Merge branch 'immich-main' into feat/multi-select-asset-viewer

revert pnpm-lock
2025-12-06 12:51:32 -08:00 · 2025-09-16 13:49:32 -04:00 · 2025-09-16 13:38:34 -04:00 · 2025-09-16 13:35:16 -04:00 · 2025-09-16 13:12:21 -04:00 · 2025-09-16 13:10:37 -04:00
1041 changed files with 20556 additions and 50443 deletions
--- a/.devcontainer/devcontainer.json
+++ b/.devcontainer/devcontainer.json
@@ -5,7 +5,8 @@
    "immich-server",
    "redis",
    "database",
-    "immich-machine-learning"
+    "immich-machine-learning",
+    "init"
  ],
  "dockerComposeFile": [
    "../docker/docker-compose.dev.yml",
--- a/.devcontainer/mobile/container-compose-overrides.yml
+++ b/.devcontainer/mobile/container-compose-overrides.yml
@@ -6,35 +6,28 @@ services:
      - IMMICH_SERVER_URL=http://127.0.0.1:2283/
    volumes: !override # bind mount host to /workspaces/immich
      - ..:/workspaces/immich
-      - ${UPLOAD_LOCATION:-upload-devcontainer-volume}${UPLOAD_LOCATION:+/photos}:/data
-      - pnpm-store:/usr/src/app/.pnpm-store
-      - server-node_modules:/usr/src/app/server/node_modules
-      - web-node_modules:/usr/src/app/web/node_modules
-      - github-node_modules:/usr/src/app/.github/node_modules
-      - cli-node_modules:/usr/src/app/cli/node_modules
-      - docs-node_modules:/usr/src/app/docs/node_modules
-      - e2e-node_modules:/usr/src/app/e2e/node_modules
-      - sdk-node_modules:/usr/src/app/open-api/typescript-sdk/node_modules
-      - app-node_modules:/usr/src/app/node_modules
-      - sveltekit:/usr/src/app/web/.svelte-kit
-      - coverage:/usr/src/app/web/coverage
+      - cli_node_modules:/workspaces/immich/cli/node_modules
+      - e2e_node_modules:/workspaces/immich/e2e/node_modules
+      - open_api_node_modules:/workspaces/immich/open-api/typescript-sdk/node_modules
+      - server_node_modules:/workspaces/immich/server/node_modules
+      - web_node_modules:/workspaces/immich/web/node_modules
+      - ${UPLOAD_LOCATION}/photos:/data
      - /etc/localtime:/etc/localtime:ro
-  immich-web:
-    env_file: !reset []
-  immich-machine-learning:
-    env_file: !reset []
+
  database:
-    env_file: !reset []
-    environment: !override
-      POSTGRES_PASSWORD: ${DB_PASSWORD-postgres}
-      POSTGRES_USER: ${DB_USERNAME-postgres}
-      POSTGRES_DB: ${DB_DATABASE_NAME-immich}
-      POSTGRES_INITDB_ARGS: '--data-checksums'
-      POSTGRES_HOST_AUTH_METHOD: md5
    volumes:
-      - ${UPLOAD_LOCATION:-postgres-devcontainer-volume}${UPLOAD_LOCATION:+/postgres}:/var/lib/postgresql/data
-  redis:
-    env_file: !reset []
+      - ${UPLOAD_LOCATION}/postgres:/var/lib/postgresql/data
+
 volumes:
-  upload-devcontainer-volume:
-  postgres-devcontainer-volume:
+  # Node modules for each service to avoid conflicts and ensure consistent dependencies
+  cli_node_modules:
+  e2e_node_modules:
+  open_api_node_modules:
+  server_node_modules:
+  web_node_modules:
+
+  # UPLOAD_LOCATION must be set to a absolute path or vol-upload
+  vol-upload:
+
+  # DB_DATA_LOCATION must be set to a absolute path or vol-database
+  vol-database:
--- a/.devcontainer/mobile/devcontainer.json
+++ b/.devcontainer/mobile/devcontainer.json
@@ -40,7 +40,7 @@
  "userEnvProbe": "loginInteractiveShell",
  "remoteEnv": {
    // The location where your uploaded files are stored
-    "UPLOAD_LOCATION": "${localEnv:UPLOAD_LOCATION:./library}",
+    "UPLOAD_LOCATION": "${localEnv:UPLOAD_LOCATION:./Library}",
    //  Connection secret for postgres. You should change it to a random password
    //  Please use only the characters `A-Za-z0-9`, without special characters or spaces
    "DB_PASSWORD": "${localEnv:DB_PASSWORD:postgres}",
--- a/.github/.nvmrc
+++ b/.github/.nvmrc
@@ -1 +1 @@
-24.11.0
+22.19.0
--- a/.github/labeler.yml
+++ b/.github/labeler.yml
@@ -6,6 +6,7 @@ cli:
 documentation:
  - changed-files:
      - any-glob-to-any-file:
+          - docs/blob/**
          - docs/docs/**
          - docs/src/**
          - docs/static/**
@@ -31,7 +32,7 @@ documentation:
 🧠machine-learning:
  - changed-files:
      - any-glob-to-any-file:
-          - machine-learning/**
+          - machine-learning/app/**

 changelog:translation:
  - head-branch: ['^chore/translations$']
--- a/.github/workflows/build-mobile.yml
+++ b/.github/workflows/build-mobile.yml
@@ -1,16 +1,12 @@
 name: Build Mobile

 on:
+  workflow_dispatch:
  workflow_call:
    inputs:
      ref:
        required: false
        type: string
-      environment:
-        description: 'Target environment'
-        required: true
-        default: 'development'
-        type: string
    secrets:
      KEY_JKS:
        required: true
@@ -36,25 +32,24 @@ jobs:
    permissions:
      contents: read
    outputs:
-      should_run: ${{ steps.check.outputs.should_run }}
+      should_run: ${{ steps.found_paths.outputs.mobile == 'true' || steps.should_force.outputs.should_force == 'true' }}
    steps:
-      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
+      - name: Checkout code
+        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
        with:
-          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
-          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
+          persist-credentials: false

-      - name: Check what should run
-        id: check
-        uses: immich-app/devtools/actions/pre-job@08bac802a312fc89808e0dd589271ca0974087b5 # pre-job-action-v2.0.0
+      - id: found_paths
+        uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
        with:
-          github-token: ${{ steps.token.outputs.token }}
          filters: |
            mobile:
              - 'mobile/**'
-          force-filters: |
-            - '.github/workflows/build-mobile.yml'
-          force-events: 'workflow_call,workflow_dispatch'
+            workflow:
+              - '.github/workflows/build-mobile.yml'
+      - name: Check if we should force jobs to run
+        id: should_force
+        run: echo "should_force=${{ steps.found_paths.outputs.workflow == 'true' || github.event_name == 'workflow_call' || github.event_name == 'workflow_dispatch' }}" >> "$GITHUB_OUTPUT"

  build-sign-android:
    name: Build and sign Android
@@ -62,21 +57,14 @@ jobs:
    permissions:
      contents: read
    # Skip when PR from a fork
-    if: ${{ !github.event.pull_request.head.repo.fork && github.actor != 'dependabot[bot]' && fromJSON(needs.pre-job.outputs.should_run).mobile == true }}
+    if: ${{ !github.event.pull_request.head.repo.fork && github.actor != 'dependabot[bot]' && needs.pre-job.outputs.should_run == 'true' }}
    runs-on: mich

    steps:
-      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
-        with:
-          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
-          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
-
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
        with:
          ref: ${{ inputs.ref || github.sha }}
          persist-credentials: false
-          token: ${{ steps.token.outputs.token }}

      - name: Create the Keystore
        env:
@@ -84,14 +72,14 @@ jobs:
        working-directory: ./mobile
        run: printf "%s" $KEY_JKS | base64 -d > android/key.jks

-      - uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0
+      - uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1
        with:
          distribution: 'zulu'
          java-version: '17'

      - name: Restore Gradle Cache
        id: cache-gradle-restore
-        uses: actions/cache/restore@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
+        uses: actions/cache/restore@0400d5f644dc74513175e3cd8d07132dd4860809 # v4
        with:
          path: |
            ~/.gradle/caches
@@ -148,7 +136,7 @@ jobs:

      - name: Save Gradle Cache
        id: cache-gradle-save
-        uses: actions/cache/save@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
+        uses: actions/cache/save@0400d5f644dc74513175e3cd8d07132dd4860809 # v4
        if: github.ref == 'refs/heads/main'
        with:
          path: |
@@ -158,142 +146,3 @@ jobs:
            mobile/android/.gradle
            mobile/.dart_tool
          key: ${{ steps.cache-gradle-restore.outputs.cache-primary-key }}
-
-  build-sign-ios:
-    name: Build and sign iOS
-    needs: pre-job
-    permissions:
-      contents: read
-    # Run on main branch or workflow_dispatch
-    if: ${{ !github.event.pull_request.head.repo.fork && fromJSON(needs.pre-job.outputs.should_run).mobile == true && github.ref == 'refs/heads/main' }}
-    runs-on: macos-latest
-
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5
-        with:
-          ref: ${{ inputs.ref || github.sha }}
-          persist-credentials: false
-
-      - name: Setup Flutter SDK
-        uses: subosito/flutter-action@fd55f4c5af5b953cc57a2be44cb082c8f6635e8e # v2
-        with:
-          channel: 'stable'
-          flutter-version-file: ./mobile/pubspec.yaml
-          cache: true
-
-      - name: Install Flutter dependencies
-        working-directory: ./mobile
-        run: flutter pub get
-
-      - name: Generate translation files
-        run: dart run easy_localization:generate -S ../i18n && dart run bin/generate_keys.dart
-        working-directory: ./mobile
-
-      - name: Generate platform APIs
-        run: make pigeon
-        working-directory: ./mobile
-
-      - name: Setup Ruby
-        uses: ruby/setup-ruby@v1
-        with:
-          ruby-version: '3.3'
-          working-directory: ./mobile/ios
-
-      - name: Install CocoaPods dependencies
-        working-directory: ./mobile/ios
-        run: |
-          pod install
-
-      - name: Install Fastlane
-        working-directory: ./mobile/ios
-        run: |
-          gem install bundler
-          bundle config set --local path 'vendor/bundle'
-          bundle install
-
-      - name: Create API Key
-        env:
-          API_KEY_ID: ${{ secrets.APP_STORE_CONNECT_API_KEY_ID }}
-          API_KEY_ISSUER_ID: ${{ secrets.APP_STORE_CONNECT_API_KEY_ISSUER_ID }}
-          API_KEY_CONTENT: ${{ secrets.APP_STORE_CONNECT_API_KEY }}
-        working-directory: ./mobile/ios
-        run: |
-          mkdir -p ~/.appstoreconnect/private_keys
-          echo "$API_KEY_CONTENT" | base64 --decode > ~/.appstoreconnect/private_keys/AuthKey_${API_KEY_ID}.p8
-
-      - name: Import Certificate and Provisioning Profiles
-        env:
-          IOS_CERTIFICATE_P12: ${{ secrets.IOS_CERTIFICATE_P12 }}
-          IOS_CERTIFICATE_PASSWORD: ${{ secrets.IOS_CERTIFICATE_PASSWORD }}
-          IOS_PROVISIONING_PROFILE: ${{ secrets.IOS_PROVISIONING_PROFILE }}
-          IOS_PROVISIONING_PROFILE_SHARE_EXTENSION: ${{ secrets.IOS_PROVISIONING_PROFILE_SHARE_EXTENSION }}
-          IOS_PROVISIONING_PROFILE_WIDGET_EXTENSION: ${{ secrets.IOS_PROVISIONING_PROFILE_WIDGET_EXTENSION }}
-          IOS_DEVELOPMENT_PROVISIONING_PROFILE: ${{ secrets.IOS_DEVELOPMENT_PROVISIONING_PROFILE }}
-          IOS_DEVELOPMENT_PROVISIONING_PROFILE_SHARE_EXTENSION: ${{ secrets.IOS_DEVELOPMENT_PROVISIONING_PROFILE_SHARE_EXTENSION }}
-          IOS_DEVELOPMENT_PROVISIONING_PROFILE_WIDGET_EXTENSION: ${{ secrets.IOS_DEVELOPMENT_PROVISIONING_PROFILE_WIDGET_EXTENSION }}
-          ENVIRONMENT: ${{ inputs.environment || 'development' }}
-        working-directory: ./mobile/ios
-        run: |
-          # Decode certificate
-          echo "$IOS_CERTIFICATE_P12" | base64 --decode > certificate.p12
-
-          # Decode provisioning profiles based on environment
-          if [[ "$ENVIRONMENT" == "development" ]]; then
-            echo "$IOS_DEVELOPMENT_PROVISIONING_PROFILE" | base64 --decode > profile_dev.mobileprovision
-            echo "$IOS_DEVELOPMENT_PROVISIONING_PROFILE_SHARE_EXTENSION" | base64 --decode > profile_dev_share.mobileprovision
-            echo "$IOS_DEVELOPMENT_PROVISIONING_PROFILE_WIDGET_EXTENSION" | base64 --decode > profile_dev_widget.mobileprovision
-            ls -lh profile_dev*.mobileprovision
-          else
-            echo "$IOS_PROVISIONING_PROFILE" | base64 --decode > profile.mobileprovision
-            echo "$IOS_PROVISIONING_PROFILE_SHARE_EXTENSION" | base64 --decode > profile_share.mobileprovision
-            echo "$IOS_PROVISIONING_PROFILE_WIDGET_EXTENSION" | base64 --decode > profile_widget.mobileprovision
-            ls -lh profile*.mobileprovision
-          fi
-
-      - name: Create keychain and import certificate
-        env:
-          KEYCHAIN_PASSWORD: ${{ secrets.IOS_CERTIFICATE_PASSWORD }}
-          CERTIFICATE_PASSWORD: ${{ secrets.IOS_CERTIFICATE_PASSWORD }}
-        working-directory: ./mobile/ios
-        run: |
-          # Create keychain
-          security create-keychain -p "$KEYCHAIN_PASSWORD" build.keychain
-          security default-keychain -s build.keychain
-          security unlock-keychain -p "$KEYCHAIN_PASSWORD" build.keychain
-          security set-keychain-settings -t 3600 -u build.keychain
-
-          # Import certificate
-          security import certificate.p12 -k build.keychain -P "$CERTIFICATE_PASSWORD" -T /usr/bin/codesign -T /usr/bin/security
-          security set-key-partition-list -S apple-tool:,apple: -s -k "$KEYCHAIN_PASSWORD" build.keychain
-
-          # Verify certificate was imported
-          security find-identity -v -p codesigning build.keychain
-
-      - name: Build and deploy to TestFlight
-        env:
-          FASTLANE_TEAM_ID: ${{ secrets.FASTLANE_TEAM_ID }}
-          IOS_CERTIFICATE_PASSWORD: ${{ secrets.IOS_CERTIFICATE_PASSWORD }}
-          KEYCHAIN_NAME: build.keychain
-          KEYCHAIN_PASSWORD: ${{ secrets.IOS_CERTIFICATE_PASSWORD }}
-          APP_STORE_CONNECT_API_KEY_ID: ${{ secrets.APP_STORE_CONNECT_API_KEY_ID }}
-          APP_STORE_CONNECT_API_KEY_ISSUER_ID: ${{ secrets.APP_STORE_CONNECT_API_KEY_ISSUER_ID }}
-          ENVIRONMENT: ${{ inputs.environment || 'development' }}
-        working-directory: ./mobile/ios
-        run: |
-          if [[ "$ENVIRONMENT" == "development" ]]; then
-            bundle exec fastlane gha_testflight_dev
-          else
-            bundle exec fastlane gha_release_prod
-          fi
-
-      - name: Clean up keychain
-        if: always()
-        run: |
-          security delete-keychain build.keychain || true
-
-      - name: Upload IPA artifact
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4
-        with:
-          name: ios-release-ipa
-          path: mobile/ios/Runner.ipa
--- a/.github/workflows/cache-cleanup.yml
+++ b/.github/workflows/cache-cleanup.yml
@@ -18,21 +18,14 @@ jobs:
      contents: read
      actions: write
    steps:
-      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
-        with:
-          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
-          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
-
      - name: Check out code
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
        with:
          persist-credentials: false
-          token: ${{ steps.token.outputs.token }}

      - name: Cleanup
        env:
-          GH_TOKEN: ${{ steps.token.outputs.token }}
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          REF: ${{ github.ref }}
        run: |
          gh extension install actions/gh-actions-cache
--- a/.github/workflows/cli.yml
+++ b/.github/workflows/cli.yml
@@ -29,22 +29,15 @@ jobs:
        working-directory: ./cli

    steps:
-      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
-        with:
-          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
-          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
-
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
        with:
          persist-credentials: false
-          token: ${{ steps.token.outputs.token }}

      - name: Setup pnpm
-        uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0
+        uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0

      - name: Setup Node
-        uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
+        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
        with:
          node-version-file: './cli/.nvmrc'
          registry-url: 'https://registry.npmjs.org'
@@ -57,7 +50,7 @@ jobs:

      - run: pnpm install --frozen-lockfile
      - run: pnpm build
-      - run: pnpm publish --no-git-checks
+      - run: pnpm publish
        if: ${{ github.event_name == 'release' }}
        env:
          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
@@ -71,17 +64,10 @@ jobs:
    needs: publish

    steps:
-      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
-        with:
-          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
-          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
-
      - name: Checkout
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
        with:
          persist-credentials: false
-          token: ${{ steps.token.outputs.token }}

      - name: Set up QEMU
        uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0
@@ -90,7 +76,7 @@ jobs:
        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1

      - name: Login to GitHub Container Registry
-        uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
+        uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0
        if: ${{ !github.event.pull_request.head.repo.fork }}
        with:
          registry: ghcr.io
--- a/.github/workflows/close-duplicates.yml
+++ b/.github/workflows/close-duplicates.yml
@@ -35,7 +35,7 @@ jobs:
    needs: [get_body, should_run]
    if: ${{ needs.should_run.outputs.should_run == 'true' }}
    container:
-      image: ghcr.io/immich-app/mdq:main@sha256:6b8450bfc06770af1af66bce9bf2ced7d1d9b90df1a59fc4c83a17777a9f6723
+      image: ghcr.io/immich-app/mdq:main@sha256:1669c75a5542333ff6b03c13d5fd259ea8d798188b84d5d99093d62e4542eb05
    outputs:
      checked: ${{ steps.get_checkbox.outputs.checked }}
    steps:
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -43,21 +43,14 @@ jobs:
        # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support

    steps:
-      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
-        with:
-          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
-          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
-
      - name: Checkout repository
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
        with:
          persist-credentials: false
-          token: ${{ steps.token.outputs.token }}

      # Initializes the CodeQL tools for scanning.
      - name: Initialize CodeQL
-        uses: github/codeql-action/init@16140ae1a102900babc80a33c44059580f687047 # v4.30.9
+        uses: github/codeql-action/init@2d92b76c45b91eb80fc44c74ce3fce0ee94e8f9d # v3.30.0
        with:
          languages: ${{ matrix.language }}
          # If you wish to specify custom queries, you can do so here or in a config file.
@@ -70,7 +63,7 @@ jobs:
      # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
      # If this step fails, then you should remove it and run the build manually (see below)
      - name: Autobuild
-        uses: github/codeql-action/autobuild@16140ae1a102900babc80a33c44059580f687047 # v4.30.9
+        uses: github/codeql-action/autobuild@2d92b76c45b91eb80fc44c74ce3fce0ee94e8f9d # v3.30.0

      # ℹ️ Command-line programs to run using the OS shell.
      # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
@@ -83,6 +76,6 @@ jobs:
      #   ./location_of_script_within_repo/buildscript.sh

      - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@16140ae1a102900babc80a33c44059580f687047 # v4.30.9
+        uses: github/codeql-action/analyze@2d92b76c45b91eb80fc44c74ce3fce0ee94e8f9d # v3.30.0
        with:
          category: '/language:${{matrix.language}}'
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@@ -20,19 +20,16 @@ jobs:
    permissions:
      contents: read
    outputs:
-      should_run: ${{ steps.check.outputs.should_run }}
+      should_run_server: ${{ steps.found_paths.outputs.server == 'true' || steps.should_force.outputs.should_force == 'true' }}
+      should_run_ml: ${{ steps.found_paths.outputs.machine-learning == 'true' || steps.should_force.outputs.should_force == 'true' }}
    steps:
-      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
+      - name: Checkout code
+        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
        with:
-          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
-          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
-
-      - name: Check what should run
-        id: check
-        uses: immich-app/devtools/actions/pre-job@08bac802a312fc89808e0dd589271ca0974087b5 # pre-job-action-v2.0.0
+          persist-credentials: false
+      - id: found_paths
+        uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
        with:
-          github-token: ${{ steps.token.outputs.token }}
          filters: |
            server:
              - 'server/**'
@@ -41,11 +38,14 @@ jobs:
              - 'i18n/**'
            machine-learning:
              - 'machine-learning/**'
-          force-filters: |
-            - '.github/workflows/docker.yml'
-            - '.github/workflows/multi-runner-build.yml'
-            - '.github/actions/image-build'
-          force-events: 'workflow_dispatch,release'
+            workflow:
+              - '.github/workflows/docker.yml'
+              - '.github/workflows/multi-runner-build.yml'
+              - '.github/actions/image-build'
+
+      - name: Check if we should force jobs to run
+        id: should_force
+        run: echo "should_force=${{ steps.found_paths.outputs.workflow == 'true' || github.event_name == 'workflow_dispatch' || github.event_name == 'release' }}" >> "$GITHUB_OUTPUT"

  retag_ml:
    name: Re-Tag ML
@@ -53,19 +53,18 @@ jobs:
    permissions:
      contents: read
      packages: write
-    if: ${{ fromJSON(needs.pre-job.outputs.should_run).machine-learning == false && !github.event.pull_request.head.repo.fork }}
+    if: ${{ needs.pre-job.outputs.should_run_ml == 'false' && !github.event.pull_request.head.repo.fork }}
    runs-on: ubuntu-latest
    strategy:
      matrix:
        suffix: ['', '-cuda', '-rocm', '-openvino', '-armnn', '-rknn']
    steps:
      - name: Login to GitHub Container Registry
-        uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
+        uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0
        with:
          registry: ghcr.io
          username: ${{ github.repository_owner }}
          password: ${{ secrets.GITHUB_TOKEN }}
-
      - name: Re-tag image
        env:
          REGISTRY_NAME: 'ghcr.io'
@@ -83,19 +82,18 @@ jobs:
    permissions:
      contents: read
      packages: write
-    if: ${{ fromJSON(needs.pre-job.outputs.should_run).server == false && !github.event.pull_request.head.repo.fork }}
+    if: ${{ needs.pre-job.outputs.should_run_server == 'false' && !github.event.pull_request.head.repo.fork }}
    runs-on: ubuntu-latest
    strategy:
      matrix:
        suffix: ['']
    steps:
      - name: Login to GitHub Container Registry
-        uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
+        uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0
        with:
          registry: ghcr.io
          username: ${{ github.repository_owner }}
          password: ${{ secrets.GITHUB_TOKEN }}
-
      - name: Re-tag image
        env:
          REGISTRY_NAME: 'ghcr.io'
@@ -110,29 +108,30 @@ jobs:
  machine-learning:
    name: Build and Push ML
    needs: pre-job
-    if: ${{ fromJSON(needs.pre-job.outputs.should_run).machine-learning == true }}
+    if: ${{ needs.pre-job.outputs.should_run_ml == 'true' }}
    strategy:
      fail-fast: false
      matrix:
        include:
          - device: cpu
+            tag-suffix: ''
          - device: cuda
-            suffixes: '-cuda'
+            tag-suffix: '-cuda'
            platforms: linux/amd64
          - device: openvino
-            suffixes: '-openvino'
+            tag-suffix: '-openvino'
            platforms: linux/amd64
          - device: armnn
-            suffixes: '-armnn'
+            tag-suffix: '-armnn'
            platforms: linux/arm64
          - device: rknn
-            suffixes: '-rknn'
+            tag-suffix: '-rknn'
            platforms: linux/arm64
          - device: rocm
-            suffixes: '-rocm'
+            tag-suffix: '-rocm'
            platforms: linux/amd64
            runner-mapping: '{"linux/amd64": "mich"}'
-    uses: immich-app/devtools/.github/workflows/multi-runner-build.yml@47a2ee86898ccff51592d6572391fb1abcd7f782 # multi-runner-build-workflow-v2.0.1
+    uses: immich-app/devtools/.github/workflows/multi-runner-build.yml@129aeda75a450666ce96e8bc8126652e717917a7 # multi-runner-build-workflow-0.1.1
    permissions:
      contents: read
      actions: read
@@ -146,7 +145,7 @@ jobs:
      dockerfile: machine-learning/Dockerfile
      platforms: ${{ matrix.platforms }}
      runner-mapping: ${{ matrix.runner-mapping }}
-      suffixes: ${{ matrix.suffixes }}
+      tag-suffix: ${{ matrix.tag-suffix }}
      dockerhub-push: ${{ github.event_name == 'release' }}
      build-args: |
        DEVICE=${{ matrix.device }}
@@ -154,8 +153,8 @@ jobs:
  server:
    name: Build and Push Server
    needs: pre-job
-    if: ${{ fromJSON(needs.pre-job.outputs.should_run).server == true }}
-    uses: immich-app/devtools/.github/workflows/multi-runner-build.yml@47a2ee86898ccff51592d6572391fb1abcd7f782 # multi-runner-build-workflow-v2.0.1
+    if: ${{ needs.pre-job.outputs.should_run_server == 'true' }}
+    uses: immich-app/devtools/.github/workflows/multi-runner-build.yml@129aeda75a450666ce96e8bc8126652e717917a7 # multi-runner-build-workflow-0.1.1
    permissions:
      contents: read
      actions: read
--- a/.github/workflows/docs-build.yml
+++ b/.github/workflows/docs-build.yml
@@ -18,58 +18,48 @@ jobs:
    permissions:
      contents: read
    outputs:
-      should_run: ${{ steps.check.outputs.should_run }}
+      should_run: ${{ steps.found_paths.outputs.docs == 'true' || steps.found_paths.outputs.open-api == 'true' ||  steps.should_force.outputs.should_force == 'true' }}
    steps:
-      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
+      - name: Checkout code
+        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
        with:
-          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
-          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
-
-      - name: Check what should run
-        id: check
-        uses: immich-app/devtools/actions/pre-job@08bac802a312fc89808e0dd589271ca0974087b5 # pre-job-action-v2.0.0
+          persist-credentials: false
+      - id: found_paths
+        uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
        with:
-          github-token: ${{ steps.token.outputs.token }}
          filters: |
            docs:
              - 'docs/**'
+            workflow:
+              - '.github/workflows/docs-build.yml'
            open-api:
              - 'open-api/immich-openapi-specs.json'
-          force-filters: |
-            - '.github/workflows/docs-build.yml'
-          force-events: 'release'
-          force-branches: 'main'
+      - name: Check if we should force jobs to run
+        id: should_force
+        run: echo "should_force=${{ steps.found_paths.outputs.workflow == 'true' || github.event_name == 'release' || github.ref_name == 'main' }}" >> "$GITHUB_OUTPUT"

  build:
    name: Docs Build
    needs: pre-job
    permissions:
      contents: read
-    if: ${{ fromJSON(needs.pre-job.outputs.should_run).docs == true }}
+    if: ${{ needs.pre-job.outputs.should_run == 'true' }}
    runs-on: ubuntu-latest
    defaults:
      run:
        working-directory: ./docs

    steps:
-      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
-        with:
-          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
-          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
-
      - name: Checkout code
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
        with:
          persist-credentials: false
-          token: ${{ steps.token.outputs.token }}

      - name: Setup pnpm
-        uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0
+        uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0

      - name: Setup Node
-        uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
+        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
        with:
          node-version-file: './docs/.nvmrc'
          cache: 'pnpm'
--- a/.github/workflows/docs-deploy.yml
+++ b/.github/workflows/docs-deploy.yml
@@ -5,9 +5,6 @@ on:
    types:
      - completed

-env:
-  TG_NON_INTERACTIVE: 'true'
-
 jobs:
  checks:
    name: Docs Deploy Checks
@@ -19,19 +16,12 @@ jobs:
      parameters: ${{ steps.parameters.outputs.result }}
      artifact: ${{ steps.get-artifact.outputs.result }}
    steps:
-      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
-        with:
-          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
-          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
-
      - if: ${{ github.event.workflow_run.conclusion != 'success' }}
        run: echo 'The triggering workflow did not succeed' && exit 1
      - name: Get artifact
        id: get-artifact
-        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
+        uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7.1.0
        with:
-          github-token: ${{ steps.token.outputs.token }}
          script: |
            let allArtifacts = await github.rest.actions.listWorkflowRunArtifacts({
               owner: context.repo.owner,
@@ -48,11 +38,10 @@ jobs:
            return { found: true, id: matchArtifact.id };
      - name: Determine deploy parameters
        id: parameters
-        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
+        uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7.1.0
        env:
          HEAD_SHA: ${{ github.event.workflow_run.head_sha }}
        with:
-          github-token: ${{ steps.token.outputs.token }}
          script: |
            const eventType = context.payload.workflow_run.event;
            const isFork = context.payload.workflow_run.repository.fork;
@@ -118,28 +107,17 @@ jobs:
      pull-requests: write
    if: ${{ fromJson(needs.checks.outputs.artifact).found && fromJson(needs.checks.outputs.parameters).shouldDeploy }}
    steps:
-      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
-        with:
-          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
-          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
-
      - name: Checkout code
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
        with:
          persist-credentials: false
-          token: ${{ steps.token.outputs.token }}
-
-      - name: Setup Mise
-        uses: immich-app/devtools/actions/use-mise@cd24790a7f5f6439ac32cc94f5523cb2de8bfa8c # use-mise-action-v1.1.0

      - name: Load parameters
        id: parameters
-        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
+        uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7.1.0
        env:
          PARAM_JSON: ${{ needs.checks.outputs.parameters }}
        with:
-          github-token: ${{ steps.token.outputs.token }}
          script: |
            const parameters = JSON.parse(process.env.PARAM_JSON);
            core.setOutput("event", parameters.event);
@@ -147,11 +125,10 @@ jobs:
            core.setOutput("shouldDeploy", parameters.shouldDeploy);

      - name: Download artifact
-        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
+        uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7.1.0
        env:
          ARTIFACT_JSON: ${{ needs.checks.outputs.artifact }}
        with:
-          github-token: ${{ steps.token.outputs.token }}
          script: |
            let artifact = JSON.parse(process.env.ARTIFACT_JSON);
            let download = await github.rest.actions.downloadArtifact({
@@ -173,8 +150,12 @@ jobs:
          CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }}
          CLOUDFLARE_ACCOUNT_ID: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
          TF_STATE_POSTGRES_CONN_STR: ${{ secrets.TF_STATE_POSTGRES_CONN_STR }}
-        working-directory: 'deployment/modules/cloudflare/docs'
-        run: 'mise run tf apply'
+        uses: gruntwork-io/terragrunt-action@aee21a7df999be8b471c2a8564c6cd853cb674e1 # v2.1.8
+        with:
+          tg_version: '0.58.12'
+          tofu_version: '1.7.1'
+          tg_dir: 'deployment/modules/cloudflare/docs'
+          tg_command: 'apply'

      - name: Deploy Docs Subdomain Output
        id: docs-output
@@ -184,12 +165,20 @@ jobs:
          CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }}
          CLOUDFLARE_ACCOUNT_ID: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
          TF_STATE_POSTGRES_CONN_STR: ${{ secrets.TF_STATE_POSTGRES_CONN_STR }}
-        working-directory: 'deployment/modules/cloudflare/docs'
+        uses: gruntwork-io/terragrunt-action@aee21a7df999be8b471c2a8564c6cd853cb674e1 # v2.1.8
+        with:
+          tg_version: '0.58.12'
+          tofu_version: '1.7.1'
+          tg_dir: 'deployment/modules/cloudflare/docs'
+          tg_command: 'output -json'
+
+      - name: Output Cleaning
+        id: clean
+        env:
+          TG_OUTPUT: ${{ steps.docs-output.outputs.tg_action_output }}
        run: |
-          mise run tf output -- -json | jq -r '
-            "projectName=\(.pages_project_name.value)",
-            "subdomain=\(.immich_app_branch_subdomain.value)"
-          ' >> $GITHUB_OUTPUT
+          CLEANED=$(echo "$TG_OUTPUT" | sed 's|%0A|\n|g ; s|%3C|<|g' | jq -c .)
+          echo "output=$CLEANED" >> $GITHUB_OUTPUT

      - name: Publish to Cloudflare Pages
        # TODO: Action is deprecated
@@ -197,7 +186,7 @@ jobs:
        with:
          apiToken: ${{ secrets.CLOUDFLARE_API_TOKEN_PAGES_UPLOAD }}
          accountId: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
-          projectName: ${{ steps.docs-output.outputs.projectName }}
+          projectName: ${{ fromJson(steps.clean.outputs.output).pages_project_name.value }}
          workingDirectory: 'docs'
          directory: 'build'
          branch: ${{ steps.parameters.outputs.name }}
@@ -210,16 +199,19 @@ jobs:
          CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }}
          CLOUDFLARE_ACCOUNT_ID: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
          TF_STATE_POSTGRES_CONN_STR: ${{ secrets.TF_STATE_POSTGRES_CONN_STR }}
-        working-directory: 'deployment/modules/cloudflare/docs-release'
-        run: 'mise run tf apply'
+        uses: gruntwork-io/terragrunt-action@aee21a7df999be8b471c2a8564c6cd853cb674e1 # v2.1.8
+        with:
+          tg_version: '0.58.12'
+          tofu_version: '1.7.1'
+          tg_dir: 'deployment/modules/cloudflare/docs-release'
+          tg_command: 'apply'

      - name: Comment
        uses: actions-cool/maintain-one-comment@4b2dbf086015f892dcb5e8c1106f5fccd6c1476b # v3.2.0
        if: ${{ steps.parameters.outputs.event == 'pr' }}
        with:
-          token: ${{ steps.token.outputs.token }}
          number: ${{ fromJson(needs.checks.outputs.parameters).pr_number }}
          body: |
-            📖 Documentation deployed to [${{ steps.docs-output.outputs.subdomain }}](https://${{ steps.docs-output.outputs.subdomain }})
+            📖 Documentation deployed to [${{ fromJson(steps.clean.outputs.output).immich_app_branch_subdomain.value }}](https://${{ fromJson(steps.clean.outputs.output).immich_app_branch_subdomain.value }})
          emojis: 'rocket'
          body-include: '<!-- Docs PR URL -->'
--- a/.github/workflows/docs-destroy.yml
+++ b/.github/workflows/docs-destroy.yml
@@ -5,9 +5,6 @@ on:

 permissions: {}

-env:
-  TG_NON_INTERACTIVE: 'true'
-
 jobs:
  deploy:
    name: Docs Destroy
@@ -16,20 +13,10 @@ jobs:
      contents: read
      pull-requests: write
    steps:
-      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
-        with:
-          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
-          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
-
      - name: Checkout code
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
        with:
          persist-credentials: false
-          token: ${{ steps.token.outputs.token }}
-
-      - name: Setup Mise
-        uses: immich-app/devtools/actions/use-mise@cd24790a7f5f6439ac32cc94f5523cb2de8bfa8c # use-mise-action-v1.1.0

      - name: Destroy Docs Subdomain
        env:
@@ -38,13 +25,16 @@ jobs:
          CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }}
          CLOUDFLARE_ACCOUNT_ID: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
          TF_STATE_POSTGRES_CONN_STR: ${{ secrets.TF_STATE_POSTGRES_CONN_STR }}
-        working-directory: 'deployment/modules/cloudflare/docs'
-        run: 'mise run tf destroy -- -refresh=false'
+        uses: gruntwork-io/terragrunt-action@aee21a7df999be8b471c2a8564c6cd853cb674e1 # v2.1.8
+        with:
+          tg_version: '0.58.12'
+          tofu_version: '1.7.1'
+          tg_dir: 'deployment/modules/cloudflare/docs'
+          tg_command: 'destroy -refresh=false'

      - name: Comment
        uses: actions-cool/maintain-one-comment@4b2dbf086015f892dcb5e8c1106f5fccd6c1476b # v3.2.0
        with:
-          token: ${{ steps.token.outputs.token }}
          number: ${{ github.event.number }}
          delete: true
          body-include: '<!-- Docs PR URL -->'
--- a/.github/workflows/fix-format.yml
+++ b/.github/workflows/fix-format.yml
@@ -16,30 +16,30 @@ jobs:
    steps:
      - name: Generate a token
        id: generate-token
-        uses: actions/create-github-app-token@67018539274d69449ef7c02e8e71183d1719ab42 # v2.1.4
+        uses: actions/create-github-app-token@a8d616148505b5069dccd32f177bb87d7f39123b # v2.1.1
        with:
          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}

      - name: 'Checkout'
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
        with:
          ref: ${{ github.event.pull_request.head.ref }}
          token: ${{ steps.generate-token.outputs.token }}
          persist-credentials: true

      - name: Setup pnpm
-        uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0
+        uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0

      - name: Setup Node
-        uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
+        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
        with:
          node-version-file: './server/.nvmrc'
          cache: 'pnpm'
          cache-dependency-path: '**/pnpm-lock.yaml'

      - name: Fix formatting
-        run: pnpm --recursive install && pnpm run --recursive --parallel fix:format
+        run: make install-all && make format-all

      - name: Commit and push
        uses: EndBug/add-and-commit@a94899bca583c204427a224a7af87c02f9b325d5 # v9.1.4
@@ -48,10 +48,9 @@ jobs:
          message: 'chore: fix formatting'

      - name: Remove label
-        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
+        uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7.1.0
        if: always()
        with:
-          github-token: ${{ steps.generate-token.outputs.token }}
          script: |
            github.rest.issues.removeLabel({
              issue_number: context.payload.pull_request.number,
--- a/.github/workflows/merge-translations.yml
+++ b/.github/workflows/merge-translations.yml
@@ -10,11 +10,6 @@ on:
        required: true
      WEBLATE_TOKEN:
        required: true
-    inputs:
-      skip:
-        description: 'Skip translations'
-        required: false
-        type: boolean

 permissions: {}

@@ -28,19 +23,10 @@ jobs:
    permissions:
      pull-requests: write
    steps:
-      - name: Generate a token
-        id: generate_token
-        if: ${{ inputs.skip != true }}
-        uses: actions/create-github-app-token@67018539274d69449ef7c02e8e71183d1719ab42 # v2.1.4
-        with:
-          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
-          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
-
      - name: Find translation PR
        id: find_pr
-        if: ${{ inputs.skip != true }}
        env:
-          GH_TOKEN: ${{ steps.generate_token.outputs.token }}
+          GH_TOKEN: ${{ github.token }}
        run: |
          set -euo pipefail

@@ -63,15 +49,20 @@ jobs:
            exit 1
          fi

+      - name: Generate a token
+        id: generate_token
+        uses: actions/create-github-app-token@a8d616148505b5069dccd32f177bb87d7f39123b # v2.1.1
+        with:
+          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
+          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
+
      - name: Lock weblate
-        if: ${{ inputs.skip != true }}
        env:
          WEBLATE_TOKEN: ${{ secrets.WEBLATE_TOKEN }}
        run: |
          curl --fail-with-body -X POST -H "Authorization: Token $WEBLATE_TOKEN" "$WEBLATE_HOST/api/components/$WEBLATE_COMPONENT/lock/" -d lock=true

      - name: Commit translations
-        if: ${{ inputs.skip != true }}
        env:
          WEBLATE_TOKEN: ${{ secrets.WEBLATE_TOKEN }}
        run: |
@@ -80,7 +71,6 @@ jobs:

      - name: Merge PR
        id: merge_pr
-        if: ${{ inputs.skip != true }}
        env:
          GH_TOKEN: ${{ steps.generate_token.outputs.token }}
          PR_NUMBER: ${{ steps.find_pr.outputs.PR_NUMBER }}
@@ -93,7 +83,6 @@ jobs:
          gh pr merge "$PR_NUMBER" --repo "$GITHUB_REPOSITORY" --auto --squash

      - name: Wait for PR to merge
-        if: ${{ inputs.skip != true }}
        env:
          GH_TOKEN: ${{ steps.generate_token.outputs.token }}
          PR_NUMBER: ${{ steps.find_pr.outputs.PR_NUMBER }}
@@ -117,12 +106,7 @@ jobs:
          exit 1

      - name: Unlock weblate
-        if: ${{ inputs.skip != true }}
        env:
          WEBLATE_TOKEN: ${{ secrets.WEBLATE_TOKEN }}
        run: |
          curl --fail-with-body -X POST -H "Authorization: Token $WEBLATE_TOKEN" "$WEBLATE_HOST/api/components/$WEBLATE_COMPONENT/lock/" -d lock=false
-
-      - name: Report success
-        run: |
-          echo "Workflow completed successfully (or was skipped)"
--- a/.github/workflows/pr-label-validation.yml
+++ b/.github/workflows/pr-label-validation.yml
@@ -13,16 +13,9 @@ jobs:
      issues: write
      pull-requests: write
    steps:
-      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
-        with:
-          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
-          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
-
      - name: Require PR to have a changelog label
        uses: mheap/github-action-required-labels@8afbe8ae6ab7647d0c9f0cfa7c2f939650d22509 # v5.5.1
        with:
-          token: ${{ steps.token.outputs.token }}
          mode: exactly
          count: 1
          use_regex: true
--- a/.github/workflows/pr-labeler.yml
+++ b/.github/workflows/pr-labeler.yml
@@ -11,12 +11,4 @@ jobs:
      pull-requests: write
    runs-on: ubuntu-latest
    steps:
-      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
-        with:
-          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
-          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
-
-      - uses: actions/labeler@634933edcd8ababfe52f92936142cc22ac488b1b # v6.0.1
-        with:
-          repo-token: ${{ steps.token.outputs.token }}
+      - uses: actions/labeler@8558fd74291d67161a8a78ce36a881fa63b766a9 # v5.0.0
--- a/.github/workflows/prepare-release.yml
+++ b/.github/workflows/prepare-release.yml
@@ -10,17 +10,12 @@ on:
        type: choice
        options:
          - 'false'
-          - major
          - minor
          - patch
      mobileBump:
        description: 'Bump mobile build number'
        required: false
        type: boolean
-      skipTranslations:
-        description: 'Skip translations'
-        required: false
-        type: boolean

 concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}-root
@@ -31,8 +26,6 @@ permissions: {}
 jobs:
  merge_translations:
    uses: ./.github/workflows/merge-translations.yml
-    with:
-      skip: ${{ inputs.skipTranslations }}
    permissions:
      pull-requests: write
    secrets:
@@ -42,33 +35,31 @@ jobs:

  bump_version:
    runs-on: ubuntu-latest
-    needs: [merge_translations]
    outputs:
      ref: ${{ steps.push-tag.outputs.commit_long_sha }}
    permissions: {} # No job-level permissions are needed because it uses the app-token
    steps:
      - name: Generate a token
        id: generate-token
-        uses: actions/create-github-app-token@67018539274d69449ef7c02e8e71183d1719ab42 # v2.1.4
+        uses: actions/create-github-app-token@a8d616148505b5069dccd32f177bb87d7f39123b # v2.1.1
        with:
          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}

      - name: Checkout
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
        with:
          token: ${{ steps.generate-token.outputs.token }}
          persist-credentials: true
-          ref: main

      - name: Install uv
-        uses: astral-sh/setup-uv@2ddd2b9cb38ad8efd50337e8ab201519a34c9f24 # v7.1.1
+        uses: astral-sh/setup-uv@d4b2f3b6ecc6e67c4457f6d3e41ec42d3d0fcb86 # v5.4.2

      - name: Setup pnpm
-        uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0
+        uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0

      - name: Setup Node
-        uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
+        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
        with:
          node-version-file: './server/.nvmrc'
          cache: 'pnpm'
@@ -101,7 +92,6 @@ jobs:
      ANDROID_STORE_PASSWORD: ${{ secrets.ANDROID_STORE_PASSWORD }}
    with:
      ref: ${{ needs.bump_version.outputs.ref }}
-      environment: production

  prepare_release:
    runs-on: ubuntu-latest
@@ -112,25 +102,24 @@ jobs:
    steps:
      - name: Generate a token
        id: generate-token
-        uses: actions/create-github-app-token@67018539274d69449ef7c02e8e71183d1719ab42 # v2.1.4
+        uses: actions/create-github-app-token@a8d616148505b5069dccd32f177bb87d7f39123b # v2.1.1
        with:
          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}

      - name: Checkout
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
        with:
          token: ${{ steps.generate-token.outputs.token }}
          persist-credentials: false

      - name: Download APK
-        uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
+        uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
        with:
          name: release-apk-signed
-          github-token: ${{ steps.generate-token.outputs.token }}

      - name: Create draft release
-        uses: softprops/action-gh-release@6da8fa9354ddfdc4aeace5fc48d7f679b5214090 # v2.4.1
+        uses: softprops/action-gh-release@72f2c25fcb47643c292f7107632f7a47c1df5cd8 # v2.3.2
        with:
          draft: true
          tag_name: ${{ env.IMMICH_VERSION }}
--- a/.github/workflows/preview-label.yaml
+++ b/.github/workflows/preview-label.yaml
@@ -13,17 +13,10 @@ jobs:
    permissions:
      pull-requests: write
    steps:
-      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
-        with:
-          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
-          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
-
      - uses: mshick/add-pr-comment@b8f338c590a895d50bcbfa6c5859251edc8952fc # v2.8.2
        with:
-          github-token: ${{ steps.token.outputs.token }}
          message-id: 'preview-status'
-          message: 'Deploying preview environment to https://pr-${{ github.event.pull_request.number }}.preview.internal.immich.build/'
+          message: 'Deploying preview environment to https://pr-${{ github.event.pull_request.number }}.preview.internal.immich.cloud/'

  remove-label:
    runs-on: ubuntu-latest
@@ -31,15 +24,8 @@ jobs:
    permissions:
      pull-requests: write
    steps:
-      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
+      - uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7.1.0
        with:
-          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
-          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
-
-      - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
-        with:
-          github-token: ${{ steps.token.outputs.token }}
          script: |
            github.rest.issues.removeLabel({
              issue_number: context.payload.pull_request.number,
@@ -51,13 +37,11 @@ jobs:
      - uses: mshick/add-pr-comment@b8f338c590a895d50bcbfa6c5859251edc8952fc # v2.8.2
        if: ${{ github.event.pull_request.head.repo.fork }}
        with:
-          github-token: ${{ steps.token.outputs.token }}
          message-id: 'preview-status'
          message: 'PRs from forks cannot have preview environments.'

      - uses: mshick/add-pr-comment@b8f338c590a895d50bcbfa6c5859251edc8952fc # v2.8.2
        if: ${{ !github.event.pull_request.head.repo.fork }}
        with:
-          github-token: ${{ steps.token.outputs.token }}
          message-id: 'preview-status'
          message: 'Preview environment has been removed.'
--- a/.github/workflows/sdk.yml
+++ b/.github/workflows/sdk.yml
@@ -16,22 +16,15 @@ jobs:
      run:
        working-directory: ./open-api/typescript-sdk
    steps:
-      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
-        with:
-          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
-          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
-
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
        with:
          persist-credentials: false
-          token: ${{ steps.token.outputs.token }}

      - name: Setup pnpm
-        uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0
+        uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0

      # Setup .npmrc file to publish to npm
-      - uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
+      - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
        with:
          node-version-file: './open-api/typescript-sdk/.nvmrc'
          registry-url: 'https://registry.npmjs.org'
@@ -42,6 +35,6 @@ jobs:
      - name: Build
        run: pnpm build
      - name: Publish
-        run: pnpm publish --no-git-checks
+        run: pnpm publish
        env:
          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
--- a/.github/workflows/static_analysis.yml
+++ b/.github/workflows/static_analysis.yml
@@ -17,30 +17,28 @@ jobs:
    permissions:
      contents: read
    outputs:
-      should_run: ${{ steps.check.outputs.should_run }}
+      should_run: ${{ steps.found_paths.outputs.mobile == 'true' || steps.should_force.outputs.should_force == 'true' }}
    steps:
-      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
+      - name: Checkout code
+        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
        with:
-          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
-          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
-
-      - name: Check what should run
-        id: check
-        uses: immich-app/devtools/actions/pre-job@08bac802a312fc89808e0dd589271ca0974087b5 # pre-job-action-v2.0.0
+          persist-credentials: false
+      - id: found_paths
+        uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
        with:
-          github-token: ${{ steps.token.outputs.token }}
          filters: |
            mobile:
              - 'mobile/**'
-          force-filters: |
-            - '.github/workflows/static_analysis.yml'
-          force-events: 'workflow_dispatch,release'
+            workflow:
+              - '.github/workflows/static_analysis.yml'
+      - name: Check if we should force jobs to run
+        id: should_force
+        run: echo "should_force=${{ steps.found_paths.outputs.workflow == 'true' || github.event_name == 'release' }}" >> "$GITHUB_OUTPUT"

  mobile-dart-analyze:
    name: Run Dart Code Analysis
    needs: pre-job
-    if: ${{ fromJSON(needs.pre-job.outputs.should_run).mobile == true }}
+    if: ${{ needs.pre-job.outputs.should_run == 'true' }}
    runs-on: ubuntu-latest
    permissions:
      contents: read
@@ -48,17 +46,10 @@ jobs:
      run:
        working-directory: ./mobile
    steps:
-      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
-        with:
-          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
-          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
-
      - name: Checkout code
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
        with:
          persist-credentials: false
-          token: ${{ steps.token.outputs.token }}

      - name: Setup Flutter SDK
        uses: subosito/flutter-action@fd55f4c5af5b953cc57a2be44cb082c8f6635e8e # v2.21.0
@@ -72,7 +63,7 @@ jobs:
      - name: Install DCM
        uses: CQLabs/setup-dcm@8697ae0790c0852e964a6ef1d768d62a6675481a # v2.0.1
        with:
-          github-token: ${{ steps.token.outputs.token }}
+          github-token: ${{ secrets.GITHUB_TOKEN }}
          version: auto
          working-directory: ./mobile

@@ -109,9 +100,8 @@ jobs:
      - name: Run dart format
        run: make format

-      # TODO: Re-enable after upgrading custom_lint
-      # - name: Run dart custom_lint
-      #   run: dart run custom_lint
+      - name: Run dart custom_lint
+        run: dart run custom_lint

      # TODO: Use https://github.com/CQLabs/dcm-action
      - name: Run DCM
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -14,19 +14,24 @@ jobs:
    permissions:
      contents: read
    outputs:
-      should_run: ${{ steps.check.outputs.should_run }}
+      should_run_i18n: ${{ steps.found_paths.outputs.i18n == 'true' || steps.should_force.outputs.should_force == 'true' }}
+      should_run_web: ${{ steps.found_paths.outputs.web == 'true' || steps.should_force.outputs.should_force == 'true' }}
+      should_run_server: ${{ steps.found_paths.outputs.server == 'true' || steps.should_force.outputs.should_force == 'true' }}
+      should_run_cli: ${{ steps.found_paths.outputs.cli == 'true' || steps.should_force.outputs.should_force == 'true' }}
+      should_run_e2e: ${{ steps.found_paths.outputs.e2e == 'true' || steps.should_force.outputs.should_force == 'true' }}
+      should_run_mobile: ${{ steps.found_paths.outputs.mobile == 'true' || steps.should_force.outputs.should_force == 'true' }}
+      should_run_ml: ${{ steps.found_paths.outputs.machine-learning == 'true' || steps.should_force.outputs.should_force == 'true' }}
+      should_run_e2e_web: ${{ steps.found_paths.outputs.e2e == 'true' || steps.found_paths.outputs.web == 'true' || steps.should_force.outputs.should_force == 'true' }}
+      should_run_e2e_server_cli: ${{ steps.found_paths.outputs.e2e == 'true' || steps.found_paths.outputs.server == 'true' || steps.found_paths.outputs.cli == 'true' || steps.should_force.outputs.should_force == 'true' }}
+      should_run_.github: ${{ steps.found_paths.outputs['.github'] == 'true' || steps.should_force.outputs.should_force == 'true' }} # redundant to have should_force but if someone changes the trigger then this won't have to be changed
    steps:
-      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
+      - name: Checkout code
+        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
        with:
-          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
-          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
-
-      - name: Check what should run
-        id: check
-        uses: immich-app/devtools/actions/pre-job@08bac802a312fc89808e0dd589271ca0974087b5 # pre-job-action-v2.0.0
+          persist-credentials: false
+      - id: found_paths
+        uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
        with:
-          github-token: ${{ steps.token.outputs.token }}
          filters: |
            i18n:
              - 'i18n/**'
@@ -45,16 +50,17 @@ jobs:
              - 'mobile/**'
            machine-learning:
              - 'machine-learning/**'
+            workflow:
+              - '.github/workflows/test.yml'
            .github:
              - '.github/**'
-          force-filters: |
-            - '.github/workflows/test.yml'
-          force-events: 'workflow_dispatch'
-
+      - name: Check if we should force jobs to run
+        id: should_force
+        run: echo "should_force=${{ steps.found_paths.outputs.workflow == 'true' || github.event_name == 'workflow_dispatch' }}" >> "$GITHUB_OUTPUT"
  server-unit-tests:
    name: Test & Lint Server
    needs: pre-job
-    if: ${{ fromJSON(needs.pre-job.outputs.should_run).server == true }}
+    if: ${{ needs.pre-job.outputs.should_run_server == 'true' }}
    runs-on: ubuntu-latest
    permissions:
      contents: read
@@ -62,22 +68,14 @@ jobs:
      run:
        working-directory: ./server
    steps:
-      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
-        with:
-          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
-          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
-
      - name: Checkout code
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
        with:
          persist-credentials: false
-          token: ${{ steps.token.outputs.token }}
-
      - name: Setup pnpm
-        uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0
+        uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0
      - name: Setup Node
-        uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
+        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
        with:
          node-version-file: './server/.nvmrc'
          cache: 'pnpm'
@@ -99,7 +97,7 @@ jobs:
  cli-unit-tests:
    name: Unit Test CLI
    needs: pre-job
-    if: ${{ fromJSON(needs.pre-job.outputs.should_run).cli == true }}
+    if: ${{ needs.pre-job.outputs.should_run_cli == 'true' }}
    runs-on: ubuntu-latest
    permissions:
      contents: read
@@ -107,21 +105,14 @@ jobs:
      run:
        working-directory: ./cli
    steps:
-      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
-        with:
-          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
-          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
-
      - name: Checkout code
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
        with:
          persist-credentials: false
-          token: ${{ steps.token.outputs.token }}
      - name: Setup pnpm
-        uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0
+        uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0
      - name: Setup Node
-        uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
+        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
        with:
          node-version-file: './cli/.nvmrc'
          cache: 'pnpm'
@@ -146,7 +137,7 @@ jobs:
  cli-unit-tests-win:
    name: Unit Test CLI (Windows)
    needs: pre-job
-    if: ${{ fromJSON(needs.pre-job.outputs.should_run).cli == true }}
+    if: ${{ needs.pre-job.outputs.should_run_cli == 'true' }}
    runs-on: windows-latest
    permissions:
      contents: read
@@ -154,21 +145,14 @@ jobs:
      run:
        working-directory: ./cli
    steps:
-      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
-        with:
-          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
-          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
-
      - name: Checkout code
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
        with:
          persist-credentials: false
-          token: ${{ steps.token.outputs.token }}
      - name: Setup pnpm
-        uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0
+        uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0
      - name: Setup Node
-        uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
+        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
        with:
          node-version-file: './cli/.nvmrc'
          cache: 'pnpm'
@@ -188,7 +172,7 @@ jobs:
  web-lint:
    name: Lint Web
    needs: pre-job
-    if: ${{ fromJSON(needs.pre-job.outputs.should_run).web == true }}
+    if: ${{ needs.pre-job.outputs.should_run_web == 'true' }}
    runs-on: mich
    permissions:
      contents: read
@@ -196,21 +180,14 @@ jobs:
      run:
        working-directory: ./web
    steps:
-      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
-        with:
-          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
-          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
-
      - name: Checkout code
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
        with:
          persist-credentials: false
-          token: ${{ steps.token.outputs.token }}
      - name: Setup pnpm
-        uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0
+        uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0
      - name: Setup Node
-        uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
+        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
        with:
          node-version-file: './web/.nvmrc'
          cache: 'pnpm'
@@ -221,7 +198,7 @@ jobs:
      - name: Run pnpm install
        run: pnpm rebuild && pnpm install --frozen-lockfile
      - name: Run linter
-        run: pnpm lint
+        run: pnpm lint:p
        if: ${{ !cancelled() }}
      - name: Run formatter
        run: pnpm format
@@ -232,7 +209,7 @@ jobs:
  web-unit-tests:
    name: Test Web
    needs: pre-job
-    if: ${{ fromJSON(needs.pre-job.outputs.should_run).web == true }}
+    if: ${{ needs.pre-job.outputs.should_run_web == 'true' }}
    runs-on: ubuntu-latest
    permissions:
      contents: read
@@ -240,21 +217,14 @@ jobs:
      run:
        working-directory: ./web
    steps:
-      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
-        with:
-          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
-          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
-
      - name: Checkout code
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
        with:
          persist-credentials: false
-          token: ${{ steps.token.outputs.token }}
      - name: Setup pnpm
-        uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0
+        uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0
      - name: Setup Node
-        uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
+        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
        with:
          node-version-file: './web/.nvmrc'
          cache: 'pnpm'
@@ -273,26 +243,19 @@ jobs:
  i18n-tests:
    name: Test i18n
    needs: pre-job
-    if: ${{ fromJSON(needs.pre-job.outputs.should_run).i18n == true }}
+    if: ${{ needs.pre-job.outputs.should_run_i18n == 'true' }}
    runs-on: ubuntu-latest
    permissions:
      contents: read
    steps:
-      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
-        with:
-          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
-          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
-
      - name: Checkout code
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
        with:
          persist-credentials: false
-          token: ${{ steps.token.outputs.token }}
      - name: Setup pnpm
-        uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0
+        uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0
      - name: Setup Node
-        uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
+        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
        with:
          node-version-file: './web/.nvmrc'
          cache: 'pnpm'
@@ -318,7 +281,7 @@ jobs:
  e2e-tests-lint:
    name: End-to-End Lint
    needs: pre-job
-    if: ${{ fromJSON(needs.pre-job.outputs.should_run).e2e == true }}
+    if: ${{ needs.pre-job.outputs.should_run_e2e == 'true' }}
    runs-on: ubuntu-latest
    permissions:
      contents: read
@@ -326,21 +289,14 @@ jobs:
      run:
        working-directory: ./e2e
    steps:
-      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
-        with:
-          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
-          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
-
      - name: Checkout code
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
        with:
          persist-credentials: false
-          token: ${{ steps.token.outputs.token }}
      - name: Setup pnpm
-        uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0
+        uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0
      - name: Setup Node
-        uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
+        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
        with:
          node-version-file: './e2e/.nvmrc'
          cache: 'pnpm'
@@ -364,7 +320,7 @@ jobs:
  server-medium-tests:
    name: Medium Tests (Server)
    needs: pre-job
-    if: ${{ fromJSON(needs.pre-job.outputs.should_run).server == true }}
+    if: ${{ needs.pre-job.outputs.should_run_server == 'true' }}
    runs-on: ubuntu-latest
    permissions:
      contents: read
@@ -372,21 +328,14 @@ jobs:
      run:
        working-directory: ./server
    steps:
-      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
-        with:
-          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
-          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
-
      - name: Checkout code
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
        with:
          persist-credentials: false
-          token: ${{ steps.token.outputs.token }}
      - name: Setup pnpm
-        uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0
+        uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0
      - name: Setup Node
-        uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
+        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
        with:
          node-version-file: './server/.nvmrc'
          cache: 'pnpm'
@@ -399,7 +348,7 @@ jobs:
  e2e-tests-server-cli:
    name: End-to-End Tests (Server & CLI)
    needs: pre-job
-    if: ${{ fromJSON(needs.pre-job.outputs.should_run).e2e == true || fromJSON(needs.pre-job.outputs.should_run).server == true || fromJSON(needs.pre-job.outputs.should_run).cli == true }}
+    if: ${{ needs.pre-job.outputs.should_run_e2e_server_cli == 'true' }}
    runs-on: ${{ matrix.runner }}
    permissions:
      contents: read
@@ -410,22 +359,15 @@ jobs:
      matrix:
        runner: [ubuntu-latest, ubuntu-24.04-arm]
    steps:
-      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
-        with:
-          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
-          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
-
      - name: Checkout code
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
        with:
          persist-credentials: false
          submodules: 'recursive'
-          token: ${{ steps.token.outputs.token }}
      - name: Setup pnpm
-        uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0
+        uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0
      - name: Setup Node
-        uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
+        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
        with:
          node-version-file: './e2e/.nvmrc'
          cache: 'pnpm'
@@ -454,7 +396,7 @@ jobs:
  e2e-tests-web:
    name: End-to-End Tests (Web)
    needs: pre-job
-    if: ${{ fromJSON(needs.pre-job.outputs.should_run).e2e == true || fromJSON(needs.pre-job.outputs.should_run).web == true }}
+    if: ${{ needs.pre-job.outputs.should_run_e2e_web == 'true' }}
    runs-on: ${{ matrix.runner }}
    permissions:
      contents: read
@@ -465,22 +407,15 @@ jobs:
      matrix:
        runner: [ubuntu-latest, ubuntu-24.04-arm]
    steps:
-      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
-        with:
-          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
-          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
-
      - name: Checkout code
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
        with:
          persist-credentials: false
          submodules: 'recursive'
-          token: ${{ steps.token.outputs.token }}
      - name: Setup pnpm
-        uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0
+        uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0
      - name: Setup Node
-        uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
+        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
        with:
          node-version-file: './e2e/.nvmrc'
          cache: 'pnpm'
@@ -514,21 +449,14 @@ jobs:
  mobile-unit-tests:
    name: Unit Test Mobile
    needs: pre-job
-    if: ${{ fromJSON(needs.pre-job.outputs.should_run).mobile == true }}
+    if: ${{ needs.pre-job.outputs.should_run_mobile == 'true' }}
    runs-on: ubuntu-latest
    permissions:
      contents: read
    steps:
-      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
-        with:
-          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
-          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
-
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
        with:
          persist-credentials: false
-          token: ${{ steps.token.outputs.token }}
      - name: Setup Flutter SDK
        uses: subosito/flutter-action@fd55f4c5af5b953cc57a2be44cb082c8f6635e8e # v2.21.0
        with:
@@ -543,7 +471,7 @@ jobs:
  ml-unit-tests:
    name: Unit Test ML
    needs: pre-job
-    if: ${{ fromJSON(needs.pre-job.outputs.should_run).machine-learning == true }}
+    if: ${{ needs.pre-job.outputs.should_run_ml == 'true' }}
    runs-on: ubuntu-latest
    permissions:
      contents: read
@@ -551,19 +479,12 @@ jobs:
      run:
        working-directory: ./machine-learning
    steps:
-      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
-        with:
-          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
-          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
-
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
        with:
          persist-credentials: false
-          token: ${{ steps.token.outputs.token }}
      - name: Install uv
-        uses: astral-sh/setup-uv@2ddd2b9cb38ad8efd50337e8ab201519a34c9f24 # v7.1.1
-      - uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
+        uses: astral-sh/setup-uv@d4b2f3b6ecc6e67c4457f6d3e41ec42d3d0fcb86 # v5.4.2
+      - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
        # TODO: add caching when supported (https://github.com/actions/setup-python/pull/818)
        # with:
        #   python-version: 3.11
@@ -586,7 +507,7 @@ jobs:
  github-files-formatting:
    name: .github Files Formatting
    needs: pre-job
-    if: ${{ fromJSON(needs.pre-job.outputs.should_run)['.github'] == true }}
+    if: ${{ needs.pre-job.outputs['should_run_.github'] == 'true' }}
    runs-on: ubuntu-latest
    permissions:
      contents: read
@@ -594,21 +515,14 @@ jobs:
      run:
        working-directory: ./.github
    steps:
-      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
-        with:
-          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
-          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
-
      - name: Checkout code
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
        with:
          persist-credentials: false
-          token: ${{ steps.token.outputs.token }}
      - name: Setup pnpm
-        uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0
+        uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0
      - name: Setup Node
-        uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
+        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
        with:
          node-version-file: './.github/.nvmrc'
          cache: 'pnpm'
@@ -624,16 +538,9 @@ jobs:
    permissions:
      contents: read
    steps:
-      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
-        with:
-          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
-          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
-
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
        with:
          persist-credentials: false
-          token: ${{ steps.token.outputs.token }}
      - name: Run ShellCheck
        uses: ludeeus/action-shellcheck@00cae500b08a931fb5698e11e79bfbd38e612a38 # 2.0.0
        with:
@@ -645,21 +552,14 @@ jobs:
    permissions:
      contents: read
    steps:
-      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
-        with:
-          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
-          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
-
      - name: Checkout code
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
        with:
          persist-credentials: false
-          token: ${{ steps.token.outputs.token }}
      - name: Setup pnpm
-        uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0
+        uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0
      - name: Setup Node
-        uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
+        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
        with:
          node-version-file: './server/.nvmrc'
          cache: 'pnpm'
@@ -694,7 +594,7 @@ jobs:
      contents: read
    services:
      postgres:
-        image: ghcr.io/immich-app/postgres:14-vectorchord0.4.3@sha256:dbf18b3ffea4a81434c65b71e20d27203baf903a0275f4341e4c16dfd901fd67
+        image: ghcr.io/immich-app/postgres:14-vectorchord0.4.3@sha256:4f7ee144d4738ad02f6d9376defed7a767b748d185d47eba241578c26a63064b
        env:
          POSTGRES_PASSWORD: postgres
          POSTGRES_USER: postgres
@@ -707,21 +607,14 @@ jobs:
      run:
        working-directory: ./server
    steps:
-      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
-        with:
-          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
-          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
-
      - name: Checkout code
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
        with:
          persist-credentials: false
-          token: ${{ steps.token.outputs.token }}
      - name: Setup pnpm
-        uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0
+        uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0
      - name: Setup Node
-        uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
+        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
        with:
          node-version-file: './server/.nvmrc'
          cache: 'pnpm'
--- a/.github/workflows/weblate-lock.yml
+++ b/.github/workflows/weblate-lock.yml
@@ -21,42 +21,30 @@ jobs:
    permissions:
      contents: read
    outputs:
-      should_run: ${{ steps.check.outputs.should_run }}
+      should_run: ${{ steps.found_paths.outputs.i18n == 'true' }}
    steps:
-      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
+      - name: Checkout code
+        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
        with:
-          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
-          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
-
-      - name: Check what should run
-        id: check
-        uses: immich-app/devtools/actions/pre-job@08bac802a312fc89808e0dd589271ca0974087b5 # pre-job-action-v2.0.0
+          persist-credentials: false
+      - id: found_paths
+        uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
        with:
-          github-token: ${{ steps.token.outputs.token }}
          filters: |
            i18n:
              - 'i18n/!(en)**\.json'
-          exclude-branches: 'chore/translations'
-          skip-force-logic: 'true'

  enforce-lock:
    name: Check Weblate Lock
    needs: [pre-job]
    runs-on: ubuntu-latest
    permissions: {}
-    if: ${{ fromJSON(needs.pre-job.outputs.should_run).i18n == true }}
+    if: ${{ needs.pre-job.outputs.should_run == 'true' }}
    steps:
-      - id: token
-        uses: immich-app/devtools/actions/create-workflow-token@da177fa133657503ddb7503f8ba53dccefec5da1 # create-workflow-token-action-v1.0.0
-        with:
-          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
-          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
-
      - name: Bot review status
        env:
          PR_NUMBER: ${{ github.event.pull_request.number || github.event.pull_request_review.pull_request.number }}
-          GH_TOKEN: ${{ steps.token.outputs.token }}
+          GH_TOKEN: ${{ github.token }}
        run: |
          # Then check for APPROVED by the bot, if absent fail
          gh pr view "$PR_NUMBER" --repo "$GITHUB_REPOSITORY" --json reviews | jq -e '.reviews | map(select(.author.login == env.BOT_NAME and .state == "APPROVED")) | length > 0' \
--- a/.gitignore
+++ b/.gitignore
@@ -18,7 +18,6 @@ mobile/libisar.dylib
 mobile/openapi/test
 mobile/openapi/doc
 mobile/openapi/.openapi-generator/FILES
-mobile/ios/build

 open-api/typescript-sdk/build
 mobile/android/fastlane/report.xml
--- a/.vscode/launch.json
+++ b/.vscode/launch.json
@@ -18,20 +18,6 @@
      "name": "Immich Workers",
      "remoteRoot": "/usr/src/app/server",
      "localRoot": "${workspaceFolder}/server"
-    },
-    {
-      "type": "node",
-      "request": "launch",
-      "name": "Immich CLI",
-      "program": "${workspaceFolder}/cli/dist/index.js",
-      "args": ["upload", "--help"],
-      "runtimeArgs": ["--enable-source-maps"],
-      "console": "integratedTerminal",
-      "resolveSourceMapLocations": ["${workspaceFolder}/cli/dist/**/*.js.map"],
-      "sourceMaps": true,
-      "outFiles": ["${workspaceFolder}/cli/dist/**/*.js"],
-      "skipFiles": ["<node_internals>/**"],
-      "preLaunchTask": "Build Immich CLI"
    }
  ]
 }
--- a/.vscode/tasks.json
+++ b/.vscode/tasks.json
@@ -5,7 +5,6 @@
      "label": "Fix Permissions, Install Dependencies",
      "type": "shell",
      "command": "[ -f /immich-devcontainer/container-start.sh ] && /immich-devcontainer/container-start.sh || exit 0",
-      "isBackground": true,
      "presentation": {
        "echo": true,
        "reveal": "always",
@@ -26,7 +25,6 @@
      "dependsOn": ["Fix Permissions, Install Dependencies"],
      "type": "shell",
      "command": "[ -f /immich-devcontainer/container-start-backend.sh ] && /immich-devcontainer/container-start-backend.sh || exit 0",
-      "isBackground": true,
      "presentation": {
        "echo": true,
        "reveal": "always",
@@ -47,7 +45,6 @@
      "dependsOn": ["Fix Permissions, Install Dependencies"],
      "type": "shell",
      "command": "[ -f /immich-devcontainer/container-start-frontend.sh ] && /immich-devcontainer/container-start-frontend.sh || exit 0",
-      "isBackground": true,
      "presentation": {
        "echo": true,
        "reveal": "always",
@@ -70,11 +67,6 @@
        "runOn": "folderOpen"
      },
      "problemMatcher": []
-    },
-    {
-      "label": "Build Immich CLI",
-      "type": "shell",
-      "command": "pnpm --filter cli build:dev"
    }
  ]
 }
--- a/1
+++ b/1
@@ -4,4 +4,3 @@
 /web/ @danieldietzler
 /machine-learning/ @mertalev
 /e2e/ @danieldietzler
-/mobile/ @shenlong-tanwen
--- a/2
+++ b/2
@@ -91,6 +91,8 @@ format-%:
 	pnpm --filter $(call map-package,$*) run format:fix
 lint-%:
 	pnpm --filter $(call map-package,$*) run lint:fix
+lint-web:
+	pnpm --filter $(call map-package,$*) run lint:p
 check-%:
 	pnpm --filter $(call map-package,$*) run check
 check-web:
--- a/README.md
+++ b/README.md
@@ -28,8 +28,7 @@
  <a href="readme_i18n/README_de_DE.md">Deutsch</a>
  <a href="readme_i18n/README_nl_NL.md">Nederlands</a>
  <a href="readme_i18n/README_tr_TR.md">Türkçe</a>
-  <a href="readme_i18n/README_zh_CN.md">简体中文</a>
-  <a href="readme_i18n/README_zh_TW.md">正體中文</a>
+  <a href="readme_i18n/README_zh_CN.md">中文</a>
  <a href="readme_i18n/README_uk_UA.md">Українська</a>
  <a href="readme_i18n/README_ru_RU.md">Русский</a>
  <a href="readme_i18n/README_pt_BR.md">Português Brasileiro</a>
@@ -39,25 +38,26 @@
  <a href="readme_i18n/README_th_TH.md">ภาษาไทย</a>
 </p>

+## Disclaimer

-> [!WARNING]
-> ⚠️ Always follow [3-2-1](https://www.backblaze.com/blog/the-3-2-1-backup-strategy/) backup plan for your precious photos and videos!
-> 
- 
+- ⚠️ The project is under **very active** development.
+- ⚠️ Expect bugs and breaking changes.
+- ⚠️ **Do not use the app as the only way to store your photos and videos.**
+- ⚠️ Always follow [3-2-1](https://www.backblaze.com/blog/the-3-2-1-backup-strategy/) backup plan for your precious photos and videos!

 > [!NOTE]
 > You can find the main documentation, including installation guides, at https://immich.app/.

 ## Links

- [Documentation](https://docs.immich.app/)
- [About](https://docs.immich.app/overview/introduction)
- [Installation](https://docs.immich.app/install/requirements)
+- [Documentation](https://immich.app/docs)
+- [About](https://immich.app/docs/overview/introduction)
+- [Installation](https://immich.app/docs/install/requirements)
 - [Roadmap](https://immich.app/roadmap)
 - [Demo](#demo)
 - [Features](#features)
- [Translations](https://docs.immich.app/developer/translations)
- [Contributing](https://docs.immich.app/overview/support-the-project)
+- [Translations](https://immich.app/docs/developer/translations)
+- [Contributing](https://immich.app/docs/overview/support-the-project)

 ## Demo

@@ -106,7 +106,7 @@ Access the demo [here](https://demo.immich.app). For the mobile app, you can use

 ## Translations

-Read more about translations [here](https://docs.immich.app/developer/translations).
+Read more about translations [here](https://immich.app/docs/developer/translations).

 <a href="https://hosted.weblate.org/engage/immich/">
 <img src="https://hosted.weblate.org/widget/immich/immich/multi-auto.svg" alt="Translation status" />
--- a/cli/.nvmrc
+++ b/cli/.nvmrc
@@ -1 +1 @@
-24.11.0
+22.19.0
--- a/cli/README.md
+++ b/cli/README.md
@@ -1,38 +1,30 @@
 A command-line interface for interfacing with the self-hosted photo manager [Immich](https://immich.app/).

-Please see the [Immich CLI documentation](https://docs.immich.app/features/command-line-interface).
+Please see the [Immich CLI documentation](https://immich.app/docs/features/command-line-interface).

 # For developers

 Before building the CLI, you must build the immich server and the open-api client. To build the server run the following in the server folder:

-    $ pnpm install
-    $ pnpm run build
+    $ npm install
+    $ npm run build

 Then, to build the open-api client run the following in the open-api folder:

    $ ./bin/generate-open-api.sh

-## Run from build
+To run the Immich CLI from source, run the following in the cli folder:

-Go to the cli folder and build it:
+    $ npm install
+    $ npm run build
+    $ ts-node .

-    $ pnpm install
-    $ pnpm run build
-    $ node dist/index.js
+You'll need ts-node, the easiest way to install it is to use npm:

-## Run and Debug from source (VSCode)
-
-With VScode you can run and debug the Immich CLI. Go to the launch.json file, find the Immich CLI config and change this with the command you need to debug
-
-`"args": ["upload", "--help"],`
-
-replace that for the command of your choice.
-
-## Install from build
+    $ npm i -g ts-node

 You can also build and install the CLI using

-    $ pnpm run build
-    $ pnpm install -g .
+    $ npm run build
+    $ npm install -g .
 ****
--- a/cli/package.json
+++ b/cli/package.json
@@ -1,6 +1,6 @@
 {
  "name": "@immich/cli",
-  "version": "2.2.99",
+  "version": "2.2.90",
  "description": "Command Line Interface (CLI) for Immich",
  "type": "module",
  "exports": "./dist/index.js",
@@ -20,7 +20,7 @@
    "@types/lodash-es": "^4.17.12",
    "@types/micromatch": "^4.0.9",
    "@types/mock-fs": "^4.13.1",
-    "@types/node": "^22.18.12",
+    "@types/node": "^22.18.1",
    "@vitest/coverage-v8": "^3.0.0",
    "byte-size": "^9.0.0",
    "cli-progress": "^3.12.0",
@@ -43,7 +43,6 @@
  },
  "scripts": {
    "build": "vite build",
-    "build:dev": "vite build --sourcemap true",
    "lint": "eslint \"src/**/*.ts\" --max-warnings 0",
    "lint:fix": "npm run lint -- --fix",
    "prepack": "npm run build",
@@ -69,6 +68,6 @@
    "micromatch": "^4.0.8"
  },
  "volta": {
-    "node": "24.11.0"
+    "node": "22.19.0"
  }
 }
--- a/cli/src/commands/asset.spec.ts
+++ b/cli/src/commands/asset.spec.ts
@@ -271,7 +271,7 @@ describe('startWatch', () => {
    });
  });

-  it('should filter out ignored patterns', async () => {
+  it('should filger out ignored patterns', async () => {
    const testFilePath = path.join(testFolder, 'test.jpg');
    const ignoredPattern = 'ignored';
    const ignoredFolder = path.join(testFolder, ignoredPattern);
--- a/cli/src/commands/asset.ts
+++ b/cli/src/commands/asset.ts
@@ -37,7 +37,6 @@ export interface UploadOptionsDto {
  dryRun?: boolean;
  skipHash?: boolean;
  delete?: boolean;
-  deleteDuplicates?: boolean;
  album?: boolean;
  albumName?: string;
  includeHidden?: boolean;
@@ -71,8 +70,10 @@ const uploadBatch = async (files: string[], options: UploadOptionsDto) => {
    console.log(JSON.stringify({ newFiles, duplicates, newAssets }, undefined, 4));
  }
  await updateAlbums([...newAssets, ...duplicates], options);
-
-  await deleteFiles(newAssets, duplicates, options);
+  await deleteFiles(
+    newAssets.map(({ filepath }) => filepath),
+    options,
+  );
 };

 export const startWatch = async (
@@ -405,46 +406,28 @@ const uploadFile = async (input: string, stats: Stats): Promise<AssetMediaRespon
  return response.json();
 };

-const deleteFiles = async (uploaded: Asset[], duplicates: Asset[], options: UploadOptionsDto): Promise<void> => {
-  let fileCount = 0;
-  if (options.delete) {
-    fileCount += uploaded.length;
-  }
-
-  if (options.deleteDuplicates) {
-    fileCount += duplicates.length;
-  }
-
-  if (options.dryRun) {
-    console.log(`Would have deleted ${fileCount} local asset${s(fileCount)}`);
+const deleteFiles = async (files: string[], options: UploadOptionsDto): Promise<void> => {
+  if (!options.delete) {
    return;
  }

-  if (fileCount === 0) {
+  if (options.dryRun) {
+    console.log(`Would have deleted ${files.length} local asset${s(files.length)}`);
    return;
  }

  console.log('Deleting assets that have been uploaded...');
+
  const deletionProgress = new SingleBar(
    { format: 'Deleting local assets | {bar} | {percentage}% | ETA: {eta}s | {value}/{total} assets' },
    Presets.shades_classic,
  );
-  deletionProgress.start(fileCount, 0);
-
-  const chunkDelete = async (files: Asset[]) => {
-    for (const assetBatch of chunk(files, options.concurrency)) {
-      await Promise.all(assetBatch.map((input: Asset) => unlink(input.filepath)));
-      deletionProgress.update(assetBatch.length);
-    }
-  };
+  deletionProgress.start(files.length, 0);

  try {
-    if (options.delete) {
-      await chunkDelete(uploaded);
-    }
-
-    if (options.deleteDuplicates) {
-      await chunkDelete(duplicates);
+    for (const assetBatch of chunk(files, options.concurrency)) {
+      await Promise.all(assetBatch.map((input: string) => unlink(input)));
+      deletionProgress.update(assetBatch.length);
    }
  } finally {
    deletionProgress.stop();
--- a/cli/src/index.ts
+++ b/cli/src/index.ts
@@ -8,7 +8,6 @@ import { serverInfo } from 'src/commands/server-info';
 import { version } from '../package.json';

 const defaultConfigDirectory = path.join(os.homedir(), '.config/immich/');
-const defaultConcurrency = Math.max(1, os.cpus().length - 1);

 const program = new Command()
  .name('immich')
@@ -67,7 +66,7 @@ program
  .addOption(
    new Option('-c, --concurrency <number>', 'Number of assets to upload at the same time')
      .env('IMMICH_UPLOAD_CONCURRENCY')
-      .default(defaultConcurrency),
+      .default(4),
  )
  .addOption(
    new Option('-j, --json-output', 'Output detailed information in json format')
@@ -75,11 +74,6 @@ program
      .default(false),
  )
  .addOption(new Option('--delete', 'Delete local assets after upload').env('IMMICH_DELETE_ASSETS'))
-  .addOption(
-    new Option('--delete-duplicates', 'Delete local assets that are duplicates (already exist on server)').env(
-      'IMMICH_DELETE_DUPLICATES',
-    ),
-  )
  .addOption(new Option('--no-progress', 'Hide progress bars').env('IMMICH_PROGRESS_BAR').default(true))
  .addOption(
    new Option('--watch', 'Watch for changes and upload automatically')
--- a/deployment/.env
+++ b/deployment/.env
@@ -1,4 +0,0 @@
-export CLOUDFLARE_ACCOUNT_ID="op://tf/cloudflare/account_id"
-export CLOUDFLARE_API_TOKEN="op://tf/cloudflare/api_token"
-export TF_STATE_POSTGRES_CONN_STR="op://tf/tf_state/postgres_conn_str"
-export TF_VAR_env=$ENVIRONMENT
--- a/deployment/modules/cloudflare/docs-release/.terraform.lock.hcl
+++ b/deployment/modules/cloudflare/docs-release/.terraform.lock.hcl
@@ -2,37 +2,37 @@
 # Manual edits may be lost in future updates.

 provider "registry.opentofu.org/cloudflare/cloudflare" {
-  version     = "4.52.5"
-  constraints = "4.52.5"
+  version     = "4.52.3"
+  constraints = "4.52.3"
  hashes = [
-    "h1:+rfzF+16ZcWZWnTyW/p1HHTzYbPKX8Zt2nIFtR/+f+E=",
-    "h1:18bXaaOSq8MWKuMxo/4y7EB7/i7G90y5QsKHZRmkoDo=",
-    "h1:4vZVOpKeEQZsF2VrARRZFeL37Ed/gD4rRMtfnvWQres=",
-    "h1:BZOsTF83QPKXTAaYqxPKzdl1KRjk/L2qbPpFjM0w28A=",
-    "h1:CDuC+HXLvc1z6wkCRsSDcc/+QENIHEtssYshiWg3opA=",
-    "h1:DE+YFzLnqSe79pI2R4idRGx5QzLdrA7RXvngTkGfZ30=",
-    "h1:DfaJwH3Ml4yrRbdAY4AcDVy0QTQk5T3A622TXzS/u2E=",
-    "h1:EIDXP0W3kgIv2pecrFmqtK/DnlqkyckzBzhxKaXU+4A=",
-    "h1:EV4kYyaOnwGA0bh/3hU6Ezqnt1PFDxopH7i85e48IzY=",
-    "h1:M0iXabfzamU+MPDi0G9XACpbacFKMakmM+Z9HZ8HrsM=",
-    "h1:YWmCbGF/KbsrUzcYVBLscwLizidbp95TDQa0N2qpmVo=",
-    "h1:cxPcCB5gbrpUO1+IXkQYs1YTY50/0IlApCzGea0cwuQ=",
-    "h1:g6DldikTV2HXUu9uoeNY5FuLufgaYWF4ufgZg7wq62s=",
-    "h1:oi/Hrx9pwoQ+Z52CBC+rrowVH387EIj0qvnxQgDeI+0=",
-    "zh:1a3400cb38863b2585968d1876706bcfc67a148e1318a1d325c6c7704adc999b",
-    "zh:4c5062cb9e9da1676f06ae92b8370186d98976cc4c7030d3cd76df12af54282a",
-    "zh:52110f493b5f0587ef77a1cfd1a67001fd4c617b14c6502d732ab47352bdc2f7",
-    "zh:5aa536f9eaeb43823aaf2aa80e7d39b25ef2b383405ed034aa16a28b446a9238",
-    "zh:5cc39459a1c6be8a918f17054e4fbba573825ed5597dcada588fe99614d98a5b",
-    "zh:629ae6a7ba298815131da826474d199312d21cec53a4d5ded4fa56a692e6f072",
-    "zh:719cc7c75dc1d3eb30c22ff5102a017996d9788b948078c7e1c5b3446aeca661",
-    "zh:8698635a3ca04383c1e93b21d6963346bdae54d27177a48e4b1435b7f731731c",
+    "h1:3jU62KY4Oj3xzMwkTQWon1nlIvFkgTCqI93IzUGaa0c=",
+    "h1:BWimtYXrvbzbbuoVcyobjQnXjjOb9X69JFTw+GuPxfk=",
+    "h1:C/KvLEm8dVQ6zG2X4asLDtmw2JW/xu7E8MddtaXniO0=",
+    "h1:Doo0xcLFf+CnfDWjsA7G1NvSLURuwcgyVy8k0NF1gJA=",
+    "h1:Gc3FGDtR8lUWsi9VImnnE5/USDXiIwYsv4Hbl+d2lwY=",
+    "h1:HsDY6s1gup5fW9TeuTUy85QMIld1nDOUFlwsfxIq1ig=",
+    "h1:MnHkB56E4b/kT6WZigsZJnB5rgnCfDVbrLBNxIsEXPY=",
+    "h1:O/FUQEqhtknJNdsaMbIBi2pLWBds2VvN5FsTVVntzb0=",
+    "h1:OKQBynkp0J5DIf5FOl/NR3S2rvh89pY+t5wevYxdTJs=",
+    "h1:On+vPsYV8U/J/8wFZPXjeAgNJqFFQj42vNOKuNKURkY=",
+    "h1:SPkrMRJahxK0uum7FnUugbGN/JepHMH8M71DBtYrvG0=",
+    "h1:bEh1ASPMiin3F36+hTfjMQTBnuDl2DzjzSCdova3JEM=",
+    "h1:dtIK+x5Q1sh5SMPaHBHXhL9XDIqbRW0EBmVZ+KHQB8E=",
+    "h1:kZcwWfODMWWyauZ66oaO/X+xXkqBtrbYwfUFEtspwEc=",
+    "zh:53946fce4a631f1d98c61550821c88edede9169dfe5cc254e09a2ab207f76b3f",
+    "zh:61654a21f1dd4331492d4ef77e9ebff066bc01e1281f92b925e5697c9138d681",
+    "zh:6a54e9d129b276f052a2f1b73ad0b8735fe6a7403c6a8f6aa111e525eeefaf35",
+    "zh:7692374e655c346a630b5a7cd776c5e0b2388900dcd7ab69a3af85d0c31c6c43",
    "zh:890df766e9b839623b1f0437355032a3c006226a6c200cd911e15ee1a9014e9f",
-    "zh:8a9993f1dcadf1dd6ca43b23348abe374605d29945a2fafc07fb3457644e6a54",
-    "zh:b1b9a1e6bcc24d5863a664a411d2dc906373ae7a2399d2d65548ce7377057852",
-    "zh:b270184cdeec277218e84b94cb136fead753da717f9b9dc378e51907f3f00bb0",
-    "zh:dff2bc10071210181726ce270f954995fe42c696e61e2e8f874021fed02521e5",
-    "zh:e8e87b40b6a87dc097b0fdc20d3f725cec0d82abc9cc3755c1f89f8f6e8b0036",
-    "zh:ee964a6573d399a5dd22ce328fb38ca1207797a02248f14b2e4913ee390e7803",
+    "zh:8fe5b792a4d2b1c3a0e573649642962494faa00299baa6aaf813b9a43203dc02",
+    "zh:a0f403a4862df90f09de65c6e939d6cfd069a8dda2dd33f82948bf6f5f1124ef",
+    "zh:a25dc3eb60777b600f8f125d321fe7c50b811c5302b58e9a727ceb749a04e35d",
+    "zh:a2f2ac7dc703c69d2e8c67c9cb5620b5348cb4fd6b98515fbe3f478517b56602",
+    "zh:d452e7bd24445ee14166470cf50f3aca566d46cab5f26f1c5c988c0f3106b697",
+    "zh:e10a52b0294735659eb3f0821ad2006ec097918efe58d31d37a5e3c47efef5f6",
+    "zh:e28dd0954cef9f05adf4d4b440d6f134f605344dfa56307181996675e6550af2",
+    "zh:f1e3b2f43a472280442f01ba71a3c06c9167432e553381132ea5c4a77e0b6dd5",
+    "zh:f71fd63718d38fd43829861e91fe79e16d7b4c7c3d508ae3d077368d89b8e5a0",
+    "zh:faf8d3da4b819c4ae8e565d2b1a684c6a948a086cb299189a5e7b30b2178409d",
  ]
 }
--- a/deployment/modules/cloudflare/docs-release/config.tf
+++ b/deployment/modules/cloudflare/docs-release/config.tf
@@ -5,7 +5,7 @@ terraform {
  required_providers {
    cloudflare = {
      source = "cloudflare/cloudflare"
-      version = "4.52.5"
+      version = "4.52.3"
    }
  }
 }
--- a/deployment/modules/cloudflare/docs-release/domain.tf
+++ b/deployment/modules/cloudflare/docs-release/domain.tf
@@ -1,11 +1,11 @@
 resource "cloudflare_pages_domain" "immich_app_release_domain" {
  account_id   = var.cloudflare_account_id
  project_name = data.terraform_remote_state.cloudflare_account.outputs.immich_app_archive_pages_project_name
-  domain       = "docs.immich.app"
+  domain       = "immich.app"
 }

 resource "cloudflare_record" "immich_app_release_domain" {
-  name = "docs.immich.app"
+  name = "immich.app"
  proxied = true
  ttl = 1
  type = "CNAME"
--- a/deployment/modules/cloudflare/docs/.terraform.lock.hcl
+++ b/deployment/modules/cloudflare/docs/.terraform.lock.hcl
@@ -2,37 +2,37 @@
 # Manual edits may be lost in future updates.

 provider "registry.opentofu.org/cloudflare/cloudflare" {
-  version     = "4.52.5"
-  constraints = "4.52.5"
+  version     = "4.52.3"
+  constraints = "4.52.3"
  hashes = [
-    "h1:+rfzF+16ZcWZWnTyW/p1HHTzYbPKX8Zt2nIFtR/+f+E=",
-    "h1:18bXaaOSq8MWKuMxo/4y7EB7/i7G90y5QsKHZRmkoDo=",
-    "h1:4vZVOpKeEQZsF2VrARRZFeL37Ed/gD4rRMtfnvWQres=",
-    "h1:BZOsTF83QPKXTAaYqxPKzdl1KRjk/L2qbPpFjM0w28A=",
-    "h1:CDuC+HXLvc1z6wkCRsSDcc/+QENIHEtssYshiWg3opA=",
-    "h1:DE+YFzLnqSe79pI2R4idRGx5QzLdrA7RXvngTkGfZ30=",
-    "h1:DfaJwH3Ml4yrRbdAY4AcDVy0QTQk5T3A622TXzS/u2E=",
-    "h1:EIDXP0W3kgIv2pecrFmqtK/DnlqkyckzBzhxKaXU+4A=",
-    "h1:EV4kYyaOnwGA0bh/3hU6Ezqnt1PFDxopH7i85e48IzY=",
-    "h1:M0iXabfzamU+MPDi0G9XACpbacFKMakmM+Z9HZ8HrsM=",
-    "h1:YWmCbGF/KbsrUzcYVBLscwLizidbp95TDQa0N2qpmVo=",
-    "h1:cxPcCB5gbrpUO1+IXkQYs1YTY50/0IlApCzGea0cwuQ=",
-    "h1:g6DldikTV2HXUu9uoeNY5FuLufgaYWF4ufgZg7wq62s=",
-    "h1:oi/Hrx9pwoQ+Z52CBC+rrowVH387EIj0qvnxQgDeI+0=",
-    "zh:1a3400cb38863b2585968d1876706bcfc67a148e1318a1d325c6c7704adc999b",
-    "zh:4c5062cb9e9da1676f06ae92b8370186d98976cc4c7030d3cd76df12af54282a",
-    "zh:52110f493b5f0587ef77a1cfd1a67001fd4c617b14c6502d732ab47352bdc2f7",
-    "zh:5aa536f9eaeb43823aaf2aa80e7d39b25ef2b383405ed034aa16a28b446a9238",
-    "zh:5cc39459a1c6be8a918f17054e4fbba573825ed5597dcada588fe99614d98a5b",
-    "zh:629ae6a7ba298815131da826474d199312d21cec53a4d5ded4fa56a692e6f072",
-    "zh:719cc7c75dc1d3eb30c22ff5102a017996d9788b948078c7e1c5b3446aeca661",
-    "zh:8698635a3ca04383c1e93b21d6963346bdae54d27177a48e4b1435b7f731731c",
+    "h1:3jU62KY4Oj3xzMwkTQWon1nlIvFkgTCqI93IzUGaa0c=",
+    "h1:BWimtYXrvbzbbuoVcyobjQnXjjOb9X69JFTw+GuPxfk=",
+    "h1:C/KvLEm8dVQ6zG2X4asLDtmw2JW/xu7E8MddtaXniO0=",
+    "h1:Doo0xcLFf+CnfDWjsA7G1NvSLURuwcgyVy8k0NF1gJA=",
+    "h1:Gc3FGDtR8lUWsi9VImnnE5/USDXiIwYsv4Hbl+d2lwY=",
+    "h1:HsDY6s1gup5fW9TeuTUy85QMIld1nDOUFlwsfxIq1ig=",
+    "h1:MnHkB56E4b/kT6WZigsZJnB5rgnCfDVbrLBNxIsEXPY=",
+    "h1:O/FUQEqhtknJNdsaMbIBi2pLWBds2VvN5FsTVVntzb0=",
+    "h1:OKQBynkp0J5DIf5FOl/NR3S2rvh89pY+t5wevYxdTJs=",
+    "h1:On+vPsYV8U/J/8wFZPXjeAgNJqFFQj42vNOKuNKURkY=",
+    "h1:SPkrMRJahxK0uum7FnUugbGN/JepHMH8M71DBtYrvG0=",
+    "h1:bEh1ASPMiin3F36+hTfjMQTBnuDl2DzjzSCdova3JEM=",
+    "h1:dtIK+x5Q1sh5SMPaHBHXhL9XDIqbRW0EBmVZ+KHQB8E=",
+    "h1:kZcwWfODMWWyauZ66oaO/X+xXkqBtrbYwfUFEtspwEc=",
+    "zh:53946fce4a631f1d98c61550821c88edede9169dfe5cc254e09a2ab207f76b3f",
+    "zh:61654a21f1dd4331492d4ef77e9ebff066bc01e1281f92b925e5697c9138d681",
+    "zh:6a54e9d129b276f052a2f1b73ad0b8735fe6a7403c6a8f6aa111e525eeefaf35",
+    "zh:7692374e655c346a630b5a7cd776c5e0b2388900dcd7ab69a3af85d0c31c6c43",
    "zh:890df766e9b839623b1f0437355032a3c006226a6c200cd911e15ee1a9014e9f",
-    "zh:8a9993f1dcadf1dd6ca43b23348abe374605d29945a2fafc07fb3457644e6a54",
-    "zh:b1b9a1e6bcc24d5863a664a411d2dc906373ae7a2399d2d65548ce7377057852",
-    "zh:b270184cdeec277218e84b94cb136fead753da717f9b9dc378e51907f3f00bb0",
-    "zh:dff2bc10071210181726ce270f954995fe42c696e61e2e8f874021fed02521e5",
-    "zh:e8e87b40b6a87dc097b0fdc20d3f725cec0d82abc9cc3755c1f89f8f6e8b0036",
-    "zh:ee964a6573d399a5dd22ce328fb38ca1207797a02248f14b2e4913ee390e7803",
+    "zh:8fe5b792a4d2b1c3a0e573649642962494faa00299baa6aaf813b9a43203dc02",
+    "zh:a0f403a4862df90f09de65c6e939d6cfd069a8dda2dd33f82948bf6f5f1124ef",
+    "zh:a25dc3eb60777b600f8f125d321fe7c50b811c5302b58e9a727ceb749a04e35d",
+    "zh:a2f2ac7dc703c69d2e8c67c9cb5620b5348cb4fd6b98515fbe3f478517b56602",
+    "zh:d452e7bd24445ee14166470cf50f3aca566d46cab5f26f1c5c988c0f3106b697",
+    "zh:e10a52b0294735659eb3f0821ad2006ec097918efe58d31d37a5e3c47efef5f6",
+    "zh:e28dd0954cef9f05adf4d4b440d6f134f605344dfa56307181996675e6550af2",
+    "zh:f1e3b2f43a472280442f01ba71a3c06c9167432e553381132ea5c4a77e0b6dd5",
+    "zh:f71fd63718d38fd43829861e91fe79e16d7b4c7c3d508ae3d077368d89b8e5a0",
+    "zh:faf8d3da4b819c4ae8e565d2b1a684c6a948a086cb299189a5e7b30b2178409d",
  ]
 }
--- a/deployment/modules/cloudflare/docs/config.tf
+++ b/deployment/modules/cloudflare/docs/config.tf
@@ -5,7 +5,7 @@ terraform {
  required_providers {
    cloudflare = {
      source = "cloudflare/cloudflare"
-      version = "4.52.5"
+      version = "4.52.3"
    }
  }
 }
--- a/deployment/modules/cloudflare/docs/domain.tf
+++ b/deployment/modules/cloudflare/docs/domain.tf
@@ -1,11 +1,11 @@
 resource "cloudflare_pages_domain" "immich_app_branch_domain" {
  account_id   = var.cloudflare_account_id
  project_name = local.is_release ? data.terraform_remote_state.cloudflare_account.outputs.immich_app_archive_pages_project_name : data.terraform_remote_state.cloudflare_account.outputs.immich_app_preview_pages_project_name
-  domain       = "docs.${var.prefix_name}.${local.deploy_domain_prefix}.immich.app"
+  domain       = "${var.prefix_name}.${local.deploy_domain_prefix}.immich.app"
 }

 resource "cloudflare_record" "immich_app_branch_subdomain" {
-  name    = "docs.${var.prefix_name}.${local.deploy_domain_prefix}.immich.app"
+  name    = "${var.prefix_name}.${local.deploy_domain_prefix}.immich.app"
  proxied = true
  ttl     = 1
  type    = "CNAME"
--- a/docker/docker-compose.dev.yml
+++ b/docker/docker-compose.dev.yml
@@ -1,5 +1,5 @@
 #
-# WARNING: To install Immich, follow our guide: https://docs.immich.app/install/docker-compose
+# WARNING: To install Immich, follow our guide: https://immich.app/docs/install/docker-compose
 #
 # Make sure to use the docker-compose.yml of the current release:
 #
@@ -8,8 +8,8 @@
 # The compose file on main may not be compatible with the latest release.

 # For development see:
-# - https://docs.immich.app/developer/setup
-# - https://docs.immich.app/developer/troubleshooting
+# - https://immich.app/docs/developer/setup
+# - https://immich.app/docs/developer/troubleshooting

 name: immich-dev

@@ -55,8 +55,8 @@ services:
      IMMICH_BUILD_IMAGE_URL: https://github.com/immich-app/immich/pkgs/container/immich-server
      IMMICH_THIRD_PARTY_SOURCE_URL: https://github.com/immich-app/immich/
      IMMICH_THIRD_PARTY_BUG_FEATURE_URL: https://github.com/immich-app/immich/issues
-      IMMICH_THIRD_PARTY_DOCUMENTATION_URL: https://docs.immich.app
-      IMMICH_THIRD_PARTY_SUPPORT_URL: https://docs.immich.app/community-guides
+      IMMICH_THIRD_PARTY_DOCUMENTATION_URL: https://immich.app/docs
+      IMMICH_THIRD_PARTY_SUPPORT_URL: https://immich.app/docs/community-guides
    ulimits:
      nofile:
        soft: 1048576
@@ -122,7 +122,7 @@ services:
    ports:
      - 3003:3003
    volumes:
-      - ../machine-learning/immich_ml:/usr/src/immich_ml
+      - ../machine-learning:/usr/src/app
      - model-cache:/cache
    env_file:
      - .env
@@ -134,13 +134,13 @@ services:

  redis:
    container_name: immich_redis
-    image: docker.io/valkey/valkey:8@sha256:81db6d39e1bba3b3ff32bd3a1b19a6d69690f94a3954ec131277b9a26b95b3aa
+    image: docker.io/valkey/valkey:8-bookworm@sha256:fea8b3e67b15729d4bb70589eb03367bab9ad1ee89c876f54327fc7c6e618571
    healthcheck:
      test: redis-cli ping || exit 1

  database:
    container_name: immich_postgres
-    image: ghcr.io/immich-app/postgres:14-vectorchord0.4.3-pgvectors0.2.0@sha256:bcf63357191b76a916ae5eb93464d65c07511da41e3bf7a8416db519b40b1c23
+    image: ghcr.io/immich-app/postgres:14-vectorchord0.4.3-pgvectors0.2.0@sha256:c44be5f2871c59362966d71eab4268170eb6f5653c0e6170184e72b38ffdf107
    env_file:
      - .env
    environment:
--- a/docker/docker-compose.prod.yml
+++ b/docker/docker-compose.prod.yml
@@ -1,5 +1,5 @@
 #
-# WARNING: To install Immich, follow our guide: https://docs.immich.app/install/docker-compose
+# WARNING: To install Immich, follow our guide: https://immich.app/docs/install/docker-compose
 #
 # Make sure to use the docker-compose.yml of the current release:
 #
@@ -56,14 +56,14 @@ services:

  redis:
    container_name: immich_redis
-    image: docker.io/valkey/valkey:8@sha256:81db6d39e1bba3b3ff32bd3a1b19a6d69690f94a3954ec131277b9a26b95b3aa
+    image: docker.io/valkey/valkey:8-bookworm@sha256:fea8b3e67b15729d4bb70589eb03367bab9ad1ee89c876f54327fc7c6e618571
    healthcheck:
      test: redis-cli ping || exit 1
    restart: always

  database:
    container_name: immich_postgres
-    image: ghcr.io/immich-app/postgres:14-vectorchord0.4.3-pgvectors0.2.0@sha256:bcf63357191b76a916ae5eb93464d65c07511da41e3bf7a8416db519b40b1c23
+    image: ghcr.io/immich-app/postgres:14-vectorchord0.4.3-pgvectors0.2.0@sha256:c44be5f2871c59362966d71eab4268170eb6f5653c0e6170184e72b38ffdf107
    env_file:
      - .env
    environment:
@@ -83,7 +83,7 @@ services:
    container_name: immich_prometheus
    ports:
      - 9090:9090
-    image: prom/prometheus@sha256:23031bfe0e74a13004252caaa74eccd0d62b6c6e7a04711d5b8bf5b7e113adc7
+    image: prom/prometheus@sha256:63805ebb8d2b3920190daf1cb14a60871b16fd38bed42b857a3182bc621f4996
    volumes:
      - ./prometheus.yml:/etc/prometheus/prometheus.yml
      - prometheus-data:/prometheus
@@ -95,7 +95,7 @@ services:
    command: ['./run.sh', '-disable-reporting']
    ports:
      - 3000:3000
-    image: grafana/grafana:12.2.1-ubuntu@sha256:797530c642f7b41ba7848c44cfda5e361ef1f3391a98bed1e5d448c472b6826a
+    image: grafana/grafana:12.1.1-ubuntu@sha256:d1da838234ff2de93e0065ee1bf0e66d38f948dcc5d718c25fa6237e14b4424a
    volumes:
      - grafana-data:/var/lib/grafana

--- a/docker/docker-compose.yml
+++ b/docker/docker-compose.yml
@@ -1,5 +1,5 @@
 #
-# WARNING: To install Immich, follow our guide: https://docs.immich.app/install/docker-compose
+# WARNING: To install Immich, follow our guide: https://immich.app/docs/install/docker-compose
 #
 # Make sure to use the docker-compose.yml of the current release:
 #
@@ -36,7 +36,7 @@ services:
    # For hardware acceleration, add one of -[armnn, cuda, rocm, openvino, rknn] to the image tag.
    # Example tag: ${IMMICH_VERSION:-release}-cuda
    image: ghcr.io/immich-app/immich-machine-learning:${IMMICH_VERSION:-release}
-    # extends: # uncomment this section for hardware acceleration - see https://docs.immich.app/features/ml-hardware-acceleration
+    # extends: # uncomment this section for hardware acceleration - see https://immich.app/docs/features/ml-hardware-acceleration
    #   file: hwaccel.ml.yml
    #   service: cpu # set to one of [armnn, cuda, rocm, openvino, openvino-wsl, rknn] for accelerated inference - use the `-wsl` version for WSL2 where applicable
    volumes:
@@ -49,14 +49,14 @@ services:

  redis:
    container_name: immich_redis
-    image: docker.io/valkey/valkey:8@sha256:81db6d39e1bba3b3ff32bd3a1b19a6d69690f94a3954ec131277b9a26b95b3aa
+    image: docker.io/valkey/valkey:8-bookworm@sha256:fea8b3e67b15729d4bb70589eb03367bab9ad1ee89c876f54327fc7c6e618571
    healthcheck:
      test: redis-cli ping || exit 1
    restart: always

  database:
    container_name: immich_postgres
-    image: ghcr.io/immich-app/postgres:14-vectorchord0.4.3-pgvectors0.2.0@sha256:bcf63357191b76a916ae5eb93464d65c07511da41e3bf7a8416db519b40b1c23
+    image: ghcr.io/immich-app/postgres:14-vectorchord0.4.3-pgvectors0.2.0@sha256:c44be5f2871c59362966d71eab4268170eb6f5653c0e6170184e72b38ffdf107
    environment:
      POSTGRES_PASSWORD: ${DB_PASSWORD}
      POSTGRES_USER: ${DB_USERNAME}
--- a/docker/example.env
+++ b/docker/example.env
@@ -1,4 +1,4 @@
-# You can find documentation for all the supported env variables at https://docs.immich.app/install/environment-variables
+# You can find documentation for all the supported env variables at https://immich.app/docs/install/environment-variables

 # The location where your uploaded files are stored
 UPLOAD_LOCATION=./library
@@ -9,8 +9,8 @@ DB_DATA_LOCATION=./postgres
 # To set a timezone, uncomment the next line and change Etc/UTC to a TZ identifier from this list: https://en.wikipedia.org/wiki/List_of_tz_database_time_zones#List
 # TZ=Etc/UTC

-# The Immich version to use. You can pin this to a specific version like "v2.1.0"
-IMMICH_VERSION=v2
+# The Immich version to use. You can pin this to a specific version like "v1.71.0"
+IMMICH_VERSION=release

 # Connection secret for postgres. You should change it to a random password
 # Please use only the characters `A-Za-z0-9`, without special characters or spaces
--- a/docker/hwaccel.ml.yml
+++ b/docker/hwaccel.ml.yml
@@ -4,7 +4,7 @@
 # you can inline the config for a backend by copying its contents
 # into the immich-machine-learning service in the docker-compose.yml file.

-# See https://docs.immich.app/features/ml-hardware-acceleration for info on usage.
+# See https://immich.app/docs/features/ml-hardware-acceleration for info on usage.

 services:
  armnn:
--- a/docker/hwaccel.transcoding.yml
+++ b/docker/hwaccel.transcoding.yml
@@ -4,7 +4,7 @@
 # you can inline the config for a backend by copying its contents
 # into the immich-microservices service in the docker-compose.yml file.

-# See https://docs.immich.app/features/hardware-transcoding for more info on using hardware transcoding.
+# See https://immich.app/docs/features/hardware-transcoding for more info on using hardware transcoding.

 services:
  cpu: {}
--- a/docs/.nvmrc
+++ b/docs/.nvmrc
@@ -1 +1 @@
-24.11.0
+22.19.0
--- a/docs/blog/2022/11-10/release-1.36.mdx
+++ b/docs/blog/2022/11-10/release-1.36.mdx
@@ -0,0 +1,110 @@
+---
+slug: release-1-36
+title: Release v1.36.0
+authors: [alextran]
+tags: [release]
+date: 2022-11-10
+---
+
+Hello everyone, it is my pleasure to deliver the new release of Immich to you. The team has been working hard to bring you the new features and improvements. This release includes some big features that the community has been asking since the beginning of Immich. We hope you will enjoy it.
+
+Some notable features are:
+
+- OAuth integration
+- LivePhoto support on iOS
+- User config system
+
+<!--truncate-->
+
+## LivePhoto iOS Support 🎉
+
+LivePhoto on iOS is now supported in Immich.
+
+The motion part will now be uploaded and can be played on the mobile app and the web.
+
+:::caution
+
+- The server and the app has to be on version **1.36.x** for the application to work correctly.
+- Previous uploaded photos will not be updated automatically, you will have to remove and reupload them if you want to keep the LivePhoto functionality.
+
+:::
+
+<img
+  src="https://media.giphy.com/media/fTrGceZd7t1ewi8ESc/giphy.gif"
+  width="100%"
+  style={{
+    borderRadius: '10px',
+    boxShadow: 'rgba(9, 30, 66, 0.25) 0px 1px 1px, rgba(9, 30, 66, 0.13) 0px 0px 1px 1px',
+  }}
+  title="LivePhoto playback on the web"
+/>
+
+## OAuth Integration 🎉
+
+I want to borrow this chance to express my gratitude to [@EnricoBilla](https://github.com/EnricoBilla), who has been the trailblazer for this feature since the beginning days of Immich. His PR has sparked ideas, suggestions, and discussion among the team member on how to integrate this feature successfully into the app. Thank you so much for your work and your time.
+
+OAuth is now integrated into the system. Please follow the guide [here](https://immich.app/docs/usage/oauth) to set up your OAuth integration
+
+After setting up the correct environment variables in the `.env` file, as shown below
+
+| Key                 | Type    | Default              | Description                                                               |
+| ------------------- | ------- | -------------------- | ------------------------------------------------------------------------- |
+| OAUTH_ENABLED       | boolean | false                | Enable/disable OAuth2                                                     |
+| OAUTH_ISSUER_URL    | URL     | (required)           | Required. Self-discovery URL for client                                   |
+| OAUTH_CLIENT_ID     | string  | (required)           | Required. Client ID                                                       |
+| OAUTH_CLIENT_SECRET | string  | (required)           | Required. Client Secret                                                   |
+| OAUTH_SCOPE         | string  | openid email profile | Full list of scopes to send with the request (space delimited)            |
+| OAUTH_AUTO_REGISTER | boolean | true                 | When true, will automatically register a user the first time they sign in |
+| OAUTH_BUTTON_TEXT   | string  | Login with OAuth     | Text for the OAuth button on the web                                      |
+
+```bash title="Authentik Example"
+OAUTH_ENABLED=true
+OAUTH_ISSUER_URL=http://10.1.15.216:9000/application/o/immich-test/
+OAUTH_CLIENT_ID=30596v8f78a4b6a97d5985c3076b6b4c4d12ddc33
+OAUTH_CLIENT_SECRET=50f1eafdec353b95b1c638db390db4ab67ef035a51212dbec2f56175e2eb272b5d572c099176e6fe116ecf47ffdd544bgdb9e2edc588307ee0339d25eeccd88
+OAUTH_BUTTON_TEXT=Login with Authentik
+```
+
+The web will have the option to sign in with OAuth.
+
+<img
+  src="https://user-images.githubusercontent.com/27055614/202923726-f43fa148-47f5-4182-8f29-b0b87e4586fa.png"
+  width="50%"
+  title="Web Sign in with OAuth"
+  style={{
+    borderRadius: '10px',
+    boxShadow: 'rgba(9, 30, 66, 0.25) 0px 1px 1px, rgba(9, 30, 66, 0.13) 0px 0px 1px 1px',
+  }}
+/>
+
+The mobile app will check if the server has OAuth enabled before displaying the OAuth
+sign-in button.
+
+<img
+  src="https://media.giphy.com/media/3iy3SaNkVYtlkEiw06/giphy.gif"
+  title="Mobile sign in with OAuth"
+  style={{
+    borderRadius: '10px',
+    boxShadow: 'rgba(9, 30, 66, 0.25) 0px 1px 1px, rgba(9, 30, 66, 0.13) 0px 0px 1px 1px',
+  }}
+/>
+
+## Support
+
+<img
+  src="https://media.giphy.com/media/LStqgGESXW8XnuCv5y/giphy.gif"
+  width="300"
+  style={{
+    borderRadius: '10px',
+    boxShadow: 'rgba(9, 30, 66, 0.25) 0px 1px 1px, rgba(9, 30, 66, 0.13) 0px 0px 1px 1px',
+  }}
+  title="Support the project"
+/>
+
+If you find the project helpful and it helps you in some ways, you can support the project [one time](https://github.com/sponsors/alextran1502?frequency=one-time&sponsor=alextran1502) or [monthly](https://github.com/sponsors/alextran1502) from GitHub Sponsor
+
+It is a great way to let me know that you want me to continue developing and working on this project for years to come.
+
+## Details
+
+For more details, please check out the [release note](https://github.com/immich-app/immich/releases/tag/v1.36.0_55-dev)
--- a/docs/blog/2023/06-24/update.mdx
+++ b/docs/blog/2023/06-24/update.mdx
@@ -0,0 +1,103 @@
+---
+title: Immich Update - June 2023
+authors: [alextran]
+tags: [update]
+---
+
+Hello everybody, Alex here!
+
+I am back with another update on Immich. It has been only a month since my last update (May 18th, 2023), but it seems forever. I think the rapid releases of Immich and the amount of work make the perspective of time change in Immich’s world. We have some exciting updates that I think you will like.
+
+Before going into detail, on behalf of the core team, I would like to thank all of you for loving Immich and contributing to the project. Thank you for helping me make Immich an enjoyable alternative solution to Google Photos so that you have complete control of your data and privacy. I know we are still young and have a lot of work to do, but I am confident we will get there with help from the community. I appreciate all of you from the bottom of my heart!
+
+<!--truncate-->
+
+And now, to the exciting part, what is new in Immich’s world?
+
+- Initial support for existing gallery.
+- Memory feature.
+- Support XMP sidecar.
+- Support more raw formats.
+- Justified layout for web timeline and blurred thumbnail hash.
+- Mechanism to host machine learning on a completely different machine.
+
+## Support for existing gallery
+
+I know this is the most controversial feature when it comes to Immich’s way of ingesting photos and videos. For many users, having to upload photos and videos to Immich is simply not working. We listen, discuss, and digest this feature internally more than you imagine because it is not a simple feature to tackle while keeping the performance and the user experience at the top level, which is Immich’s primary goal.
+
+Thankfully, we have many great contributors and developers that want to make this come true. So we came up with an initial implementation of this feature in the form of a supporting read-only gallery.
+
+To be concise, Immich can now read in the gallery files, register the path into the database, and then generate necessary files and put them through Immich’s machine learning pipeline so you can use all the goodness of Immich without the need to upload them. Since this is the initial implementation, some actions/behavior are not yet supported, and we aim to build toward them in future releases, namely:
+
+- Assets are not automatically synced and must instead be manually synced with the CLI tool.
+- Only new files that are added to the gallery will be detected.
+- Deleted and moved files will not be detected.
+
+## Memory feature
+
+This is considered a fun feature that the team and I wanted to build for so long, but we had to put it off because of the refactoring of the code base. The code base is now in a good enough form to circle back and add more exciting features.
+
+This memory feature is very much similar to GPhotos' implementation of “x years since…”. We are aiming to add more categories of memories in the future, such as “Spotlight of the day” or “Day of the Week highlights”
+
+<iframe
+  width="560"
+  height="315"
+  src="https://www.youtube.com/embed/j5XZKvViPew"
+  title="YouTube video player"
+  frameborder="0"
+  allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share"
+  allowfullscreen
+></iframe>
+
+This feature is now available on the web and will be ported to the mobile app in the near future.
+
+## Support XMP Sidecar
+
+Immich can now import/upload XMP sidecars from the CLI and use the information as the metadata of assets.
+
+## Support more raw formats.
+
+With the recent updates on the dependencies of Immich, we are now extending and hardening support for multiple raw formats. So users with DSLR or mirrorless cameras can now upload their original files to Immich and have them displayed in high-quality thumbnails on the web and mobile view.
+
+## Justified layout for web timeline and blurred thumbnail hash
+
+This is an aesthetic improvement in user experience when browsing the timeline. Photos and videos are now displayed correctly with perspective orientation, making the browsing experience more pleasurable.
+
+To further improve the browsing experience, we now added a blur hash to the thumbnail, so the transition is more natural with a dreamy fade in effect, similar to how our brain goes from faded to vivid memory
+
+<iframe
+  width="560"
+  height="315"
+  src="https://www.youtube.com/embed/b95FLmGHRFc"
+  title="YouTube video player"
+  frameborder="0"
+  allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share"
+  allowfullscreen
+></iframe>
+
+## Hosting machine learning container on a different machine
+
+With more capabilities Immich is building toward, machine learning will get more powerful and therefore require more resources to run effectively. However, we understand that users might not have the best server resources where they host the Immich instance. Therefore, we changed how machine learning interacts and receives the photos and videos to run through its inference pipeline.
+
+The machine learning container is now a headless system that can run on any machine. As long as your Immich instance can communicate with the system running the machine learning container, it can send the files and receive the required information to make Immich powerful in terms of searching and intelligence. This helps you to utilize a more powerful machine in your home/infrastructure to perform the CPU-intensive tasks while letting Immich only handle the I/O operations for a pleasant and smooth experience.
+
+---
+
+So, those are the highlights for the team and the community after a busy month. There are a lot more changes and improvements. I encourage you to read some release notes, starting from version [v1.57.0](https://github.com/immich-app/immich/releases/tag/v1.57.0) to now.
+
+Thank you, and I am asking for your support for the project. I hope to be a full-time maintainer of Immich one day to dedicate myself to the project as my life works for the community and my family. You can find the support channels below:
+
+- Monthly donation via [GitHub Sponsors](https://github.com/sponsors/alextran1502)
+- One-time donation via [GitHub Sponsors](https://github.com/sponsors/alextran1502?frequency=one-time&sponsor=alextran1502)
+- [Liberapay](https://liberapay.com/alex.tran1502/)
+- [buymeacoffee](https://www.buymeacoffee.com/altran1502)
+- Bitcoin: 3QVAb9dCHutquVejeNXitPqZX26Yg5kxb7
+- Give a project a star - the contributors love gazing at the stars and seeing their creations shining in the sky.
+
+Join our friendly [Discord](https://discord.immich.app) to talk and discuss Immich, tech, or anything
+
+Cheer!
+
+Until next time!
+
+Alex
--- a/docs/blog/2023/07-29/images/web-shortcuts-panel.png
+++ b/docs/blog/2023/07-29/images/web-shortcuts-panel.png
--- a/docs/blog/2023/07-29/update.mdx
+++ b/docs/blog/2023/07-29/update.mdx
@@ -0,0 +1,151 @@
+---
+title: Immich Update - July 2023
+authors: [alextran]
+tags: [update, v1.64.0-v1.71.0]
+---
+
+Hello, Immich fans, another month, another milestone. We hope you are staying cool and safe in this scorching hot summer across the globe.
+
+Immich recently got some good recognition when getting to the front page of HackerNews, which helped to let more people know about the project's existence. The project will help more and more people find a solution to control the privacy of their most precious moments. And with the gain in popularity and recognition, we have gotten new users and more questions from the community than ever.
+
+I want to express my gratitude to all the contributors and the community who have been tremendously helpful to new users' questions and provided technical support.
+
+Below are the highlights of new features we added to the application over the past month, along with countless bug fixes and improvements across the board, from developer experience to resource optimization and UI/UX improvement. I hope you find these topics as exciting as I am.
+
+## Highlights
+
+- Memories feature.
+- Facial recognition improvements.
+- Improvements on multi selection behavior on the web.
+- Shortcuts for common actions on the web.
+- Support viewer for 360-panorama photos.
+
+<!--truncate-->
+
+---
+
+### Memories feature
+
+We've added the memory feature on the mobile app, so you can reminisce about your past memories.
+
+<iframe
+  width="560"
+  height="315"
+  src="https://youtube.com/embed/c7OTl-RqNRE"
+  title="YouTube video player"
+  frameborder="0"
+  allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share"
+  allowfullscreen
+></iframe>
+
+### Facial recognition improvements
+
+Over the past few releases, we have added many UI improvements to the facial recognition feature to help you manage the recognized people better. Some of the highlights:
+
+#### Choose a new feature photo for a person.
+
+<iframe
+  width="560"
+  height="315"
+  src="https://youtube.com/embed/PmJp8DmSh1U"
+  title="YouTube video player"
+  frameborder="0"
+  allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share"
+  allowfullscreen
+></iframe>
+
+#### Hide and show faces.
+
+You can now select irrelevant faces to hide them. The hidden faces won’t be displayed in search results and the people section in the info panel.
+
+#### Merge faces.
+
+This is useful when you have multiple faces of the same person in your photos, and you want to merge them into one.
+
+<iframe
+  width="560"
+  height="315"
+  src="https://youtube.com/embed/-Xskhw-vpc4"
+  title="YouTube video player"
+  frameborder="0"
+  allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share"
+  allowfullscreen
+></iframe>
+
+We also added a nifty mechanism that when naming a face, similar names will prompt you a merge face option for the convenience.
+
+<iframe
+  width="560"
+  height="315"
+  src="https://youtube.com/embed/XzE6wficbl4"
+  title="YouTube video player"
+  frameborder="0"
+  allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share"
+  allowfullscreen
+></iframe>
+
+### Improvements on multi selection behavior on the web
+
+We have added a new multi selection behavior on the web to help you select multiple items easier. You can now select a range of photos and videos by holding the `Shift` key.
+
+<iframe
+  width="560"
+  height="315"
+  src="https://youtube.com/embed/e_SiuHpVnmM"
+  title="YouTube video player"
+  frameborder="0"
+  allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share"
+  allowfullscreen
+></iframe>
+
+### Shortcuts for common actions on the web.
+
+Some of us only navigate the world and the web with a keyboard (looking at you, Vim and Emacs users). So it would take away the sacred weapon of choice to require many clicks to perform repetitive actions. So we added quick shortcuts for the following action on the web.
+
+<img
+  src={require('./images/web-shortcuts-panel.png').default}
+  width="100%"
+  style={{ borderRadius: '25px' }}
+  alt="Dot Env Example"
+/>
+
+### Support viewer for 360-panorama photos.
+
+Photos with the EXIF property of `ProjectionType` will now have a special viewer on the web to view all the angles of the panorama.
+
+The thumbnail of the 360 degrees panoramas will have a special icon on the top right of the thumbnail
+
+<img
+  src="https://github.com/immich-app/immich/assets/61410067/728ca1b0-375c-4631-8081-a609843e702f"
+  width="50%"
+  style={{ borderRadius: '25px' }}
+  alt="Dot Env Example"
+/>
+
+Panorama in the detail view
+
+<img
+  src="https://github.com/immich-app/immich/assets/61410067/3c89dac4-395d-45fa-9bc5-98a6248fd476"
+  width="50%"
+  style={{ borderRadius: '25px' }}
+  alt="Dot Env Example"
+/>
+
+---
+
+Thank you, and I am asking for your support for the project. I hope to be a full-time maintainer of Immich one day to dedicate myself to the project as my life's work for the community and my family. You can find the support channels below:
+
+- Monthly donation via [GitHub Sponsors](https://github.com/sponsors/alextran1502)
+- One-time donation via [GitHub Sponsors](https://github.com/sponsors/alextran1502?frequency=one-time&sponsor=alextran1502)
+- [Liberapay](https://liberapay.com/alex.tran1502/)
+- [buymeacoffee](https://www.buymeacoffee.com/altran1502)
+- Bitcoin: 3QVAb9dCHutquVejeNXitPqZX26Yg5kxb7
+- Give a project a star - the contributors love gazing at the stars and seeing their creations shining in the sky.
+
+Join our friendly [Discord](https://discord.immich.app) to talk and discuss Immich, tech, or anything
+
+Cheer!
+
+Until next time!
+
+Alex
--- a/docs/blog/2023/2023-recap.mdx
+++ b/docs/blog/2023/2023-recap.mdx
@@ -0,0 +1,71 @@
+---
+title: Immich Recap 2023
+authors: [alextran]
+tags: [update, recap-2023]
+date: 2023-12-30T00:00
+---
+
+Hi everyone,
+
+Alex from Immich here.
+
+We are entering the last few weeks of 2023, and it has been quite a year for Immich. The project has grown so much in terms of users, developers, features, maturity, and the community around it. When I started working on Immich, it was simply a challenge for myself and an opportunity to learn new technologies, crafting something fun and useful for my wife during my free time to satisfy my urge to build and create things. I never thought it would become so popular and help so many people. At the end of the day, all we have is memory. I am proud that the team and I have created something to make storing and viewing those precious memories easier without restrictions and without sacrificing our privacy. As the year closes, here’s a recap of everything the project accomplished in 2023.
+
+# Milestones
+
+- Public shared links
+- Favorites page
+- Immich turned 1
+- Material Design 3 on the mobile app
+- Auto-link LivePhotos server-side
+- iOS background backup
+- Explore page
+- CLIP search
+- Search by metadata
+- Responsive web app
+- Archive page
+- Asset descriptions
+- 10,000 stars on GitHub
+- Manage auth devices
+- Map view
+- Facial recognition, clustering, searching, renaming, and person management
+- Partner sharing and unifying timeline between partners' users
+- Custom storage label
+- XMP sidecar reading
+- RAW file formats
+- Justified layout on the web
+- Memories
+- Multi-select via SHIFT
+- Android Motion Photos
+- 360° Photos
+- Album description
+- Album performance improvements (time buckets)
+- Video hardware transcoding
+- Slideshow mode on the web
+- Configuration file
+- External libraries
+- Trash page
+- Custom theme
+- Asset Stacking
+- 20,000 stars on GitHub
+- Shared album activity and comments
+- CLI v2
+- Down to 5 containers (from 8)
+
+# Fun Statistics
+
+- We have gone from the release version `1.41.0` to `1.90.0` at the time of writing. On average, we see a release every 7 days.
+- According to GitHub's metrics, the `immich-server` container image has been pulled almost _4 million_ times.
+- According to mobile app store metrics, we have 22,000 installations on Android and 6700 installation units on iOS (opt-in only).
+- Immich is making around $1200/month on average from donations. (Thank you all so much!)
+- We were guests on two podcasts:
+  - [Self-hosted](https://selfhosted.show/110)
+  - [The Vergecast](https://www.theverge.com/23938533/self-hosting-local-first-software-vergecast)
+- There are over 4,500 members on the Discord server.
+- We have over 22,000 stars on the main GitHub repository, gaining 15,000 stars since January 2023.
+
+Diving into the next year, the team will continue to build on the foundation we have laid out over the past year, implementing more advanced features for searching, organizing, and sharing between users. Bugs will continue to be squashed and conquered. “Shit Alex wrote'' code will continue to be replaced by beautiful, clean code from Jason, Zack, Boet, Daniel, Osorin, Mert, Fynn, Marty, Martin, and Jonathan. The team has my eternal gratitude for creating a welcoming environment for new contributors, helping, teaching, and learning from each other. I’ve realized that hardly a day has gone by where the team hasn’t been in communication about Immich related topics over the past year.
+
+My long-term goal is to help hone Immich into a diamond in the FOSS space, where the UI, UX, development experiences, documentation, and quality are at a high standard while remaining free for everybody to use.
+
+I hope you enjoy Immich and have a happy and peaceful holiday.
--- a/docs/blog/2024/immich-core-team-goes-fulltime.mdx
+++ b/docs/blog/2024/immich-core-team-goes-fulltime.mdx
@@ -0,0 +1,75 @@
+---
+title: The Immich core team goes full-time
+authors: [alextran]
+tags: [update, announcement, FUTO]
+date: 2024-05-01T00:00
+---
+
+**Immich is joining [FUTO](https://futo.org/)!**
+
+Since the beginning of this adventure, my goal has always been to create a better world for my children. Memories are priceless, and privacy should not be a luxury. However, building quality open source has its challenges. Over the past two years, it has taken significant dedication, time, and effort.
+
+Recently, a company in Austin, Texas, called FUTO contacted the team. FUTO strives to develop quality and sustainable open software. They build software alternatives that focus on giving control to users. From their mission statement:
+
+“Computers should belong to you, the people. We develop and fund technology to give them back.”
+
+FUTO loved Immich and wanted to see if we’d consider working with them to take the project to the next level. In short, FUTO offered to:
+
+- Pay the core team to work on Immich full-time
+- Let us keep full autonomy about the project’s direction and leadership
+- Continue to license Immich under AGPL
+- Keep Immich’s development direction with no paywalled features
+- Keep Immich “built for the people” (no ads, data mining/selling, or alternative motives)
+- Provide us with financial, technical, legal, and administrative support
+
+After careful deliberation, the team decided that FUTO’s vision closely aligns with our own: to build a better future by providing a polished, performant, and privacy-preserving open-source software solution for photo and video management delivered in a sustainable way.
+
+Immich’s future has never looked brighter, and we look forward to realizing our vision for Immich as part of FUTO.
+
+If you have more questions, we’ll host a Q&A live stream on May 9th at 3PM UTC (10AM CST). [You can ask questions here](https://www.live-ask.com/event/01HWP2SB99A1K8EXFBDKZ5Z9CF), and the stream will be live [here on our YouTube channel](https://youtube.com/live/cwz2iZwYpgg).
+
+Cheers,
+
+The Immich Team
+
+---
+
+## FAQs
+
+### What is FUTO?
+
+[https://futo.org/what-is-futo/](https://futo.org/what-is-futo/)
+
+### Will the license change?
+
+No. Immich will continue to be licensed under AGPL without a CLA.
+
+### Will Immich continue to be free?
+
+Yes. The Immich source code will remain freely available under the AGPL license.
+
+### Is Immich getting VC funding?
+
+No. Venture capital implies investment in a business, often with the expectation of a future payout (exit plan). Immich is neither a business that can be acquired nor comes with a money-making exit plan.
+
+### I am currently supporting Immich through GitHub sponsors. What will happen to my donation?
+
+Effective immediately, all donations to the Immich organization will be canceled. In the future, we will offer an optional, modest payment option instead. Thank you to everyone who donated to help us get this far!
+
+### How is funding sustainable?
+
+Immich and FUTO believe a sustainable future requires a model that does not rely on users-as-a-product. To this end, FUTO advocates that users pay for good, open software. In keeping with this model, we will adopt a purchase price. This means we no longer accept donations, but — _without limiting features for those who do not pay_ — we will soon allow you to purchase Immich through a modest payment. We encourage you to pay for the high-quality software you use to foster a healthy software culture where developers build great applications without hidden motives for their users.
+
+### When does this change take effect?
+
+This change takes effect immediately.
+
+### What will change?
+
+The following things will change as Immich joins FUTO:
+
+- The brand, logo, and other Immich trademarks will be transferred to FUTO.
+- We will stop all donations to the project.
+- The core team can now dedicate our full attention to Immich
+- Before the end of the year, we plan to have a roadmap for what it will take to get Immich to a stable release.
+- Bugs will be squashed, and features will be delivered faster.
--- a/docs/blog/2024/immich-licensing.mdx
+++ b/docs/blog/2024/immich-licensing.mdx
@@ -0,0 +1,91 @@
+---
+title: Licensing announcement - Purchase a license to support Immich
+authors: [alextran]
+tags: [update, announcement, FUTO]
+date: 2024-07-18T00:00
+---
+
+Hello everybody,
+
+Firstly, on behalf of the Immich team, I'd like to thank everybody for your continuous support of Immich since the very first day! Your contributions, encouragement, and community engagement have helped bring Immich to its current state. The team and I are forever grateful for that.
+
+Since our [last announcement of the core team joining FUTO to work on Immich full-time](https://immich.app/blog/2024/immich-core-team-goes-fulltime), one of the goals of our new position is to foster a healthy relationship between the developers and the users. We believe that this enables us to create great software, establish transparent policies and build trust.
+
+We want to build a great software application that brings value to you and your loved ones' lives. We are not using you as a product, i.e., selling or tracking your data. We are not putting annoying ads into our software. We respect your privacy. We want to be compensated for the hard work we put in to build Immich for you.
+
+With those notes, we have enabled a way for you to financially support the continued development of Immich, ensuring the software can move forward and will be maintained, by offering a lifetime license of the software. We think if you like and use software, you should pay for it, but _we're never going to force anyone to pay or try to limit Immich for those who don't._
+
+There are two types of license that you can choose to purchase: **Server License** and **Individual License**.
+
+### Server License
+
+This is a lifetime license costing **$99.99**. The license is applied to the whole server. You and all users that use your server are licensed.
+
+### Individual License
+
+This is a lifetime license costing **$24.99**. The license is applied to a single user, and can be used on any server they choose to connect to.
+
+<img
+  width="837"
+  alt="license-social-gh"
+  src="https://github.com/user-attachments/assets/241932ed-ef3b-44ec-a9e2-ee80754e0cca"
+/>
+
+You can purchase the license on [our page - https://buy.immich.app](https://buy.immich.app).
+
+Starting with release `v1.109.0` you can purchase and enter your purchased license key directly in the app.
+
+<img
+  width="1414"
+  alt="license-page-gh"
+  src="https://github.com/user-attachments/assets/364fc32a-f6ef-4594-9fea-28d5a26ad77c"
+/>
+
+## Thank you
+
+Thank you again for your support, this will help create a strong foundation and stability for the Immich team to continue developing and maintaining the project that you love to use.
+
+<p align="center">
+  <img
+    src="https://media.giphy.com/media/v1.Y2lkPTc5MGI3NjExbjY2eWc5Y2F0ZW56MmR4aWE0dDhzZXlidXRmYWZyajl1bWZidXZpcyZlcD12MV9pbnRlcm5hbF9naWZfYnlfaWQmY3Q9Zw/87CKDqErVfMqY/giphy.gif"
+    width="550"
+    title="SUPPORT THE PROJECT!"
+  />
+</p>
+
+<br />
+<br />
+
+Cheers! 🎉
+
+Immich team
+
+# FAQ
+
+### 1. Where can I purchase a license?
+
+There are several places where you can purchase the license from
+
+- [https://buy.immich.app](https://buy.immich.app)
+- [https://pay.futo.org](https://pay.futo.org/)
+- or directly from the app.
+
+### 2. Do I need both _Individual License_ and _Server License_?
+
+No,
+
+If you are the admin and the sole user, or your instance has less than a total of 4 users, you can buy the **Individual License** for each user.
+
+If your instance has more than 4 users, it is more cost-effective to buy the **Server License**, which will license all the users on your instance.
+
+### 3. What do I do if I don't pay?
+
+You can continue using Immich without any restriction.
+
+### 4. Will there be any paywalled features?
+
+No, there will never be any paywalled features.
+
+### 5. Where can I get support regarding payment issues?
+
+You can email us with your `orderId` and your email address `billing@futo.org` or on our Discord server.
--- a/docs/blog/2024/update-july-2024.mdx
+++ b/docs/blog/2024/update-july-2024.mdx
@@ -0,0 +1,78 @@
+---
+title: Immich Update - July 2024
+authors: [alextran]
+date: 2024-07-01T00:00
+tags: [update, v1.106.0]
+---
+
+Hello everybody! Alex from Immich here and I am back with another development progress update for the project.
+
+Summer has returned once again, and the night sky is filled with stars, thank you for **38_000 shining stars** you have sent to our [GitHub repo](https://github.com/immich-app/immich)! Since the last announcement several core contributors have started full time. Everything is going great with development, PRs get merged with _brrrrrrr_ rate, conversation exchange between team members is on a new high, we met and are working with the great engineers at FUTO. The spirit is high and we have a lot of things brewing that we think you will like.
+
+Let's go over some of the updates we had since the last post.
+
+### Container consolidation
+
+Reduced the number of total containers from 5 to 4 by making the microservices thread get spawned directly in the server container. Woohoo, remember when Immich had 7 containers?
+
+### Email notifications
+
+![smtp](https://github.com/immich-app/immich/assets/27055614/949cba85-d3f1-4cd3-b246-a6f5fb5d3ae8)
+
+We added email notifications to the app with SMTP settings that you can configure for the following events
+
+- A new account is created for you.
+- You are added to a shared album.
+- New media is added to an album.
+
+### Versioned docs
+
+You can now jump back into the past or take a peek at the unreleased version of the documentation by selecting the version on the website.
+
+![version-doc](https://github.com/immich-app/immich/assets/27055614/6d22898a-5093-41ad-b416-4573d7ce6e03)
+
+### Similarity deduplication
+
+With more machine learning and CLIP magic, we now have similarity deduplication built into the application where it will search for closely similar images and let you decide what to do with them; i.e keep or trash.
+
+![similarity-deduplication](https://github.com/immich-app/immich/assets/27055614/3cac8478-fbf7-47ea-acb6-0146901dc67e)
+
+### Permanent URL for asset on the web
+
+The detail view for an asset now has a permanent URL so you can easily share them with your loved ones.
+
+### Web app translations
+
+We now have a public Weblate project which the community can use to translate the webapp to their native languages. We are planning to port the mobile app translation to this platform as well. If you would like to contribute, you can take a look [here](https://hosted.weblate.org/projects/immich/immich/). We're already close to 50% translations -- we really appreciate everyone contributing to that!
+
+![web-translation](https://github.com/immich-app/immich/assets/27055614/363df2ed-656c-4584-bd82-0708a693c5bc)
+
+### Read-only/Editor mode on shared album
+
+As the owner of the album, you can choose if the shared user can edit the album or to only view the content of the album without any modification.
+
+![read-only-album](https://github.com/immich-app/immich/assets/27055614/c6f66375-b869-495a-9a86-3e87b316d109)
+
+### Better video thumbnails
+
+Immich now tries to find a descriptive video thumbnail instead of simply using the first frame. No more black images for thumbnails!
+
+### Public Roadmap
+
+We now have a [public roadmap](https://immich.app/roadmap), giving you a high-level overview of things the team is working on. The first goal of this roadmap is to bring Immich to a stable release, which is expected sometime later this year. Some of the highlights include
+
+- Auto stacking - Auto stacking of burst photos
+- Basic editor - Basic photo editing capabilities
+- Workflows - Automate tasks with workflows
+- Fine grained access controls - Granular access controls for users and api keys
+- Better background backups - Rework background backups to be more reliable
+- Private/locked photos - Private assets with extra protections
+
+Beyond the items in the roadmap, we have _many many_ more ideas for Immich. The team and I hope that you are enjoying the application, find it helpful in your life and we have nothing but the intention of building out great software for you all!
+
+Have an amazing Summer or Winter for those in the southern hemisphere! :D
+
+Until next time,
+
+Cheers!
+Alex
--- a/docs/blog/authors.yml
+++ b/docs/blog/authors.yml
@@ -0,0 +1,5 @@
+alextran:
+  name: Alex Tran
+  title: Maintainer of Immich
+  url: https://github.com/alextran1502
+  image_url: https://github.com/alextran1502.png
--- a/docs/docs/FAQ.mdx
+++ b/docs/docs/FAQ.mdx
@@ -22,7 +22,7 @@ For organizations seeking to resell Immich, we have established the following gu

 - Do not misrepresent your reseller site or services as being officially affiliated with or endorsed by Immich or our development team.

- For small resellers who wish to contribute financially to Immich's development, we recommend directing your customers to purchase licenses directly from us rather than attempting to broker revenue-sharing arrangements. We ask that you refrain from misrepresenting reseller activities as directly supporting our development work.
+- For small resellers who wish to contribute financially to Immich's development, we recommend directing your customers to purchase licenses directy from us rather than attempting to broker revenue-sharing arrangements. We ask that you refrain from misrepresenting reseller activities as directly supporting our development work.

 When in doubt or if you have an edge case scenario, we encourage you to contact us directly via email to discuss the use of our trademark. We can provide clear guidance on what is acceptable and what is not. You can reach out at: questions@immich.app

@@ -30,11 +30,11 @@ When in doubt or if you have an edge case scenario, we encourage you to contact

 ### How can I reset the admin password?

-The admin password can be reset by running the [reset-admin-password](/administration/server-commands.md) command on the immich-server.
+The admin password can be reset by running the [reset-admin-password](/docs/administration/server-commands.md) command on the immich-server.

 ### How can I see a list of all users in Immich?

-You can see the list of all users by running [list-users](/administration/server-commands.md) Command on the Immich-server.
+You can see the list of all users by running [list-users](/docs/administration/server-commands.md) Command on the Immich-server.

 ---

@@ -106,20 +106,20 @@ However, Immich will delete original files that have been trashed when the trash

 When Storage Template is off (default) Immich saves the file names in a random string (also known as random UUIDs) to prevent duplicate file names.
 To retrieve the original file names, you must enable the Storage Template and then run the STORAGE TEMPLATE MIGRATION job.
-It is recommended to read about [Storage Template](/administration/storage-template) before activation.
+It is recommended to read about [Storage Template](https://immich.app/docs/administration/storage-template) before activation.

 ### Can I add my existing photo library?

-Yes, with an [External Library](/features/libraries.md).
+Yes, with an [External Library](/docs/features/libraries.md).

-### What happens to existing files after I choose a new [Storage Template](/administration/storage-template.mdx)?
+### What happens to existing files after I choose a new [Storage Template](/docs/administration/storage-template.mdx)?

-Template changes will only apply to _new_ assets. To retroactively apply the template to previously uploaded assets, run the Storage Migration Job, available on the [Jobs](/administration/jobs-workers/#jobs) page.
+Template changes will only apply to _new_ assets. To retroactively apply the template to previously uploaded assets, run the Storage Migration Job, available on the [Jobs](/docs/administration/jobs-workers/#jobs) page.

 ### Why are only photos and not videos being uploaded to Immich?

 This often happens when using a reverse proxy in front of Immich.
-Make sure to [set your reverse proxy](/administration/reverse-proxy/) to allow large requests.
+Make sure to [set your reverse proxy](/docs/administration/reverse-proxy/) to allow large requests.
 Also, check the disk space of your reverse proxy.
 In some cases, proxies cache requests to disk before passing them on, and if disk space runs out, the request fails.

@@ -139,7 +139,7 @@ You can _archive_ them.

 ### How can I backup data from Immich?

-See [Backup and Restore](/administration/backup-and-restore.md).
+See [Backup and Restore](/docs/administration/backup-and-restore.md).

 ### Does Immich support reading existing face tag metadata?

@@ -225,7 +225,7 @@ volumes:

 ### Can I keep my existing album structure while importing assets into Immich?

-Yes, by using the [Immich CLI](/features/command-line-interface) along with the `--album` flag.
+Yes, by using the [Immich CLI](/docs/features/command-line-interface) along with the `--album` flag.

 ### Is there a way to reorder photos within an album?

@@ -266,7 +266,7 @@ Immich uses CLIP models. An ML model converts each image to an "embedding", whic

 ### How does facial recognition work?

-See [How Facial Recognition Works](/features/facial-recognition#how-facial-recognition-works) for details.
+See [How Facial Recognition Works](/docs/features/facial-recognition#how-facial-recognition-works) for details.

 ### How can I disable machine learning?

@@ -288,7 +288,7 @@ No, this is not supported. Only models listed in the [Hugging Face][huggingface]

 ### I want to be able to search in other languages besides English. How can I do that?

-You can change to a multilingual CLIP model. See [here](/features/searching#clip-models) for instructions.
+You can change to a multilingual CLIP model. See [here](/docs/features/searching#clip-models) for instructions.

 ### Does Immich support Facial Recognition for videos?

@@ -299,7 +299,7 @@ Scanning the entire video for faces may be implemented in the future.

 No.
 :::tip
-You can use [Smart Search](/features/searching.md) for this to some extent. For example, if you have a Golden Retriever and a Chihuahua, type these words in the smart search and watch the results.
+You can use [Smart Search](/docs/features/searching.md) for this to some extent. For example, if you have a Golden Retriever and a Chihuahua, type these words in the smart search and watch the results.
 :::

 ### I'm getting a lot of "faces" that aren't faces, what can I do?
@@ -329,7 +329,7 @@ ls clip/ facial-recognition/

 ### Why is Immich slow on low-memory systems like the Raspberry Pi?

-Immich optionally uses transcoding and machine learning for several features. However, it can be too heavy to run on a Raspberry Pi. You can [mitigate](/FAQ#can-i-lower-cpu-and-ram-usage) this or host Immich's machine-learning container on a [more powerful system](/guides/remote-machine-learning), or [disable](/FAQ#how-can-i-disable-machine-learning) machine learning entirely.
+Immich optionally uses transcoding and machine learning for several features. However, it can be too heavy to run on a Raspberry Pi. You can [mitigate](/docs/FAQ#can-i-lower-cpu-and-ram-usage) this or host Immich's machine-learning container on a [more powerful system](/docs/guides/remote-machine-learning), or [disable](/docs/FAQ#how-can-i-disable-machine-learning) machine learning entirely.

 ### Can I lower CPU and RAM usage?

@@ -339,9 +339,9 @@ The initial backup is the most intensive due to the number of jobs running. The
 - Under Settings > Transcoding Settings > Threads, set the number of threads to a low number like 1 or 2.
 - Under Settings > Machine Learning Settings > Facial Recognition > Model Name, you can change the facial recognition model to `buffalo_s` instead of `buffalo_l`. The former is a smaller and faster model, albeit not as good.
  - For facial recognition on new images to work properly, You must re-run the Face Detection job for all images after this.
- At the container level, you can [set resource constraints](/FAQ#can-i-limit-cpu-and-ram-usage) to lower usage further.
+- At the container level, you can [set resource constraints](/docs/FAQ#can-i-limit-cpu-and-ram-usage) to lower usage further.
  - It's recommended to only apply these constraints _after_ taking some of the measures here for best performance.
- If these changes are not enough, see [above](/FAQ#how-can-i-disable-machine-learning) for instructions on how to disable machine learning.
+- If these changes are not enough, see [above](/docs/FAQ#how-can-i-disable-machine-learning) for instructions on how to disable machine learning.

 ### Can I limit CPU and RAM usage?

@@ -383,7 +383,7 @@ Do not exaggerate with the job concurrency because you're probably thoroughly ov

 ### My server shows Server Status Offline | Version Unknown. What can I do?

-You need to [enable WebSockets](/administration/reverse-proxy/) on your reverse proxy.
+You need to [enable WebSockets](/docs/administration/reverse-proxy/) on your reverse proxy.

 ---

@@ -391,7 +391,7 @@ You need to [enable WebSockets](/administration/reverse-proxy/) on your reverse

 ### How can I see Immich logs?

-Immich components are typically deployed using docker. To see logs for deployed docker containers, you can use the [Docker CLI](https://docs.docker.com/engine/reference/commandline/cli/), specifically the `docker logs` command. For examples, see [Docker Help](/guides/docker-help.md).
+Immich components are typically deployed using docker. To see logs for deployed docker containers, you can use the [Docker CLI](https://docs.docker.com/engine/reference/commandline/cli/), specifically the `docker logs` command. For examples, see [Docker Help](/docs/guides/docker-help.md).

 ### How can I reduce the log verbosity of Redis?

@@ -435,7 +435,7 @@ cap_drop:
 Data for Immich comes in two forms:

 1. **Metadata** stored in a Postgres database, stored in the `DB_DATA_LOCATION` folder (previously `pg_data` Docker volume).
-2. **Files** (originals, thumbs, profile, etc.), stored in the `UPLOAD_LOCATION` folder, more [info](/administration/backup-and-restore#asset-types-and-storage-locations).
+2. **Files** (originals, thumbs, profile, etc.), stored in the `UPLOAD_LOCATION` folder, more [info](/docs/administration/backup-and-restore#asset-types-and-storage-locations).

 :::warning
 This will destroy your database and reset your instance, meaning that you start from scratch.
@@ -473,7 +473,7 @@ If it mentions SIGILL (note the lack of a K) or error code 132, it most likely m
 ### Why am I getting database ownership errors?

 If you get database errors such as `FATAL:  data directory "/var/lib/postgresql/data" has wrong ownership` upon database startup, this is likely due to an issue with your filesystem.
-NTFS and ex/FAT/32 filesystems are not supported. See [here](/install/requirements#special-requirements-for-windows-users) for more details.
+NTFS and ex/FAT/32 filesystems are not supported. See [here](/docs/install/requirements#special-requirements-for-windows-users) for more details.

 ### How can I verify the integrity of my database?

--- a/docs/docs/administration/backup-and-restore.md
+++ b/docs/docs/administration/backup-and-restore.md
@@ -3,7 +3,7 @@
 import Tabs from '@theme/Tabs';
 import TabItem from '@theme/TabItem';

-A [3-2-1 backup strategy](https://www.backblaze.com/blog/the-3-2-1-backup-strategy/) is recommended to protect your data. You should keep copies of your uploaded photos/videos as well as the Immich database for a comprehensive backup solution. This page provides an overview on how to backup the database and the location of user-uploaded pictures and videos. A template bash script that can be run as a cron job is provided [here](/guides/template-backup-script.md)
+A [3-2-1 backup strategy](https://www.backblaze.com/blog/the-3-2-1-backup-strategy/) is recommended to protect your data. You should keep copies of your uploaded photos/videos as well as the Immich database for a comprehensive backup solution. This page provides an overview on how to backup the database and the location of user-uploaded pictures and videos. A template bash script that can be run as a cron job is provided [here](/docs/guides/template-backup-script.md)

 :::danger
 The instructions on this page show you how to prepare your Immich instance to be backed up, and which files to take a backup of. You still need to take care of using an actual backup tool to make a backup yourself.
@@ -57,7 +57,6 @@ Then please follow the steps in the following section for restoring the database
  <TabItem value="Linux system" label="Linux system" default>

 ```bash title='Backup'
-# Replace <DB_USERNAME> with the database username - usually postgres unless you have changed it.
 docker exec -t immich_postgres pg_dumpall --clean --if-exists --username=<DB_USERNAME> | gzip > "/path/to/backup/dump.sql.gz"
 ```

@@ -70,18 +69,16 @@ docker compose create           # Create Docker containers for Immich apps witho
 docker start immich_postgres    # Start Postgres server
 sleep 10                        # Wait for Postgres server to start up
 # Check the database user if you deviated from the default
-# Replace <DB_USERNAME> with the database username - usually postgres unless you have changed it.
 gunzip --stdout "/path/to/backup/dump.sql.gz" \
 | sed "s/SELECT pg_catalog.set_config('search_path', '', false);/SELECT pg_catalog.set_config('search_path', 'public, pg_catalog', true);/g" \
 | docker exec -i immich_postgres psql --dbname=postgres --username=<DB_USERNAME>  # Restore Backup
 docker compose up -d            # Start remainder of Immich apps
 ```

-  </TabItem>
+</TabItem>
  <TabItem value="Windows system (PowerShell)" label="Windows system (PowerShell)">

 ```powershell title='Backup'
-# Replace <DB_USERNAME> with the database username - usually postgres unless you have changed it.
 [System.IO.File]::WriteAllLines("C:\absolute\path\to\backup\dump.sql", (docker exec -t immich_postgres pg_dumpall --clean --if-exists --username=<DB_USERNAME>))
 ```

@@ -95,15 +92,13 @@ docker compose create                             # Create Docker containers for
 docker start immich_postgres                      # Start Postgres server
 sleep 10                                          # Wait for Postgres server to start up
 docker exec -it immich_postgres bash              # Enter the Docker shell and run the following command
-# If your backup ends in `.gz`, replace `cat` with `gunzip --stdout`
-# Replace <DB_USERNAME> with the database username - usually postgres unless you have changed it.
-
+# Check the database user if you deviated from the default. If your backup ends in `.gz`, replace `cat` with `gunzip --stdout`
 cat "/dump.sql" | sed "s/SELECT pg_catalog.set_config('search_path', '', false);/SELECT pg_catalog.set_config('search_path', 'public, pg_catalog', true);/g" | psql --dbname=postgres --username=<DB_USERNAME>
 exit                                              # Exit the Docker shell
 docker compose up -d                              # Start remainder of Immich apps
 ```

-  </TabItem>
+</TabItem>
 </Tabs>

 Note that for the database restore to proceed properly, it requires a completely fresh install (i.e. the Immich server has never run since creating the Docker containers). If the Immich app has run, Postgres conflicts may be encountered upon database restoration (relation already exists, violated foreign key constraints, multiple primary keys, etc.), in which case you need to delete the `DB_DATA_LOCATION` folder to reset the database.
@@ -165,7 +160,7 @@ for more info read the [release notes](https://github.com/immich-app/immich/rele

  :::danger
  A backup of this folder does not constitute a backup of your database!
-  Follow the instructions listed [here](/administration/backup-and-restore#database) to learn how to perform a proper backup.
+  Follow the instructions listed [here](/docs/administration/backup-and-restore#database) to learn how to perform a proper backup.
  :::

 </TabItem>
@@ -210,7 +205,7 @@ When you turn off the storage template engine, it will leave the assets in `UPLO

  :::danger
  A backup of this folder does not constitute a backup of your database!
-  Follow the instructions listed [here](/administration/backup-and-restore#database) to learn how to perform a proper backup.
+  Follow the instructions listed [here](/docs/administration/backup-and-restore#database) to learn how to perform a proper backup.
  :::

 </TabItem>
--- a/docs/docs/administration/email-notification.mdx
+++ b/docs/docs/administration/email-notification.mdx
@@ -12,7 +12,7 @@ You can access the settings panel from the web at `Administration -> Settings ->

 Under Email, enter the required details to connect with an SMTP server.

-You can use [this guide](/guides/smtp-gmail) to use Gmail's SMTP server.
+You can use [this guide](/docs/guides/smtp-gmail) to use Gmail's SMTP server.

 ## User's notifications settings

--- a/docs/docs/administration/jobs-workers.md
+++ b/docs/docs/administration/jobs-workers.md
@@ -11,7 +11,7 @@ The `immich-server` container contains multiple workers:

 ## Split workers

-If you prefer to throttle or distribute the workers, you can do this using the [environment variables](/install/environment-variables) to specify which container should pick up which tasks.
+If you prefer to throttle or distribute the workers, you can do this using the [environment variables](/docs/install/environment-variables) to specify which container should pick up which tasks.

 For example, for a simple setup with one container for the Web/API and one for all other microservices, you can do the following:

@@ -53,21 +53,5 @@ Additionally, some jobs (such as memories generation) run on a schedule, which i
 <img src={require('./img/admin-nightly-tasks.webp').default} width="60%" title="Admin nightly tasks" />

 :::note
-Some jobs ([External Libraries](/features/libraries) scanning, Database Dump) are configured in their own sections in System Settings.
+Some jobs ([External Libraries](/docs/features/libraries) scanning, Database Dump) are configured in their own sections in System Settings.
 :::
-
-## Job processing order
-
-The below diagram shows the job run order for newly uploaded files
-
-```mermaid
-graph TD
-    A[Asset Upload] --> B[Metadata Extraction]
-    B --> C[Storage Template Migration]
-    C --> D["Thumbnail Generation (Large, small, blurred and person)"]
-    D --> E[Smart Search]
-    D --> F[Face Detection]
-    D --> G[Video Transcoding]
-    E --> H[Duplicate Detection]
-    F --> I[Facial Recognition]
-```
--- a/docs/docs/administration/oauth.md
+++ b/docs/docs/administration/oauth.md
@@ -28,7 +28,7 @@ Before enabling OAuth in Immich, a new client application needs to be configured
 2. Configure Redirect URIs/Origins

   The **Sign-in redirect URIs** should include:
-   - `app.immich:///oauth-callback` - for logging in with OAuth from the [Mobile App](/features/mobile-app.mdx)
+   - `app.immich:///oauth-callback` - for logging in with OAuth from the [Mobile App](/docs/features/mobile-app.mdx)
   - `http://DOMAIN:PORT/auth/login` - for logging in with OAuth from the Web Client
   - `http://DOMAIN:PORT/user-settings` - for manually linking OAuth in the Web Client

@@ -98,7 +98,7 @@ The redirect URI for the mobile app is `app.immich:///oauth-callback`, which is
 2. Whitelist the new endpoint as a valid redirect URI with your provider.
 3. Specify the new endpoint as the `Mobile Redirect URI Override`, in the OAuth settings.

-With these steps in place, you should be able to use OAuth from the [Mobile App](/features/mobile-app.mdx) without a custom scheme redirect URI.
+With these steps in place, you should be able to use OAuth from the [Mobile App](/docs/features/mobile-app.mdx) without a custom scheme redirect URI.

 :::info
 Immich has a route (`/api/oauth/mobile-redirect`) that is already configured to forward requests to `app.immich:///oauth-callback`, and can be used for step 1.
--- a/docs/docs/administration/reverse-proxy.md
+++ b/docs/docs/administration/reverse-proxy.md
@@ -6,10 +6,6 @@ Users can deploy a custom reverse proxy that forwards requests to Immich. This w
 Immich does not support being served on a sub-path such as `location /immich {`. It has to be served on the root path of a (sub)domain.
 :::

-:::info
-If your reverse proxy uses the [Let's Encrypt](https://letsencrypt.org/) [http-01 challenge](https://letsencrypt.org/docs/challenge-types/#http-01-challenge), you may want to verify that the Immich well-known endpoint (`/.well-known/immich`) gets correctly routed to Immich, otherwise it will likely be routed elsewhere and the mobile app may run into connection issues.
-:::
-
 ### Nginx example config

 Below is an example config for nginx. Make sure to set `public_url` to the front-facing URL of your instance, and `backend_url` to the path of the Immich server.
@@ -41,14 +37,29 @@ server {
    location / {
        proxy_pass http://<backend_url>:2283;
    }
-
-    # useful when using Let's Encrypt http-01 challenge
-    # location = /.well-known/immich {
-    #     proxy_pass http://<backend_url>:2283;
-    # }
 }
 ```

+#### Compatibility with Let's Encrypt
+
+In the event that your nginx configuration includes a section for Let's Encrypt, it's likely that you have a segment similar to the following:
+
+```nginx
+location ~ /.well-known {
+    ...
+}
+```
+
+This particular `location` directive can inadvertently prevent mobile clients from reaching the `/.well-known/immich` path, which is crucial for discovery. Usual error message for this case is: "Your app major version is not compatible with the server". To remedy this, you should introduce an additional location block specifically for this path, ensuring that requests are correctly proxied to the Immich server:
+
+```nginx
+location = /.well-known/immich {
+    proxy_pass http://<backend_url>:2283;
+}
+```
+
+By doing so, you'll maintain the functionality of Let's Encrypt while allowing mobile clients to access the necessary Immich path without obstruction.
+
 ### Caddy example config

 As an alternative to nginx, you can also use [Caddy](https://caddyserver.com/) as a reverse proxy (with automatic HTTPS configuration). Below is an example config.
--- a/docs/docs/administration/server-commands.md
+++ b/docs/docs/administration/server-commands.md
@@ -16,7 +16,7 @@ The `immich-server` docker image comes preinstalled with an administrative CLI (

 ## How to run a command

-To run a command, [connect](/guides/docker-help.md#attach-to-a-container) to the `immich_server` container and then execute the command via `immich-admin <command>`.
+To run a command, [connect](/docs/guides/docker-help.md#attach-to-a-container) to the `immich_server` container and then execute the command via `immich-admin <command>`.

 ## Examples

--- a/docs/docs/administration/system-settings.md
+++ b/docs/docs/administration/system-settings.md
@@ -12,14 +12,14 @@ Manage password, OAuth, and other authentication settings

 ### OAuth Authentication

-Immich supports OAuth Authentication. Read more about this feature and its configuration [here](/administration/oauth).
+Immich supports OAuth Authentication. Read more about this feature and its configuration [here](/docs/administration/oauth).

 ### Password Authentication

-The administrator can choose to disable login with username and password for the entire instance. This means that **no one**, including the system administrator, will be able to log using this method. If [OAuth Authentication](/administration/oauth) is also disabled, no users will be able to login using **any** method. Changing this setting does not affect existing sessions, just new login attempts.
+The administrator can choose to disable login with username and password for the entire instance. This means that **no one**, including the system administrator, will be able to log using this method. If [OAuth Authentication](/docs/administration/oauth) is also disabled, no users will be able to login using **any** method. Changing this setting does not affect existing sessions, just new login attempts.

 :::tip
-You can always use the [Server CLI](/administration/server-commands) to re-enable password login.
+You can always use the [Server CLI](/docs/administration/server-commands) to re-enable password login.
 :::

 ## Image Settings (thumbnails and previews)
@@ -108,7 +108,7 @@ If more than one URL is provided, each server will be attempted one-at-a-time un

 ### Smart Search

-The [smart search](/features/searching) settings allow you to change the [CLIP model](https://openai.com/research/clip). Larger models will typically provide [more accurate search results](https://github.com/immich-app/immich/discussions/11862) but consume more processing power and RAM. When [changing the CLIP model](/FAQ#can-i-use-a-custom-clip-model) it is mandatory to re-run the Smart Search job on all images to fully apply the change.
+The [smart search](/docs/features/searching) settings allow you to change the [CLIP model](https://openai.com/research/clip). Larger models will typically provide [more accurate search results](https://github.com/immich-app/immich/discussions/11862) but consume more processing power and RAM. When [changing the CLIP model](/docs/FAQ#can-i-use-a-custom-clip-model) it is mandatory to re-run the Smart Search job on all images to fully apply the change.

 :::info Internet connection
 Changing models requires a connection to the Internet to download the model.
@@ -132,7 +132,7 @@ Editable settings:
 - **Max Recognition Distance**
 - **Min Recognized Faces**

-You can learn more about these options on the [Facial Recognition page](/features/facial-recognition#how-face-detection-works)
+You can learn more about these options on the [Facial Recognition page](/docs/features/facial-recognition#how-face-detection-works)

 :::info
 When changing the values in Min Detection Score, Max Recognition Distance, and Min Recognized Faces.
@@ -154,15 +154,15 @@ The map can be adjusted via [OpenMapTiles](https://openmaptiles.org/styles/) for

 ### Reverse Geocoding Settings

-Immich supports [Reverse Geocoding](/features/reverse-geocoding) using data from the [GeoNames](https://www.geonames.org/) geographical database.
+Immich supports [Reverse Geocoding](/docs/features/reverse-geocoding) using data from the [GeoNames](https://www.geonames.org/) geographical database.

 ## Notification Settings

-SMTP server setup, for user creation notifications, new albums, etc. More information can be found [here](/administration/email-notification)
+SMTP server setup, for user creation notifications, new albums, etc. More information can be found [here](/docs/administration/email-notification)

 ## Notification Templates

-Override the default notifications text with notification templates. More information can be found [here](/administration/email-notification)
+Override the default notifications text with notification templates. More information can be found [here](/docs/administration/email-notification)

 ## Server Settings

@@ -176,7 +176,7 @@ The administrator can set a custom message on the login screen (the message will

 ## Storage Template

-Immich supports a custom [Storage Template](/administration/storage-template). Learn more about this feature and its configuration [here](/administration/storage-template).
+Immich supports a custom [Storage Template](/docs/administration/storage-template). Learn more about this feature and its configuration [here](/docs/administration/storage-template).

 ## Theme Settings

--- a/docs/docs/community-guides.mdx
+++ b/docs/docs/community-guides.mdx
@@ -0,0 +1,12 @@
+# Community Guides
+
+This page lists community guides that are written around Immich, but not officially supported by the development team.
+
+:::warning
+This list comes with no guarantees about security, performance, reliability, or accuracy. Use at your own risk.
+:::
+
+import CommunityGuides from '../src/components/community-guides.tsx';
+import React from 'react';
+
+<CommunityGuides />
--- a/docs/docs/community-projects.mdx
+++ b/docs/docs/community-projects.mdx
@@ -0,0 +1,12 @@
+# Community Projects
+
+This page lists community projects that are built around Immich, but not officially supported by the development team.
+
+:::warning
+This list comes with no guarantees about security, performance, reliability, or accuracy. Use at your own risk.
+:::
+
+import CommunityProjects from '../src/components/community-projects.tsx';
+import React from 'react';
+
+<CommunityProjects />
--- a/docs/docs/developer/architecture.mdx
+++ b/docs/docs/developer/architecture.mdx
@@ -44,7 +44,7 @@ The web app is a [TypeScript](https://www.typescriptlang.org/) project that uses

 ### CLI

-The Immich CLI is an [npm](https://www.npmjs.com/) package that lets users control their Immich instance from the command line. It uses the API to perform various tasks, especially uploading assets. See the [CLI documentation](/features/command-line-interface.md) for more information.
+The Immich CLI is an [npm](https://www.npmjs.com/) package that lets users control their Immich instance from the command line. It uses the API to perform various tasks, especially uploading assets. See the [CLI documentation](/docs/features/command-line-interface.md) for more information.

 ## Server

@@ -83,11 +83,11 @@ Immich uses a [worker](https://github.com/immich-app/immich/blob/main/server/src
 - Smart Search
 - Facial Recognition
 - Storage Template Migration
- Sidecar (see [XMP Sidecars](/features/xmp-sidecars.md))
+- Sidecar (see [XMP Sidecars](/docs/features/xmp-sidecars.md))
 - Background jobs (file deletion, user deletion)

 :::info
-This list closely matches what is available on the [Administration > Jobs](/administration/jobs-workers/#jobs) page, which provides some remote queue management capabilities.
+This list closely matches what is available on the [Administration > Jobs](/docs/administration/jobs-workers/#jobs) page, which provides some remote queue management capabilities.
 :::

 ### Machine Learning
--- a/docs/docs/developer/devcontainers.md
+++ b/docs/docs/developer/devcontainers.md
@@ -431,7 +431,7 @@ While the Dev Container focuses on server and web development, you can connect m
   - Server URL: `http://YOUR_IP:2283/api`
   - Ensure firewall allows port 2283

-3. **For full mobile development**, see the [mobile development guide](/developer/setup) which covers:
+3. **For full mobile development**, see the [mobile development guide](/docs/developer/setup) which covers:
   - Flutter setup
   - Running on simulators/devices
   - Mobile-specific debugging
@@ -474,7 +474,7 @@ Recommended minimums:

 ## Next Steps

- Read the [architecture overview](/developer/architecture)
- Learn about [database migrations](/developer/database-migrations)
- Explore [API documentation](https://api.immich.app/)
+- Read the [architecture overview](/docs/developer/architecture)
+- Learn about [database migrations](/docs/developer/database-migrations)
+- Explore [API documentation](/docs/api)
 - Join `#immich` on [Discord](https://discord.immich.app)
--- a/docs/docs/developer/open-api.md
+++ b/docs/docs/developer/open-api.md
@@ -1,6 +1,6 @@
 # OpenAPI

-Immich uses the [OpenAPI](https://swagger.io/specification/) standard to generate API documentation. To view the published docs see [here](https://api.immich.app/).
+Immich uses the [OpenAPI](https://swagger.io/specification/) standard to generate API documentation. To view the published docs see [here](/docs/api).

 ## Generator

--- a/docs/docs/developer/pr-checklist.md
+++ b/docs/docs/developer/pr-checklist.md
@@ -53,8 +53,8 @@ You can use `dart fix --apply` and `dcm fix lib` to potentially correct some iss

 ## OpenAPI

-The OpenAPI client libraries need to be regenerated whenever there are changes to the `immich-openapi-specs.json` file. Note that you should not modify this file directly as it is auto-generated. See [OpenAPI](/developer/open-api.md) for more details.
+The OpenAPI client libraries need to be regenerated whenever there are changes to the `immich-openapi-specs.json` file. Note that you should not modify this file directly as it is auto-generated. See [OpenAPI](/docs/developer/open-api.md) for more details.

 ## Database Migrations

-A database migration needs to be generated whenever there are changes to `server/src/infra/src/entities`. See [Database Migration](/developer/database-migrations.md) for more details.
+A database migration needs to be generated whenever there are changes to `server/src/infra/src/entities`. See [Database Migration](/docs/developer/database-migrations.md) for more details.
--- a/docs/docs/features/automatic-backup.md
+++ b/docs/docs/features/automatic-backup.md
@@ -16,7 +16,7 @@ If foreground backup is enabled: whenever the app is opened or resumed, it will

 ## Background backup

-This feature is intended for everyday use. For initial bulk uploading, please use the foreground upload feature. For more information on why background upload is not working as expected, please refer to the [FAQ](/FAQ#why-does-foreground-backup-stop-when-i-navigate-away-from-the-app-shouldnt-it-transfer-the-job-to-background-backup).
+This feature is intended for everyday use. For initial bulk uploading, please use the foreground upload feature. For more information on why background upload is not working as expected, please refer to the [FAQ](/docs/FAQ#why-does-foreground-backup-stop-when-i-navigate-away-from-the-app-shouldnt-it-transfer-the-job-to-background-backup).

 If background backup is enabled. The app will periodically check if there are any new photos or videos in the selected album(s) to be uploaded to the server. If there are, it will upload them to the cloud in the background.

--- a/docs/docs/features/casting.md
+++ b/docs/docs/features/casting.md
@@ -4,7 +4,7 @@ Immich supports the Google's Cast protocol so that photos and videos can be cast

 ## Enable Google Cast Support

-Google Cast support is disabled by default. The web UI uses Google-provided scripts and must retrieve them from Google servers when the page loads. This is a privacy concern for some and is thus opt-in.
+Google Cast support is disabled by default. The web UI uses Google-provided scripts and must retreive them from Google servers when the page loads. This is a privacy concern for some and is thus opt-in.

 You can enable Google Cast support through `Account Settings > Features > Cast > Google Cast`

--- a/docs/docs/features/command-line-interface.md
+++ b/docs/docs/features/command-line-interface.md
@@ -103,7 +103,6 @@ Options:
  -c, --concurrency <number>  Number of assets to upload at the same time (default: 4, env: IMMICH_UPLOAD_CONCURRENCY)
  -j, --json-output           Output detailed information in json format (default: false, env: IMMICH_JSON_OUTPUT)
  --delete                    Delete local assets after upload (env: IMMICH_DELETE_ASSETS)
-  --delete-duplicates         Delete local assets that are duplicates (already exist on server) (env: IMMICH_DELETE_DUPLICATES)
  --no-progress               Hide progress bars (env: IMMICH_PROGRESS_BAR)
  --watch                     Watch for changes and upload automatically (default: false, env: IMMICH_WATCH_CHANGES)
  --help                      display help for command
@@ -183,7 +182,7 @@ For example to get a list of files that would be uploaded for further
 processing:

 ```bash
-immich upload --dry-run . | tail -n +6 | jq .newFiles[]
+immich upload --dry-run . | tail -n +4 | jq .newFiles[]
 ```

 ### Obtain the API Key
--- a/docs/docs/features/facial-recognition.md
+++ b/docs/docs/features/facial-recognition.md
@@ -70,7 +70,7 @@ Navigating to Administration > Settings > Machine Learning Settings > Facial Rec
 :::tip
 It's better to only tweak the parameters here than to set them to something very different unless you're ready to test a variety of options. If you do need to set a parameter to a strict setting, relaxing other settings can be a good option to compensate, and vice versa.

-You can learn how the tune the result in this [Guide](/guides/better-facial-clusters)
+You can learn how the tune the result in this [Guide](/docs/guides/better-facial-clusters)
 :::

 ### Facial recognition model
--- a/docs/docs/features/libraries.md
+++ b/docs/docs/features/libraries.md
@@ -1,9 +1,5 @@
 # External Libraries

-:::info
-Currently an external library can only belong to a single user which is selected when the library is initially created.
-:::
-
 External libraries track assets stored in the filesystem outside of Immich. When the external library is scanned, Immich will load videos and photos from disk and create the corresponding assets. These assets will then be shown in the main timeline, and they will look and behave like any other asset, including viewing on the map, adding to albums, etc. Later, if a file is modified outside of Immich, you need to scan the library for the changes to show up.

 If an external asset is deleted from disk, Immich will move it to trash on rescan. To restore the asset, you need to restore the original file. After 30 days the file will be removed from trash, and any changes to metadata within Immich will be lost.
@@ -107,7 +103,7 @@ The `immich-server` container will need access to the gallery. Modify your docke

 :::tip
 The `ro` flag at the end only gives read-only access to the volumes.
-This will disallow the images from being deleted in the web UI, or adding metadata to the library ([XMP sidecars](/features/xmp-sidecars)).
+This will disallow the images from being deleted in the web UI, or adding metadata to the library ([XMP sidecars](/docs/features/xmp-sidecars)).
 :::

 :::info
--- a/docs/docs/features/ml-hardware-acceleration.md
+++ b/docs/docs/features/ml-hardware-acceleration.md
@@ -35,7 +35,7 @@ You do not need to redo any machine learning jobs after enabling hardware accele
  - Where and how you can get this file depends on device and vendor, but typically, the device vendor also supplies these
  - The `hwaccel.ml.yml` file assumes the path to it is `/usr/lib/libmali.so`, so update accordingly if it is elsewhere
  - The `hwaccel.ml.yml` file assumes an additional file `/lib/firmware/mali_csffw.bin`, so update accordingly if your device's driver does not require this file
- Optional: Configure your `.env` file, see [environment variables](/install/environment-variables) for ARM NN specific settings
+- Optional: Configure your `.env` file, see [environment variables](/docs/install/environment-variables) for ARM NN specific settings
  - In particular, the `MACHINE_LEARNING_ANN_FP16_TURBO` can significantly improve performance at the cost of very slightly lower accuracy

 #### CUDA
@@ -49,30 +49,14 @@ You do not need to redo any machine learning jobs after enabling hardware accele

 - The GPU must be supported by ROCm. If it isn't officially supported, you can attempt to use the `HSA_OVERRIDE_GFX_VERSION` environmental variable: `HSA_OVERRIDE_GFX_VERSION=<a supported version, e.g. 10.3.0>`. If this doesn't work, you might need to also set `HSA_USE_SVM=0`.
 - The ROCm image is quite large and requires at least 35GiB of free disk space. However, pulling later updates to the service through Docker will generally only amount to a few hundred megabytes as the rest will be cached.
- This backend is new and may experience some issues. For example, GPU power consumption can be higher than usual after running inference, even if the machine learning service is idle. In this case, it will only go back to normal after being idle for 5 minutes (configurable with the [MACHINE_LEARNING_MODEL_TTL](/install/environment-variables) setting).
+- This backend is new and may experience some issues. For example, GPU power consumption can be higher than usual after running inference, even if the machine learning service is idle. In this case, it will only go back to normal after being idle for 5 minutes (configurable with the [MACHINE_LEARNING_MODEL_TTL](/docs/install/environment-variables) setting).

 #### OpenVINO

 - Integrated GPUs are more likely to experience issues than discrete GPUs, especially for older processors or servers with low RAM.
- Ensure the server's kernel version is new enough to use the device for hardware acceleration.
+- Ensure the server's kernel version is new enough to use the device for hardware accceleration.
 - Expect higher RAM usage when using OpenVINO compared to CPU processing.

-#### OpenVINO-WSL
-
- Ensure your container can access the /dev/dri directory, you can verify this by doing `docker exec -t immich_machine_learning ls -la /dev/dri`. If this is not the case execute `getent group render` and `getent group video` on the WSL host, then add those groups to hwaccel.ml.yaml
-  ```yaml
-  openvino-wsl:
-    devices:
-      - /dev/dri:/dev/dri
-      - /dev/dxg:/dev/dxg
-    volumes:
-      - /dev/bus/usb:/dev/bus/usb
-      - /usr/lib/wsl:/usr/lib/wsl
-    group_add:
-      - 44 # Replace this number with the number you found with getent group video
-      - 992 # Replace this number with the number you found with getent group render
-  ```
-
 #### RKNN

 - You must have a supported Rockchip SoC: only RK3566, RK3568, RK3576 and RK3588 are supported at this moment.
@@ -80,7 +64,7 @@ You do not need to redo any machine learning jobs after enabling hardware accele
  - This is usually pre-installed on the device vendor's Linux images
 - RKNPU driver V0.9.8 or later must be available in the host server
  - You may confirm this by running `cat /sys/kernel/debug/rknpu/version` to check the version
- Optional: Configure your `.env` file, see [environment variables](/install/environment-variables) for RKNN specific settings
+- Optional: Configure your `.env` file, see [environment variables](/docs/install/environment-variables) for RKNN specific settings
  - In particular, setting `MACHINE_LEARNING_RKNN_THREADS` to 2 or 3 can _dramatically_ improve performance for RK3576 and RK3588 compared to the default of 1, at the expense of multiplying the amount of RAM each model uses by that amount.

 ## Setup
--- a/docs/docs/features/mobile-app.mdx
+++ b/docs/docs/features/mobile-app.mdx
@@ -3,6 +3,7 @@ import { mdiCloudOffOutline, mdiCloudCheckOutline } from '@mdi/js';
 import MobileAppDownload from '/docs/partials/_mobile-app-download.md';
 import MobileAppLogin from '/docs/partials/_mobile-app-login.md';
 import MobileAppBackup from '/docs/partials/_mobile-app-backup.md';
+import { cloudDonePath, cloudOffPath } from '@site/src/components/svg-paths';

 # Mobile App

@@ -10,16 +11,6 @@ import MobileAppBackup from '/docs/partials/_mobile-app-backup.md';

 <MobileAppDownload />

-:::info Android verification
-Below are the SHA-256 fingerprints for the certificates signing the android applications.
-
- Playstore / Github releases:
-  `86:C5:C4:55:DF:AF:49:85:92:3A:8F:35:AD:B3:1D:0C:9E:0B:95:7D:7F:94:C2:D2:AF:6A:24:38:AA:96:00:20`
- F-Droid releases:
-  `FA:8B:43:95:F4:A6:47:71:A0:53:D1:C7:57:73:5F:A2:30:13:74:F5:3D:58:0D:D1:75:AA:F7:A1:35:72:9C:BF`
-
-:::
-
 :::info Beta Program
 The beta release channel allows users to test upcoming changes before they are officially released. To join the channel use the links below.

@@ -37,7 +28,7 @@ The beta release channel allows users to test upcoming changes before they are o
 <MobileAppBackup />

 :::info
-You can enable automatic backup on supported devices. For more information see [Automatic Backup](/features/automatic-backup.md).
+You can enable automatic backup on supported devices. For more information see [Automatic Backup](/docs/features/automatic-backup.md).
 :::

 ## Sync only selected photos
@@ -84,7 +75,7 @@ You can sync or mirror an album from your phone to the Immich server on your acc

 - **User-Specific Sync:** Album synchronization is unique to each server user and does not sync between different users or partners.

- **Mobile-Only Feature:** Album synchronization is currently only available on mobile. For similar options on a computer, refer to [Libraries](/features/libraries) for further details.
+- **Mobile-Only Feature:** Album synchronization is currently only available on mobile. For similar options on a computer, refer to [Libraries](/docs/features/libraries) for further details.

 ### Synchronizing albums from the past

--- a/docs/docs/features/monitoring.md
+++ b/docs/docs/features/monitoring.md
@@ -28,7 +28,7 @@ The metrics in immich are grouped into API (endpoint calls and response times),
 Immich will not expose an endpoint for metrics by default. To enable this endpoint, you can add the `IMMICH_TELEMETRY_INCLUDE=all` environmental variable to your `.env` file. Note that only the server container currently use this variable.

 :::tip
-`IMMICH_TELEMETRY_INCLUDE=all` enables all metrics. For a more granular configuration you can enumerate the telemetry metrics that should be included as a comma separated list (e.g. `IMMICH_TELEMETRY_INCLUDE=repo,api`). Alternatively, you can also exclude specific metrics with `IMMICH_TELEMETRY_EXCLUDE`. For more information refer to the [environment section](/install/environment-variables.md#prometheus).
+`IMMICH_TELEMETRY_INCLUDE=all` enables all metrics. For a more granular configuration you can enumerate the telemetry metrics that should be included as a comma separated list (e.g. `IMMICH_TELEMETRY_INCLUDE=repo,api`). Alternatively, you can also exclude specific metrics with `IMMICH_TELEMETRY_EXCLUDE`. For more information refer to the [environment section](/docs/install/environment-variables.md#prometheus).
 :::

 The next step is to configure a new or existing Prometheus instance to scrape this endpoint. The following steps assume that you do not have an existing Prometheus instance, but the steps will be similar either way.
@@ -68,7 +68,7 @@ After bringing down the containers with `docker compose down` and back up with `
 :::note
 To see exactly what metrics are made available, you can additionally add `8081:8081` (API metrics) and `8082:8082` (microservices metrics) to the immich_server container's ports.
 Visiting the `/metrics` endpoint for these services will show the same raw data that Prometheus collects.
-To configure these ports see [`IMMICH_API_METRICS_PORT` & `IMMICH_MICROSERVICES_METRICS_PORT`](/install/environment-variables/#general).
+To configure these ports see [`IMMICH_API_METRICS_PORT` & `IMMICH_MICROSERVICES_METRICS_PORT`](/docs/install/environment-variables/#general).
 :::

 ### Usage
--- a/docs/docs/features/reverse-geocoding.md
+++ b/docs/docs/features/reverse-geocoding.md
@@ -8,7 +8,7 @@ During Exif Extraction, assets with latitudes and longitudes are reverse geocode

 ## Usage

-Data from a reverse geocode is displayed in the image details, and used in [Smart Search](/features/searching.md).
+Data from a reverse geocode is displayed in the image details, and used in [Smart Search](/docs/features/searching.md).

 <img src={require('./img/reverse-geocoding-mobile3.webp').default} width='33%' title='Reverse Geocoding' />
 <img src={require('./img/reverse-geocoding-mobile1.webp').default} width='33%' title='Reverse Geocoding' />
--- a/docs/docs/features/sharing.md
+++ b/docs/docs/features/sharing.md
@@ -24,11 +24,11 @@ After creating an album, you can access the sharing options by clicking on the s

 Partner sharing allows you to share your _entire_ library with other users of your choice. They can then view your library and download the assets.

-You can read this guide to learn more about [partner sharing](/features/partner-sharing).
+You can read this guide to learn more about [partner sharing](/docs/features/partner-sharing).

 ## Public sharing

-You can create a public link to share a group of photos or videos, or an album, with anyone. The public link can be shared via email, social media, or any other method. There are a variety of options to customize the public link, such as setting an expiration date, password protection, and more. Public shared link is handy when you want to share a group of photos or videos with someone who doesn't have an Immich account and allow the shared user to upload their photos or videos to your account.
+You can create a public link to share a group of photos or videos, or an album, with anyone. The public link can be shared via email, social media, or any other method. There are a varierity of options to customize the public link, such as setting an expiration date, password protection, and more. Public shared link is handy when you want to share a group of photos or videos with someone who doesn't have an Immich account and allow the shared user to upload their photos or videos to your account.

 The public shared link is generated with a random URL, which acts as as a secret to avoid the link being guessed by unwanted parties, for instance.

--- a/docs/docs/features/tags.md
+++ b/docs/docs/features/tags.md
@@ -1,6 +1,6 @@
 # Tags

-Immich supports hierarchical tags, with the ability to read existing tags from the XMP `TagsList` field and IPTC `Keywords` field. Any changes to tags made through Immich are also written back to a [sidecar](/features/xmp-sidecars) file. You can re-run the metadata extraction jobs for all assets to import your existing tags.
+Immich supports hierarchical tags, with the ability to read existing tags from the XMP `TagsList` field and IPTC `Keywords` field. Any changes to tags made through Immich are also written back to a [sidecar](/docs/features/xmp-sidecars) file. You can re-run the metadata extraction jobs for all assets to import your existing tags.

 ## Enable tags feature

--- a/docs/docs/features/user-settings.md
+++ b/docs/docs/features/user-settings.md
@@ -15,9 +15,9 @@ You can access the [user settings](https://my.immich.app/user-settings) by click
 ---

 :::tip Reset Password
-The admin can reset a user password through the [User Management](/administration/user-management.mdx) screen.
+The admin can reset a user password through the [User Management](/docs/administration/user-management.mdx) screen.
 :::

 :::tip Reset Admin Password
-The admin password can be reset using a [Server Command](/administration/server-commands.md)
+The admin password can be reset using a [Server Command](/docs/administration/server-commands.md)
 :::
--- a/docs/docs/guides/better-facial-clusters.md
+++ b/docs/docs/guides/better-facial-clusters.md
@@ -10,7 +10,7 @@ This guide explains how to optimize facial recognition in systems with large ima

 - **Best Suited For:** Large image libraries after importing a significant number of images.
 - **Warning:** This method deletes all previously assigned names.
- **Tip:** **Always take a [backup](/administration/backup-and-restore#database) before proceeding!**
+- **Tip:** **Always take a [backup](/docs/administration/backup-and-restore#database) before proceeding!**

 ---

--- a/docs/docs/guides/custom-locations.md
+++ b/docs/docs/guides/custom-locations.md
@@ -9,7 +9,7 @@ It is important to remember to update the backup settings after following the gu
 In our `.env` file, we will define the paths we want to use. Note that you don't have to define all of these: UPLOAD_LOCATION will be the base folder that files are stored in by default, with the other paths acting as overrides.

 ```diff title=".env"
-# You can find documentation for all the supported environment variables [here](/install/environment-variables)
+# You can find documentation for all the supported environment variables [here](/docs/install/environment-variables)

 # Custom location where your uploaded, thumbnails, and transcoded video files are stored
 - UPLOAD_LOCATION=./library
--- a/docs/docs/guides/database-queries.md
+++ b/docs/docs/guides/database-queries.md
@@ -7,7 +7,7 @@ Keep in mind that mucking around in the database might set the Moon on fire. Avo
 :::tip
 Run `docker exec -it immich_postgres psql --dbname=<DB_DATABASE_NAME> --username=<DB_USERNAME>` to connect to the database via the container directly.

-(Replace `<DB_DATABASE_NAME>` and `<DB_USERNAME>` with the values from your [`.env` file](/install/environment-variables#database)).
+(Replace `<DB_DATABASE_NAME>` and `<DB_USERNAME>` with the values from your [`.env` file](/docs/install/environment-variables#database)).
 :::

 ## Assets
@@ -142,7 +142,7 @@ DELETE FROM "person" WHERE "name" = 'PersonNameHere';
 SELECT "key", "value" FROM "system_metadata" WHERE "key" = 'system-config';
 ```

-(Only used when not using the [config file](/install/config-file))
+(Only used when not using the [config file](/docs/install/config-file))

 ### File properties

--- a/docs/docs/guides/external-library.md
+++ b/docs/docs/guides/external-library.md
@@ -1,13 +1,13 @@
 # External Library

-This guide walks you through adding an [External Library](/features/libraries).
+This guide walks you through adding an [External Library](/docs/features/libraries).
 This guide assumes you are running Immich in Docker and that the files you wish to access are stored
 in a directory on the same machine.

 # Mount the directory into the containers.

 Edit `docker-compose.yml` to add one or more new mount points in the section `immich-server:` under `volumes:`.
-If you want Immich to be able to delete the images in the external library or add metadata ([XMP sidecars](/features/xmp-sidecars)), remove `:ro` from the end of the mount point.
+If you want Immich to be able to delete the images in the external library or add metadata ([XMP sidecars](/docs/features/xmp-sidecars)), remove `:ro` from the end of the mount point.

 ```diff
 immich-server:
@@ -21,10 +21,6 @@ Restart Immich by running `docker compose up -d`.

 # Create the library

-:::info
-External library management requires administrator access and the steps below assume you are using an admin account.
-:::
-
 In the Immich web UI:

 - click the **Administration** link in the upper right corner.
@@ -37,7 +33,7 @@ In the Immich web UI:
  <img src={require('./img/create-external-library.webp').default} width="50%" title="Create Library button" />

 - In the dialog, select which user should own the new library
-  <img src={require('./img/library-owner.webp').default} width="50%" title="Library owner dialog" />
+  <img src={require('./img/library-owner.webp').default} width="50%" title="Library owner diaglog" />

 - Click the three-dots menu and select **Edit Import Paths**
  <img src={require('./img/edit-import-paths.webp').default} width="50%" title="Edit Import Paths menu option" />
--- a/docs/docs/guides/remote-access.md
+++ b/docs/docs/guides/remote-access.md
@@ -46,7 +46,7 @@ You can learn how to set up Tailscale together with Immich with the [tutorial vi

 A reverse proxy is a service that sits between web servers and clients. A reverse proxy can either be hosted on the server itself or remotely. Clients can connect to the reverse proxy via https, and the proxy relays data to Immich. This setup makes most sense if you have your own domain and want to access your Immich instance just like any other website, from outside your LAN. You can also use a DDNS provider like DuckDNS or no-ip if you don't have a domain. This configuration allows the Immich Android and iphone apps to connect to your server without a VPN or tailscale app on the client side.

-If you're hosting your own reverse proxy, [Nginx](https://docs.nginx.com/nginx/admin-guide/web-server/reverse-proxy/) is a great option. An example configuration for Nginx is provided [here](/administration/reverse-proxy.md).
+If you're hosting your own reverse proxy, [Nginx](https://docs.nginx.com/nginx/admin-guide/web-server/reverse-proxy/) is a great option. An example configuration for Nginx is provided [here](/docs/administration/reverse-proxy.md).

 You'll also need your own certificate to authenticate https connections. If you're making Immich publicly accessible, [Let's Encrypt](https://letsencrypt.org/) can provide a free certificate for your domain and is the recommended option. Alternatively, a [self-signed certificate](https://en.wikipedia.org/wiki/Self-signed_certificate) allows you to encrypt your connection to Immich, but it raises a security warning on the client's browser.

--- a/docs/docs/guides/remote-machine-learning.md
+++ b/docs/docs/guides/remote-machine-learning.md
@@ -1,6 +1,6 @@
 # Remote Machine Learning

-To alleviate [performance issues on low-memory systems](/FAQ.mdx#why-is-immich-slow-on-low-memory-systems-like-the-raspberry-pi) like the Raspberry Pi, you may also host Immich's machine learning container on a more powerful system, such as your laptop or desktop computer. The server container will send requests containing the image preview to the remote machine learning container for processing. The machine learning container does not persist this data or associate it with a particular user.
+To alleviate [performance issues on low-memory systems](/docs/FAQ.mdx#why-is-immich-slow-on-low-memory-systems-like-the-raspberry-pi) like the Raspberry Pi, you may also host Immich's machine learning container on a more powerful system, such as your laptop or desktop computer. The server container will send requests containing the image preview to the remote machine learning container for processing. The machine learning container does not persist this data or associate it with a particular user.

 :::info
 Smart Search and Face Detection will use this feature, but Facial Recognition will not. This is because Facial Recognition uses the _outputs_ of these models that have already been saved to the database. As such, its processing is between the server container and the database.
@@ -14,7 +14,7 @@ Image previews are sent to the remote machine learning container. Use this optio
 2. Copy the following `docker-compose.yml` to the remote server

 :::info
-If using hardware acceleration, the [hwaccel.ml.yml](https://github.com/immich-app/immich/releases/latest/download/hwaccel.ml.yml) file also needs to be added and the `docker-compose.yml` needs to be configured as described in the [hardware acceleration documentation](/features/ml-hardware-acceleration)
+If using hardware acceleration, the [hwaccel.ml.yml](https://github.com/immich-app/immich/releases/latest/download/hwaccel.ml.yml) file also needs to be added and the `docker-compose.yml` needs to be configured as described in the [hardware acceleration documentation](/docs/features/ml-hardware-acceleration)
 :::

 ```yaml
--- a/docs/docs/guides/template-backup-script.md
+++ b/docs/docs/guides/template-backup-script.md
@@ -7,7 +7,7 @@ This script assumes you have a second hard drive connected to your server for on
 The database is saved to your Immich upload folder in the `database-backup` subdirectory. The database is then backed up and versioned with your assets by Borg. This ensures that the database backup is in sync with your assets in every snapshot.

 :::info
-This script makes backups of your database along with your photo/video library. This is redundant with the [automatic database backup tool](/administration/backup-and-restore#automatic-database-dumps) built into Immich. Using this script to backup your database has two advantages over the built-in backup tool:
+This script makes backups of your database along with your photo/video library. This is redundant with the [automatic database backup tool](https://immich.app/docs/administration/backup-and-restore#automatic-database-backups) built into Immich. Using this script to backup your database has two advantages over the built-in backup tool:

 - This script uses storage more efficiently by versioning your backups instead of making multiple copies.
 - The database backups are performed at the same time as the library backup, ensuring that the backups of your database and the library are always in sync.
--- a/docs/docs/install/config-file.md
+++ b/docs/docs/install/config-file.md
@@ -209,7 +209,7 @@ So you can just grab it from there, paste it into a file and you're pretty much
 ### Step 2 - Specify the file location

 In your `.env` file, set the variable `IMMICH_CONFIG_FILE` to the path of your config.
-For more information, refer to the [Environment Variables](/install/environment-variables.md) section.
+For more information, refer to the [Environment Variables](/docs/install/environment-variables.md) section.

 :::tip
 YAML-formatted config files are also supported.
--- a/docs/docs/install/docker-compose.mdx
+++ b/docs/docs/install/docker-compose.mdx
@@ -29,4 +29,4 @@ If you get an error `can't set healthcheck.start_interval as feature require Doc

 ## Next Steps

-Read the [Post Installation](/install/post-install.mdx) steps and [upgrade instructions](/install/upgrading.md).
+Read the [Post Installation](/docs/install/post-install.mdx) steps and [upgrade instructions](/docs/install/upgrading.md).
--- a/docs/docs/install/environment-variables.md
+++ b/docs/docs/install/environment-variables.md
@@ -42,7 +42,7 @@ These environment variables are used by the `docker-compose.yml` file and do **N
 | `IMMICH_MICROSERVICES_METRICS_PORT` | Port for the OTEL metrics                                                                 |            `8082`            | server                   | microservices      |
 | `IMMICH_PROCESS_INVALID_IMAGES`     | When `true`, generate thumbnails for invalid images                                       |                              | server                   | microservices      |
 | `IMMICH_TRUSTED_PROXIES`            | List of comma-separated IPs set as trusted proxies                                        |                              | server                   | api                |
-| `IMMICH_IGNORE_MOUNT_CHECK_ERRORS`  | See [System Integrity](/administration/system-integrity)                                  |                              | server                   | api, microservices |
+| `IMMICH_IGNORE_MOUNT_CHECK_ERRORS`  | See [System Integrity](/docs/administration/system-integrity)                             |                              | server                   | api, microservices |

 \*1: `TZ` should be set to a `TZ identifier` from [this list][tz-list]. For example, `TZ="Etc/UTC"`.
 `TZ` is used by `exiftool` as a fallback in case the timezone cannot be determined from the image metadata. It is also used for logfile timestamps and cron job execution.
@@ -57,7 +57,7 @@ These environment variables are used by the `docker-compose.yml` file and do **N
 | `IMMICH_WORKERS_EXCLUDE` | Do not run these workers. Matches against default workers, or `IMMICH_WORKERS_INCLUDE` if specified. |         | server     |

 :::info
-Information on the current workers can be found [here](/administration/jobs-workers).
+Information on the current workers can be found [here](/docs/administration/jobs-workers).
 :::

 ## Ports
@@ -169,9 +169,10 @@ Redis (Sentinel) URL example JSON before encoding:
 | `MACHINE_LEARNING_ANN_TUNING_LEVEL`                         | ARM-NN GPU tuning level (1: rapid, 2: normal, 3: exhaustive)                                        |               `2`               | machine learning |
 | `MACHINE_LEARNING_DEVICE_IDS`<sup>\*4</sup>                 | Device IDs to use in multi-GPU environments                                                         |               `0`               | machine learning |
 | `MACHINE_LEARNING_MAX_BATCH_SIZE__FACIAL_RECOGNITION`       | Set the maximum number of faces that will be processed at once by the facial recognition model      |  None (`1` if using OpenVINO)   | machine learning |
+| `MACHINE_LEARNING_PING_TIMEOUT`                             | How long (ms) to wait for a PING response when checking if an ML server is available                |             `2000`              | server           |
+| `MACHINE_LEARNING_AVAILABILITY_BACKOFF_TIME`                | How long to ignore ML servers that are offline before trying again                                  |             `30000`             | server           |
 | `MACHINE_LEARNING_RKNN`                                     | Enable RKNN hardware acceleration if supported                                                      |             `True`              | machine learning |
 | `MACHINE_LEARNING_RKNN_THREADS`                             | How many threads of RKNN runtime should be spinned up while inferencing.                            |               `1`               | machine learning |
-| `MACHINE_LEARNING_MODEL_ARENA`                              | Pre-allocates CPU memory to avoid memory fragmentation                                              |              true               | machine learning |

 \*1: It is recommended to begin with this parameter when changing the concurrency levels of the machine learning service and then tune the other ones.

--- a/docs/docs/install/one-click.md
+++ b/docs/docs/install/one-click.md
@@ -1,32 +0,0 @@
---
-sidebar_position: 65
---
-
-# One-Click [Cloud Service]
-
-:::note
-This version of Immich is provided via cloud service providers' one-click marketplaces. Hosting costs are set by the cloud service providers.
-Support for these are provided by the individual cloud service providers.
-
-**Please report issues to the corresponding [Github Repository][github].**
-:::
-
-## Installation
-
-Go to the provider's marketplace and choose Immich, then follow the provided instructions.
-
-## One-Click Immich marketplace providers
-
-### DigitalOcean
-
-https://marketplace.digitalocean.com/apps/immich
-
-### Vultr
-
-https://www.vultr.com/marketplace/apps/immich
-
-## Issues
-
-For issues, open an issue on the associated [GitHub Repository][github].
-
-[github]: https://github.com/immich-app/immich/
--- a/docs/docs/install/portainer.md
+++ b/docs/docs/install/portainer.md
@@ -45,5 +45,5 @@ alt="Dot Env Example"
 11. Click on "**Deploy the stack**".

 :::tip
-For more information on how to use the application, please refer to the [Post Installation](/install/post-install.mdx) guide.
+For more information on how to use the application, please refer to the [Post Installation](/docs/install/post-install.mdx) guide.
 :::
--- a/docs/docs/install/post-install.mdx
+++ b/docs/docs/install/post-install.mdx
@@ -44,6 +44,6 @@ A list of common steps to take after installing Immich include:

 ## Setting up optional features

- [External Libraries](/features/libraries.md): Adding your existing photo library to Immich
- [Hardware Transcoding](/features/hardware-transcoding.md): Speeding up video transcoding
- [Hardware-Accelerated Machine Learning](/features/ml-hardware-acceleration.md): Speeding up various machine learning tasks in Immich
+- [External Libraries](/docs/features/libraries.md): Adding your existing photo library to Immich
+- [Hardware Transcoding](/docs/features/hardware-transcoding.md): Speeding up video transcoding
+- [Hardware-Accelerated Machine Learning](/docs/features/ml-hardware-acceleration.md): Speeding up various machine learning tasks in Immich
--- a/docs/docs/install/script.md
+++ b/docs/docs/install/script.md
@@ -5,12 +5,12 @@ sidebar_position: 20
 # Install script [Experimental]

 :::caution
-This method is experimental and not currently recommended for production use. For production, please refer to installing with [Docker Compose](/install/docker-compose.mdx).
+This method is experimental and not currently recommended for production use. For production, please refer to installing with [Docker Compose](/docs/install/docker-compose.mdx).
 :::

 ## Requirements

-Follow the [requirements page](/install/requirements) to get started.
+Follow the [requirements page](/docs/install/requirements) to get started.

 The install script only supports Linux operating systems and requires Docker to be already installed on the system.

@@ -32,5 +32,5 @@ The web application and mobile app will be available at `http://<machine-ip-addr
 The directory which is used to store the library files is `./immich-app` relative to the current directory.

 :::tip
-For common next steps, see [Post Install Steps](/install/post-install.mdx).
+For common next steps, see [Post Install Steps](/docs/install/post-install.mdx).
 :::
--- a/docs/docs/install/synology.md
+++ b/docs/docs/install/synology.md
@@ -16,7 +16,7 @@ Immich can easily be installed on a Synology NAS using Container Manager within

 ## Step 1 - Download the required files

-Create a directory of your choice (e.g. `./immich-app`) to house Immich. In general, it's best practice to have all Docker-based applications running under the `./docker` directory, so in this case, your directory structure will look like `./docker/immich-app`.
+Create a directory of your choice (e.g. `./immich-app`) to house Immich. In general, it's a best practice to have all Docker-based applications running under the `./docker` directory, so in this case, your directory structure will look like `./docker/immich-app`.

 Now create a `./postgres` and `./library` directory as sub-directories of the `./docker/immich-app`.

@@ -25,32 +25,32 @@ When you're all done, you should have the following:
 - `./docker/immich-app/postgres`
 - `./docker/immich-app/library`

-Download [`docker-compose.yml`](https://github.com/immich-app/immich/releases/latest/download/docker-compose.yml) and [`example.env`](https://github.com/immich-app/immich/releases/latest/download/example.env) to your computer. Upload the files to the `./docker/immich-app` directory, and rename `example.env` to `.env`. Note: If you plan to use the Synology Text editor to edit the `.env` file on the NAS within File Station, you will need to rename it to a temporary name (e.g. `example.txt`) in order to see 'Open with Text Editor' in the file context menu. Once saved, rename it back to `.env`.
+Download [`docker-compose.yml`](https://github.com/immich-app/immich/releases/latest/download/docker-compose.yml) and [`example.env`](https://github.com/immich-app/immich/releases/latest/download/example.env) to your computer. Upload the files to the `./docker/immich-app` directory, and rename `example.env` to `.env`.

 ## Step 2 - Populate the .env file with custom values

-Follow [Step 2 in Docker Compose](/install/docker-compose#step-2---populate-the-env-file-with-custom-values) for instructions on customizing the `.env` file, and then return back to this guide to continue.
+Follow [Step 2 in Docker Compose](/docs/install/docker-compose#step-2---populate-the-env-file-with-custom-values) for instructions on customizing the `.env` file, and then return back to this guide to continue.

 ## Step 3 - Create a new project in Container Manager

 Open Container Manager, and select the "**Project**" action on the left navigation bar and then click "**Create**".
-![Create project](../../static/img/synology-container-manager-create-project.png)
+![Create Project](../../static/img/synology-container-manager-create-project.png)

 In the settings of your new project, set "**Project name**" to a name you'll remember, such as _immich-app_. When setting the "**Path**", select the `./docker/immich-app` directory you created earlier. Doing so will prompt a message to use the existing `docker-compose.yml` already present in the directory for your project. Click "**OK**" to continue.

-![Set path](../../static/img/synology-container-manager-set-path.png)
+![Set Path](../../static/img/synology-container-manager-set-path.png)

-The following screen will give you the option to further customize your `docker-compose.yml` file. Take note of `DB_STORAGE_TYPE: 'HDD'` and uncomment if applicable for your Synology setup.
+The following screen will give you the option to further customize your `docker-compose.yml` file, giving you a warning regarding the `start_interval` property. Under the `healthcheck` heading, remove the `start_interval: 30s` completely and click "**Next**".

-![DB storage](../../static/img/synology-container-manager-customize-docker-compose.png)
+![start interval](../../static/img/synology-container-manager-customize-docker-compose.png)

 Skip the section asking to set-up a portal for Web Station, and then complete the wizard which will build and start the containers for your project.

 Once your containers are successfully running, navigate to the "**Container**" section of Container Manager, right-click on the "**immich-server**" container, and choose the "**Details**".

-Scroll to the bottom of the "**Details**" section and find the `IP Address` listed in the `Network` section. Take note of the container's IP address as you will need it for **Step 4**.
+Scroll to the bottom of the "**Details**" section, and find the `IP Address` of the container, located in the `Network` section. Take note of the container's IP address as you will need it for **Step 4**.

-![Container details](../../static/img/synology-container-manager-container-details.png)
+![Container Details](../../static/img/synology-container-manager-container-details.png)

 ## Step 4 - Configure Firewall Settings

@@ -63,66 +63,8 @@ Open "**Control Panel**" on your Synology NAS, and select "**Security**". Naviga
 Click "**Edit Rules**" and add the following firewall rules:

 - Add a "**Source IP**" rule for the IP address of your container that you obtained in Step 3 above
-
-![IP address rule](../../static/img/synology-ipaddress-firewall-rule.png)
-
 - Add a "**Ports**" rule for the port specified in the `docker-compose.yml`, which should be `2283`

-![Custom port rule](../../static/img/synology-custom-port-firewall-rule.png)
-
 ## Next Steps

-Read the [Post Installation](/install/post-install.mdx) steps and [upgrade instructions](/install/upgrading.md).
-
-<details>
-  <summary>Updating Immich using Container Manager</summary>
-Check the post installation and upgrade instructions at the links above before proceeding with this section.
-
-## Step 1. Backup
-
-Ensure your photos and videos are backed up. Your `.env` settings will define where they are stored. There is no need to delete any files or folders within the `docker` folder when doing a release upgrade unless instructed in the release notes.
-
-## Step 2. Check release notes
-
-Always check the [release notes](https://github.com/immich-app/immich/releases) before proceeding with an update!
-
-## Step 3. Stop containers & clean up
-
-Open **Container Manager**. Select **Project** then your Immich app
-
-![Select project](../../static/img/synology-select-proj.png)
-
-Select **Stop**
-
-![Stop project](../../static/img/synology-project-stop.png)
-
-Select **Action** then **Clean**. This removes the containers.
-
-![Clean project](../../static/img/synology-action-clean.png)
-
-Go to **Image** and select **Remove Unused Images**.
-
-![Remove unused](../../static/img/synology-remove-unused.png)
-
-## Step 4. Build
-
-Go to **Project**, select **Action** then **Build**. This will download, unpack, install and start the containers.
-
-![Build](../../static/img/synology-build.png)
-
-## Step 5. Update firewall rule
-
-The default behavior is to automatically start the containers once installed. If `immich_server` runs for a few seconds and then stops, it may be because the firewall rule no longer matches the server IP address.
-
-Go to the **Container** section. Click on `immich_server` and scroll down on **General** to find the IP address.
-![Container IP](../../static/img/synology-container-ip.png)
-
-Go to Synology **Control Panel**. Select **Security** and **Firewall**.
-
-![Firewall](../../static/img/synology-fw-rules.png)
-
-In this example, the IP addresses mismatch and the firewall rule needs to be edited to match above.
-
-![Edit IP](../../static/img/synology-fw-ipedit.png)
-
-</details>
+Read the [Post Installation](/docs/install/post-install.mdx) steps and [upgrade instructions](/docs/install/upgrading.md).
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
CJPeckover	af605876ad	Merge branch 'immich-main' into feat/multi-select-asset-viewer	2025-09-16 13:49:32 -04:00
CJPeckover	585199553f	revert pnpm-lock	2025-09-16 13:38:34 -04:00
CJPeckover	cb321afada	revert pnpm-lock	2025-09-16 13:35:16 -04:00
CJPeckover	22cbf39fcf	- revert pnpm-lock	2025-09-16 13:12:21 -04:00
CJPeckover	097dc3d21e	Merge branch 'immich-main' into feat/multi-select-asset-viewer	2025-09-16 13:10:37 -04:00
CJPeckover	7fae893558	- make view icon visible on mobile	2025-09-16 13:07:56 -04:00
CJPeckover	669a7a9a10	- ensure gallery viewer has view icon - ensure view icon is above video thumbnail	2025-09-16 13:00:41 -04:00
CJPeckover	360b1fea2d	format/check	2025-09-16 01:46:26 -04:00
CJPeckover	8497364cc7	make assetViewer.assetInteraction optional, it is not needed on utility pages, map, or individual-shared-viewer	2025-09-16 01:27:51 -04:00
CJPeckover	cf539cc033	Add initial select logic to asset viewer	2025-09-16 00:54:46 -04:00
CJPeckover	52903e510e	- add initial viewer button UI	2025-09-16 00:19:10 -04:00
@@ -1 +1 @@
 .11.0
 .19.0