wip: fix the mess that is the mobile database

refactor: authentication provider always try network calls and only fail if 401 or no local user
chore: bump flutter sdk path for vscode
2025-12-16 01:30:47 -08:00 · 2024-07-30 00:12:43 +01:00 · 2024-07-29 19:02:04 +01:00 · 2024-07-29 19:01:09 +01:00 · 2024-07-29 10:52:53 -05:00
2027 changed files with 83040 additions and 125859 deletions
--- a/.devcontainer/Dockerfile
+++ b/.devcontainer/Dockerfile
@@ -1,2 +0,0 @@
 ARG BASEIMAGE=mcr.microsoft.com/devcontainers/typescript-node:22@sha256:9791f4aa527774bc370c6bd2f6705ce5a686f1e6f204badd8dfaacce28c631ae
 FROM ${BASEIMAGE}
--- a/.devcontainer/devcontainer.json
+++ b/.devcontainer/devcontainer.json
@@ -1,20 +0,0 @@
 {
 	"name": "Immich devcontainers",
 	"build": {
 		"dockerfile": "Dockerfile",
 		"args": {
 			"BASEIMAGE": "mcr.microsoft.com/devcontainers/typescript-node:22"
 		}
 	},
 	"customizations": {
 		"vscode": {
 			"extensions": [
 				"svelte.svelte-vscode"
 			]
 		}
 	},
 	"forwardPorts": [],
 	"postCreateCommand": "make install-all",
 	"remoteUser": "node"
 }
--- a/.dockerignore
+++ b/.dockerignore
@@ -22,7 +22,6 @@ open-api/typescript-sdk/node_modules/
 server/coverage/
 server/node_modules/
 server/upload/
 server/src/queries
 server/dist/
 server/www/
--- a/.github/FUNDING.yml
+++ b/.github/FUNDING.yml
@@ -1 +0,0 @@
 custom: ['https://buy.immich.app']
--- a/.github/ISSUE_TEMPLATE/bug_report.yaml
+++ b/.github/ISSUE_TEMPLATE/bug_report.yaml
@@ -83,6 +83,7 @@ body:
        2.
        3.
        ...
      render: bash
    validations:
      required: true
--- a/.github/ISSUE_TEMPLATE/config.yml
+++ b/.github/ISSUE_TEMPLATE/config.yml
@@ -1,14 +1,11 @@
 blank_issues_enabled: false
 contact_links:
-  - name: ✋ I have a question or need support
+  - name: I have a question or need support
    url: https://discord.immich.app
    about: We use GitHub for tracking bugs, please check out our Discord channel for freaky fast support.
-  - name: 📷 My photo or video has a date, time, or timezone problem
+  - name: Feature Request
    url: https://github.com/immich-app/immich/discussions/12650
    about: Upload a sample file to this discussion and we will take a look
  - name: 🌟 Feature request
    url: https://github.com/immich-app/immich/discussions/new?category=feature-request
    about: Please use our GitHub Discussion for making feature requests.
-  - name: 🫣 I'm unsure where to go
+  - name: I'm unsure where to go
    url: https://discord.immich.app
    about: If you are unsure where to go, then joining our Discord is recommended; Just ask!
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -0,0 +1,7 @@
 version: 2
 updates:
  # Maintain dependencies for GitHub Actions
  - package-ecosystem: "github-actions"
    directory: "/"
    schedule:
      interval: "daily"
--- a/.github/labeler.yml
+++ b/.github/labeler.yml
@@ -33,6 +33,3 @@ documentation:
  - changed-files:
      - any-glob-to-any-file:
          - machine-learning/app/**
 changelog:translation:
  - head-branch: ['^chore/translations$']
--- a/.github/release.yml
+++ b/.github/release.yml
@@ -1,33 +1,41 @@
 changelog:
  categories:
-    - title: 🚨 Breaking Changes
+    - title: ⚠️ Breaking Changes
      labels:
-        - changelog:breaking-change
+        - breaking-change
-    - title: 🫥 Deprecated Changes
+    - title: 🗄️ Server
      labels:
-        - changelog:deprecated
+        - 🗄️server
-    - title: 🔒 Security
+    - title: 📱 Mobile
      labels:
-        - changelog:security
+        - 📱mobile
-    - title: 🚀 Features
+    - title: 🖥️ Web
      labels:
-        - changelog:feature
+        - 🖥️web
-    - title: 🌟 Enhancements
+    - title: 🧠 Machine Learning
      labels:
-        - changelog:enhancement
+        - 🧠machine-learning
-    - title: 🐛 Bug fixes
+    - title: ⚡ CLI
      labels:
-        - changelog:bugfix
+        - cli
-    - title: 📚 Documentation
+    - title: 📓 Documentation
      labels:
-        - changelog:documentation
+        - documentation
-    - title: 🌐 Translations
+    - title: 🔨 Maintenance
      labels:
-        - changelog:translation
+        - deployment
        - dependencies
        - renovate
        - maintenance
        - tech-debt
    - title: Other changes
      labels:
        - "*"
--- a/.github/workflows/build-mobile.yml
+++ b/.github/workflows/build-mobile.yml
@@ -16,28 +16,10 @@ concurrency:
  cancel-in-progress: true
 jobs:
  pre-job:
    runs-on: ubuntu-latest
    outputs:
      should_run: ${{ steps.found_paths.outputs.mobile == 'true' || steps.should_force.outputs.should_force == 'true' }}
    steps:
      - name: Checkout code
        uses: actions/checkout@v4
      - id: found_paths
        uses: dorny/paths-filter@v3
        with:
          filters: |
            mobile:
              - 'mobile/**'
      - name: Check if we should force jobs to run
        id: should_force
        run: echo "should_force=${{ github.event_name == 'workflow_call' || github.event_name == 'workflow_dispatch' }}" >> "$GITHUB_OUTPUT"
  build-sign-android:
    name: Build and sign Android
    needs: pre-job
    # Skip when PR from a fork
-    if: ${{ !github.event.pull_request.head.repo.fork && github.actor != 'dependabot[bot]' && needs.pre-job.outputs.should_run == 'true' }}
+    if: ${{ !github.event.pull_request.head.repo.fork && github.actor != 'dependabot[bot]' }}
    runs-on: macos-14
    steps:
--- a/.github/workflows/cli.yml
+++ b/.github/workflows/cli.yml
@@ -22,7 +22,7 @@ permissions:
 jobs:
  publish:
-    name: CLI Publish
+    name: Publish
    runs-on: ubuntu-latest
    defaults:
      run:
@@ -59,7 +59,7 @@ jobs:
        uses: docker/setup-qemu-action@v3.2.0
      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3.8.0
+        uses: docker/setup-buildx-action@v3.5.0
      - name: Login to GitHub Container Registry
        uses: docker/login-action@v3
@@ -88,7 +88,7 @@ jobs:
            type=raw,value=latest,enable=${{ github.event_name == 'release' }}
      - name: Build and push image
-        uses: docker/build-push-action@v6.10.0
+        uses: docker/build-push-action@v6.5.0
        with:
          file: cli/Dockerfile
          platforms: linux/amd64,linux/arm64
--- a/.github/workflows/docker-cleanup.yml
+++ b/.github/workflows/docker-cleanup.yml
@@ -22,7 +22,7 @@ concurrency:
 jobs:
  cleanup-images:
    name: Cleanup Stale Images Tags for ${{ matrix.primary-name }}
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-22.04
    strategy:
      fail-fast: false
      matrix:
@@ -35,7 +35,7 @@ jobs:
    steps:
      - name: Clean temporary images
        if: "${{ env.TOKEN != '' }}"
-        uses: stumpylog/image-cleaner-action/ephemeral@v0.9.0
+        uses: stumpylog/image-cleaner-action/ephemeral@v0.7.0
        with:
          token: "${{ env.TOKEN }}"
          owner: "immich-app"
@@ -48,7 +48,7 @@ jobs:
  cleanup-untagged-images:
    name: Cleanup Untagged Images Tags for ${{ matrix.primary-name }}
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-22.04
    needs:
      - cleanup-images
    strategy:
@@ -64,7 +64,7 @@ jobs:
    steps:
      - name: Clean untagged images
        if: "${{ env.TOKEN != '' }}"
-        uses: stumpylog/image-cleaner-action/untagged@v0.9.0
+        uses: stumpylog/image-cleaner-action/untagged@v0.7.0
        with:
          token: "${{ env.TOKEN }}"
          owner: "immich-app"
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@@ -17,197 +17,47 @@ permissions:
  packages: write
 jobs:
-  pre-job:
+  build_and_push:
    name: Build and Push
    runs-on: ubuntu-latest
    outputs:
      should_run_server: ${{ steps.found_paths.outputs.server == 'true' || steps.should_force.outputs.should_force == 'true' }}
      should_run_ml: ${{ steps.found_paths.outputs.machine-learning == 'true' || steps.should_force.outputs.should_force == 'true' }}
    steps:
      - name: Checkout code
        uses: actions/checkout@v4
      - id: found_paths
        uses: dorny/paths-filter@v3
        with:
          filters: |
            server:
              - 'server/**'
              - 'openapi/**'
              - 'web/**'
              - 'i18n/**'
            machine-learning:
              - 'machine-learning/**'
      - name: Check if we should force jobs to run
        id: should_force
        run: echo "should_force=${{ github.event_name == 'workflow_dispatch' || github.event_name == 'release' }}" >> "$GITHUB_OUTPUT"
  retag_ml:
    name: Re-Tag ML
    needs: pre-job
    if: ${{ needs.pre-job.outputs.should_run_ml == 'false' && !github.event.pull_request.head.repo.fork }}
    runs-on: ubuntu-latest
    strategy:
      matrix:
        suffix: ["", "-cuda", "-openvino", "-armnn"]
    steps:
        - name: Login to GitHub Container Registry
          uses: docker/login-action@v3
          with:
            registry: ghcr.io
            username: ${{ github.repository_owner }}
            password: ${{ secrets.GITHUB_TOKEN }}
        - name: Re-tag image
          run: |
              REGISTRY_NAME="ghcr.io"
              REPOSITORY=${{ github.repository_owner }}/immich-machine-learning
              TAG_OLD=main${{ matrix.suffix }}
              TAG_NEW=${{ github.event.number == 0 && github.ref_name ||  format('pr-{0}', github.event.number)  }}${{ matrix.suffix }}
              docker buildx imagetools create -t $REGISTRY_NAME/$REPOSITORY:$TAG_NEW $REGISTRY_NAME/$REPOSITORY:$TAG_OLD
  retag_server:
    name: Re-Tag Server
    needs: pre-job
    if: ${{ needs.pre-job.outputs.should_run_server == 'false' && !github.event.pull_request.head.repo.fork }}
    runs-on: ubuntu-latest
    strategy:
      matrix:
        suffix: [""]
    steps:
      - name: Login to GitHub Container Registry
        uses: docker/login-action@v3
        with:
          registry: ghcr.io
          username: ${{ github.repository_owner }}
          password: ${{ secrets.GITHUB_TOKEN }}
      - name: Re-tag image
        run: |
          REGISTRY_NAME="ghcr.io"
          REPOSITORY=${{ github.repository_owner }}/immich-server
          TAG_OLD=main${{ matrix.suffix }}
          TAG_NEW=${{ github.event.number == 0 && github.ref_name ||  format('pr-{0}', github.event.number)  }}${{ matrix.suffix }}
          docker buildx imagetools create -t $REGISTRY_NAME/$REPOSITORY:$TAG_NEW $REGISTRY_NAME/$REPOSITORY:$TAG_OLD
  build_and_push_ml:
    name: Build and Push ML
    needs: pre-job
    if: ${{ needs.pre-job.outputs.should_run_ml == 'true' }}
    runs-on: ubuntu-latest
    env:
      image: immich-machine-learning
      context: machine-learning
      file: machine-learning/Dockerfile
    strategy:
      # Prevent a failure in one image from stopping the other builds
      fail-fast: false
      matrix:
        include:
-          - platforms: linux/amd64,linux/arm64
+          - image: immich-machine-learning
            context: machine-learning
            file: machine-learning/Dockerfile
            platforms: linux/amd64,linux/arm64
            device: cpu
-          - platforms: linux/amd64
+          - image: immich-machine-learning
            context: machine-learning
            file: machine-learning/Dockerfile
            platforms: linux/amd64
            device: cuda
            suffix: -cuda
-          - platforms: linux/amd64
+          - image: immich-machine-learning
            context: machine-learning
            file: machine-learning/Dockerfile
            platforms: linux/amd64
            device: openvino
            suffix: -openvino
-          - platforms: linux/arm64
+          - image: immich-machine-learning
            context: machine-learning
            file: machine-learning/Dockerfile
            platforms: linux/arm64
            device: armnn
            suffix: -armnn
-    steps:
+          - image: immich-server
      - name: Checkout
        uses: actions/checkout@v4
      - name: Set up QEMU
        uses: docker/setup-qemu-action@v3.2.0
      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3.8.0
      - name: Login to Docker Hub
        # Only push to Docker Hub when making a release
        if: ${{ github.event_name == 'release' }}
        uses: docker/login-action@v3
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}
      - name: Login to GitHub Container Registry
        uses: docker/login-action@v3
        # Skip when PR from a fork
        if: ${{ !github.event.pull_request.head.repo.fork }}
        with:
          registry: ghcr.io
          username: ${{ github.repository_owner }}
          password: ${{ secrets.GITHUB_TOKEN }}
      - name: Generate docker image tags
        id: metadata
        uses: docker/metadata-action@v5
        with:
          flavor: |
            # Disable latest tag
            latest=false
          images: |
            name=ghcr.io/${{ github.repository_owner }}/${{env.image}}
            name=altran1502/${{env.image}},enable=${{ github.event_name == 'release' }}
          tags: |
            # Tag with branch name
            type=ref,event=branch,suffix=${{ matrix.suffix }}
            # Tag with pr-number
            type=ref,event=pr,suffix=${{ matrix.suffix }}
            # Tag with git tag on release
            type=ref,event=tag,suffix=${{ matrix.suffix }}
            type=raw,value=release,enable=${{ github.event_name == 'release' }},suffix=${{ matrix.suffix }}
      - name: Determine build cache output
        id: cache-target
        run: |
          if [[ "${{ github.event_name }}" == "pull_request" ]]; then
            # Essentially just ignore the cache output (PR can't write to registry cache)
            echo "cache-to=type=local,dest=/tmp/discard,ignore-error=true" >> $GITHUB_OUTPUT
          else
            echo "cache-to=type=registry,mode=max,ref=ghcr.io/${{ github.repository_owner }}/immich-build-cache:${{ env.image }}" >> $GITHUB_OUTPUT
          fi
      - name: Build and push image
        uses: docker/build-push-action@v6.10.0
        with:
          context: ${{ env.context }}
          file: ${{ env.file }}
          platforms: ${{ matrix.platforms }}
          # Skip pushing when PR from a fork
          push: ${{ !github.event.pull_request.head.repo.fork }}
          cache-from: type=registry,ref=ghcr.io/${{ github.repository_owner }}/immich-build-cache:${{env.image}}
          cache-to: ${{ steps.cache-target.outputs.cache-to }}
          tags: ${{ steps.metadata.outputs.tags }}
          labels: ${{ steps.metadata.outputs.labels }}
          build-args: |
            DEVICE=${{ matrix.device }}
            BUILD_ID=${{ github.run_id }}
            BUILD_IMAGE=${{ github.event_name == 'release' && github.ref_name || steps.metadata.outputs.tags }}
            BUILD_SOURCE_REF=${{ github.ref_name }}
            BUILD_SOURCE_COMMIT=${{ github.sha }}
  build_and_push_server:
    name: Build and Push Server
    runs-on: ubuntu-latest
    needs: pre-job
    if: ${{ needs.pre-job.outputs.should_run_server == 'true' }}
    env:
      image: immich-server
            context: .
            file: server/Dockerfile
-    strategy:
+            platforms: linux/amd64,linux/arm64
      fail-fast: false
      matrix:
        include:
          - platforms: linux/amd64,linux/arm64
            device: cpu
    steps:
      - name: Checkout
        uses: actions/checkout@v4
@@ -216,7 +66,7 @@ jobs:
        uses: docker/setup-qemu-action@v3.2.0
      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3.8.0
+        uses: docker/setup-buildx-action@v3.5.0
      - name: Login to Docker Hub
        # Only push to Docker Hub when making a release
@@ -243,8 +93,8 @@ jobs:
            # Disable latest tag
            latest=false
          images: |
-            name=ghcr.io/${{ github.repository_owner }}/${{env.image}}
+            name=ghcr.io/${{ github.repository_owner }}/${{matrix.image}}
-            name=altran1502/${{env.image}},enable=${{ github.event_name == 'release' }}
+            name=altran1502/${{matrix.image}},enable=${{ github.event_name == 'release' }}
          tags: |
            # Tag with branch name
            type=ref,event=branch,suffix=${{ matrix.suffix }}
@@ -261,18 +111,18 @@ jobs:
            # Essentially just ignore the cache output (PR can't write to registry cache)
            echo "cache-to=type=local,dest=/tmp/discard,ignore-error=true" >> $GITHUB_OUTPUT
          else
-            echo "cache-to=type=registry,mode=max,ref=ghcr.io/${{ github.repository_owner }}/immich-build-cache:${{ env.image }}" >> $GITHUB_OUTPUT
+            echo "cache-to=type=registry,mode=max,ref=ghcr.io/${{ github.repository_owner }}/immich-build-cache:${{ matrix.image }}" >> $GITHUB_OUTPUT
          fi
      - name: Build and push image
-        uses: docker/build-push-action@v6.10.0
+        uses: docker/build-push-action@v6.5.0
        with:
-          context: ${{ env.context }}
+          context: ${{ matrix.context }}
-          file: ${{ env.file }}
+          file: ${{ matrix.file }}
          platforms: ${{ matrix.platforms }}
          # Skip pushing when PR from a fork
          push: ${{ !github.event.pull_request.head.repo.fork }}
-          cache-from: type=registry,ref=ghcr.io/${{ github.repository_owner }}/immich-build-cache:${{env.image}}
+          cache-from: type=registry,ref=ghcr.io/${{ github.repository_owner }}/immich-build-cache:${{matrix.image}}
          cache-to: ${{ steps.cache-target.outputs.cache-to }}
          tags: ${{ steps.metadata.outputs.tags }}
          labels: ${{ steps.metadata.outputs.labels }}
@@ -282,29 +132,3 @@ jobs:
            BUILD_IMAGE=${{ github.event_name == 'release' && github.ref_name || steps.metadata.outputs.tags }}
            BUILD_SOURCE_REF=${{ github.ref_name }}
            BUILD_SOURCE_COMMIT=${{ github.sha }}
  success-check-server:
    name: Docker Build & Push Server Success
    needs: [build_and_push_server, retag_server]
    runs-on: ubuntu-latest
    if: always()
    steps:
      - name: Any jobs failed?
        if: ${{ contains(needs.*.result, 'failure') }}
        run: exit 1
      - name: All jobs passed or skipped
        if: ${{ !(contains(needs.*.result, 'failure')) }}
        run: echo "All jobs passed or skipped" && echo "${{ toJSON(needs.*.result) }}"
  success-check-ml:
    name: Docker Build & Push ML Success
    needs: [build_and_push_ml, retag_ml]
    runs-on: ubuntu-latest
    if: always()
    steps:
      - name: Any jobs failed?
        if: ${{ contains(needs.*.result, 'failure') }}
        run: exit 1
      - name: All jobs passed or skipped
        if: ${{ !(contains(needs.*.result, 'failure')) }}
        run: echo "All jobs passed or skipped" && echo "${{ toJSON(needs.*.result) }}"
--- a/.github/workflows/docs-build.yml
+++ b/.github/workflows/docs-build.yml
@@ -2,8 +2,12 @@ name: Docs build
 on:
  push:
    branches: [main]
    paths:
      - "docs/**"
  pull_request:
    branches: [main]
    paths:
      - "docs/**"
  release:
    types: [published]
@@ -12,27 +16,7 @@ concurrency:
  cancel-in-progress: true
 jobs:
  pre-job:
    runs-on: ubuntu-latest
    outputs:
      should_run: ${{ steps.found_paths.outputs.docs == 'true' || steps.should_force.outputs.should_force == 'true' }}
    steps:
      - name: Checkout code
        uses: actions/checkout@v4
      - id: found_paths
        uses: dorny/paths-filter@v3
        with:
          filters: |
            docs:
              - 'docs/**'
      - name: Check if we should force jobs to run
        id: should_force
        run: echo "should_force=${{ github.event_name == 'release' || github.ref_name == 'main' }}" >> "$GITHUB_OUTPUT"
  build:
    name: Docs Build
    needs: pre-job
    if: ${{ needs.pre-job.outputs.should_run == 'true' }}
    runs-on: ubuntu-latest
    defaults:
      run:
--- a/.github/workflows/docs-deploy.yml
+++ b/.github/workflows/docs-deploy.yml
@@ -7,32 +7,13 @@ on:
 jobs:
  checks:
    name: Docs Deploy Checks
    runs-on: ubuntu-latest
    outputs:
      parameters: ${{ steps.parameters.outputs.result }}
      artifact: ${{ steps.get-artifact.outputs.result }}
    steps:
-      - if: ${{ github.event.workflow_run.conclusion != 'success' }}
+      - if: ${{ github.event.workflow_run.conclusion == 'failure' }}
-        run: echo 'The triggering workflow did not succeed' && exit 1
+        run: echo 'The triggering workflow failed' && exit 1
-      - name: Get artifact
+
        id: get-artifact
        uses: actions/github-script@v7
        with:
          script: |
            let allArtifacts = await github.rest.actions.listWorkflowRunArtifacts({
               owner: context.repo.owner,
               repo: context.repo.repo,
               run_id: context.payload.workflow_run.id,
            });
            let matchArtifact = allArtifacts.data.artifacts.filter((artifact) => {
              return artifact.name == "docs-build-output"
            })[0];
            if (!matchArtifact) {
              console.log("No artifact found with the name docs-build-output, build job was skipped")
              return { found: false };
            }
            return { found: true, id: matchArtifact.id };
      - name: Determine deploy parameters
        id: parameters
        uses: actions/github-script@v7
@@ -92,10 +73,9 @@ jobs:
            return parameters;
  deploy:
    name: Docs Deploy
    runs-on: ubuntu-latest
    needs: checks
-    if: ${{ fromJson(needs.checks.outputs.artifact).found && fromJson(needs.checks.outputs.parameters).shouldDeploy }}
+    if: ${{ fromJson(needs.checks.outputs.parameters).shouldDeploy }}
    steps:
      - name: Checkout code
        uses: actions/checkout@v4
@@ -118,11 +98,18 @@ jobs:
        uses: actions/github-script@v7
        with:
          script: |
-            let artifact = ${{ needs.checks.outputs.artifact }};
+            let allArtifacts = await github.rest.actions.listWorkflowRunArtifacts({
               owner: context.repo.owner,
               repo: context.repo.repo,
               run_id: context.payload.workflow_run.id,
            });
            let matchArtifact = allArtifacts.data.artifacts.filter((artifact) => {
              return artifact.name == "docs-build-output"
            })[0];
            let download = await github.rest.actions.downloadArtifact({
               owner: context.repo.owner,
               repo: context.repo.repo,
-               artifact_id: artifact.id,
+               artifact_id: matchArtifact.id,
               archive_format: 'zip',
            });
            let fs = require('fs');
--- a/.github/workflows/docs-destroy.yml
+++ b/.github/workflows/docs-destroy.yml
@@ -5,7 +5,6 @@ on:
 jobs:
  deploy:
    name: Docs Destroy
    runs-on: ubuntu-latest
    steps:
      - name: Checkout code
@@ -23,7 +22,7 @@ jobs:
          tg_version: "0.58.12"
          tofu_version: "1.7.1"
          tg_dir: "deployment/modules/cloudflare/docs"
-          tg_command: "destroy -refresh=false"
+          tg_command: "destroy"
      - name: Comment
        uses: actions-cool/maintain-one-comment@v3
--- a/.github/workflows/fix-format.yml
+++ b/.github/workflows/fix-format.yml
@@ -1,52 +0,0 @@
 name: Fix formatting
 on:
  pull_request:
    types: [labeled]
 jobs:
  fix-formatting:
    runs-on: ubuntu-latest
    if: ${{ github.event.label.name == 'fix:formatting' }}
    permissions:
      pull-requests: write
    steps:
      - name: Generate a token
        id: generate-token
        uses: actions/create-github-app-token@v1
        with:
          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
      - name: 'Checkout'
        uses: actions/checkout@v4
        with:
          ref: ${{ github.event.pull_request.head.ref }}
          token: ${{ steps.generate-token.outputs.token }}
      - name: Setup Node
        uses: actions/setup-node@v4
        with:
          node-version-file: './server/.nvmrc'
      - name: Fix formatting
        run: make install-all && make format-all
      - name: Commit and push
        uses: EndBug/add-and-commit@v9
        with:
          default_author: github_actions
          message: 'chore: fix formatting'
      - name: Remove label
        uses: actions/github-script@v7
        if: always()
        with:
          script: |
            github.rest.issues.removeLabel({
              issue_number: context.payload.pull_request.number,
              owner: context.repo.owner,
              repo: context.repo.repo,
              name: 'fix:formatting'
            })
--- a/.github/workflows/pr-label-validation.yml
+++ b/.github/workflows/pr-label-validation.yml
@@ -1,22 +0,0 @@
 name: PR Label Validation
 on:
  pull_request_target:
    types: [opened, labeled, unlabeled, synchronize]
 jobs:
  validate-release-label:
    runs-on: ubuntu-latest
    permissions:
      issues: write
      pull-requests: write
    steps:
      - name: Require PR to have a changelog label
        uses: mheap/github-action-required-labels@v5
        with:
          mode: exactly
          count: 1
          use_regex: true
          labels: "changelog:.*"
          add_comment: true
          message: "Label error. Requires {{errorString}} {{count}} of: {{ provided }}. Found: {{ applied }}. A maintainer will add the required label."
--- a/.github/workflows/pr-require-conventional-commit.yml
+++ b/.github/workflows/pr-require-conventional-commit.yml
@@ -9,7 +9,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: PR Conventional Commit Validation
-        uses:  ytanikin/PRConventionalCommits@1.3.0
+        uses:  ytanikin/PRConventionalCommits@1.2.0
        with:
          task_types: '["feat","fix","docs","test","ci","refactor","perf","chore","revert"]'
          add_label: 'false'
--- a/.github/workflows/prepare-release.yml
+++ b/.github/workflows/prepare-release.yml
@@ -29,17 +29,10 @@ jobs:
      ref: ${{ steps.push-tag.outputs.commit_long_sha }}
    steps:
      - name: Generate a token
        id: generate-token
        uses: actions/create-github-app-token@v1
        with:
          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
      - name: Checkout
        uses: actions/checkout@v4
        with:
-          token: ${{ steps.generate-token.outputs.token }}
+          token: ${{ secrets.ORG_RELEASE_TOKEN }}
      - name: Install Poetry
        run: pipx install poetry
@@ -51,8 +44,10 @@ jobs:
        id: push-tag
        uses: EndBug/add-and-commit@v9
        with:
-          default_author: github_actions
+          author_name: Alex The Bot
-          message: 'chore: version ${{ env.IMMICH_VERSION }}'
+          author_email: alex.tran1502@gmail.com
          default_author: user_info
          message: 'Version ${{ env.IMMICH_VERSION }}'
          tag: ${{ env.IMMICH_VERSION }}
          push: true
--- a/.github/workflows/static_analysis.yml
+++ b/.github/workflows/static_analysis.yml
@@ -10,27 +10,8 @@ concurrency:
  cancel-in-progress: true
 jobs:
  pre-job:
    runs-on: ubuntu-latest
    outputs:
      should_run: ${{ steps.found_paths.outputs.mobile == 'true' || steps.should_force.outputs.should_force == 'true' }}
    steps:
      - name: Checkout code
        uses: actions/checkout@v4
      - id: found_paths
        uses: dorny/paths-filter@v3
        with:
          filters: |
            mobile:
              - 'mobile/**'
      - name: Check if we should force jobs to run
        id: should_force
        run: echo "should_force=${{ github.event_name == 'release' }}" >> "$GITHUB_OUTPUT"
  mobile-dart-analyze:
    name: Run Dart Code Analysis
    needs: pre-job
    if: ${{ needs.pre-job.outputs.should_run == 'true' }}
    runs-on: ubuntu-latest
@@ -56,10 +37,6 @@ jobs:
        run: dart format lib/ --set-exit-if-changed
        working-directory: ./mobile
      - name: Run dart custom_lint
        run: dart run custom_lint
        working-directory: ./mobile
      # Enable after riverpod generator migration is completed
      # - name: Run dart custom lint
      #   run: dart run custom_lint
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -10,48 +10,8 @@ concurrency:
  cancel-in-progress: true
 jobs:
  pre-job:
    runs-on: ubuntu-latest
    outputs:
      should_run_web: ${{ steps.found_paths.outputs.web == 'true' || steps.should_force.outputs.should_force == 'true' }}
      should_run_server: ${{ steps.found_paths.outputs.server == 'true' || steps.should_force.outputs.should_force == 'true' }}
      should_run_cli: ${{ steps.found_paths.outputs.cli == 'true' || steps.should_force.outputs.should_force == 'true' }}
      should_run_e2e: ${{ steps.found_paths.outputs.e2e == 'true' || steps.should_force.outputs.should_force == 'true' }}
      should_run_mobile: ${{ steps.found_paths.outputs.mobile == 'true' || steps.should_force.outputs.should_force == 'true' }}
      should_run_ml: ${{ steps.found_paths.outputs.machine-learning == 'true' || steps.should_force.outputs.should_force == 'true' }}
      should_run_e2e_web: ${{ steps.found_paths.outputs.e2e == 'true' || steps.found_paths.outputs.web == 'true' || steps.should_force.outputs.should_force == 'true' }}
      should_run_e2e_server_cli: ${{ steps.found_paths.outputs.e2e == 'true' || steps.found_paths.outputs.server == 'true' || steps.found_paths.outputs.cli == 'true' || steps.should_force.outputs.should_force == 'true' }}
    steps:
      - name: Checkout code
        uses: actions/checkout@v4
      - id: found_paths
        uses: dorny/paths-filter@v3
        with:
          filters: |
            web:
              - 'web/**'
              - 'i18n/**'
              - 'open-api/typescript-sdk/**'
            server:
              - 'server/**'
            cli:
              - 'cli/**'
              - 'open-api/typescript-sdk/**'
            e2e:
              - 'e2e/**'
            mobile:
              - 'mobile/**'
            machine-learning:
              - 'machine-learning/**'
      - name: Check if we should force jobs to run
        id: should_force
        run: echo "should_force=${{ github.event_name == 'workflow_dispatch' }}" >> "$GITHUB_OUTPUT"
  server-unit-tests:
-    name: Test & Lint Server
+    name: Server
    needs: pre-job
    if: ${{ needs.pre-job.outputs.should_run_server == 'true' }}
    runs-on: ubuntu-latest
    defaults:
      run:
@@ -81,14 +41,12 @@ jobs:
        run: npm run check
        if: ${{ !cancelled() }}
-      - name: Run small tests & coverage
+      - name: Run unit tests & coverage
        run: npm run test:cov
        if: ${{ !cancelled() }}
  cli-unit-tests:
-    name: Unit Test CLI
+    name: CLI
    needs: pre-job
    if: ${{ needs.pre-job.outputs.should_run_cli == 'true' }}
    runs-on: ubuntu-latest
    defaults:
      run:
@@ -127,9 +85,7 @@ jobs:
        if: ${{ !cancelled() }}
  cli-unit-tests-win:
-    name: Unit Test CLI (Windows)
+    name: CLI (Windows)
    needs: pre-job
    if: ${{ needs.pre-job.outputs.should_run_cli == 'true' }}
    runs-on: windows-latest
    defaults:
      run:
@@ -161,9 +117,7 @@ jobs:
        if: ${{ !cancelled() }}
  web-unit-tests:
-    name: Test & Lint Web
+    name: Web
    needs: pre-job
    if: ${{ needs.pre-job.outputs.should_run_web == 'true' }}
    runs-on: ubuntu-latest
    defaults:
      run:
@@ -205,74 +159,13 @@ jobs:
        run: npm run test:cov
        if: ${{ !cancelled() }}
-  e2e-tests-lint:
+  e2e-tests:
-    name: End-to-End Lint
+    name: End-to-End Tests
    needs: pre-job
    if: ${{ needs.pre-job.outputs.should_run_e2e == 'true' }}
    runs-on: ubuntu-latest
    defaults:
      run:
        working-directory: ./e2e
    steps:
      - name: Checkout code
        uses: actions/checkout@v4
      - name: Setup Node
        uses: actions/setup-node@v4
        with:
          node-version-file: './e2e/.nvmrc'
      - name: Run setup typescript-sdk
        run: npm ci && npm run build
        working-directory: ./open-api/typescript-sdk
        if: ${{ !cancelled() }}
      - name: Install dependencies
        run: npm ci
        if: ${{ !cancelled() }}
      - name: Run linter
        run: npm run lint
        if: ${{ !cancelled() }}
      - name: Run formatter
        run: npm run format
        if: ${{ !cancelled() }}
      - name: Run tsc
        run: npm run check
        if: ${{ !cancelled() }}
  medium-tests-server:
    name: Medium Tests (Server)
    needs: pre-job
    if: ${{ needs.pre-job.outputs.should_run_server == 'true' }}
    runs-on: mich
    steps:
      - name: Checkout code
        uses: actions/checkout@v4
        with:
          submodules: 'recursive'
      - name: Production build
        if: ${{ !cancelled() }}
        run: docker compose -f e2e/docker-compose.yml build
      - name: Run medium tests
        if: ${{ !cancelled() }}
        run: make test-medium
  e2e-tests-server-cli:
    name: End-to-End Tests (Server & CLI)
    needs: pre-job
    if: ${{ needs.pre-job.outputs.should_run_e2e_server_cli == 'true' }}
    runs-on: mich
    defaults:
      run:
        working-directory: ./e2e
    steps:
      - name: Checkout code
        uses: actions/checkout@v4
@@ -298,41 +191,16 @@ jobs:
        run: npm ci
        if: ${{ !cancelled() }}
-      - name: Docker build
+      - name: Run linter
-        run: docker compose build
+        run: npm run lint
        if: ${{ !cancelled() }}
-      - name: Run e2e tests (api & cli)
+      - name: Run formatter
-        run: npm run test
+        run: npm run format
        if: ${{ !cancelled() }}
-  e2e-tests-web:
+      - name: Run tsc
-    name: End-to-End Tests (Web)
+        run: npm run check
    needs: pre-job
    if: ${{ needs.pre-job.outputs.should_run_e2e_web == 'true' }}
    runs-on: mich
    defaults:
      run:
        working-directory: ./e2e
    steps:
      - name: Checkout code
        uses: actions/checkout@v4
        with:
          submodules: 'recursive'
      - name: Setup Node
        uses: actions/setup-node@v4
        with:
          node-version-file: './e2e/.nvmrc'
      - name: Run setup typescript-sdk
        run: npm ci && npm run build
        working-directory: ./open-api/typescript-sdk
        if: ${{ !cancelled() }}
      - name: Install dependencies
        run: npm ci
        if: ${{ !cancelled() }}
      - name: Install Playwright Browsers
@@ -343,14 +211,16 @@ jobs:
        run: docker compose build
        if: ${{ !cancelled() }}
      - name: Run e2e tests (api & cli)
        run: npm run test
        if: ${{ !cancelled() }}
      - name: Run e2e tests (web)
        run: npx playwright test
        if: ${{ !cancelled() }}
  mobile-unit-tests:
-    name: Unit Test Mobile
+    name: Mobile
    needs: pre-job
    if: ${{ needs.pre-job.outputs.should_run_mobile == 'true' }}
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
@@ -364,9 +234,7 @@ jobs:
        run: flutter test -j 1
  ml-unit-tests:
-    name: Unit Test ML
+    name: Machine Learning
    needs: pre-job
    if: ${{ needs.pre-job.outputs.should_run_ml == 'true' }}
    runs-on: ubuntu-latest
    defaults:
      run:
--- a/.gitignore
+++ b/.gitignore
@@ -21,5 +21,3 @@ mobile/openapi/.openapi-generator/FILES
 open-api/typescript-sdk/build
 mobile/android/fastlane/report.xml
 mobile/ios/fastlane/report.xml
 vite.config.js.timestamp-*
--- a/.gitmodules
+++ b/.gitmodules
@@ -1,6 +1,6 @@
 [submodule "mobile/.isar"]
 	path = mobile/.isar
 	url = https://github.com/isar/isar
-[submodule "e2e/test-assets"]
+[submodule "server/test/assets"]
 	path = e2e/test-assets
 	url = https://github.com/immich-app/test-assets
--- a/.vscode/launch.json
+++ b/.vscode/launch.json
@@ -5,8 +5,8 @@
      "type": "node",
      "request": "attach",
      "restart": true,
-      "port": 9231,
+      "port": 9230,
-      "name": "Immich API Server",
+      "name": "Immich Server",
      "remoteRoot": "/usr/src/app",
      "localRoot": "${workspaceFolder}/server"
    },
@@ -14,8 +14,8 @@
      "type": "node",
      "request": "attach",
      "restart": true,
-      "port": 9230,
+      "port": 9231,
-      "name": "Immich Workers",
+      "name": "Immich Microservices",
      "remoteRoot": "/usr/src/app",
      "localRoot": "${workspaceFolder}/server"
    }
--- a/30
+++ b/30
@@ -39,7 +39,7 @@ attach-server:
 renovate:
  LOG_LEVEL=debug npx renovate --platform=local --repository-cache=reset
-MODULES = e2e server web cli sdk docs
+MODULES = e2e server web cli sdk
 audit-%:
 	npm --prefix $(subst sdk,open-api/typescript-sdk,$*) audit fix
@@ -48,9 +48,11 @@ install-%:
 build-cli: build-sdk
 build-web: build-sdk
 build-%: install-%
-	npm --prefix $(subst sdk,open-api/typescript-sdk,$*) run build
+	npm --prefix $(subst sdk,open-api/typescript-sdk,$*) run | grep 'build' >/dev/null \
 		&& npm --prefix $(subst sdk,open-api/typescript-sdk,$*) run build || true
 format-%:
-	npm --prefix $* run format:fix
+	npm --prefix $(subst sdk,open-api/typescript-sdk,$*) run | grep 'format:fix' >/dev/null \
 		&& npm --prefix $(subst sdk,open-api/typescript-sdk,$*) run format:fix || true
 lint-%:
 	npm --prefix $* run lint:fix
 check-%:
@@ -64,27 +66,15 @@ test-e2e:
 	docker compose -f ./e2e/docker-compose.yml build
 	npm --prefix e2e run test
 	npm --prefix e2e run test:web
 test-medium:
 	docker run \
    --rm \
    -v ./server/src:/usr/src/app/src \
    -v ./server/test:/usr/src/app/test \
    -v ./server/vitest.config.medium.mjs:/usr/src/app/vitest.config.medium.mjs \
    -v ./server/tsconfig.json:/usr/src/app/tsconfig.json \
    -e NODE_ENV=development \
    immich-server:latest \
    -c "npm ci && npm run test:medium -- --run"
 test-medium-dev:
 	docker exec -it immich_server /bin/sh -c "npm run test:medium"
-build-all: $(foreach M,$(filter-out e2e,$(MODULES)),build-$M) ;
+build-all: $(foreach M,$(MODULES),build-$M) ;
 install-all: $(foreach M,$(MODULES),install-$M) ;
-check-all: $(foreach M,$(filter-out sdk cli docs,$(MODULES)),check-$M) ;
+check-all: $(foreach M,$(MODULES),check-$M) ;
-lint-all: $(foreach M,$(filter-out sdk docs,$(MODULES)),lint-$M) ;
+lint-all: $(foreach M,$(MODULES),lint-$M) ;
-format-all: $(foreach M,$(filter-out sdk,$(MODULES)),format-$M) ;
+format-all: $(foreach M,$(MODULES),format-$M) ;
 audit-all:  $(foreach M,$(MODULES),audit-$M) ;
 hygiene-all: lint-all format-all check-all sql audit-all;
-test-all: $(foreach M,$(filter-out sdk docs,$(MODULES)),test-$M) ;
+test-all: $(foreach M,$(MODULES),test-$M) ;
 clean:
 	find . -name "node_modules" -type d -prune -exec rm -rf '{}' +
--- a/README.md
+++ b/README.md
@@ -17,25 +17,23 @@
 <img src="design/immich-screenshots.png" title="Main Screenshot">
 </a>
 <br/>
 <p align="center">
-  <a href="readme_i18n/README_ca_ES.md">Català</a>
+
-  <a href="readme_i18n/README_es_ES.md">Español</a>
+<a href="readme_i18n/README_ca_ES.md">Català</a>
-  <a href="readme_i18n/README_fr_FR.md">Français</a>
+<a href="readme_i18n/README_es_ES.md">Español</a>
-  <a href="readme_i18n/README_it_IT.md">Italiano</a>
+<a href="readme_i18n/README_fr_FR.md">Français</a>
-  <a href="readme_i18n/README_ja_JP.md">日本語</a>
+<a href="readme_i18n/README_it_IT.md">Italiano</a>
-  <a href="readme_i18n/README_ko_KR.md">한국어</a>
+<a href="readme_i18n/README_ja_JP.md">日本語</a>
-  <a href="readme_i18n/README_de_DE.md">Deutsch</a>
+<a href="readme_i18n/README_ko_KR.md">한국어</a>
-  <a href="readme_i18n/README_nl_NL.md">Nederlands</a>
+<a href="readme_i18n/README_de_DE.md">Deutsch</a>
-  <a href="readme_i18n/README_tr_TR.md">Türkçe</a>
+<a href="readme_i18n/README_nl_NL.md">Nederlands</a>
-  <a href="readme_i18n/README_zh_CN.md">中文</a>
+<a href="readme_i18n/README_tr_TR.md">Türkçe</a>
-  <a href="readme_i18n/README_uk_UA.md">Українська</a>
+<a href="readme_i18n/README_zh_CN.md">中文</a>
-  <a href="readme_i18n/README_ru_RU.md">Русский</a>
+<a href="readme_i18n/README_ru_RU.md">Русский</a>
-  <a href="readme_i18n/README_pt_BR.md">Português Brasileiro</a>
+<a href="readme_i18n/README_pt_BR.md">Português Brasileiro</a>
-  <a href="readme_i18n/README_sv_SE.md">Svenska</a>
+<a href="readme_i18n/README_sv_SE.md">Svenska</a>
-  <a href="readme_i18n/README_ar_JO.md">العربية</a>
+<a href="readme_i18n/README_ar_JO.md">العربية</a>
-  <a href="readme_i18n/README_vi_VN.md">Tiếng Việt</a>
+
  <a href="readme_i18n/README_th_TH.md">ภาษาไทย</a>
 </p>
 ## Disclaimer
@@ -94,7 +92,7 @@ For the mobile app, you can use `https://demo.immich.app/api` for the `Server En
 | LivePhoto/MotionPhoto backup and playback    | Yes    | Yes |
 | Support 360 degree image display             | No     | Yes |
 | User-defined storage structure               | Yes    | Yes |
-| Public Sharing                               | Yes    | Yes |
+| Public Sharing                               | No     | Yes |
 | Archive and Favorites                        | Yes    | Yes |
 | Global Map                                   | Yes    | Yes |
 | Partner Sharing                              | Yes    | Yes |
@@ -103,8 +101,6 @@ For the mobile app, you can use `https://demo.immich.app/api` for the `Server En
 | Offline support                              | Yes    | No  |
 | Read-only gallery                            | Yes    | Yes |
 | Stacked Photos                               | Yes    | Yes |
 | Tags                                         | No     | Yes |
 | Folder View                                  | No     | Yes |
 ## Translations
--- a/cli/.eslintignore
+++ b/cli/.eslintignore
@@ -0,0 +1 @@
 /dist
--- a/cli/.eslintrc.cjs
+++ b/cli/.eslintrc.cjs
@@ -0,0 +1,28 @@
 module.exports = {
  parser: '@typescript-eslint/parser',
  parserOptions: {
    project: 'tsconfig.json',
    sourceType: 'module',
    tsconfigRootDir: __dirname,
  },
  plugins: ['@typescript-eslint/eslint-plugin'],
  extends: ['plugin:@typescript-eslint/recommended', 'plugin:prettier/recommended', 'plugin:unicorn/recommended'],
  root: true,
  env: {
    node: true,
  },
  ignorePatterns: ['.eslintrc.js'],
  rules: {
    '@typescript-eslint/interface-name-prefix': 'off',
    '@typescript-eslint/explicit-function-return-type': 'off',
    '@typescript-eslint/explicit-module-boundary-types': 'off',
    '@typescript-eslint/no-explicit-any': 'off',
    '@typescript-eslint/no-floating-promises': 'error',
    'unicorn/prefer-module': 'off',
    'unicorn/prevent-abbreviations': 'off',
    'unicorn/no-process-exit': 'off',
    'unicorn/import-style': 'off',
    curly: 2,
    'prettier/prettier': 0,
  },
 };
--- a/cli/.nvmrc
+++ b/cli/.nvmrc
@@ -1 +1 @@
-22.12.0
+20.16.0
--- a/cli/Dockerfile
+++ b/cli/Dockerfile
@@ -1,4 +1,4 @@
-FROM node:22.12.0-alpine3.20@sha256:96cc8323e25c8cc6ddcb8b965e135cfd57846e8003ec0d7bcec16c5fd5f6d39f AS core
+FROM node:20.16.0-alpine3.20@sha256:aada767bf3e4b4a1437642b81db7d8bb99a6dba27627088e4608772f1f02ebc0 as core
 WORKDIR /usr/src/open-api/typescript-sdk
 COPY open-api/typescript-sdk/package*.json open-api/typescript-sdk/tsconfig*.json ./
--- a/cli/README.md
+++ b/cli/README.md
@@ -4,18 +4,8 @@ Please see the [Immich CLI documentation](https://immich.app/docs/features/comma
 # For developers
 Before building the CLI, you must build the immich server and the open-api client. To build the server run the following in the server folder:
    $ npm install
    $ npm run build
 Then, to build the open-api client run the following in the open-api folder:
    $ ./bin/generate-open-api.sh
 To run the Immich CLI from source, run the following in the cli folder:
    $ npm install
    $ npm run build
    $ ts-node .
@@ -27,4 +17,3 @@ You can also build and install the CLI using
    $ npm run build
    $ npm install -g .
 ****
--- a/cli/eslint.config.mjs
+++ b/cli/eslint.config.mjs
@@ -1,61 +0,0 @@
 import { FlatCompat } from '@eslint/eslintrc';
 import js from '@eslint/js';
 import typescriptEslint from '@typescript-eslint/eslint-plugin';
 import tsParser from '@typescript-eslint/parser';
 import globals from 'globals';
 import path from 'node:path';
 import { fileURLToPath } from 'node:url';
 const __filename = fileURLToPath(import.meta.url);
 const __dirname = path.dirname(__filename);
 const compat = new FlatCompat({
  baseDirectory: __dirname,
  recommendedConfig: js.configs.recommended,
  allConfig: js.configs.all,
 });
 export default [
  {
    ignores: ['eslint.config.mjs', 'dist'],
  },
  ...compat.extends(
    'plugin:@typescript-eslint/recommended',
    'plugin:prettier/recommended',
    'plugin:unicorn/recommended',
  ),
  {
    plugins: {
      '@typescript-eslint': typescriptEslint,
    },
    languageOptions: {
      globals: {
        ...globals.node,
      },
      parser: tsParser,
      ecmaVersion: 5,
      sourceType: 'module',
      parserOptions: {
        project: 'tsconfig.json',
        tsconfigRootDir: __dirname,
      },
    },
    rules: {
      '@typescript-eslint/interface-name-prefix': 'off',
      '@typescript-eslint/explicit-function-return-type': 'off',
      '@typescript-eslint/explicit-module-boundary-types': 'off',
      '@typescript-eslint/no-explicit-any': 'off',
      '@typescript-eslint/no-floating-promises': 'error',
      'unicorn/prefer-module': 'off',
      'unicorn/prevent-abbreviations': 'off',
      'unicorn/no-process-exit': 'off',
      'unicorn/import-style': 'off',
      curly: 2,
      'prettier/prettier': 0,
      'object-shorthand': ['error', 'always'],
    },
  },
 ];
--- a/cli/package-lock.json
+++ b/cli/package-lock.json
--- a/cli/package.json
+++ b/cli/package.json
@@ -1,6 +1,6 @@
 {
  "name": "@immich/cli",
-  "version": "2.2.39",
+  "version": "2.2.12",
  "description": "Command Line Interface (CLI) for Immich",
  "type": "module",
  "exports": "./dist/index.js",
@@ -13,33 +13,30 @@
    "cli"
  ],
  "devDependencies": {
    "@eslint/eslintrc": "^3.1.0",
    "@eslint/js": "^9.8.0",
    "@immich/sdk": "file:../open-api/typescript-sdk",
    "@types/byte-size": "^8.1.0",
    "@types/cli-progress": "^3.11.0",
    "@types/lodash-es": "^4.17.12",
    "@types/mock-fs": "^4.13.1",
-    "@types/node": "^22.10.2",
+    "@types/node": "^20.14.12",
-    "@typescript-eslint/eslint-plugin": "^8.15.0",
+    "@typescript-eslint/eslint-plugin": "^7.0.0",
-    "@typescript-eslint/parser": "^8.15.0",
+    "@typescript-eslint/parser": "^7.0.0",
-    "@vitest/coverage-v8": "^2.0.5",
+    "@vitest/coverage-v8": "^1.2.2",
    "byte-size": "^9.0.0",
    "cli-progress": "^3.12.0",
    "commander": "^12.0.0",
-    "eslint": "^9.14.0",
+    "eslint": "^8.56.0",
    "eslint-config-prettier": "^9.1.0",
    "eslint-plugin-prettier": "^5.1.3",
-    "eslint-plugin-unicorn": "^56.0.1",
+    "eslint-plugin-unicorn": "^54.0.0",
    "globals": "^15.9.0",
    "mock-fs": "^5.2.0",
    "prettier": "^3.2.5",
    "prettier-plugin-organize-imports": "^4.0.0",
    "typescript": "^5.3.3",
    "vite": "^5.0.12",
-    "vite-tsconfig-paths": "^5.0.0",
+    "vite-tsconfig-paths": "^4.3.2",
-    "vitest": "^2.0.5",
+    "vitest": "^1.2.2",
-    "vitest-fetch-mock": "^0.4.0",
+    "vitest-fetch-mock": "^0.2.2",
    "yaml": "^2.3.1"
  },
  "scripts": {
@@ -67,6 +64,6 @@
    "lodash-es": "^4.17.21"
  },
  "volta": {
-    "node": "22.12.0"
+    "node": "20.16.0"
  }
 }
--- a/cli/src/commands/asset.ts
+++ b/cli/src/commands/asset.ts
@@ -1,6 +1,5 @@
 import {
  Action,
  AssetBulkUploadCheckItem,
  AssetBulkUploadCheckResult,
  AssetMediaResponseDto,
  AssetMediaStatus,
@@ -12,7 +11,7 @@ import {
  getSupportedMediaTypes,
 } from '@immich/sdk';
 import byteSize from 'byte-size';
-import { MultiBar, Presets, SingleBar } from 'cli-progress';
+import { Presets, SingleBar } from 'cli-progress';
 import { chunk } from 'lodash-es';
 import { Stats, createReadStream } from 'node:fs';
 import { stat, unlink } from 'node:fs/promises';
@@ -91,23 +90,23 @@ export const checkForDuplicates = async (files: string[], { concurrency, skipHas
    return { newFiles: files, duplicates: [] };
  }
-  const multiBar = new MultiBar(
+  const progressBar = new SingleBar(
-    { format: '{message} | {bar} | {percentage}% | ETA: {eta}s | {value}/{total} assets' },
+    { format: 'Checking files | {bar} | {percentage}% | ETA: {eta}s | {value}/{total} assets' },
    Presets.shades_classic,
  );
-  const hashProgressBar = multiBar.create(files.length, 0, { message: 'Hashing files          ' });
+  progressBar.start(files.length, 0);
  const checkProgressBar = multiBar.create(files.length, 0, { message: 'Checking for duplicates' });
  const newFiles: string[] = [];
  const duplicates: Asset[] = [];
-  const checkBulkUploadQueue = new Queue<AssetBulkUploadCheckItem[], void>(
+  const queue = new Queue<string[], AssetBulkUploadCheckResults>(
-    async (assets: AssetBulkUploadCheckItem[]) => {
+    async (filepaths: string[]) => {
-      const response = await checkBulkUpload({ assetBulkUploadCheckDto: { assets } });
+      const dto = await Promise.all(
-
+        filepaths.map(async (filepath) => ({ id: filepath, checksum: await sha1(filepath) })),
      );
      const response = await checkBulkUpload({ assetBulkUploadCheckDto: { assets: dto } });
      const results = response.results as AssetBulkUploadCheckResults;
      for (const { id: filepath, assetId, action } of results) {
        if (action === Action.Accept) {
          newFiles.push(filepath);
@@ -116,46 +115,19 @@ export const checkForDuplicates = async (files: string[], { concurrency, skipHas
          duplicates.push({ id: assetId as string, filepath });
        }
      }
-
+      progressBar.increment(filepaths.length);
      checkProgressBar.increment(assets.length);
    },
    { concurrency, retry: 3 },
  );
  const results: { id: string; checksum: string }[] = [];
  let checkBulkUploadRequests: AssetBulkUploadCheckItem[] = [];
  const queue = new Queue<string, AssetBulkUploadCheckItem[]>(
    async (filepath: string): Promise<AssetBulkUploadCheckItem[]> => {
      const dto = { id: filepath, checksum: await sha1(filepath) };
      results.push(dto);
      checkBulkUploadRequests.push(dto);
      if (checkBulkUploadRequests.length === 5000) {
        const batch = checkBulkUploadRequests;
        checkBulkUploadRequests = [];
        void checkBulkUploadQueue.push(batch);
      }
      hashProgressBar.increment();
      return results;
    },
    { concurrency, retry: 3 },
  );
-  for (const item of files) {
+  for (const items of chunk(files, concurrency)) {
-    void queue.push(item);
+    await queue.push(items);
  }
  await queue.drained();
-  if (checkBulkUploadRequests.length > 0) {
+  progressBar.stop();
    void checkBulkUploadQueue.push(checkBulkUploadRequests);
  }
  await checkBulkUploadQueue.drained();
  multiBar.stop();
  console.log(`Found ${newFiles.length} new files and ${duplicates.length} duplicate${s(duplicates.length)}`);
@@ -229,8 +201,8 @@ export const uploadFiles = async (files: string[], { dryRun, concurrency }: Uplo
    { concurrency, retry: 3 },
  );
-  for (const item of files) {
+  for (const filepath of files) {
-    void queue.push(item);
+    await queue.push(filepath);
  }
  await queue.drained();
--- a/cli/src/queue.ts
+++ b/cli/src/queue.ts
@@ -72,8 +72,8 @@ export class Queue<T, R> {
   * @returns Promise<void> - The returned Promise will be resolved when all tasks in the queue have been processed by a worker.
   * This promise could be ignored as it will not lead to a `unhandledRejection`.
   */
-  drained(): Promise<void> {
+  async drained(): Promise<void> {
-    return this.queue.drained();
+    await this.queue.drain();
  }
  /**
--- a/cli/src/utils.spec.ts
+++ b/cli/src/utils.spec.ts
@@ -115,7 +115,17 @@ const tests: Test[] = [
      '/albums/image3.jpg': true,
    },
  },
-
+  {
    test: 'should support globbing paths',
    options: {
      pathsToCrawl: ['/photos*'],
    },
    files: {
      '/photos1/image1.jpg': true,
      '/photos2/image2.jpg': true,
      '/images/image3.jpg': false,
    },
  },
  {
    test: 'should crawl a single path without trailing slash',
    options: {
--- a/cli/src/utils.ts
+++ b/cli/src/utils.ts
@@ -141,21 +141,25 @@ export const crawl = async (options: CrawlOptions): Promise<string[]> => {
    }
  }
-  if (patterns.length === 0) {
+  let searchPattern: string;
  if (patterns.length === 1) {
    searchPattern = patterns[0];
  } else if (patterns.length === 0) {
    return crawledFiles;
  } else {
    searchPattern = '{' + patterns.join(',') + '}';
  }
  const searchPatterns = patterns.map((pattern) => {
    let escapedPattern = pattern;
  if (recursive) {
-      escapedPattern = escapedPattern + '/**';
+    searchPattern = searchPattern + '/**/';
  }
    return `${escapedPattern}/*.{${extensions.join(',')}}`;
  });
-  const globbedFiles = await glob(searchPatterns, {
+  searchPattern = `${searchPattern}/*.{${extensions.join(',')}}`;
  const globbedFiles = await glob(searchPattern, {
    absolute: true,
    caseSensitiveMatch: false,
    onlyFiles: true,
    dot: includeHidden,
    ignore: [`**/${exclusionPattern}`],
  });
--- a/deployment/modules/cloudflare/docs-release/.terraform.lock.hcl
+++ b/deployment/modules/cloudflare/docs-release/.terraform.lock.hcl
@@ -2,37 +2,37 @@
 # Manual edits may be lost in future updates.
 provider "registry.opentofu.org/cloudflare/cloudflare" {
-  version     = "4.48.0"
+  version     = "4.38.0"
-  constraints = "4.48.0"
+  constraints = "4.38.0"
  hashes = [
-    "h1:0IKUOR32xEI1suS5QCOjfxjQ2mRd058btXk8hVnaOJ4=",
+    "h1:+27KAHKHBDvv3dqyJv5vhtdKQZJzoZXoMqIyronlHNw=",
-    "h1:3YG6vu/bFPcYOeLdSUZhiAWiWKaFlOAR34z2o8cbE9k=",
+    "h1:/uV9RgOUhkxElkHhWs8fs5ZbX9vj6RCBfP0oJO0JF30=",
-    "h1:FvGy06/i9AMtVkSIUnCrXNv5xF6jqBqMH8oPVLyeeAg=",
+    "h1:1DNAdMugJJOAWD/XYiZenYYZLy7fw2ctjT4YZmkRCVQ=",
-    "h1:GXH7nIF0ocMqebbA41+fSGIYfM+VAM/PvTe7fJr8UrQ=",
+    "h1:1wn4PmCLdT7mvd74JkCGmJDJxTQDkcxc+1jNbmwnMHA=",
-    "h1:H0ll0ph4404vFE868W3qJ3zhOyy4jbXrOMtdkViEZsU=",
+    "h1:BIHB4fBxHg2bA9KbL92njhyctxKC8b6hNDp60y5QBss=",
-    "h1:SX42e3k73IcFcrQlZ2e/Veqt2tvCMy6fwlo5yNUktCE=",
+    "h1:HCQpvKPsMsR4HO5eDqt+Kao7T7CYeEH7KZIO7xMcC6M=",
-    "h1:Uu/gjBc99GefdPdSrlBwU75DWU0ZcwGcrd3ZFyTeL0s=",
+    "h1:HTomuzocukpNLwtWzeSF3yteCVsyVKbwKmN66u9iPac=",
-    "h1:VZw0uN41PWRmNlhg7Ze0Eh7cdoklX1oZbfNAXNYnU1I=",
+    "h1:YDxsUBhBAwHSXLzVwrSlSBOwv1NvLyry7s5SfCV7VqQ=",
-    "h1:cMdV7ql6PsFa4qtb0EoZSctvTaTqV7yplBSDwcLRCLc=",
+    "h1:dchVhxo+Acd1l2RuZ88tW9lWj4422QMfgtxKvKCjYrw=",
-    "h1:ePGvSurmlqOCkD761vkhRmz7bsK36/EnIvx2Xy8TdXo=",
+    "h1:eypa+P4ZpsEGMPFuCE+6VkRefu0TZRFmVBOpK+PDOPY=",
-    "h1:fOYufF+1bzw2N3aHLpkLB6E8VbZ4ysXDODYQOlwhwd4=",
+    "h1:f3yjse2OsRZj7ZhR7BLintJMlI4fpyt8HyDP/zcEavw=",
-    "h1:qe8RbnWq0T4xhqjn9QcbO6YW5YDx47P+eJ0NUMIfwCc=",
+    "h1:mSJ7xj8K+xcnEmGg7lH0jjzyQb157wH94ULTAlIV+HQ=",
-    "h1:tRD2av6PafHDP/b9jDQsG5/aX+lHeKxpbIEHYYLBVUc=",
+    "h1:tt+2J2Ze8VIdDq2Hr6uHlTJzAMBRpErBwTYx0uD5ilE=",
-    "h1:zyl6Gvx/CFpwYW8pFFDesfO8Lxv+a6CopyAsIMhp54s=",
+    "h1:uQW8SKxmulqrAisO+365mIf2FueINAp5PY28bqCPCug=",
-    "zh:04c0a49c2b23140b2f21cfd0d52f9798d70d3bdae3831613e156aabe519bbc6c",
+    "zh:171ab67cccceead4514fafb2d39e4e708a90cce79000aaf3c29aab7ed4457071",
-    "zh:185f21b4834ba63e8df1f84aa34639d8a7e126429a4007bb5f9ad82f2602a997",
+    "zh:18aa7228447baaaefc49a43e8eff970817a7491a63d8937e796357a3829dd979",
-    "zh:234724f52cb4c0c3f7313d3b2697caef26d921d134f26ae14801e7afac522f7b",
+    "zh:2cbaab6092e81ba6f41fa60a50f14e980c8ec327ee11d0b21f16a478be4b7567",
-    "zh:38a56fcd1b3e40706af995611c977816543b53f1e55fe2720944aae2b6828fcb",
+    "zh:53b8e49c06f5b31a8c681f8c0669cf43e78abe71657b8182a221d096bb514965",
-    "zh:419938f5430fc78eff933470aefbf94a460a478f867cf7761a3dea177b4eb153",
+    "zh:6037cfc60b4b647aabae155fcb46d649ed7c650e0287f05db52b2068f1e27c8a",
-    "zh:4b46d92bfde1deab7de7ba1a6bbf4ba7c711e4fd925341ddf09d4cc28dae03d8",
+    "zh:62460982ce1a869eebfca675603fbbd50416cf6b69459fb855bfbe5ae2b97607",
-    "zh:537acd4a31c752f1bae305ba7190f60b71ad1a459f22d464f3f914336c9e919f",
+    "zh:65f6f3a8470917b6398baa5eb4f74b3932b213eac7c0202798bfad6fd1ee17df",
    "zh:5ff36b005aad07697dd0b30d4f0c35dbcdc30dc52b41722552060792fa87ce04",
    "zh:635c5ee419daea098060f794d9d7d999275301181e49562c4e4c08f043076937",
    "zh:859277c330d61f91abe9e799389467ca11b77131bf34bedbef52f8da68b2bb49",
    "zh:890df766e9b839623b1f0437355032a3c006226a6c200cd911e15ee1a9014e9f",
-    "zh:927dfdb8d9aef37ead03fceaa29e87ba076a3dd24e19b6cefdbb0efe9987ff8c",
+    "zh:8b5cebe64bf04105a49178a165b6a8800a9a33bae6767143a47fe4977755f805",
-    "zh:bbf2226f07f6b1e721877328e69ded4b64f9c196634d2e2429e3cfabbe41e532",
+    "zh:a5596635db0993ee3c3060fbc2227d91b239466e96d2d82642625a5aa2486988",
-    "zh:daeed873d6f38604232b46ee4a5830c85d195b967f8dbcafe2fcffa98daf9c5f",
+    "zh:b3a9c63038441f13c311fd4b2c7e69e571445e5a7365a20c7cc9046b7e6c8aba",
-    "zh:f8f2fc4646c1ba44085612fa7f4dbb7cbcead43b4e661f2b98ddfb4f68afc758",
+    "zh:b585e7e4d7648a540b14b9182819214896ca9337729eeb1f2034833b17db754d",
    "zh:d2c3c545318ac8542369e9fc8228e29ee585febdf203a450fad3e0eded71ce02",
    "zh:e95dd2d6c3525073af47d47b763cb81b6a51b20cabf76f789c69328922da9ecf",
    "zh:eee6e590b36d6c6168a7daae8afa74a8721fd7aa9f62a710f04a311975100722",
  ]
 }
--- a/deployment/modules/cloudflare/docs-release/config.tf
+++ b/deployment/modules/cloudflare/docs-release/config.tf
@@ -5,7 +5,7 @@ terraform {
  required_providers {
    cloudflare = {
      source = "cloudflare/cloudflare"
-      version = "4.48.0"
+      version = "4.38.0"
    }
  }
 }
--- a/deployment/modules/cloudflare/docs-release/domain.tf
+++ b/deployment/modules/cloudflare/docs-release/domain.tf
@@ -9,6 +9,6 @@ resource "cloudflare_record" "immich_app_release_domain" {
  proxied = true
  ttl = 1
  type = "CNAME"
-  content = data.terraform_remote_state.cloudflare_immich_app_docs.outputs.immich_app_branch_pages_hostname
+  value = data.terraform_remote_state.cloudflare_immich_app_docs.outputs.immich_app_branch_pages_hostname
  zone_id = data.terraform_remote_state.cloudflare_account.outputs.immich_app_zone_id
 }
--- a/deployment/modules/cloudflare/docs/.terraform.lock.hcl
+++ b/deployment/modules/cloudflare/docs/.terraform.lock.hcl
@@ -2,37 +2,37 @@
 # Manual edits may be lost in future updates.
 provider "registry.opentofu.org/cloudflare/cloudflare" {
-  version     = "4.48.0"
+  version     = "4.38.0"
-  constraints = "4.48.0"
+  constraints = "4.38.0"
  hashes = [
-    "h1:0IKUOR32xEI1suS5QCOjfxjQ2mRd058btXk8hVnaOJ4=",
+    "h1:+27KAHKHBDvv3dqyJv5vhtdKQZJzoZXoMqIyronlHNw=",
-    "h1:3YG6vu/bFPcYOeLdSUZhiAWiWKaFlOAR34z2o8cbE9k=",
+    "h1:/uV9RgOUhkxElkHhWs8fs5ZbX9vj6RCBfP0oJO0JF30=",
-    "h1:FvGy06/i9AMtVkSIUnCrXNv5xF6jqBqMH8oPVLyeeAg=",
+    "h1:1DNAdMugJJOAWD/XYiZenYYZLy7fw2ctjT4YZmkRCVQ=",
-    "h1:GXH7nIF0ocMqebbA41+fSGIYfM+VAM/PvTe7fJr8UrQ=",
+    "h1:1wn4PmCLdT7mvd74JkCGmJDJxTQDkcxc+1jNbmwnMHA=",
-    "h1:H0ll0ph4404vFE868W3qJ3zhOyy4jbXrOMtdkViEZsU=",
+    "h1:BIHB4fBxHg2bA9KbL92njhyctxKC8b6hNDp60y5QBss=",
-    "h1:SX42e3k73IcFcrQlZ2e/Veqt2tvCMy6fwlo5yNUktCE=",
+    "h1:HCQpvKPsMsR4HO5eDqt+Kao7T7CYeEH7KZIO7xMcC6M=",
-    "h1:Uu/gjBc99GefdPdSrlBwU75DWU0ZcwGcrd3ZFyTeL0s=",
+    "h1:HTomuzocukpNLwtWzeSF3yteCVsyVKbwKmN66u9iPac=",
-    "h1:VZw0uN41PWRmNlhg7Ze0Eh7cdoklX1oZbfNAXNYnU1I=",
+    "h1:YDxsUBhBAwHSXLzVwrSlSBOwv1NvLyry7s5SfCV7VqQ=",
-    "h1:cMdV7ql6PsFa4qtb0EoZSctvTaTqV7yplBSDwcLRCLc=",
+    "h1:dchVhxo+Acd1l2RuZ88tW9lWj4422QMfgtxKvKCjYrw=",
-    "h1:ePGvSurmlqOCkD761vkhRmz7bsK36/EnIvx2Xy8TdXo=",
+    "h1:eypa+P4ZpsEGMPFuCE+6VkRefu0TZRFmVBOpK+PDOPY=",
-    "h1:fOYufF+1bzw2N3aHLpkLB6E8VbZ4ysXDODYQOlwhwd4=",
+    "h1:f3yjse2OsRZj7ZhR7BLintJMlI4fpyt8HyDP/zcEavw=",
-    "h1:qe8RbnWq0T4xhqjn9QcbO6YW5YDx47P+eJ0NUMIfwCc=",
+    "h1:mSJ7xj8K+xcnEmGg7lH0jjzyQb157wH94ULTAlIV+HQ=",
-    "h1:tRD2av6PafHDP/b9jDQsG5/aX+lHeKxpbIEHYYLBVUc=",
+    "h1:tt+2J2Ze8VIdDq2Hr6uHlTJzAMBRpErBwTYx0uD5ilE=",
-    "h1:zyl6Gvx/CFpwYW8pFFDesfO8Lxv+a6CopyAsIMhp54s=",
+    "h1:uQW8SKxmulqrAisO+365mIf2FueINAp5PY28bqCPCug=",
-    "zh:04c0a49c2b23140b2f21cfd0d52f9798d70d3bdae3831613e156aabe519bbc6c",
+    "zh:171ab67cccceead4514fafb2d39e4e708a90cce79000aaf3c29aab7ed4457071",
-    "zh:185f21b4834ba63e8df1f84aa34639d8a7e126429a4007bb5f9ad82f2602a997",
+    "zh:18aa7228447baaaefc49a43e8eff970817a7491a63d8937e796357a3829dd979",
-    "zh:234724f52cb4c0c3f7313d3b2697caef26d921d134f26ae14801e7afac522f7b",
+    "zh:2cbaab6092e81ba6f41fa60a50f14e980c8ec327ee11d0b21f16a478be4b7567",
-    "zh:38a56fcd1b3e40706af995611c977816543b53f1e55fe2720944aae2b6828fcb",
+    "zh:53b8e49c06f5b31a8c681f8c0669cf43e78abe71657b8182a221d096bb514965",
-    "zh:419938f5430fc78eff933470aefbf94a460a478f867cf7761a3dea177b4eb153",
+    "zh:6037cfc60b4b647aabae155fcb46d649ed7c650e0287f05db52b2068f1e27c8a",
-    "zh:4b46d92bfde1deab7de7ba1a6bbf4ba7c711e4fd925341ddf09d4cc28dae03d8",
+    "zh:62460982ce1a869eebfca675603fbbd50416cf6b69459fb855bfbe5ae2b97607",
-    "zh:537acd4a31c752f1bae305ba7190f60b71ad1a459f22d464f3f914336c9e919f",
+    "zh:65f6f3a8470917b6398baa5eb4f74b3932b213eac7c0202798bfad6fd1ee17df",
    "zh:5ff36b005aad07697dd0b30d4f0c35dbcdc30dc52b41722552060792fa87ce04",
    "zh:635c5ee419daea098060f794d9d7d999275301181e49562c4e4c08f043076937",
    "zh:859277c330d61f91abe9e799389467ca11b77131bf34bedbef52f8da68b2bb49",
    "zh:890df766e9b839623b1f0437355032a3c006226a6c200cd911e15ee1a9014e9f",
-    "zh:927dfdb8d9aef37ead03fceaa29e87ba076a3dd24e19b6cefdbb0efe9987ff8c",
+    "zh:8b5cebe64bf04105a49178a165b6a8800a9a33bae6767143a47fe4977755f805",
-    "zh:bbf2226f07f6b1e721877328e69ded4b64f9c196634d2e2429e3cfabbe41e532",
+    "zh:a5596635db0993ee3c3060fbc2227d91b239466e96d2d82642625a5aa2486988",
-    "zh:daeed873d6f38604232b46ee4a5830c85d195b967f8dbcafe2fcffa98daf9c5f",
+    "zh:b3a9c63038441f13c311fd4b2c7e69e571445e5a7365a20c7cc9046b7e6c8aba",
-    "zh:f8f2fc4646c1ba44085612fa7f4dbb7cbcead43b4e661f2b98ddfb4f68afc758",
+    "zh:b585e7e4d7648a540b14b9182819214896ca9337729eeb1f2034833b17db754d",
    "zh:d2c3c545318ac8542369e9fc8228e29ee585febdf203a450fad3e0eded71ce02",
    "zh:e95dd2d6c3525073af47d47b763cb81b6a51b20cabf76f789c69328922da9ecf",
    "zh:eee6e590b36d6c6168a7daae8afa74a8721fd7aa9f62a710f04a311975100722",
  ]
 }
--- a/deployment/modules/cloudflare/docs/config.tf
+++ b/deployment/modules/cloudflare/docs/config.tf
@@ -5,7 +5,7 @@ terraform {
  required_providers {
    cloudflare = {
      source = "cloudflare/cloudflare"
-      version = "4.48.0"
+      version = "4.38.0"
    }
  }
 }
--- a/deployment/modules/cloudflare/docs/domain.tf
+++ b/deployment/modules/cloudflare/docs/domain.tf
@@ -9,7 +9,7 @@ resource "cloudflare_record" "immich_app_branch_subdomain" {
  proxied = true
  ttl     = 1
  type    = "CNAME"
-  content   = "${replace(var.prefix_name, "/\\/|\\./", "-")}.${local.is_release ? data.terraform_remote_state.cloudflare_account.outputs.immich_app_archive_pages_project_subdomain : data.terraform_remote_state.cloudflare_account.outputs.immich_app_preview_pages_project_subdomain}"
+  value   = "${replace(var.prefix_name, "/\\/|\\./", "-")}.${local.is_release ? data.terraform_remote_state.cloudflare_account.outputs.immich_app_archive_pages_project_subdomain : data.terraform_remote_state.cloudflare_account.outputs.immich_app_preview_pages_project_subdomain}"
  zone_id = data.terraform_remote_state.cloudflare_account.outputs.immich_app_zone_id
 }
@@ -18,7 +18,7 @@ output "immich_app_branch_subdomain" {
 }
 output "immich_app_branch_pages_hostname" {
-  value = cloudflare_record.immich_app_branch_subdomain.content
+  value = cloudflare_record.immich_app_branch_subdomain.value
 }
 output "pages_project_name" {
--- a/docker/docker-compose.dev.yml
+++ b/docker/docker-compose.dev.yml
@@ -36,40 +36,30 @@ services:
      IMMICH_BUILD_URL: https://github.com/immich-app/immich/actions/runs/9654404849
      IMMICH_BUILD_IMAGE: development
      IMMICH_BUILD_IMAGE_URL: https://github.com/immich-app/immich/pkgs/container/immich-server
      IMMICH_THIRD_PARTY_SOURCE_URL: https://github.com/immich-app/immich/
      IMMICH_THIRD_PARTY_BUG_FEATURE_URL: https://github.com/immich-app/immich/issues
      IMMICH_THIRD_PARTY_DOCUMENTATION_URL: https://immich.app/docs
      IMMICH_THIRD_PARTY_SUPPORT_URL: https://immich.app/docs/third-party
    ulimits:
      nofile:
        soft: 1048576
        hard: 1048576
    ports:
      - 3001:3001
      - 9230:9230
      - 9231:9231
      - 2283:2283
    depends_on:
      - redis
      - database
    healthcheck:
      disable: false
  immich-web:
    container_name: immich_web
    image: immich-web-dev:latest
    # Needed for rootless docker setup, see https://github.com/moby/moby/issues/45919
    # user: 0:0
    build:
      context: ../web
    command: ['/usr/src/app/bin/immich-web']
    env_file:
      - .env
    ports:
-      - 3000:3000
+      - 2283:3000
      - 24678:24678
    volumes:
      - ../web:/usr/src/app
      - ../i18n:/usr/src/i18n
      - ../open-api/:/usr/src/open-api/
      - /usr/src/app/node_modules
    ulimits:
@@ -101,12 +91,10 @@ services:
    depends_on:
      - database
    restart: unless-stopped
    healthcheck:
      disable: false
  redis:
    container_name: immich_redis
-    image: redis:6.2-alpine@sha256:eaba718fecd1196d88533de7ba49bf903ad33664a92debb24660a922ecd9cac8
+    image: redis:6.2-alpine@sha256:e3b17ba9479deec4b7d1eeec1548a253acc5374d68d3b27937fcfe4df8d18c7e
    healthcheck:
      test: redis-cli ping || exit 1
@@ -125,25 +113,28 @@ services:
    ports:
      - 5432:5432
    healthcheck:
-      test: >-
+      test: pg_isready --dbname='${DB_DATABASE_NAME}' --username='${DB_USERNAME}' || exit 1; Chksum="$$(psql --dbname='${DB_DATABASE_NAME}' --username='${DB_USERNAME}' --tuples-only --no-align --command='SELECT COALESCE(SUM(checksum_failures), 0) FROM pg_stat_database')"; echo "checksum failure count is $$Chksum"; [ "$$Chksum" = '0' ] || exit 1
        pg_isready --dbname="$${POSTGRES_DB}" --username="$${POSTGRES_USER}" || exit 1;
        Chksum="$$(psql --dbname="$${POSTGRES_DB}" --username="$${POSTGRES_USER}" --tuples-only --no-align
        --command='SELECT COALESCE(SUM(checksum_failures), 0) FROM pg_stat_database')";
        echo "checksum failure count is $$Chksum";
        [ "$$Chksum" = '0' ] || exit 1
      interval: 5m
      start_interval: 30s
      start_period: 5m
-    command: >-
+    command:
-      postgres
+      [
-      -c shared_preload_libraries=vectors.so
+        'postgres',
-      -c 'search_path="$$user", public, vectors'
+        '-c',
-      -c logging_collector=on
+        'shared_preload_libraries=vectors.so',
-      -c max_wal_size=2GB
+        '-c',
-      -c shared_buffers=512MB
+        'search_path="$$user", public, vectors',
-      -c wal_compression=on
+        '-c',
        'logging_collector=on',
        '-c',
        'max_wal_size=2GB',
        '-c',
        'shared_buffers=512MB',
        '-c',
        'wal_compression=on',
      ]
-  # set IMMICH_TELEMETRY_INCLUDE=all in .env to enable metrics
+  # set IMMICH_METRICS=true in .env to enable metrics
  # immich-prometheus:
  #   container_name: immich_prometheus
  #   ports:
--- a/docker/docker-compose.prod.yml
+++ b/docker/docker-compose.prod.yml
@@ -16,13 +16,11 @@ services:
    env_file:
      - .env
    ports:
-      - 2283:2283
+      - 2283:3001
    depends_on:
      - redis
      - database
    restart: always
    healthcheck:
      disable: false
  immich-machine-learning:
    container_name: immich_machine_learning
@@ -42,12 +40,10 @@ services:
    env_file:
      - .env
    restart: always
    healthcheck:
      disable: false
  redis:
    container_name: immich_redis
-    image: redis:6.2-alpine@sha256:eaba718fecd1196d88533de7ba49bf903ad33664a92debb24660a922ecd9cac8
+    image: redis:6.2-alpine@sha256:e3b17ba9479deec4b7d1eeec1548a253acc5374d68d3b27937fcfe4df8d18c7e
    healthcheck:
      test: redis-cli ping || exit 1
    restart: always
@@ -67,31 +63,19 @@ services:
    ports:
      - 5432:5432
    healthcheck:
-      test: >-
+      test: pg_isready --dbname='${DB_DATABASE_NAME}' --username='${DB_USERNAME}' || exit 1; Chksum="$$(psql --dbname='${DB_DATABASE_NAME}' --username='${DB_USERNAME}' --tuples-only --no-align --command='SELECT COALESCE(SUM(checksum_failures), 0) FROM pg_stat_database')"; echo "checksum failure count is $$Chksum"; [ "$$Chksum" = '0' ] || exit 1
        pg_isready --dbname="$${POSTGRES_DB}" --username="$${POSTGRES_USER}" || exit 1;
        Chksum="$$(psql --dbname="$${POSTGRES_DB}" --username="$${POSTGRES_USER}" --tuples-only --no-align
        --command='SELECT COALESCE(SUM(checksum_failures), 0) FROM pg_stat_database')";
        echo "checksum failure count is $$Chksum";
        [ "$$Chksum" = '0' ] || exit 1
      interval: 5m
      start_interval: 30s
      start_period: 5m
-    command: >-
+    command: ["postgres", "-c" ,"shared_preload_libraries=vectors.so", "-c", 'search_path="$$user", public, vectors', "-c", "logging_collector=on", "-c", "max_wal_size=2GB", "-c", "shared_buffers=512MB", "-c", "wal_compression=on"]
      postgres
      -c shared_preload_libraries=vectors.so
      -c 'search_path="$$user", public, vectors'
      -c logging_collector=on
      -c max_wal_size=2GB
      -c shared_buffers=512MB
      -c wal_compression=on
    restart: always
-  # set IMMICH_TELEMETRY_INCLUDE=all in .env to enable metrics
+  # set IMMICH_METRICS=true in .env to enable metrics
  immich-prometheus:
    container_name: immich_prometheus
    ports:
      - 9090:9090
-    image: prom/prometheus@sha256:565ee86501224ebbb98fc10b332fa54440b100469924003359edf49cbce374bd
+    image: prom/prometheus@sha256:f20d3127bf2876f4a1df76246fca576b41ddf1125ed1c546fbd8b16ea55117e6
    volumes:
      - ./prometheus.yml:/etc/prometheus/prometheus.yml
      - prometheus-data:/prometheus
@@ -103,7 +87,7 @@ services:
    command: ['./run.sh', '-disable-reporting']
    ports:
      - 3000:3000
-    image: grafana/grafana:11.4.0-ubuntu@sha256:afccec22ba0e4815cca1d2bf3836e414322390dc78d77f1851976ffa8d61051c
+    image: grafana/grafana:11.1.0-ubuntu@sha256:c7fc29ec783d5e7fc1bdfaad6f92345a345cffbc5d21c388ca228175006fc107
    volumes:
      - grafana-data:/var/lib/grafana
--- a/docker/docker-compose.yml
+++ b/docker/docker-compose.yml
@@ -16,19 +16,16 @@ services:
    #   file: hwaccel.transcoding.yml
    #   service: cpu # set to one of [nvenc, quicksync, rkmpp, vaapi, vaapi-wsl] for accelerated transcoding
    volumes:
      # Do not edit the next line. If you want to change the media storage location on your system, edit the value of UPLOAD_LOCATION in the .env file
      - ${UPLOAD_LOCATION}:/usr/src/app/upload
      - /etc/localtime:/etc/localtime:ro
    env_file:
      - .env
    ports:
-      - '2283:2283'
+      - 2283:3001
    depends_on:
      - redis
      - database
    restart: always
    healthcheck:
      disable: false
  immich-machine-learning:
    container_name: immich_machine_learning
@@ -43,12 +40,10 @@ services:
    env_file:
      - .env
    restart: always
    healthcheck:
      disable: false
  redis:
    container_name: immich_redis
-    image: docker.io/redis:6.2-alpine@sha256:eaba718fecd1196d88533de7ba49bf903ad33664a92debb24660a922ecd9cac8
+    image: docker.io/redis:6.2-alpine@sha256:e3b17ba9479deec4b7d1eeec1548a253acc5374d68d3b27937fcfe4df8d18c7e
    healthcheck:
      test: redis-cli ping || exit 1
    restart: always
@@ -62,26 +57,13 @@ services:
      POSTGRES_DB: ${DB_DATABASE_NAME}
      POSTGRES_INITDB_ARGS: '--data-checksums'
    volumes:
      # Do not edit the next line. If you want to change the database storage location on your system, edit the value of DB_DATA_LOCATION in the .env file
      - ${DB_DATA_LOCATION}:/var/lib/postgresql/data
    healthcheck:
-      test: >-
+      test: pg_isready --dbname='${DB_DATABASE_NAME}' --username='${DB_USERNAME}' || exit 1; Chksum="$$(psql --dbname='${DB_DATABASE_NAME}' --username='${DB_USERNAME}' --tuples-only --no-align --command='SELECT COALESCE(SUM(checksum_failures), 0) FROM pg_stat_database')"; echo "checksum failure count is $$Chksum"; [ "$$Chksum" = '0' ] || exit 1
        pg_isready --dbname="$${POSTGRES_DB}" --username="$${POSTGRES_USER}" || exit 1;
        Chksum="$$(psql --dbname="$${POSTGRES_DB}" --username="$${POSTGRES_USER}" --tuples-only --no-align
        --command='SELECT COALESCE(SUM(checksum_failures), 0) FROM pg_stat_database')";
        echo "checksum failure count is $$Chksum";
        [ "$$Chksum" = '0' ] || exit 1
      interval: 5m
      start_interval: 30s
      start_period: 5m
-    command: >-
+    command: ["postgres", "-c" ,"shared_preload_libraries=vectors.so", "-c", 'search_path="$$user", public, vectors', "-c", "logging_collector=on", "-c", "max_wal_size=2GB", "-c", "shared_buffers=512MB", "-c", "wal_compression=on"]
      postgres
      -c shared_preload_libraries=vectors.so
      -c 'search_path="$$user", public, vectors'
      -c logging_collector=on
      -c max_wal_size=2GB
      -c shared_buffers=512MB
      -c wal_compression=on
    restart: always
 volumes:
--- a/docker/example.env
+++ b/docker/example.env
@@ -12,7 +12,6 @@ DB_DATA_LOCATION=./postgres
 IMMICH_VERSION=release
 # Connection secret for postgres. You should change it to a random password
 # Please use only the characters `A-Za-z0-9`, without special characters or spaces
 DB_PASSWORD=postgres
 # The values below this line do not need to be changed
--- a/docker/hwaccel.transcoding.yml
+++ b/docker/hwaccel.transcoding.yml
@@ -51,4 +51,5 @@ services:
    volumes:
      - /usr/lib/wsl:/usr/lib/wsl
    environment:
      - LD_LIBRARY_PATH=/usr/lib/wsl/lib
      - LIBVA_DRIVER_NAME=d3d12
--- a/docs/.nvmrc
+++ b/docs/.nvmrc
@@ -1 +1 @@
-22.12.0
+20.16.0
--- a/docs/docs/FAQ.mdx
+++ b/docs/docs/FAQ.mdx
@@ -49,30 +49,17 @@ The behaviors differ based on your device manufacturer and operating system, but
 On iOS (iPhone and iPad), the operating system determines if a particular app can invoke background tasks based on multiple factors, most of which the Immich app has no control over. To increase the likelihood that the background backup task is run, follow the steps below:
 - Enable Background App Refresh for Immich in the iOS settings at `Settings > General > Background App Refresh`.
 - Disable **Low Power Mode** when not needed, as this can prevent apps from running in the background.
 - Disable Background App Refresh for apps that don't need background tasks to run. This will reduce the competition for background task invocation for Immich.
 - Use the Immich app more often.
 ### Why are features not working with a self-signed cert or mTLS?
 Due to limitations in the upstream app/video library, using a self-signed TLS certificate or mutual TLS may break video playback or asset upload (both foreground and/or background).
 We recommend using a real SSL certificate from a free provider, for example [Let's Encrypt](https://letsencrypt.org/).
 ---
 ## Assets
 ### Does Immich change the file?
-No, Immich does not modify the original files.
+No, Immich does not touch the original file under any circumstances,  
-All edited metadata is saved in companion `.xmp` sidecar files and the database.
+all edited metadata are saved in the companion sidecar file and the database.
 However, Immich will delete original files that have been trashed when the trash is emptied in the Immich UI.
 ### Why do my file names appear as a random string in the file manager?
 When Storage Template is off (default) Immich saves the file names in a random string (also known as random UUIDs) to prevent duplicate file names.
 To retrieve the original file names, you must enable the Storage Template and then run the STORAGE TEMPLATE MIGRATION job.
 It is recommended to read about [Storage Template](https://immich.app/docs/administration/storage-template) before activation.
 ### Can I add my existing photo library?
@@ -84,20 +71,11 @@ Template changes will only apply to _new_ assets. To retroactively apply the tem
 ### Why are only photos and not videos being uploaded to Immich?
-This often happens when using a reverse proxy in front of Immich.
+This often happens when using a reverse proxy (such as Nginx or Cloudflare tunnel) in front of Immich. Make sure to set your reverse proxy to allow large `POST` requests. In `nginx`, set `client_max_body_size 50000M;` or similar. Also, check the disk space of your reverse proxy. In some cases, proxies cache requests to disk before passing them on, and if disk space runs out, the request fails.
 Make sure to [set your reverse proxy](/docs/administration/reverse-proxy/) to allow large requests.
 Also, check the disk space of your reverse proxy.
 In some cases, proxies cache requests to disk before passing them on, and if disk space runs out, the request fails.
 If you are using Cloudflare Tunnel, please know that they set a maxiumum filesize of 100 MB that cannot be changed.
 At times, files larger than this may work, potentially up to 1 GB. However, the official limit is 100 MB.
 If you are having issues, we recommend switching to a different network deployment.
 ### Why are some photos stored in the file system with the wrong date?
-There are a few different scenarios that can lead to this situation. The solution is to rerun the storage migration job.
+There are a few different scenarios that can lead to this situation. The solution is to rerun the storage migration job. The job is only automatically run once per asset after upload. If metadata extraction originally failed, the jobs were cleared/canceled, etc., the job may not have run automatically the first time.
 The job is only automatically run once per asset after upload. If metadata extraction originally failed, the jobs were cleared/canceled, etc.,
 the job may not have run automatically the first time.
 ### How can I hide photos from the timeline?
@@ -127,8 +105,7 @@ Also, there are additional jobs for person (face) thumbnails.
 ### Why do files from WhatsApp not appear with the correct date?
-Files sent on WhatsApp are saved without metadata on the file. Therefore, Immich has no way of knowing the original date of the file when files are uploaded from WhatsApp,
+Files sent on WhatsApp are saved without metadata on the file. Therefore, Immich has no way of knowing the original date of the file when files are uploaded from WhatsApp, not the order of arrival on the device. [See #3527](https://github.com/immich-app/immich/issues/3527).
 not the order of arrival on the device. [See #9116](https://github.com/immich-app/immich/discussions/9116).
 ### What happens if an asset exists in more than one account?
@@ -180,30 +157,17 @@ We haven't implemented an official mechanism for creating albums from external l
 Duplicate checking only exists for upload libraries, using the file hash. Furthermore, duplicate checking is not global, but _per library_. Therefore, a situation where the same file appears twice in the timeline is possible, especially for external libraries.
 ### Why are my edits to files not being saved in read-only external libraries?
 Images in read-write external libraries (the default) can be edited as normal.
 In read-only libraries (`:ro` in the `docker-compose.yml`), Immich is unable to create the `.xmp` sidecar files to store edited file metadata.
 For this reason, the metadata (timestamp, location, description, star rating, etc.) cannot be edited for files in read-only external libraries.
 ### How are deletions of files handled in external libraries?
 Immich will attempt to delete original files that have been trashed when the trash is emptied.
 In read-write external libraries (the default), Immich will delete the original file.
 In read-only libraries (`:ro` in the `docker-compose.yml`), files can still be trashed in the UI.
 However, when the trash is emptied, the files will re-appear in the main timeline since Immich is unable to delete the original file.
 ---
 ## Machine Learning
 ### How does smart search work?
-Immich uses CLIP models. An ML model converts each image to an "embedding", which is essentially a string of numbers that semantically encodes what is in the image. The same is done for the text that you enter when you do a search, and that text embedding is then compared with those of the images to find similar ones. As such, there are no "tags", "labels", or "descriptions" generated that you can look at. For more information about CLIP and its capabilities, read about it [here](https://openai.com/research/clip).
+Immich uses CLIP models. For more information about CLIP and its capabilities, read about it [here](https://openai.com/research/clip).
 ### How does facial recognition work?
-See [How Facial Recognition Works](/docs/features/facial-recognition#how-facial-recognition-works) for details.
+See [How Facial Recognition Works](/docs/features/facial-recognition#How-Facial-Recognition-Works) for details.
 ### How can I disable machine learning?
@@ -225,7 +189,7 @@ No, this is not supported. Only models listed in the [Hugging Face][huggingface]
 ### I want to be able to search in other languages besides English. How can I do that?
-You can change to a multilingual CLIP model. See [here](/docs/features/searching#clip-model) for instructions.
+You can change to a multilingual CLIP model. See [here](/docs/features/smart-search#CLIP-model) for instructions.
 ### Does Immich support Facial Recognition for videos?
@@ -236,7 +200,7 @@ Scanning the entire video for faces may be implemented in the future.
 No.
 :::tip
-You can use [Smart Search](/docs/features/searching.md) for this to some extent. For example, if you have a Golden Retriever and a Chihuahua, type these words in the smart search and watch the results.
+You can use [Smart Search](/docs/features/smart-search.md) for this to some extent. For example, if you have a Golden Retriever and a Chihuahua, type these words in the smart search and watch the results.
 :::
 ### I'm getting a lot of "faces" that aren't faces, what can I do?
@@ -320,7 +284,7 @@ Do not exaggerate with the job concurrency because you're probably thoroughly ov
 ### My server shows Server Status Offline | Version Unknown. What can I do?
-You need to [enable WebSockets](/docs/administration/reverse-proxy/) on your reverse proxy.
+You need to enable WebSockets on your reverse proxy.
 ---
@@ -330,12 +294,6 @@ You need to [enable WebSockets](/docs/administration/reverse-proxy/) on your rev
 Immich components are typically deployed using docker. To see logs for deployed docker containers, you can use the [Docker CLI](https://docs.docker.com/engine/reference/commandline/cli/), specifically the `docker logs` command. For examples, see [Docker Help](/docs/guides/docker-help.md).
 ### How can I reduce the log verbosity of Redis?
 To decrease Redis logs, you can add the following line to the `redis:` section of the `docker-compose.yml`:
 `    command: redis-server --loglevel warning`
 ### How can I run Immich as a non-root user?
 You can change the user in the container by setting the `user` argument in `docker-compose.yml` for each service.
@@ -345,13 +303,9 @@ You may need to add mount points or docker volumes for the following internal co
 - `immich-machine-learning:/.cache`
 - `redis:/data`
-The non-root user/group needs read/write access to the volume mounts, including `UPLOAD_LOCATION` and `/cache` for machine-learning.
+The non-root user/group needs read/write access to the volume mounts, including `UPLOAD_LOCATION`.
-:::note Docker Compose Volumes
+For a further hardened system, you can add the following block to every container except for `immich_postgres`.
 The Docker Compose top level volume element does not support non-root access, all of the above volumes must be local volume mounts.
 :::
 For a further hardened system, you can add the following block to every container.
 <details>
 <summary>docker-compose.yml</summary>
@@ -400,21 +354,22 @@ If the error says the worker is exiting, then this is normal. This is a feature
 There are a few reasons why this can happen.
-If the error mentions SIGKILL or error code 137, it most likely means the service is running out of memory.
+If the error mentions SIGKILL or error code 137, it most likely means the service is running out of memory. Consider either increasing the server's RAM or moving the service to a server with more RAM.
 Consider either increasing the server's RAM or moving the service to a server with more RAM.
-If it mentions SIGILL (note the lack of a K) or error code 132, it most likely means your server's CPU is incompatible with Immich.
+If it mentions SIGILL (note the lack of a K) or error code 132, it most likely means your server's CPU is incompatible. This is unlikely to occur on version 1.92.0 or later. Consider upgrading if your version of Immich is below that.
 If your version of Immich is below 1.92.0 and the crash occurs after logs about tracing or exporting a model, consider either upgrading or disabling the Tag Objects job.
 ## Database
 ### Why am I getting database ownership errors?
 If you get database errors such as `FATAL:  data directory "/var/lib/postgresql/data" has wrong ownership` upon database startup, this is likely due to an issue with your filesystem.
-NTFS and ex/FAT/32 filesystems are not supported. See [here](/docs/install/requirements#special-requirements-for-windows-users) for more details.
+NTFS and ex/FAT/32 filesystems are not supported. See [here](/docs/install/environment-variables#supported-filesystems) for more details.
 ### How can I verify the integrity of my database?
-Database checksums are enabled by default for new installations since v1.104.0. You can check if they are enabled by running the following command.
+If you installed Immich using v1.104.0 or later, you likely have database checksums enabled by default. You can check this by running the following command.
 A result of `on` means that checksums are enabled.
 <details>
@@ -430,7 +385,7 @@ docker exec -it immich_postgres psql --dbname=immich --username=<DB_USERNAME> --
 </details>
-If checksums are enabled, you can check the status of the database with the following command. A normal result is all `0`s.
+If checksums are enabled, you can check the status of the database with the following command. A normal result is all zeroes.
 <details>
 <summary>Check for database corruption</summary>
@@ -448,24 +403,6 @@ docker exec -it immich_postgres psql --dbname=immich --username=<DB_USERNAME> --
 </details>
 You can also scan the Postgres database file structure for errors:
 <details>
 <summary>Scan for file structure errors</summary>
 ```bash
 docker exec -it immich_postgres pg_amcheck --username=postgres --heapallindexed --parent-check --rootdescend --progress --all --install-missing
 ```
 A normal result will end something like this and return with an exit code of `0`:
 ```bash
 7470/8832 relations (84%), 730829/734735 pages (99%)
 8425/8832 relations (95%), 734367/734735 pages (99%)
 8832/8832 relations (100%), 734735/734735 pages (100%)
 ```
 </details>
 If corruption is detected, you should immediately make a backup before performing any other work in the database.
 To do so, you may need to set the `zero_damaged_pages=on` flag for the database server to allow `pg_dumpall` to succeed.
 After taking a backup, the recommended next step is to restore the database from a healthy backup before corruption was detected.
--- a/docs/docs/administration/backup-and-restore.md
+++ b/docs/docs/administration/backup-and-restore.md
@@ -5,10 +5,6 @@ import TabItem from '@theme/TabItem';
 A [3-2-1 backup strategy](https://www.backblaze.com/blog/the-3-2-1-backup-strategy/) is recommended to protect your data. You should keep copies of your uploaded photos/videos as well as the Immich database for a comprehensive backup solution. This page provides an overview on how to backup the database and the location of user-uploaded pictures and videos. A template bash script that can be run as a cron job is provided [here](/docs/guides/template-backup-script.md)
 :::danger
 The instructions on this page show you how to prepare your Immich instance to be backed up, and which files to take a backup of. You still need to take care of using an actual backup tool to make a backup yourself.
 :::
 ## Database
 :::caution
@@ -19,24 +15,12 @@ Immich saves [file paths in the database](https://github.com/immich-app/immich/d
 Refer to the official [postgres documentation](https://www.postgresql.org/docs/current/backup.html) for details about backing up and restoring a postgres database.
 :::
 The recommended way to backup and restore the Immich database is to use the `pg_dumpall` command. When restoring, you need to delete the `DB_DATA_LOCATION` folder (if it exists) to reset the database.
 :::caution
 It is not recommended to directly backup the `DB_DATA_LOCATION` folder. Doing so while the database is running can lead to a corrupted backup that cannot be restored.
 :::
 ### Automatic Database Backups
 For convenience, Immich will automatically create database backups by default. The backups are stored in `UPLOAD_LOCATION/backups`.  
 As mentioned above, you should make your own backup of these together with the asset folders as noted below.  
 You can adjust the schedule and amount of kept backups in the [admin settings](http://my.immich.app/admin/system-settings?isOpen=backup).  
 By default, Immich will keep the last 14 backups and create a new backup every day at 2:00 AM.
 #### Restoring
 We hope to make restoring simpler in future versions, for now you can find the backups in the `UPLOAD_LOCATION/backups` folder on your host.  
 Then please follow the steps in the following section for restoring the database.
 ### Manual Backup and Restore
 <Tabs>
  <TabItem value="Linux system" label="Linux system" default>
@@ -45,14 +29,12 @@ docker exec -t immich_postgres pg_dumpall --clean --if-exists --username=postgre
 ```
 ```bash title='Restore'
-docker compose down -v  # CAUTION! Deletes all Immich data to start from scratch
+docker compose down -v  # CAUTION! Deletes all Immich data to start from scratch.
-## Uncomment the next line and replace DB_DATA_LOCATION with your Postgres path to permanently reset the Postgres database
+# rm -rf DB_DATA_LOCATION # CAUTION! Deletes all Immich data to start from scratch.
 # rm -rf DB_DATA_LOCATION # CAUTION! Deletes all Immich data to start from scratch
 docker compose pull     # Update to latest version of Immich (if desired)
-docker compose create           # Create Docker containers for Immich apps without running them
+docker compose create   # Create Docker containers for Immich apps without running them.
 docker start immich_postgres    # Start Postgres server
 sleep 10    # Wait for Postgres server to start up
 # Check the database user if you deviated from the default
 gunzip < "/path/to/backup/dump.sql.gz" \
 | sed "s/SELECT pg_catalog.set_config('search_path', '', false);/SELECT pg_catalog.set_config('search_path', 'public, pg_catalog', true);/g" \
 | docker exec -i immich_postgres psql --username=postgres    # Restore Backup
@@ -63,34 +45,67 @@ docker compose up -d            # Start remainder of Immich apps
  <TabItem value="Windows system (PowerShell)" label="Windows system (PowerShell)">
 ```powershell title='Backup'
-[System.IO.File]::WriteAllLines("C:\absolute\path\to\backup\dump.sql", (docker exec -t immich_postgres pg_dumpall --clean --if-exists --username=postgres))
+docker exec -t immich_postgres pg_dumpall --clean --if-exists --username=postgres > "\path\to\backup\dump.sql"
 ```
 ```powershell title='Restore'
-docker compose down -v  # CAUTION! Deletes all Immich data to start from scratch
+docker compose down -v  # CAUTION! Deletes all Immich data to start from scratch.
-## Uncomment the next line and replace DB_DATA_LOCATION with your Postgres path to permanently reset the Postgres database
+# Remove-Item -Recurse -Force DB_DATA_LOCATION # CAUTION! Deletes all Immich data to start from scratch.
 # Remove-Item -Recurse -Force DB_DATA_LOCATION # CAUTION! Deletes all Immich data to start from scratch
 ## You should mount the backup (as a volume, example: - 'C:\path\to\backup\dump.sql':/dump.sql) into the immich_postgres container using the docker-compose.yml
 docker compose pull     # Update to latest version of Immich (if desired)
-docker compose create           # Create Docker containers for Immich apps without running them
+docker compose create   # Create Docker containers for Immich apps without running them.
 docker start immich_postgres    # Start Postgres server
 sleep 10    # Wait for Postgres server to start up
-docker exec -it immich_postgres bash    # Enter the Docker shell and run the following command
+gc "C:\path\to\backup\dump.sql" | docker exec -i immich_postgres psql --username=postgres   # Restore Backup
 # Check the database user if you deviated from the default
 cat "/dump.sql" \
 | sed "s/SELECT pg_catalog.set_config('search_path', '', false);/SELECT pg_catalog.set_config('search_path', 'public, pg_catalog', true);/g" \
 | psql --username=postgres      # Restore Backup
 exit                            # Exit the Docker shell
 docker compose up -d    # Start remainder of Immich apps
 ```
 </TabItem>
 </Tabs>
-Note that for the database restore to proceed properly, it requires a completely fresh install (i.e. the Immich server has never run since creating the Docker containers). If the Immich app has run, Postgres conflicts may be encountered upon database restoration (relation already exists, violated foreign key constraints, multiple primary keys, etc.), in which case you need to delete the `DB_DATA_LOCATION` folder to reset the database.
+Note that for the database restore to proceed properly, it requires a completely fresh install (i.e. the Immich server has never run since creating the Docker containers). If the Immich app has run, Postgres conflicts may be encountered upon database restoration (relation already exists, violated foreign key constraints, multiple primary keys, etc.).
 :::tip
-Some deployment methods make it difficult to start the database without also starting the server. In these cases, you may set the environment variable `DB_SKIP_MIGRATIONS=true` before starting the services. This will prevent the server from running migrations that interfere with the restore process. Be sure to remove this variable and restart the services after the database is restored.
+Some deployment methods make it difficult to start the database without also starting the server or microservices. In these cases, you may set the environmental variable `DB_SKIP_MIGRATIONS=true` before starting the services. This will prevent the server from running migrations that interfere with the restore process. Note that both the server and microservices must have this variable set to prevent the migrations from running. Be sure to remove this variable and restart the services after the database is restored.
 :::
 The database dumps can also be automated (using [this image](https://github.com/prodrigestivill/docker-postgres-backup-local)) by editing the docker compose file to match the following:
 ```yaml
 services:
  ...
  backup:
    container_name: immich_db_dumper
    image: prodrigestivill/postgres-backup-local:14
    restart: always
    env_file:
      - .env
    environment:
      POSTGRES_HOST: database
      POSTGRES_CLUSTER: 'TRUE'
      POSTGRES_USER: ${DB_USERNAME}
      POSTGRES_PASSWORD: ${DB_PASSWORD}
      POSTGRES_DB: ${DB_DATABASE_NAME}
      SCHEDULE: "@daily"
      POSTGRES_EXTRA_OPTS: '--clean --if-exists'
      BACKUP_DIR: /db_dumps
    volumes:
      - ./db_dumps:/db_dumps
    depends_on:
      - database
 ```
 Then you can restore with the same command but pointed at the latest dump.
 ```bash title='Automated Restore'
 gunzip < db_dumps/last/immich-latest.sql.gz \
 | sed "s/SELECT pg_catalog.set_config('search_path', '', false);/SELECT pg_catalog.set_config('search_path', 'public, pg_catalog', true);/g" \
 | docker exec -i immich_postgres psql --username=postgres
 ```
 :::note
 If you see the error `ERROR:  type "earth" does not exist`, or you have problems with Reverse Geocoding after a restore, add the following `sed` fragment to your restore command.
 Example: `gunzip < "/path/to/backup/dump.sql.gz" | sed "s/SELECT pg_catalog.set_config('search_path', '', false);/SELECT pg_catalog.set_config('search_path', 'public, pg_catalog', true);/g" | docker exec -i immich_postgres psql --username=postgres`
 :::
 ## Filesystem
@@ -142,7 +157,7 @@ for more info read the [release notes](https://github.com/immich-app/immich/rele
  - The Immich database containing all the information to allow the system to function properly.  
    **Note:** This folder will only appear to users who have made the changes mentioned in [v1.102.0](https://github.com/immich-app/immich/discussions/8930) (an optional, non-mandatory change) or who started with this version.
-  - Stored in `DB_DATA_LOCATION`.
+  - Stored in `UPLOAD_LOCATION/postgres`.
  :::danger
  A backup of this folder does not constitute a backup of your database!
@@ -176,7 +191,7 @@ When you turn off the storage template engine, it will leave the assets in `UPLO
  - Stored in `UPLOAD_LOCATION/profile/<userID>`.
 - **Thumbs Images:**
  - Preview images (blurred, small, large) for each asset and thumbnails for recognized faces.
-  - Stored in `UPLOAD_LOCATION/thumbs/<userID>`.
+  - Stored in `UPLOCAD_LOCATION/thumbs/<userID>`.
 - **Encoded Assets:**
  - Videos that have been re-encoded from the original for wider compatibility. The original is not removed.
  - Stored in `UPLOAD_LOCATION/encoded-video/<userID>`.
@@ -188,7 +203,7 @@ When you turn off the storage template engine, it will leave the assets in `UPLO
  - The Immich database containing all the information to allow the system to function properly.  
    **Note:** This folder will only appear to users who have made the changes mentioned in [v1.102.0](https://github.com/immich-app/immich/discussions/8930) (an optional, non-mandatory change) or who started with this version.
-  - Stored in `DB_DATA_LOCATION`.
+  - Stored in `UPLOAD_LOCATION/postgres`.
  :::danger
  A backup of this folder does not constitute a backup of your database!
--- a/docs/docs/administration/email-notification.mdx
+++ b/docs/docs/administration/email-notification.mdx
@@ -8,20 +8,16 @@ Immich supports the option to send notifications via Email for the following eve
 ## SMTP settings
-You can access the settings panel from the web at `Administration -> Settings -> Notification settings`.
+You can access the settings panel from the web at `Administration -> Settings -> Notification settings`
-Under Email, enter the required details to connect with an SMTP server.
+Under Email, enter the following details to connect with SMTP servers.
-You can use [this guide](/docs/guides/smtp-gmail) to use Gmail's SMTP server.
+You can use the following [guide](/docs/guides/smtp-gmail) to use Gmail's SMTP server.
 <img src={require('./img/email-settings.png').default} width="80%" title="SMTP settings" />
 ## User's notifications settings
 Users can manage their email notification settings from their account settings page on the web. They can choose to turn email notifications on or off for the following events:
-<img src={require('./img/user-notifications-settings.webp').default} width="80%" title="User notification settings" />
+<img src={require('./img/user-notifications-settings.png').default} width="80%" title="User notification settings" />
 ## Notification templates
 You can override the default notification text with custom templates in HTML format. You can use tags to show dynamic tags in your templates.
 <img src={require('./img/user-notifications-templates.webp').default} width="80%" title="User notification templates" />
--- a/docs/docs/administration/img/admin-jobs-exif.png
+++ b/docs/docs/administration/img/admin-jobs-exif.png
--- a/docs/docs/administration/img/admin-jobs-objects.png
+++ b/docs/docs/administration/img/admin-jobs-objects.png
--- a/docs/docs/administration/img/admin-jobs-template.png
+++ b/docs/docs/administration/img/admin-jobs-template.png
--- a/docs/docs/administration/img/admin-jobs-thumbnails.png
+++ b/docs/docs/administration/img/admin-jobs-thumbnails.png
--- a/docs/docs/administration/img/admin-jobs.png
+++ b/docs/docs/administration/img/admin-jobs.png
--- a/docs/docs/administration/img/admin-jobs.webp
+++ b/docs/docs/administration/img/admin-jobs.webp
--- a/docs/docs/administration/img/administration-panel.webp
+++ b/docs/docs/administration/img/administration-panel.webp
--- a/docs/docs/administration/img/authentik-redirect.png
+++ b/docs/docs/administration/img/authentik-redirect.png
--- a/docs/docs/administration/img/authentik-redirect.webp
+++ b/docs/docs/administration/img/authentik-redirect.webp
--- a/docs/docs/administration/img/customize-delete-user.png
+++ b/docs/docs/administration/img/customize-delete-user.png
--- a/docs/docs/administration/img/customize-delete-user.webp
+++ b/docs/docs/administration/img/customize-delete-user.webp
--- a/docs/docs/administration/img/disable-password-login.png
+++ b/docs/docs/administration/img/disable-password-login.png
--- a/docs/docs/administration/img/disable-password-login.webp
+++ b/docs/docs/administration/img/disable-password-login.webp
--- a/docs/docs/administration/img/email-settings.png
+++ b/docs/docs/administration/img/email-settings.png
--- a/docs/docs/administration/img/enable-password-login.png
+++ b/docs/docs/administration/img/enable-password-login.png
--- a/docs/docs/administration/img/enable-password-login.webp
+++ b/docs/docs/administration/img/enable-password-login.webp
--- a/docs/docs/administration/img/immediately-remove-user.png
+++ b/docs/docs/administration/img/immediately-remove-user.png
--- a/docs/docs/administration/img/immediately-remove-user.webp
+++ b/docs/docs/administration/img/immediately-remove-user.webp
--- a/docs/docs/administration/img/list-users.png
+++ b/docs/docs/administration/img/list-users.png
--- a/docs/docs/administration/img/list-users.webp
+++ b/docs/docs/administration/img/list-users.webp
--- a/docs/docs/administration/img/password-login-settings.png
+++ b/docs/docs/administration/img/password-login-settings.png
--- a/docs/docs/administration/img/password-login-settings.webp
+++ b/docs/docs/administration/img/password-login-settings.webp
--- a/docs/docs/administration/img/repair-page-1.png
+++ b/docs/docs/administration/img/repair-page-1.png
--- a/docs/docs/administration/img/repair-page.png
+++ b/docs/docs/administration/img/repair-page.png
--- a/docs/docs/administration/img/reset-admin-password.png
+++ b/docs/docs/administration/img/reset-admin-password.png
--- a/docs/docs/administration/img/reset-admin-password.webp
+++ b/docs/docs/administration/img/reset-admin-password.webp
--- a/docs/docs/administration/img/server-stats.png
+++ b/docs/docs/administration/img/server-stats.png
--- a/docs/docs/administration/img/server-stats.webp
+++ b/docs/docs/administration/img/server-stats.webp
--- a/docs/docs/administration/img/user-management-update.png
+++ b/docs/docs/administration/img/user-management-update.png
--- a/docs/docs/administration/img/user-management-update.webp
+++ b/docs/docs/administration/img/user-management-update.webp
--- a/docs/docs/administration/img/user-notifications-settings.png
+++ b/docs/docs/administration/img/user-notifications-settings.png
--- a/docs/docs/administration/img/user-notifications-settings.webp
+++ b/docs/docs/administration/img/user-notifications-settings.webp
--- a/docs/docs/administration/img/user-notifications-templates.webp
+++ b/docs/docs/administration/img/user-notifications-templates.webp
--- a/docs/docs/administration/img/user-quota-size.png
+++ b/docs/docs/administration/img/user-quota-size.png
--- a/docs/docs/administration/img/user-quota-size.webp
+++ b/docs/docs/administration/img/user-quota-size.webp
--- a/docs/docs/administration/img/user-storage-label.png
+++ b/docs/docs/administration/img/user-storage-label.png
--- a/docs/docs/administration/img/user-storage-label.webp
+++ b/docs/docs/administration/img/user-storage-label.webp
--- a/docs/docs/administration/jobs-workers.md
+++ b/docs/docs/administration/jobs-workers.md
@@ -22,7 +22,7 @@ Copy the entire `immich-server` block as a new service and make the following ch
 -   container_name: immich_server
 ...
 -   ports:
-     - 2283:2283
+-     - 2283:3001
 + immich-microservices:
 +   container_name: immich_microservices
 ```
@@ -48,4 +48,8 @@ When a new asset is uploaded it kicks off a series of jobs, which include metada
 Additionally, some jobs run on a schedule, which is every night at midnight. This schedule, with the exception of [External Libraries](/docs/features/libraries) scanning, cannot be changed.
-<img src={require('./img/admin-jobs.webp').default} width="60%" title="Admin jobs" />
+:::info
 Storage Migration job can be run after changing the [Storage Template](/docs/administration/storage-template.mdx), in order to apply the change to the existing library.
 :::
 <img src={require('./img/admin-jobs.png').default} width="80%" title="Admin jobs" />
--- a/docs/docs/administration/oauth.md
+++ b/docs/docs/administration/oauth.md
@@ -3,7 +3,7 @@
 This page contains details about using OAuth in Immich.
 :::tip
-Unable to set `app.immich:///oauth-callback` as a valid redirect URI? See [Mobile Redirect URI](#mobile-redirect-uri) for an alternative solution.
+Unable to set `app.immich:/` as a valid redirect URI? See [Mobile Redirect URI](#mobile-redirect-uri) for an alternative solution.
 :::
 ## Overview
@@ -11,7 +11,7 @@ Unable to set `app.immich:///oauth-callback` as a valid redirect URI? See [Mobil
 Immich supports 3rd party authentication via [OpenID Connect][oidc] (OIDC), an identity layer built on top of OAuth2. OIDC is supported by most identity providers, including:
 - [Authentik](https://goauthentik.io/integrations/sources/oauth/#openid-connect)
- [Authelia](https://www.authelia.com/integration/openid-connect/immich/)
+- [Authelia](https://www.authelia.com/configuration/identity-providers/openid-connect/clients/)
 - [Okta](https://www.okta.com/openid-connect/)
 - [Google](https://developers.google.com/identity/openid-connect/openid-connect)
@@ -30,7 +30,7 @@ Before enabling OAuth in Immich, a new client application needs to be configured
   The **Sign-in redirect URIs** should include:
-   - `app.immich:///oauth-callback` - for logging in with OAuth from the [Mobile App](/docs/features/mobile-app.mdx)
+   - `app.immich:/` - for logging in with OAuth from the [Mobile App](/docs/features/mobile-app.mdx)
   - `http://DOMAIN:PORT/auth/login` - for logging in with OAuth from the Web Client
   - `http://DOMAIN:PORT/user-settings` - for manually linking OAuth in the Web Client
@@ -38,7 +38,7 @@ Before enabling OAuth in Immich, a new client application needs to be configured
   Mobile
-   - `app.immich:///oauth-callback` (You **MUST** include this for iOS and Android mobile apps to work properly)
+   - `app.immich:/` (You **MUST** include this for iOS and Android mobile apps to work properly)
   Localhost
@@ -96,16 +96,16 @@ When Auto Launch is enabled, the login page will automatically redirect the user
 ## Mobile Redirect URI
-The redirect URI for the mobile app is `app.immich:///oauth-callback`, which is a [Custom Scheme](https://developer.apple.com/documentation/xcode/defining-a-custom-url-scheme-for-your-app). If this custom scheme is an invalid redirect URI for your OAuth Provider, you can work around this by doing the following:
+The redirect URI for the mobile app is `app.immich:/`, which is a [Custom Scheme](https://developer.apple.com/documentation/xcode/defining-a-custom-url-scheme-for-your-app). If this custom scheme is an invalid redirect URI for your OAuth Provider, you can work around this by doing the following:
-1. Configure an http(s) endpoint to forwards requests to `app.immich:///oauth-callback`
+1. Configure an http(s) endpoint to forwards requests to `app.immich:/`
 2. Whitelist the new endpoint as a valid redirect URI with your provider.
 3. Specify the new endpoint as the `Mobile Redirect URI Override`, in the OAuth settings.
 With these steps in place, you should be able to use OAuth from the [Mobile App](/docs/features/mobile-app.mdx) without a custom scheme redirect URI.
 :::info
-Immich has a route (`/api/oauth/mobile-redirect`) that is already configured to forward requests to `app.immich:///oauth-callback`, and can be used for step 1.
+Immich has a route (`/api/oauth/mobile-redirect`) that is already configured to forward requests to `app.immich:/`, and can be used for step 1.
 :::
 ## Example Configuration
@@ -155,8 +155,8 @@ Configuration of Authorised redirect URIs (Google Console)
 Configuration of OAuth in Immich System Settings
 | Setting                      | Value                                                                                                  |
-| ---------------------------- | ---------------------------------------------------------------------------- |
+| ---------------------------- | ------------------------------------------------------------------------------------------------------ |
-| Issuer URL                   | `https://accounts.google.com`                                                |
+| Issuer URL                   | [https://accounts.google.com](https://accounts.google.com)                                             |
 | Client ID                    | 7\***\*\*\*\*\*\*\***\*\*\***\*\*\*\*\*\*\***vuls.apps.googleusercontent.com                           |
 | Client Secret                | G\***\*\*\*\*\*\*\***\*\*\***\*\*\*\*\*\*\***OO                                                        |
 | Scope                        | openid email profile                                                                                   |
@@ -168,7 +168,7 @@ Configuration of OAuth in Immich System Settings
 | Auto Register                | Enabled (optional)                                                                                     |
 | Auto Launch                  | Enabled                                                                                                |
 | Mobile Redirect URI Override | Enabled (required)                                                                                     |
-| Mobile Redirect URI          | `https://example.immich.app/api/oauth/mobile-redirect`                       |
+| Mobile Redirect URI          | [https://demo.immich.app/api/oauth/mobile-redirect](https://demo.immich.app/api/oauth/mobile-redirect) |
 </details>
--- a/docs/docs/administration/postgres-standalone.md
+++ b/docs/docs/administration/postgres-standalone.md
@@ -13,9 +13,9 @@ Running with a pre-existing Postgres server can unlock powerful administrative f
 You must install pgvecto.rs into your instance of Postgres using their [instructions][vectors-install]. After installation, add `shared_preload_libraries = 'vectors.so'` to your `postgresql.conf`. If you already have some `shared_preload_libraries` set, you can separate each extension with a comma. For example, `shared_preload_libraries = 'pg_stat_statements, vectors.so'`.
 :::note
-Immich is known to work with Postgres versions 14, 15, and 16. Earlier versions are unsupported. Postgres 17 is nominally compatible, but pgvecto.rs does not have prebuilt images or packages for it as of writing.
+Immich is known to work with Postgres versions 14, 15, and 16. Earlier versions are unsupported.
-Make sure the installed version of pgvecto.rs is compatible with your version of Immich. The current accepted range for pgvecto.rs is `>= 0.2.0, < 0.4.0`.
+Make sure the installed version of pgvecto.rs is compatible with your version of Immich. For example, if your Immich version uses the dedicated database image `tensorchord/pgvecto-rs:pg14-v0.2.1`, you must install pgvecto.rs `>= 0.2.1, < 0.3.0`.
 :::
 ## Specifying the connection URL
@@ -42,10 +42,6 @@ Typically Immich expects superuser permission in the database, which you can gra
 This method is recommended for **advanced users only** and often requires manual intervention when updating Immich.
 :::
 :::danger
 Currently, automated backups require superuser permission due to the usage of `pg_dumpall`.
 :::
 Immich can run without superuser permissions by following the below instructions at the `psql` prompt to prepare the database.
 ```sql title="Set up Postgres for Immich"
--- a/docs/docs/administration/repair-page.md
+++ b/docs/docs/administration/repair-page.md
@@ -0,0 +1,27 @@
 # Repair Page
 The repair page is designed to give information to the system administrator about files that are not tracked, or offline paths.
 ## Natural State
 In this situation, everything is in its place and there is no problem that the system administrator should be aware of.
 <img src={require('./img/repair-page.png').default} title="server statistic" />
 ## Any Other Situation
 :::note RAM Usage
 Several users report a situation where the page fails to load. In order to solve this problem you should try to allocate more RAM to Immich, if the problem continues, you should stop using the reverse proxy while loading the page.
 :::
 In any other situation, there are 3 different options that can appear:
 - MATCHES - These files are matched by their checksums.
 - OFFLINE PATHS - These files are the result of manually deleting files from immich or a failed file move in the past (losing track of a file).
 - UNTRACKED FILES - These files are not tracked by the application. They can be the result of failed moves, interrupted uploads, or left behind due to a bug.
 In addition, you can download the information from a page, mark everything (in order to check hashing) and correct the problem if a match is found in the hashing.
 <img src={require('./img/repair-page-1.png').default} title="server statistic" />
--- a/docs/docs/administration/reverse-proxy.md
+++ b/docs/docs/administration/reverse-proxy.md
@@ -6,10 +6,6 @@ Users can deploy a custom reverse proxy that forwards requests to Immich. This w
 The Repair page can take a long time to load. To avoid server timeouts or errors, we recommend specifying a timeout of at least 10 minutes on your proxy server.
 :::
 :::caution
 Immich does not support being served on a sub-path such as `location /immich {`. It has to be served on the root path of a (sub)domain.
 :::
 ### Nginx example config
 Below is an example config for nginx. Make sure to set `public_url` to the front-facing URL of your instance, and `backend_url` to the path of the Immich server.
@@ -44,26 +40,6 @@ server {
 }
 ```
 #### Compatibility with Let's Encrypt
 In the event that your nginx configuration includes a section for Let's Encrypt, it's likely that you have a segment similar to the following:
 ```nginx
 location ~ /.well-known {
    ...
 }
 ```
 This particular `location` directive can inadvertently prevent mobile clients from reaching the `/.well-known/immich` path, which is crucial for discovery. Usual error message for this case is: "Your app major version is not compatible with the server". To remedy this, you should introduce an additional location block specifically for this path, ensuring that requests are correctly proxied to the Immich server:
 ```nginx
 location = /.well-known/immich {
    proxy_pass http://<backend_url>:2283;
 }
 ```
 By doing so, you'll maintain the functionality of Let's Encrypt while allowing mobile clients to access the necessary Immich path without obstruction.
 ### Caddy example config
 As an alternative to nginx, you can also use [Caddy](https://caddyserver.com/) as a reverse proxy (with automatic HTTPS configuration). Below is an example config.
@@ -88,43 +64,3 @@ Below is an example config for Apache2 site configuration.
   ProxyPreserveHost On
 </VirtualHost>
 ```
 ### Traefik Proxy example config
 The example below is for Traefik version 3.
 The most important is to increase the `respondingTimeouts` of the entrypoint used by immich. In this example of entrypoint `websecure` for port `443`. Per default it's set to 60s which leeds to videos stop uploading after 1 minute (Error Code 499). With this config it will fail after 10 minutes which is in most cases enough. Increase it if needed.
 `traefik.yaml`
 ```yaml
 [...]
 entryPoints:
  websecure:
    address: :443
    # this section needs to be added
    transport:
      respondingTimeouts:
        readTimeout: 600s
        idleTimeout: 600s
        writeTimeout: 600s
 ```
 The second part is in the `docker-compose.yml` file where immich is in. Add the Traefik specific labels like in the example.
 `docker-compose.yml`
 ```yaml
 services:
  immich-server:
    [...]
    labels:
      traefik.enable: true
      # increase readingTimeouts for the entrypoint used here
      traefik.http.routers.immich.entrypoints: websecure
      traefik.http.routers.immich.rule: Host(`immich.your-domain.com`)
      traefik.http.services.immich.loadbalancer.server.port: 2283
 ```
 Keep in mind, that Traefik needs to communicate with the network where immich is in, usually done
 by adding the Traefik network to the `immich-server`.
--- a/docs/docs/administration/server-stats.md
+++ b/docs/docs/administration/server-stats.md
@@ -1,9 +1,13 @@
 # Server Stats
-Server statistics to show the total number of videos, photos, usage and quota per user.
+Server statistics to show the total number of videos, photos, and usage per user.
-:::info External library
+:::info
-External libraries are not included in the storage quota due to custom mount points.
+If a storage quota has been defined for the user, the usage number will be displayed as a percentage of the total storage quota allocated to them.
 :::
-<img src={require('./img/server-stats.webp').default} title="server statistic" />
+:::info External library
 External library is not included in the storage quota.
 :::
 <img src={require('./img/server-stats.png').default} title="server statistic" />
--- a/docs/docs/administration/system-integrity.md
+++ b/docs/docs/administration/system-integrity.md
@@ -1,49 +0,0 @@
 # System Integrity
 ## Folder checks
 :::info
 The folders considered for these checks include: `upload/`, `library/`, `thumbs/`, `encoded-video/`, `profile/`, `backups/`
 :::
 When Immich starts, it performs a series of checks in order to validate that it can read and write files to the volume mounts used by the storage system. If it cannot perform all the required operations, it will fail to start. The checks include:
 - Creating an initial hidden file (`.immich`) in each folder
 - Reading a hidden file (`.immich`) in each folder
 - Overwriting a hidden file (`.immich`) in each folder
 The checks are designed to catch the following situations:
 - Incorrect permissions (cannot read/write files)
 - Missing volume mount (`.immich` files should exist, but are missing)
 ### Common issues
 :::note
 `.immich` files serve as markers and help keep track of volume mounts being used by Immich. Except for the situations listed below, they should never be manually created or deleted.
 :::
 #### Missing `.immich` files
 ```
 Verifying system mount folder checks (enabled=true)
 ...
 ENOENT: no such file or directory, open 'upload/encoded-video/.immich'
 ```
 The above error messages show that the server has previously (successfully) written `.immich` files to each folder, but now does not detect them. This could be because any of the following:
 - Permission error - unable to read the file, but it exists
 - File does not exist - volume mount has changed and should be corrected
 - File does not exist - user manually deleted it and should be manually re-created (`touch .immich`)
 - File does not exist - user restored from a backup, but did not restore each folder (user should restore all folders or manually create `.immich` in any missing folders)
 ### Ignoring the checks
 :::warning
 The checks are designed to catch common problems that we have seen users have in the past, and often indicate there's something wrong that you should solve. If you know what you're doing and you want to disable them you can set the following environment variable:
 :::
 ```
 IMMICH_IGNORE_MOUNT_CHECK_ERRORS=true
 ```
--- a/docs/docs/administration/system-settings.md
+++ b/docs/docs/administration/system-settings.md
@@ -1,6 +1,10 @@
 # System Settings
-The admin user can manage settings for the Immich instance here.
+On the system settings page, the administrator can manage global settings for the Immich instance.
 :::note
 Viewing and modifying the system settings is restricted to the Administrator.
 :::
 :::tip
 You can always return to the default settings by clicking the `Reset to default` button.
@@ -100,7 +104,8 @@ You can choose to disable a certain type of machine learning, for example smart
 ### Smart Search
-The [smart search](/docs/features/searching) settings allow you to change the [CLIP model](https://openai.com/research/clip). Larger models will typically provide [more accurate search results](https://github.com/immich-app/immich/discussions/11862) but consume more processing power and RAM. When [changing the CLIP model](/docs/FAQ#can-i-use-a-custom-clip-model) it is mandatory to re-run the Smart Search job on all images to fully apply the change.
+The smart search settings are designed to allow the search tool to be used using [CLIP](https://openai.com/research/clip) models that [can be changed](/docs/FAQ#can-i-use-a-custom-clip-model), different models will necessarily give better results but may consume more processing power, when changing a model it is mandatory to re-run the
 Smart Search job on all images to fully apply the change.
 :::info Internet connection
 Changing models requires a connection to the Internet to download the model.
@@ -108,23 +113,15 @@ After downloading, there is no need for Immich to connect to the network
 Unless version checking has been enabled in the settings.
 :::
 ### Duplicate Detection
 Use CLIP embeddings to find likely duplicates. The maximum detection distance can be configured in order to improve / reduce the level of accuracy.
 - **Maximum detection distance -** Maximum distance between two images to consider them duplicates, ranging from 0.001-0.1. Higher values will detect more duplicates, but may result in false positives.
 ### Facial Recognition
 Under these settings, you can change the facial recognition settings
 Editable settings:
- **Facial Recognition Model**
+- **Facial Recognition Model -** Models are listed in descending order of size. Larger models are slower and use more memory, but produce better results. Note that you must re-run the Face Detection job for all images upon changing a model.
- **Min Detection Score**
+- **Min Detection Score -** Minimum confidence score for a face to be detected from 0-1. Lower values will detect more faces but may result in false positives.
- **Max Recognition Distance**
+- **Max Recognition Distance -** Maximum distance between two faces to be considered the same person, ranging from 0-2. Lowering this can prevent labeling two people as the same person, while raising it can prevent labeling the same person as two different people. Note that it is easier to merge two people than to split one person in two, so err on the side of a lower threshold when possible.
- **Min Recognized Faces**
+- **Min Recognized Faces -** The minimum number of recognized faces for a person to be created (AKA: Core face). Increasing this makes Facial Recognition more precise at the cost of increasing the chance that a face is not assigned to a person.
 You can learn more about these options on the [Facial Recognition page](/docs/features/facial-recognition#how-face-detection-works)
 :::info
 When changing the values in Min Detection Score, Max Recognition Distance, and Min Recognized Faces.
@@ -152,15 +149,11 @@ Immich supports [Reverse Geocoding](/docs/features/reverse-geocoding) using data
 SMTP server setup, for user creation notifications, new albums, etc. More information can be found [here](/docs/administration/email-notification)
 ## Notification Templates
 Override the default notifications text with notification templates. More information can be found [here](/docs/administration/email-notification)
 ## Server Settings
 ### External Domain
-Overrides the domain name in shared links and email notifications. The URL should not include a trailing slash.
+When set, will override the domain name used when viewing and copying a shared link.
 ### Welcome Message
@@ -204,68 +197,4 @@ When this option is enabled the `immich-server` will periodically make requests
 ## Video Transcoding Settings
-The system administrator can configure which video files will be converted to different formats. The settings can be changed in depth, to learn more about the terminology used here, refer to FFmpeg documentation for [H.264](https://trac.ffmpeg.org/wiki/Encode/H.264) codec, [HEVC](https://trac.ffmpeg.org/wiki/Encode/H.265) codec and [VP9](https://trac.ffmpeg.org/wiki/Encode/VP9) codec.
+The system administrator can define parameters according to which video files will be converted to different formats (depending on the settings). The settings can be changed in depth, to learn more about the terminology used here, refer to FFmpeg documentation for [H.264](https://trac.ffmpeg.org/wiki/Encode/H.264) codec, [HEVC](https://trac.ffmpeg.org/wiki/Encode/H.265) codec and [VP9](https://trac.ffmpeg.org/wiki/Encode/VP9) codec.
 Which streams of a video file will be transcoded is determined by the [Transcode Policy](#ffmpeg.transcode). Streams that are transcoded use the following settings (config file name in brackets). Streams that are not transcoded are untouched and preserve their original settings.
 ### Accepted containers (`ffmpeg.acceptedContainers`) {#ffmpeg.acceptedContainers}
 If the video asset's container format is not in this list, it will be remuxed to MP4 even if no streams need to be transcoded.
 The default set of accepted container formats is `mov`, `ogg` and `webm`.
 ### Preset (`ffmpeg.preset`) {#ffmpeg.preset}
 The amount of "compute effort" to put into transcoding. These use [the preset names from h264](https://trac.ffmpeg.org/wiki/Encode/H.264#Preset) and will be converted to appropriate values for encoders that configure effort in different ways.
 The default value is `ultrafast`.
 ### Audio codec (`ffmpeg.targetAudioCodec`) {#ffmpeg.targetAudioCodec}
 Which audio codec to use when the audio stream is being transcoded. Can be one of `mp3`, `aac`, `libopus`.
 The default value is `aac`.
 ### Video Codec (`ffmpeg.targetVideoCodec`) {#ffmpeg.targetVideoCodec}
 Which video codec to use when the video stream is being transcoded. Can be one of `h264`, `hevc`, `vp9` or `av1`.
 The default value is `h264`.
 ### Target resolution (`ffmpeg.targetResolution`) {#ffmpeg.targetResolution}
 When transcoding a video stream, downscale the largest dimension to this value while preserving aspect ratio. Videos are never upscaled.
 The default value is `720`.
 ### Transcode policy (`ffmpeg.transcode`) {#ffmpeg.transcode}
 The transcoding policy configures which streams of a video asset will be transcoded. The transcoding decision is made independently for video streams and audio streams. This means that if a video stream needs to be transcoded, but an audio stream does not, then the video stream will be transcoded while the audio stream will be copied. If the transcoding policy does not require any stream to be transcoded and does not require the video to be remuxed, then no separate video file will be created.
 The default policy is `required`.
 #### All videos (`all`) {#ffmpeg.transcode-all}
 Videos are always transcoded. This ensures consistency during video playback.
 #### Don't transcode any videos (`disabled`) {#ffmpeg.transcode-disabled}
 Videos are never transcoded. This saves space and resources on the server, but may prevent playback on devices that don't support the source format (especially web browsers) or result in high bandwidth usage when playing high-bitrate files.
 #### Only videos not in an accepted format (`required`) {#ffmpeg.transcode-required}
 Video streams are transcoded when any of the following conditions are met:
 - The video is HDR.
 - The video is not in the yuv420p pixel format.
 - The video codec is not in `acceptedVideoCodecs`.
 Audio is transcoded if the audio codec is not in `acceptedAudioCodecs`.
 #### Videos higher than max bitrate or not in an accepted format (`bitrate`) {#ffmpeg.transcode-bitrate}
 In addition to the conditions in `required`, video streams are also transcoded if their bitrate is over `maxBitrate`.
 #### Videos higher than target resolution or not in an accepted format (`optimal`) {#ffmpeg.transcode-optimal}
 In addition to the conditions in `required`, video streams are also transcoded if the horizontal **and** vertical dimensions are higher than [`targetResolution`](#ffmpeg.targetResolution).
--- a/docs/docs/administration/user-management.mdx
+++ b/docs/docs/administration/user-management.mdx
@@ -41,7 +41,7 @@ The system administrator can see the usage quota percentage of all users in Serv
 External libraries don't take up space from the storage quota.
 :::
-<img src={require('./img/user-quota-size.webp').default} width="40%" title="Set Quota Size" />
+<img src={require('./img/user-quota-size.png').default} width="40%" title="Set Quota Size" />
 ## Set Storage Label For User
@@ -51,13 +51,13 @@ To apply a storage template, go to the Administration page -> click on the penci
 To apply the Storage Label to previously uploaded assets, run the Storage Migration Job.
 :::
-<img src={require('./img/user-storage-label.webp').default} width="40%" title="Delete User" />
+<img src={require('./img/user-storage-label.png').default} width="40%" title="Delete User" />
 ## Password Reset
 To reset a user's password, click the pencil icon to edit a user, then click "Reset Password". The user's password will be reset to random password and they have to change it next time the sign in.
-<img src={require('./img/user-management-update.webp').default} width="40%" title="Reset Password" />
+<img src={require('./img/user-management-update.png').default} width="40%" title="Reset Password" />
 ## Delete a User
@@ -72,7 +72,7 @@ You can customize the time of the deletion of the users from the Administration
 The user deletion job runs at midnight to check for users that are ready for deletion. Changes to this setting will be evaluated at the next execution.
 :::
-<img src={require('./img/customize-delete-user.webp').default} width="80%" title="Customize Delete User" />
+<img src={require('./img/customize-delete-user.png').default} width="80%" title="Customize Delete User" />
 ### Immediately Remove User
@@ -80,4 +80,4 @@ You can choose to delete a user immediately by checking the box
 `Queue user and assets for immediate deletion` in the deletion process, this will immediately remove the user and all assets.
 This cannot be undone and the files cannot be recovered.
-<img src={require('./img/immediately-remove-user.webp').default} width="40%" title="Customize Delete User" />
+<img src={require('./img/immediately-remove-user.png').default} width="40%" title="Customize Delete User" />
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Zack Pollard	675c64a22f	wip: fix the mess that is the mobile database	2024-07-30 00:12:43 +01:00
Zack Pollard	d3aacbe74b	refactor: authentication provider always try network calls and only fail if 401 or no local user	2024-07-29 19:02:04 +01:00
Zack Pollard	41aefffe09	chore: bump flutter sdk path for vscode	2024-07-29 19:01:09 +01:00
Alex	090762f9dd	fix(mobile): refactor splash screen to not require online connection	2024-07-29 10:52:53 -05:00
		`@@ -1,2 +0,0 @@`
			`ARG BASEIMAGE=mcr.microsoft.com/devcontainers/typescript-node:22@sha256:9791f4aa527774bc370c6bd2f6705ce5a686f1e6f204badd8dfaacce28c631ae`
			`FROM ${BASEIMAGE}`