I’m trying to de-Google, or at least have proper backups for Google services. I’ve been doing Takeout for a number of years now which is fine, but I’d like for example my photos to be available. Enter immich, the self-hosted workalike.

Ideally I’d like to have this running on my home firewall because I have physical control and runs the OS and stack that I like which is FreeBSD. But:

• that wouldn’t be a good backup strategy, because it’d be at home where the Google Takeout archives live too.
• my home uplink is mediocre at best at what it’s meant to do (download stuff) and definitely not up to serving photo and video libraries to family.
• my firewall doesn’t have a ton of memory, or CPU, or disk. I could address that but haven’t.
• there’s no FreeBSD port of immich, and getting it going from source runs into inscrutable (to me) errors from node or npm or whatever. I got it limping along but it wasn’t good.
• I can’t really run a linux vm on it under the bhyve hypervisor because, again, it doesn’t have the resources to spare.

So that ideal situation doesn’t really work. What I’d need is a box under my control that I can install immich on using the recommended installation method (with docker compose) that has a bunch of disk space, enough memory to run things, enough bandwidth to serve things to family. So, a VPS of some sort.

After some browsing around I came across interserver.net which offers what they call a “storage VPS”. For $3 a month you get one (slice of a) xeon gold 6150, 2GB of memory and 1TB of disk space. That disk space is presented as a normal block device but is, supposedly, a slice of data on some array of harddisks. It’s spinning rust, which is what makes it so cheap. 2GB of memory is a bit tight and the immich documentation recommends 8GB, but I figured I’d try and if it didn’t work I’d cancel and be out $3.

So the plan then became:

• select stock Debian for it and get control. set up ssh keys and all that.
• set up a wireguard tunnel to my normal VPS that, among other things, runs haproxy so I can have that proxy for immich and do TLS and such.
• firewall everything else away. ssh and wireguard (from the specific endpoint) is all it’ll do network wise. btw I much prefer pf(4) to nftables.
• install docker and get immich going
• add some extra swap space so it doesn’t run out of memory halfway through uploading my photo library. swapping isn’t nice and swapping to harddisks is even less nice but it works and it doesn’t really matter if the initial import of my library takes days or even a few weeks.
• use immich-go to import a google takeout. this will take days because I only get 20Mbps up but that’s fine.
• once that’s done, carefully start jobs on the immich side. metadata extraction, facial recognition, that sort of thing. this will also take days, possibly a week, because I have 70000 pictures and 4000 videos.
• after that initial import is done it’ll be a much smaller drip of updates

One tidbit I learned about Google Takeout that I hadn’t noticed before is that the size of the Google Photos folder on disk is deceptive because it’ll have duplicates. If you have a photo and you add it to album A and to album B the takeout will have that photo three times. Immich (or immich-go, not sure which) will deduplicate so the size of what this actually ended up using was about half that of the folder in my Google Takeout. So I ended up storing other backups on it too. GPG encrypted because while I do trust these people with family photos I don’t trust them with email archives, password vaults and things like that.

During the import and particularly during the subsequent running of the organizing jobs the 2GB of memory was too little and it did run into swap, but not nearly as much as I feared. It worked fine. It swapped a bit now and then but nothing major.

So now I have a $3/month backup Google Photos workalike with plenty of room to spare. It works.