output                                           |           `false`            | server, machine learning |                    |
 | `CPU_CORES`                         | Number of cores available to the Immich server                                            | auto-detected CPU core count | server                   |                    |
@@ -169,6 +169,8 @@ Redis (Sentinel) URL example JSON before encoding:
 | `MACHINE_LEARNING_ANN_TUNING_LEVEL`                         | ARM-NN GPU tuning level (1: rapid, 2: normal, 3: exhaustive)                                        |               `2`               | machine learning |
 | `MACHINE_LEARNING_DEVICE_IDS`<sup>\*4</sup>                 | Device IDs to use in multi-GPU environments                                                         |               `0`               | machine learning |
 | `MACHINE_LEARNING_MAX_BATCH_SIZE__FACIAL_RECOGNITION`       | Set the maximum number of faces that will be processed at once by the facial recognition model      |  None (`1` if using OpenVINO)   | machine learning |
+| `MACHINE_LEARNING_PING_TIMEOUT`                             | How long (ms) to wait for a PING response when checking if an ML server is available                |             `2000`              | server           |
+| `MACHINE_LEARNING_AVAILABILITY_BACKOFF_TIME`                | How long to ignore ML servers that are offline before trying again                                  |             `30000`             | server           |
 | `MACHINE_LEARNING_RKNN`                                     | Enable RKNN hardware acceleration if supported                                                      |             `True`              | machine learning |
 | `MACHINE_LEARNING_RKNN_THREADS`                             | How many threads of RKNN runtime should be spinned up while inferencing.                            |               `1`               | machine learning |

@@ -197,11 +199,12 @@ Additional machine learning parameters can be tuned from the admin UI.
 | `IMMICH_TELEMETRY_INCLUDE` | Collect these telemetries. List of `host`, `api`, `io`, `repo`, `job`. Note: You can also specify `all` to enable all |         | server     | api, microservices |
 | `IMMICH_TELEMETRY_EXCLUDE` | Do not collect these telemetries. List of `host`, `api`, `io`, `repo`, `job`                                          |         | server     | api, microservices |

-## Secrets
+## Docker Secrets

-The following variables support reading from files, either via [Systemd Credentials][systemd-creds] or [Docker secrets][docker-secrets] for additional security.
+The following variables support the use of [Docker secrets][docker-secrets] for additional security.

-To use any of these, either set `CREDENTIALS_DIRECTORY` to a directory that contains files whose name is the “regular variable” name, and whose content is the secret. If using Docker Secrets, setting `CREDENTIALS_DIRECTORY=/run/secrets` will cause all secrets present to be used. Alternatively, replace the regular variable with the equivalent `_FILE` environment variable as below. The value of the `_FILE` variable should be set to the path of a file containing the variable value.
+To use any of these, replace the regular environment variable with the equivalent `_FILE` environment variable. The value of
+the `_FILE` variable should be set to the path of a file containing the variable value.

 | Regular Variable   | Equivalent Docker Secrets '\_FILE' Variable |
 | :----------------- | :------------------------------------------ |
@@ -223,4 +226,3 @@ to use a Docker secret for the password in the Redis container.
 [docker-secrets-docs]: https://github.com/docker-library/docs/tree/master/postgres#docker-secrets
 [docker-secrets]: https://docs.docker.com/engine/swarm/secrets/
 [ioredis]: https://ioredis.readthedocs.io/en/latest/README/#connect-to-redis
-[systemd-creds]: https://systemd.io/CREDENTIALS/
--- a/docs/docs/install/img/truenas/truenas00.webp
+++ b/docs/docs/install/img/truenas/truenas00.webp
--- a/docs/docs/install/img/truenas/truenas04.webp
+++ b/docs/docs/install/img/truenas/truenas04.webp
--- a/docs/docs/install/img/truenas/truenas06.webp
+++ b/docs/docs/install/img/truenas/truenas06.webp
--- a/docs/docs/install/img/truenas/truenas07.webp
+++ b/docs/docs/install/img/truenas/truenas07.webp
--- a/docs/docs/install/img/truenas/truenas08.webp
+++ b/docs/docs/install/img/truenas/truenas08.webp
--- a/docs/docs/install/img/truenas/truenas09.webp
+++ b/docs/docs/install/img/truenas/truenas09.webp
--- a/docs/docs/install/img/truenas/truenas10.webp
+++ b/docs/docs/install/img/truenas/truenas10.webp
--- a/docs/docs/install/img/truenas/truenas01.webp
+++ b/docs/docs/install/img/truenas/truenas01.webp
--- a/docs/docs/install/img/truenas/truenas02.webp
+++ b/docs/docs/install/img/truenas/truenas02.webp
--- a/docs/docs/install/img/truenas/truenas03.webp
+++ b/docs/docs/install/img/truenas/truenas03.webp
--- a/docs/docs/install/img/truenas/truenas12.webp
+++ b/docs/docs/install/img/truenas/truenas12.webp
--- a/docs/docs/install/img/truenas05.webp
+++ b/docs/docs/install/img/truenas05.webp
--- a/docs/docs/install/img/truenas06.webp
+++ b/docs/docs/install/img/truenas06.webp
--- a/docs/docs/install/img/truenas07.webp
+++ b/docs/docs/install/img/truenas07.webp
--- a/docs/docs/install/img/truenas08.webp
+++ b/docs/docs/install/img/truenas08.webp
--- a/docs/docs/install/img/truenas/truenas11.webp
+++ b/docs/docs/install/img/truenas/truenas11.webp
--- a/docs/docs/install/img/truenas10.webp
+++ b/docs/docs/install/img/truenas10.webp
--- a/docs/docs/install/img/truenas/truenas05.webp
+++ b/docs/docs/install/img/truenas/truenas05.webp
--- a/docs/docs/install/img/truenas12.webp
+++ b/docs/docs/install/img/truenas12.webp
--- a/docs/docs/install/truenas.md
+++ b/docs/docs/install/truenas.md
@@ -2,9 +2,6 @@
 sidebar_position: 80
 ---

-import Tabs from '@theme/Tabs';
-import TabItem from '@theme/TabItem';
-
 # TrueNAS [Community]

 :::note
@@ -12,324 +9,211 @@ This is a community contribution and not officially supported by the Immich team

 Community support can be found in the dedicated channel on the [Discord Server](https://discord.immich.app/).

-**Please report app issues to the corresponding [GitHub Repository](https://github.com/truenas/apps/tree/master/trains/community/immich).**
-:::
-
-:::warning
-This guide covers the installation of Immich on TrueNAS Community Edition 24.10.2.2 (Electric Eel) and later.
-
-We recommend keeping TrueNAS Community Edition and Immich relatively up to date with the latest versions to avoid any issues.
-
-If you are using an older version of TrueNAS, we ask that you upgrade to the latest version before installing Immich. Check the [TrueNAS Community Edition Release Notes](https://www.truenas.com/docs/softwarereleases/) for more information on breaking changes, new features, and how to upgrade your system.
+**Please report app issues to the corresponding [Github Repository](https://github.com/truenas/apps/tree/master/trains/community/immich).**
 :::

 Immich can easily be installed on TrueNAS Community Edition via the **Community** train application.
 Consider reviewing the TrueNAS [Apps resources](https://apps.truenas.com/getting-started/) if you have not previously configured applications on your system.

+TrueNAS Community Edition makes installing and updating Immich easy, but you must use the Immich web portal and mobile app to configure accounts and access libraries.
+
 ## First Steps

+The Immich app in TrueNAS Community Edition installs, completes the initial configuration, then starts the Immich web portal.
+When updates become available, TrueNAS alerts and provides easy updates.
+
+Before installing the Immich app in TrueNAS, review the [Environment Variables](#environment-variables) documentation to see if you want to configure any during installation.
+You may also configure environment variables at any time after deploying the application.
+
 ### Setting up Storage Datasets

 Before beginning app installation, [create the datasets](https://www.truenas.com/docs/scale/scaletutorials/storage/datasets/datasetsscale/) to use in the **Storage Configuration** section during installation.
-
-In TrueNAS, Immich requires 2 datasets for the application to function correctly: `data` and `pgData`. You can set the datasets to any names to match your naming conventions or preferences.
-You can organize these as one parent with two child datasets, for example `/mnt/tank/immich/data` and `/mnt/tank/immich/pgData`.
+Immich requires seven datasets: `library`, `upload`, `thumbs`, `profile`, `video`, `backups`, and `pgData`.
+You can organize these as one parent with seven child datasets, for example `/mnt/tank/immich/library`, `/mnt/tank/immich/upload`, and so on.

 <img
-src={require('./img/truenas/truenas00.webp').default}
-width="40%"
+src={require('./img/truenas12.webp').default}
+width="30%"
 alt="Immich App Widget"
 className="border rounded-xl"
 />

-:::info Datasets Permissions
+:::info Permissions
+The **pgData** dataset must be owned by the user `netdata` (UID 999) for postgres to start. The other datasets must be owned by the user `root` (UID 0) or a group that includes the user `root` (UID 0) for immich to have the necessary permissions.

-The **pgData** dataset must be owned by the user `netdata` (UID 999) for Postgres to start.
-
-The `data` dataset must have given the **_modify_** permission to the user who will run Immich.
-
-Since TrueNAS Community Edition 24.10.2.2 and later, Immich can be run as any user and group, the default user being `apps` (UID 568) and the default group being `apps` (GID 568). This user, either `apps` or another user you choose, must have **_modify_** permissions on the **data** dataset.
-
-For an easy setup:
-
- Create the parent dataset `immich` keeping the default **Generic** preset.
- Select `Dataset Preset` **Apps** instead of **Generic** when creating the `data` dataset. This will automatically give the correct permissions to the dataset. If you want to use another user for Immich, you can keep the **Generic** preset, but you will need to give the **_modify_** permission to that other user.
- For the `pgData` dataset, you can keep the default preset **Generic** as permissions can be set during the installation of the Immich app (See [Storage Configuration](#storage-configuration) section).
-  :::
-
-:::tip
-To improve performance, Immich recommends using SSDs for the database. If you have a pool made of SSDs, you can create the `pgData` dataset on that pool.
-
-Thumbnails can also be stored on the SSDs for faster access. This is an advanced option and not required for Immich to run. More information on how you can use multiple datasets to manage Immich storage in a finer-grained manner can be found in the [Advanced: Multiple Datasets for Immich Storage](#advanced-multiple-datasets-for-immich-storage) section below.
-:::
-
-:::warning
-If you just created the datasets using the **Apps** preset, you can skip this warning section.
-
-If the **data** dataset uses ACL it must have [ACL mode](https://www.truenas.com/docs/scale/scaletutorials/datasets/permissionsscale/) set to `Passthrough` if you plan on using a [storage template](/docs/administration/storage-template.mdx) and the dataset is configured for network sharing (its ACL type is set to `SMB/NFSv4`). When the template is applied and files need to be moved from **upload** to **library** (internal folder created by Immich within the **data** dataset), Immich performs `chmod` internally and must be allowed to execute the command. [More info.](https://github.com/immich-app/immich/pull/13017)
-
-To change or verify the ACL mode, go to the **Datasets** screen, select the **library** dataset, click on the **Edit** button next to **Dataset Details**, then click on the **Advanced Options** tab, scroll down to the **ACL Mode** section, and select `Passthrough` from the dropdown menu. Click **Save** to apply the changes. If the option is greyed out, set the **ACL Type** to `SMB/NFSv4` first, then you can change the **ACL Mode** to `Passthrough`.
+If the **library** dataset uses ACL it must have [ACL mode](https://www.truenas.com/docs/core/coretutorials/storage/pools/permissions/#access-control-lists) set to `Passthrough` if you plan on using a [storage template](/docs/administration/storage-template.mdx) and the dataset is configured for network sharing (its ACL type is set to `SMB/NFSv4`). When the template is applied and files need to be moved from **upload** to **library**, Immich performs `chmod` internally and needs to be allowed to execute the command. [More info.](https://github.com/immich-app/immich/pull/13017)
 :::

 ## Installing the Immich Application

-To install the **Immich** application, go to **Apps**, click **Discover Apps**, and either begin typing Immich into the search field or scroll down to locate the **Immich** application widget.
+To install the **Immich** application, go to **Apps**, click **Discover Apps**, either begin typing Immich into the search field or scroll down to locate the **Immich** application widget.

-<div style={{ marginBottom: '2rem', border: '1px solid #ccc', padding: '1rem', borderRadius: '8px' }}>
-
-Click on the widget to open the **Immich** application details screen.
 <img
-src={require('./img/truenas/truenas01.webp').default}
+src={require('./img/truenas01.webp').default}
 width="50%"
 alt="Immich App Widget"
 className="border rounded-xl"
 />

-</div>
+Click on the widget to open the **Immich** application details screen.

-<div style={{ marginBottom: '2rem', border: '1px solid #ccc', padding: '1rem', borderRadius: '8px' }}>
+<br/><br/>

-Click **Install** to open the Immich application configuration screen.
 <img
-src={require('./img/truenas/truenas02.webp').default}
+src={require('./img/truenas02.webp').default}
 width="100%"
 alt="Immich App Details Screen"
 className="border rounded-xl"
 />

-</div>
+Click **Install** to open the Immich application configuration screen.
+
+<br/><br/>

 Application configuration settings are presented in several sections, each explained below.
-To find specific fields, click in the **Search Input Fields** search field, scroll down to a particular section, or click on the section heading on the navigation area in the upper-right corner.
+To find specific fields click in the **Search Input Fields** search field, scroll down to a particular section or click on the section heading on the navigation area in the upper-right corner.

 ### Application Name and Version

 <img
-src={require('./img/truenas/truenas03.webp').default}
+src={require('./img/truenas03.webp').default}
 width="100%"
 alt="Install Immich Screen"
-className="border rounded-xl mb-4"
+className="border rounded-xl"
 />

-Keep the default value or enter a name in the **Application Name** field.  
-Change it if you’re deploying a second instance.
+Accept the default value or enter a name in **Application Name** field.
+In most cases use the default name, but if adding a second deployment of the application you must change this name.

-Immich version within TrueNAS catalog (Different from Immich release version).
+Accept the default version number in **Version**.
+When a new version becomes available, the application has an update badge.
+The **Installed Applications** screen shows the option to update applications.

 ### Immich Configuration

 <img
-src={require('./img/truenas/truenas04.webp').default}
+src={require('./img/truenas05.webp').default}
 width="40%"
 alt="Configuration Settings"
-className="border rounded-xl mb-4"
-/>
-
-The **Timezone** is set to the system default, which usually matches your local timezone. You can change it to another timezone if you prefer.
-
-**Enable Machine Learning** is enabled by default. It allows Immich to use machine learning features such as face recognition, image search, and smart duplicate detection. Untick this option if you do not want to use these features.
-
-Select the **Machine Learning Image Type** based on the hardware you have. More details here: [Hardware-Accelerated Machine Learning](/docs/features/ml-hardware-acceleration.md)
-
-**Database Password** should be set to a custom value using only the characters `A-Za-z0-9`. This password is used to secure the Postgres database.
-
-**Redis Password** should be set to a custom value using only the characters `A-Za-z0-9`. Preferably, use a different password from the database password.
-
-Keep the **Log Level** to the default `Log` value.
-
-Leave **Hugging Face Endpoint** blank. (This is used to download ML models from a different source.)
-
-Set **Database Storage Type** to the type of storage (**HDD** or **SSD**) that the pool where the **pgData** dataset is located uses.
-
-**Additional Environment Variables** can be left blank.
-
-<details>
-<summary>Advanced users: Adding Environment Variables</summary>
-
-Environment variables can be set by clicking the **Add** button and filling in the **Name** and **Value** fields.
-
-<img
-src={require('./img/truenas/truenas05.webp').default}
-width="40%"
-alt="Environment Variables"
 className="border rounded-xl"
 />

-These are used to add custom configuration options or to enable specific features.
-More information on available environment variables can be found in the **[environment variables documentation](/docs/install/environment-variables/)**.
+Accept the default value in **Timezone** or change to match your local timezone.
+**Timezone** is only used by the Immich `exiftool` microservice if it cannot be determined from the image metadata.

-:::info
-Some environment variables are not available for the TrueNAS Community Edition app as they can be configured through GUI options in the [Edit Immich screen](#edit-app-settings).
+Untick **Enable Machine Learning** if you will not use face recognition, image search, and smart duplicate detection.

-Some examples are: `IMMICH_VERSION`, `UPLOAD_LOCATION`, `DB_DATA_LOCATION`, `TZ`, `IMMICH_LOG_LEVEL`, `DB_PASSWORD`, `REDIS_PASSWORD`.
-:::
+Accept the default option or select the **Machine Learning Image Type** for your hardware based on the [Hardware-Accelerated Machine Learning Supported Backends](/docs/features/ml-hardware-acceleration.md#supported-backends).

-</details>
+Immich's default is `postgres` but you should consider setting the **Database Password** to a custom value using only the characters `A-Za-z0-9`.

-### User and Group Configuration
+The **Redis Password** should be set to a custom value using only the characters `A-Za-z0-9`.

-Application in TrueNAS runs as a specific user and group. Immich uses the default user `apps` (UID 568) and the default group `apps` (GID 568).
+Accept the **Log Level** default of **Log**.

-<img
-src={require('./img/truenas/truenas06.webp').default}
-width="40%"
-alt="User and Group Configuration"
-className="border rounded-xl"
-/>
+Leave **Hugging Face Endpoint** blank. (This is for downloading ML models from a different source.)

- **User ID**: Keep the default value `apps` (UID 568) or define a different one if needed.
-
- **Group ID**: Keep the default value `apps` (GID 568) or define a different one if needed.
-
-:::warning
-If you change the user or group, make sure that the datasets you created for Immich data storage have the correct permissions set for that user and group as specified in the [Setting up Storage Datasets](#setting-up-storage-datasets) section above.
-:::
+Leave **Additional Environment Variables** blank or see [Environment Variables](#environment-variables) to set before installing.

 ### Network Configuration

 <img
-src={require('./img/truenas/truenas07.webp').default}
+src={require('./img/truenas06.webp').default}
 width="40%"
 alt="Networking Settings"
 className="border rounded-xl"
 />

- **Port Bind Mode**: This lets you expose the port to the host system, allowing you to access Immich from outside the TrueNAS system. Keep the default **_Publish port on the host for external access_** value unless you have a specific reason to change it.
+Accept the default port `30041` in **WebUI Port** or enter a custom port number.
+:::info Allowed Port Numbers
+Only numbers within the range 9000-65535 may be used on TrueNAS versions below TrueNAS Community Edition 24.10 Electric Eel.

- **Port Number**: Keep the default port `30041` or enter a custom port number.
-
- **Host IPs**: Leave the default blank value.
+Regardless of version, to avoid port conflicts, don't use [ports on this list](https://www.truenas.com/docs/solutions/optimizations/security/#truenas-default-ports).
+:::

 ### Storage Configuration

-:::danger Default Settings (Not recommended)
-The default setting for datasets is **ixVolume (dataset created automatically by the system)**. This is not recommended as this results in your data being harder to access manually and can result in data loss if you delete the immich app. It is also harder to manage snapshots and replication tasks. It is recommended to use the **Host Path (Path that already exists on the system)** option instead.
-:::
-
-The storage configuration section allows you to set up the storage locations for Immich data. You can select the datasets created in the previous step.
+Immich requires seven storage datasets.

 <img
-src={require('./img/truenas/truenas08.webp').default}
-width="40%"
-alt="Configure Storage Volumes"
+src={require('./img/truenas07.webp').default}
+width="20%"
+alt="Configure Storage ixVolumes"
 className="border rounded-xl"
 />

-For the Data Storage, select **Host Path (Path that already exists on the system)** and then select the dataset you created for Immich data storage, for example, `data`.
-
-The Machine Learning cache can be left with default _Temporary_
-
-For the Postgres Data Storage, select **Host Path (Path that already exists on the system)** and then select the dataset you created for Postgres data storage, for example, `pgData`.
-
-:::info
-**Postgres Data Storage**
-Once **Host Path** is selected, a checkbox appears with **_Automatic Permissions_**. If you have not set the ownership of the **pgData** dataset to `netdata` (UID 999), tick this box as it will set the user ownership to `netdata` (UID 999) and the group ownership to `docker` (GID 999) automatically. If you have set the ownership of the **pgData** dataset to `netdata` (UID 999), you can leave this box unticked.
+:::note Default Setting (Not recommended)
+The default setting for datasets is **ixVolume (dataset created automatically by the system)** but this results in your data being harder to access manually and can result in data loss if you delete the immich app. (Not recommended)
 :::

-### Additional Storage (Advanced Users)
+For each Storage option select **Host Path (Path that already exists on the system)** and then select the matching dataset [created before installing the app](#setting-up-storage-datasets): **Immich Library Storage**: `library`, **Immich Uploads Storage**: `upload`, **Immich Thumbs Storage**: `thumbs`, **Immich Profile Storage**: `profile`, **Immich Video Storage**: `video`, **Immich Backups Storage**: `backups`, **Postgres Data Storage**: `pgData`.

-<details>
-<summary>External Libraries</summary>
+<img
+src={require('./img/truenas08.webp').default}
+width="40%"
+alt="Configure Storage Host Paths"
+className="border rounded-xl"
+/>
+The image above has example values.
+
+<br/>
+
+### Additional Storage [(External Libraries)](/docs/features/libraries)

 :::danger Advanced Users Only
-This feature should only be used by advanced users. If this is your first time installing Immich, then DO NOT mount an external library until you have a working setup.
+This feature should only be used by advanced users. If this is your first time installing Immich, then DO NOT mount an external library until you have a working setup. Also, your mount path MUST be something unique and should NOT be your library or upload location or a Linux directory like `/lib`. The picture below shows a valid example.
 :::

 <img
-src={require('./img/truenas/truenas09.webp').default}
+src={require('./img/truenas10.webp').default}
 width="40%"
-alt="Add External Libraries with Additional Storage"
+alt="Configure Storage Host Paths"
 className="border rounded-xl"
 />

-You may configure [external libraries](/docs/features/libraries) by mounting them using **Additional Storage**.
+You may configure [External Libraries](/docs/features/libraries) by mounting them using **Additional Storage**.
+The **Mount Path** is the location you will need to copy and paste into the External Library settings within Immich.
+The **Host Path** is the location on the TrueNAS Community Edition server where your external library is located.

-The dataset that contains your external library files must at least give **read** access to the user running Immich (Default: `apps` (UID 568), `apps` (GID 568)).
-If you want to be able to delete files or edit metadata in the external library using Immich, you will need to give the **modify** permission to the user running Immich.
-
- **Mount Path** is the location you will need to copy and paste into the external library settings within Immich.
- **Host Path** is the location on the TrueNAS Community Edition server where your external library is located.
- **Read Only** is a checkbox that you can tick if you want to prevent Immich from modifying the files in the external library. This is useful if you want to use Immich to view and search your external library without modifying it.
-
-:::warning
-Each mount path MUST be something unique and should NOT be your library or upload location or a Linux directory like `/lib`.
-
-A general recommendation is to mount any external libraries to a path beginning with `/mnt` or `/media` followed by a unique name, such as `/mnt/external-libraries` or `/media/my-external-libraries`. If you plan to mount multiple external libraries, you can use paths like `/mnt/external-libraries/library1`, `/mnt/external-libraries/library2`, etc.
-:::
-
-</details>
-
-<details>
-<summary>Multiple Datasets for Immich Storage</summary>
-
-:::danger Advanced Users Only
-This feature should only be used by advanced users.
-:::
-
-Immich can use multiple datasets for its storage, allowing you to manage your data more granularly, similar to the old storage configuration. This is useful if you want to separate your data into different datasets for performance or organizational reasons. There is a general guide for this [here](/docs/guides/custom-locations), but read on for the TrueNAS guide.
-
-Each additional dataset has to give the permission **_modify_** to the user who will run Immich (Default: `apps` (UID 568), `apps` (GID 568))
-As described in the [Setting up Storage Datasets](#setting-up-storage-datasets) section above, you have to create the datasets with the **Apps** preset to ensure the correct permissions are set, or you can set the permissions manually after creating the datasets.
-
-Immich uses 6 folders for its storage: `library`, `upload`, `thumbs`, `profile`, `encoded-video`, and `backups`. You can create a dataset for each of these folders or only for some of them.
-
-To mount these datasets:
-
-1. Add an **Additional Storage** entry for each dataset you want to use.
-2. Select **Type** as **Host Path (Path that already exists on the system)**.
-3. Enter the **Mount Path** with `/data/<folder-name>`. The `<folder-name>` is the name of the folder you want to mount, for example, `library`, `upload`, `thumbs`, `profile`, `encoded-video`, or `backups`.
-   :::danger Important
-   You have to write the full path, including `/data/`, as Immich expects the data to be in that location.  
-   If you do not include this path, Immich will not be able to find the data and will not write the data to the location you specified.
-   :::
-4. Select the **Host Path** as the dataset you created for that folder, for example, `/mnt/tank/immich/library`, `/mnt/tank/immich/upload`, etc.
-
-<img
-src={require('./img/truenas/truenas10.webp').default}
-width="40%"
-alt="Use Multiple Datasets for Immich Storage with Additional Storage"
-className="border rounded-xl"
-/>
-
-</details>
-
-<!-- A section for Labels could be added, but I don't think it is needed as they are of no use for Immich. -->
+<!-- A section for Labels would go here but I don't know what they do. -->

 ### Resources Configuration

 <img
-src={require('./img/truenas/truenas11.webp').default}
+src={require('./img/truenas09.webp').default}
 width="40%"
+alt="Resource Limits"
 className="border rounded-xl"
 />

- **CPU**: Depending on your system resources, you can keep the default value of `2` threads or specify a different number. Immich recommends at least `8` threads.
+Accept the default **CPU** limit of `2` threads or specify the number of threads (CPUs with Multi-/Hyper-threading have 2 threads per core).

- **Memory**: Limit in MB of RAM. Immich recommends at least 6000 MB (6GB). If you selected **Enable Machine Learning** in **Immich Configuration**, you should probably set this above 8000 MB.
+Specify the **Memory** limit in MB of RAM. Immich recommends at least 6000 MB (6GB). If you selected **Enable Machine Learning** in **Immich Configuration**, you should probably set this above 8000 MB.

-Both **CPU** and **Memory** are limits, not reservations. This means that Immich can use up to the specified amount of CPU threads and RAM, but it will not reserve that amount of resources at all times. The system will allocate resources as needed, and Immich will use less than the specified amount most of the time.
+:::info Older TrueNAS Versions
+Before TrueNAS Community Edition version 24.10 Electric Eel:

- Enable **GPU Configuration** options if you have a GPU or CPU with integrated graphics that you will use for [Hardware Transcoding](/docs/features/hardware-transcoding) and/or [Hardware-Accelerated Machine Learning](/docs/features/ml-hardware-acceleration.md).
+The **CPU** value was specified in a different format with a default of `4000m` which is 4 threads.

-The process for NVIDIA GPU passthrough requires additional steps.
-More details here: [GPU Passthrough Docs for TrueNAS Apps](https://apps.truenas.com/managing-apps/installing-apps/#gpu-passthrough)
+The **Memory** value was specified in a different format with a default of `8Gi` which is 8 GiB of RAM. The value was specified in bytes or a number with a measurement suffix. Examples: `129M`, `123Mi`, `1000000000`
+:::
+
+Enable **GPU Configuration** options if you have a GPU that you will use for [Hardware Transcoding](/docs/features/hardware-transcoding) and/or [Hardware-Accelerated Machine Learning](/docs/features/ml-hardware-acceleration.md). More info: [GPU Passthrough Docs for TrueNAS Apps](https://apps.truenas.com/managing-apps/installing-apps/#gpu-passthrough)

 ### Install

 Finally, click **Install**.
 The system opens the **Installed Applications** screen with the Immich app in the **Deploying** state.
-When the installation completes, it changes to **Running**.
+When the installation completes it changes to **Running**.

 <img
-src={require('./img/truenas/truenas12.webp').default}
+src={require('./img/truenas04.webp').default}
 width="100%"
 alt="Immich Installed"
 className="border rounded-xl"
 />

-Click **Web Portal** on the **Application Info** widget, or go to the URL `http://<your-truenas-ip>:30041` in your web browser to open the Immich web interface. This will show you the onboarding process to set up your first user account, which will be an administrator account.
-
-After that, you can start using Immich to upload and manage your photos and videos.
+Click **Web Portal** on the **Application Info** widget to open the Immich web interface to set up your account and begin uploading photos.

 :::tip
 For more information on how to use the application once installed, please refer to the [Post Install](/docs/install/post-install.mdx) guide.
@@ -344,6 +228,23 @@ For more information on how to use the application once installed, please refer
 - Click **Update** at the very bottom of the page to save changes.
  - TrueNAS automatically updates, recreates, and redeploys the Immich container with the updated settings.

+## Environment Variables
+
+You can set [Environment Variables](/docs/install/environment-variables) by clicking **Add** on the **Additional Environment Variables** option and filling in the **Name** and **Value**.
+
+<img
+src={require('./img/truenas11.webp').default}
+width="40%"
+alt="Environment Variables"
+className="border rounded-xl"
+/>
+
+:::info
+Some Environment Variables are not available for the TrueNAS Community Edition app. This is mainly because they can be configured through GUI options in the [Edit Immich screen](#edit-app-settings).
+
+Some examples are: `IMMICH_VERSION`, `UPLOAD_LOCATION`, `DB_DATA_LOCATION`, `TZ`, `IMMICH_LOG_LEVEL`, `DB_PASSWORD`, `REDIS_PASSWORD`.
+:::
+
 ## Updating the App

 :::danger
@@ -360,116 +261,3 @@ To update the app to the latest version:
  - You may view the Changelog.
 - Click **Upgrade** to begin the process and open a counter dialog that shows the upgrade progress.
  - When complete, the update badge and buttons disappear and the application Update state on the Installed screen changes from Update Available to Up to date.
-
-## Migration
-
-:::danger
-Perform a backup of your Immich data before proceeding with the migration steps below. This is crucial to prevent any data loss if something goes wrong during the migration process.
-
-The migration should also be performed when the Immich app is not running to ensure no data is being written while you are copying the data.
-:::
-
-### Migration from Old Storage Configuration
-
-There are two ways to migrate from the old storage configuration to the new one, depending on whether you want to keep the old multiple datasets or if you want to move to a double dataset configuration with a single dataset for Immich data storage and a single dataset for Postgres data storage.
-
-:::note Old TrueNAS Versions Permissions
-If you were using an older version of TrueNAS (before 24.10.2.2), the datasets, except the one for **pgData** had only to be owned by the `root` user (UID 0). You might have to add the **modify** permission to the `apps` user (UID 568) or the user you want to run Immich as, to all of them, except **pgData**. The steps to add or change ACL permissions are described in the [TrueNAS documentation](https://www.truenas.com/docs/scale/scaletutorials/datasets/permissionsscale/).
-:::
-
-<Tabs groupId="truenas-migration-tabs">
-  <TabItem value="migrate-new-dataset" label="Migrate data to a new dataset (recommended)" default>
-
-To migrate from the old storage configuration to the new one, you will need to create a new dataset for the Immich data storage and copy the data from the old datasets to the new ones. The steps are as follows:
-
-1. **Stop the Immich app** from the TrueNAS web interface to ensure no data is being written while you are copying the data.
-2. **Create a new dataset** for the Immich data storage, for example, `data`. As described in the [Setting up Storage Datasets](#setting-up-storage-datasets) section above, create the dataset with the **Apps** preset to ensure the correct permissions are set.
-3. **Copy the data** from the old datasets to the new dataset. We advise using the `rsync` command to copy the data, as it will preserve the permissions and ownership of the files. The following commands are examples:
-
-```bash
-rsync -av /mnt/tank/immich/library/ /mnt/tank/immich/data/library/
-rsync -av /mnt/tank/immich/upload/ /mnt/tank/immich/data/upload/
-rsync -av /mnt/tank/immich/thumbs/ /mnt/tank/immich/data/thumbs/
-rsync -av /mnt/tank/immich/profile/ /mnt/tank/immich/data/profile/
-rsync -av /mnt/tank/immich/video/ /mnt/tank/immich/data/encoded-video/
-rsync -av /mnt/tank/immich/backups/ /mnt/tank/immich/data/backups/
-```
-
-Make sure to replace `/mnt/tank/immich/` with the correct path to your old datasets and `/mnt/tank/immich/data/` with the correct path to your new dataset.
-
-:::tip
-If you were using **ixVolume (dataset created automatically by the system)** for Immich data storage, the path to the data should be `/mnt/.ix-apps/app_mounts/immich/`. You have to use this path instead of `/mnt/tank/immich/` in the `rsync` command above, for example:
-
-```bash
-rsync -av /mnt/.ix-apps/app_mounts/immich/library/ /mnt/tank/immich/data/library/
-```
-
-If you were also using an ixVolume for Postgres data storage, you also should, first create the pgData dataset, as described in the [Setting up Storage Datasets](#setting-up-storage-datasets) section above, and then you can use the following command to copy the Postgres data:
-
-```bash
-rsync -av /mnt/.ix-apps/app_mounts/immich/pgData/ /mnt/tank/immich/pgData/
-```
-
-:::
-
-:::warning
-Make sure that for each folder, the `.immich` file is copied as well, as it contains important metadata for Immich. If for some reason the `.immich` file is not copied, you can copy it manually with the `rsync` command, for example:
-
-```bash
-rsync -av /mnt/tank/immich/library/.immich /mnt/tank/immich/data/library/
-```
-
-Replace `library` with the name of the folder where you are copying the file.
-:::
-
-4. **Update the permissions** as the permissions of the data that have been copied has been preserved, to ensure that the `apps` user (UID 568) has the correct permissions on all the copied data. If you just created the dataset with the **Apps** preset, from the TrueNAS web interface, go to the **Datasets** screen, select the **data** dataset, click on the **Edit** button next to **Permissions**, tick the "Apply permissions recursively" checkbox, and click **Save**. This will apply the correct permissions to all the copied data.
-5. **Update the Immich app** to use the new dataset:
-   - Go to the **Installed Applications** screen and select Immich from the list of installed applications.
-   - Click **Edit** on the **Application Info** widget.
-   - In the **Storage Configuration** section, untick the **Use Old Storage Configuration (Deprecated)** checkbox.
-   - For the **Data Storage**, select **Host Path (Path that already exists on the system)** and then select the new dataset you created for Immich data storage, for example, `data`.
-   - For the **Postgres Data Storage**, verify that it is still set to the dataset you created for Postgres data storage, for example, `pgData`.
-   - Click **Update** at the bottom of the page to save changes.
-
-6. **Start the Immich app** from the TrueNAS web interface.
-
-This will recreate the Immich container with the new storage configuration and start the app.
-
-If everything went well, you should now be able to access Immich with the new storage configuration. You can verify that the data has been copied correctly by checking the Immich web interface and ensuring that all your photos and videos are still available. You may delete the old datasets, if you no longer need them, using the TrueNAS web interface.
-
-If you were using **ixVolume (dataset created automatically by the system)** or folders for Immich data storage, you can delete the old datasets using the following commands:
-
-```bash
-rm -r /mnt/.ix-apps/app_mounts/immich/library
-rm -r /mnt/.ix-apps/app_mounts/immich/uploads
-rm -r /mnt/.ix-apps/app_mounts/immich/thumbs
-rm -r /mnt/.ix-apps/app_mounts/immich/profile
-rm -r /mnt/.ix-apps/app_mounts/immich/video
-rm -r /mnt/.ix-apps/app_mounts/immich/backups
-```
-
-</TabItem>
-  <TabItem value="migrate-old-dataset" label="Keep the existing datasets">
-  
-To migrate from the old storage configuration to the new one without creating new datasets.
-1. **Stop the Immich app** from the TrueNAS web interface to ensure no data is being written while you are updating the app.
-2. **Update the datasets permissions**: Ensure that the datasets used for Immich data storage (`library`, `upload`, `thumbs`, `profile`, `video`, `backups`) have the correct permissions set for the user who will run Immich. The user should have ***modify*** permissions on these datasets. The default user for Immich is `apps` (UID 568) and the default group is `apps` (GID 568). If you are using a different user, make sure to set the permissions accordingly. You can do this from the TrueNAS web interface by going to the **Datasets** screen, selecting each dataset, clicking on the **Edit** button next to **Permissions**, and adding the user with ***modify*** permissions.
-3. **Update the Immich app** to use the existing datasets:
-    - Go to the **Installed Applications** screen and select Immich from the list of installed applications.
-    - Click **Edit** on the **Application Info** widget.
-    - In the **Storage Configuration** section, untick the **Use Old Storage Configuration (Deprecated)** checkbox.
-    - For the **Data Storage**, you can keep the **ixVolume (dataset created automatically by the system)** as no data will be directly written to it. We recommend selecting **Host Path (Path that already exists on the system)** and then select a **new** dataset you created for Immich data storage, for example, `data`.
-    - For the **Postgres Data Storage**, keep **Host Path (Path that already exists on the system)** and then select the existing dataset you used for Postgres data storage, for example, `pgData`.
-    - Following the instructions in the [Multiple Datasets for Immich Storage](#additional-storage-advanced-users) section, you can add, **for each old dataset**, a new Additional Storage with the following settings:
-        - **Type**: `Host Path (Path that already exists on the system)`
-        - **Mount Path**: `/data/<folder-name>` (e.g. `/data/library`)
-        - **Host Path**: `/mnt/<your-pool-name>/<dataset-name>` (e.g. `/mnt/tank/immich/library`)
-        :::danger Ensure using the correct paths names
-        Make sure to replace `<folder-name>` with the actual name of the folder used by Immich: `library`, `upload`, `thumbs`, `profile`, `encoded-video`, and `backups`. Also, replace `<your-pool-name>` and `<dataset-name>` with the actual names of your pool and dataset.
-        :::
-        - **Read Only**: Keep it unticked as Immich needs to write to these datasets.
-    - Click **Update** at the bottom of the page to save changes.
-4. **Start the Immich app** from the TrueNAS web interface. This will recreate the Immich container with the new storage configuration and start the app. If everything went well, you should now be able to access Immich with the new storage configuration. You can verify that the data is still available by checking the Immich web interface and ensuring that all your photos and videos are still accessible.
-
-  </TabItem>
-</Tabs>
--- a/Show More
+++ b/Show More
@@ -1 +1 @@
 .19.0
 .17.1