queue assets without detected faces

revert image size change
use original image for ml
2025-05-14 20:36:32 -04:00 · 2025-05-13 23:45:59 -04:00 · 2025-05-13 23:41:57 -04:00 · 2025-05-13 13:20:41 -04:00 · 2025-05-13 12:56:03 -04:00 · 2025-05-13 12:48:38 -04:00
927 changed files with 60440 additions and 56232 deletions
--- a/.devcontainer/Dockerfile
+++ b/.devcontainer/Dockerfile
@@ -1,4 +1,4 @@
-ARG BASEIMAGE=mcr.microsoft.com/devcontainers/typescript-node:22@sha256:b0b88ef6a5abf21194343d2c5b2829dddd9be1142f65f6a5e4390a51d5a70dd8
+ARG BASEIMAGE=mcr.microsoft.com/devcontainers/typescript-node:22@sha256:a20b8a3538313487ac9266875bbf733e544c1aa2091df2bb99ab592a6d4f7399
 FROM ${BASEIMAGE}
 # Flutter SDK
--- a/.github/actions/image-build/action.yml
+++ b/.github/actions/image-build/action.yml
@@ -0,0 +1,118 @@
 name: 'Single arch image build'
 description: 'Build single-arch image on platform appropriate runner'
 inputs:
  image:
    description: 'Name of the image to build'
    required: true
  ghcr-token:
    description: 'GitHub Container Registry token'
    required: true
  platform:
    description: 'Platform to build for'
    required: true
  artifact-key-base:
    description: 'Base key for artifact name'
    required: true
  context:
    description: 'Path to build context'
    required: true
  dockerfile:
    description: 'Path to Dockerfile'
    required: true
  build-args:
    description: 'Docker build arguments'
    required: false
 runs:
  using: 'composite'
  steps:
    - name: Prepare
      id: prepare
      shell: bash
      env:
        PLATFORM: ${{ inputs.platform }}
      run: |
        echo "platform-pair=${PLATFORM//\//-}" >> $GITHUB_OUTPUT
    - name: Set up Docker Buildx
      uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0
    - name: Login to GitHub Container Registry
      uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3
      if: ${{ !github.event.pull_request.head.repo.fork }}
      with:
        registry: ghcr.io
        username: ${{ github.repository_owner }}
        password: ${{ inputs.ghcr-token }}
    - name: Generate cache key suffix
      id: cache-key-suffix
      shell: bash
      env:
        REF: ${{ github.ref_name }}
      run: |
        if [[ "${{ github.event_name }}" == "pull_request" ]]; then
          echo "cache-key-suffix=pr-${{ github.event.number }}" >> $GITHUB_OUTPUT
        else
          SUFFIX=$(echo "${REF}" | sed 's/[^a-zA-Z0-9]/-/g')
          echo "suffix=${SUFFIX}" >> $GITHUB_OUTPUT
        fi
    - name: Generate cache target
      id: cache-target
      shell: bash
      env:
        BUILD_ARGS: ${{ inputs.build-args }}
        IMAGE: ${{ inputs.image }}
        SUFFIX: ${{ steps.cache-key-suffix.outputs.suffix }}
        PLATFORM_PAIR: ${{ steps.prepare.outputs.platform-pair }}
      run: |
        HASH=$(sha256sum <<< "${BUILD_ARGS}" | cut -d' ' -f1)
        CACHE_KEY="${PLATFORM_PAIR}-${HASH}"
        echo "cache-key-base=${CACHE_KEY}" >> $GITHUB_OUTPUT
        if [[ "${{ github.event.pull_request.head.repo.fork }}" == "true" ]]; then
          # Essentially just ignore the cache output (forks can't write to registry cache)
          echo "cache-to=type=local,dest=/tmp/discard,ignore-error=true" >> $GITHUB_OUTPUT
        else
          echo "cache-to=type=registry,ref=${IMAGE}-build-cache:${CACHE_KEY}-${SUFFIX},mode=max,compression=zstd" >> $GITHUB_OUTPUT
        fi
    - name: Generate docker image tags
      id: meta
      uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5
      env:
        DOCKER_METADATA_PR_HEAD_SHA: 'true'
    - name: Build and push image
      id: build
      uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6.15.0
      with:
        context: ${{ inputs.context }}
        file: ${{ inputs.dockerfile }}
        platforms: ${{ inputs.platform }}
        labels: ${{ steps.meta.outputs.labels }}
        cache-to: ${{ steps.cache-target.outputs.cache-to }}
        cache-from: |
          type=registry,ref=${{ inputs.image }}-build-cache:${{ steps.cache-target.outputs.cache-key-base }}-${{ steps.cache-key-suffix.outputs.suffix }}
          type=registry,ref=${{ inputs.image }}-build-cache:${{ steps.cache-target.outputs.cache-key-base }}-main
        outputs: type=image,"name=${{ inputs.image }}",push-by-digest=true,name-canonical=true,push=${{ !github.event.pull_request.head.repo.fork }}
        build-args: |
          BUILD_ID=${{ github.run_id }}
          BUILD_IMAGE=${{ github.event_name == 'release' && github.ref_name || steps.meta.outputs.tags }}
          BUILD_SOURCE_REF=${{ github.ref_name }}
          BUILD_SOURCE_COMMIT=${{ github.sha }}
          ${{ inputs.build-args }}
    - name: Export digest
      shell: bash
      run: | # zizmor: ignore[template-injection]
        mkdir -p ${{ runner.temp }}/digests
        digest="${{ steps.build.outputs.digest }}"
        touch "${{ runner.temp }}/digests/${digest#sha256:}"
    - name: Upload digest
      uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4
      with:
        name: ${{ inputs.artifact-key-base }}-${{ steps.cache-target.outputs.cache-key-base }}
        path: ${{ runner.temp }}/digests/*
        if-no-files-found: error
        retention-days: 1
--- a/.github/workflows/build-mobile.yml
+++ b/.github/workflows/build-mobile.yml
@@ -7,6 +7,15 @@ on:
      ref:
        required: false
        type: string
    secrets:
      KEY_JKS:
        required: true
      ALIAS:
        required: true
      ANDROID_KEY_PASSWORD:
        required: true
      ANDROID_STORE_PASSWORD:
        required: true
  pull_request:
  push:
    branches: [main]
@@ -15,14 +24,21 @@ concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true
 permissions: {}
 jobs:
  pre-job:
    runs-on: ubuntu-latest
    permissions:
      contents: read
    outputs:
      should_run: ${{ steps.found_paths.outputs.mobile == 'true' || steps.should_force.outputs.should_force == 'true' }}
    steps:
      - name: Checkout code
        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
        with:
          persist-credentials: false
      - id: found_paths
        uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3
        with:
@@ -38,24 +54,19 @@ jobs:
  build-sign-android:
    name: Build and sign Android
    needs: pre-job
    permissions:
      contents: read
    # Skip when PR from a fork
    if: ${{ !github.event.pull_request.head.repo.fork && github.actor != 'dependabot[bot]' && needs.pre-job.outputs.should_run == 'true' }}
    runs-on: macos-14
    steps:
      - name: Determine ref
        id: get-ref
        run: |
          input_ref="${{ inputs.ref }}"
          github_ref="${{ github.sha }}"
          ref="${input_ref:-$github_ref}"
          echo "ref=$ref" >> $GITHUB_OUTPUT
      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
        with:
-          ref: ${{ steps.get-ref.outputs.ref }}
+          ref: ${{ inputs.ref || github.sha }}
          persist-credentials: false
-      - uses: actions/setup-java@3a4f6e1af504cf6a31855fa899c6aa5355ba6c12 # v4
+      - uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4
        with:
          distribution: 'zulu'
          java-version: '17'
@@ -78,6 +89,10 @@ jobs:
        working-directory: ./mobile
        run: flutter pub get
      - name: Generate translation file
        run: make translation
        working-directory: ./mobile
      - name: Build Android App Bundle
        working-directory: ./mobile
        env:
--- a/.github/workflows/cache-cleanup.yml
+++ b/.github/workflows/cache-cleanup.yml
@@ -8,31 +8,38 @@ concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true
 permissions: {}
 jobs:
  cleanup:
    name: Cleanup
    runs-on: ubuntu-latest
    permissions:
      contents: read
      actions: write
    steps:
      - name: Check out code
        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
        with:
          persist-credentials: false
      - name: Cleanup
        env:
          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          REF: ${{ github.ref }}
        run: |
          gh extension install actions/gh-actions-cache
          REPO=${{ github.repository }}
          BRANCH=${{ github.ref }}
          echo "Fetching list of cache keys"
-          cacheKeysForPR=$(gh actions-cache list -R $REPO -B $BRANCH -L 100 | cut -f 1 )
+          cacheKeysForPR=$(gh actions-cache list -R $REPO -B ${REF} -L 100 | cut -f 1 )
          ## Setting this to not fail the workflow while deleting cache keys.
          set +e
          echo "Deleting caches..."
          for cacheKey in $cacheKeysForPR
          do
-              gh actions-cache delete $cacheKey -R $REPO -B $BRANCH --confirm
+              gh actions-cache delete $cacheKey -R "$REPO" -B "${REF}" --confirm
          done
          echo "Done"
        env:
          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
--- a/.github/workflows/cli.yml
+++ b/.github/workflows/cli.yml
@@ -16,21 +16,25 @@ concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true
-permissions:
+permissions: {}
  packages: write
 jobs:
  publish:
    name: CLI Publish
    runs-on: ubuntu-latest
    permissions:
      contents: read
    defaults:
      run:
        working-directory: ./cli
    steps:
      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
        with:
          persist-credentials: false
      # Setup .npmrc file to publish to npm
-      - uses: actions/setup-node@cdca7365b2dadb8aad0a33bc7601856ffabcc48e # v4
+      - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4
        with:
          node-version-file: './cli/.nvmrc'
          registry-url: 'https://registry.npmjs.org'
@@ -48,11 +52,16 @@ jobs:
  docker:
    name: Docker
    runs-on: ubuntu-latest
    permissions:
      contents: read
      packages: write
    needs: publish
    steps:
      - name: Checkout
        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
        with:
          persist-credentials: false
      - name: Set up QEMU
        uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0
@@ -87,7 +96,7 @@ jobs:
            type=raw,value=latest,enable=${{ github.event_name == 'release' }}
      - name: Build and push image
-        uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6.15.0
+        uses: docker/build-push-action@14487ce63c7a62a4a324b0bfb37086795e31c6c1 # v6.16.0
        with:
          file: cli/Dockerfile
          platforms: linux/amd64,linux/arm64
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -24,6 +24,8 @@ concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true
 permissions: {}
 jobs:
  analyze:
    name: Analyze
@@ -43,10 +45,12 @@ jobs:
    steps:
      - name: Checkout repository
        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
        with:
          persist-credentials: false
      # Initializes the CodeQL tools for scanning.
      - name: Initialize CodeQL
-        uses: github/codeql-action/init@45775bd8235c68ba998cffa5171334d58593da47 # v3
+        uses: github/codeql-action/init@60168efe1c415ce0f5521ea06d5c2062adbeed1b # v3
        with:
          languages: ${{ matrix.language }}
          # If you wish to specify custom queries, you can do so here or in a config file.
@@ -59,7 +63,7 @@ jobs:
      # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
      # If this step fails, then you should remove it and run the build manually (see below)
      - name: Autobuild
-        uses: github/codeql-action/autobuild@45775bd8235c68ba998cffa5171334d58593da47 # v3
+        uses: github/codeql-action/autobuild@60168efe1c415ce0f5521ea06d5c2062adbeed1b # v3
      # ℹ️ Command-line programs to run using the OS shell.
      # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
@@ -72,6 +76,6 @@ jobs:
      #   ./location_of_script_within_repo/buildscript.sh
      - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@45775bd8235c68ba998cffa5171334d58593da47 # v3
+        uses: github/codeql-action/analyze@60168efe1c415ce0f5521ea06d5c2062adbeed1b # v3
        with:
          category: '/language:${{matrix.language}}'
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@@ -12,18 +12,21 @@ concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true
-permissions:
+permissions: {}
  packages: write
 jobs:
  pre-job:
    runs-on: ubuntu-latest
    permissions:
      contents: read
    outputs:
      should_run_server: ${{ steps.found_paths.outputs.server == 'true' || steps.should_force.outputs.should_force == 'true' }}
      should_run_ml: ${{ steps.found_paths.outputs.machine-learning == 'true' || steps.should_force.outputs.should_force == 'true' }}
    steps:
      - name: Checkout code
        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
        with:
          persist-credentials: false
      - id: found_paths
        uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3
        with:
@@ -37,6 +40,8 @@ jobs:
              - 'machine-learning/**'
            workflow:
              - '.github/workflows/docker.yml'
              - '.github/workflows/multi-runner-build.yml'
              - '.github/actions/image-build'
      - name: Check if we should force jobs to run
        id: should_force
@@ -45,6 +50,9 @@ jobs:
  retag_ml:
    name: Re-Tag ML
    needs: pre-job
    permissions:
      contents: read
      packages: write
    if: ${{ needs.pre-job.outputs.should_run_ml == 'false' && !github.event.pull_request.head.repo.fork }}
    runs-on: ubuntu-latest
    strategy:
@@ -58,18 +66,22 @@ jobs:
          username: ${{ github.repository_owner }}
          password: ${{ secrets.GITHUB_TOKEN }}
      - name: Re-tag image
        env:
          REGISTRY_NAME: 'ghcr.io'
          REPOSITORY: ${{ github.repository_owner }}/immich-machine-learning
          TAG_OLD: main${{ matrix.suffix }}
          TAG_PR: ${{ github.event.number == 0 && github.ref_name || format('pr-{0}', github.event.number) }}${{ matrix.suffix }}
          TAG_COMMIT: commit-${{ github.event_name != 'pull_request' && github.sha || github.event.pull_request.head.sha }}${{ matrix.suffix }}
        run: |
-          REGISTRY_NAME="ghcr.io"
+          docker buildx imagetools create -t "${REGISTRY_NAME}/${REPOSITORY}:${TAG_PR}" "${REGISTRY_NAME}/${REPOSITORY}:${TAG_OLD}"
-          REPOSITORY=${{ github.repository_owner }}/immich-machine-learning
+          docker buildx imagetools create -t "${REGISTRY_NAME}/${REPOSITORY}:${TAG_COMMIT}" "${REGISTRY_NAME}/${REPOSITORY}:${TAG_OLD}"
          TAG_OLD=main${{ matrix.suffix }}
          TAG_PR=${{ github.event.number == 0 && github.ref_name ||  format('pr-{0}', github.event.number)  }}${{ matrix.suffix }}
          TAG_COMMIT=commit-${{ github.event_name != 'pull_request' && github.sha || github.event.pull_request.head.sha }}${{ matrix.suffix }}
          docker buildx imagetools create -t $REGISTRY_NAME/$REPOSITORY:$TAG_PR $REGISTRY_NAME/$REPOSITORY:$TAG_OLD
          docker buildx imagetools create -t $REGISTRY_NAME/$REPOSITORY:$TAG_COMMIT $REGISTRY_NAME/$REPOSITORY:$TAG_OLD
  retag_server:
    name: Re-Tag Server
    needs: pre-job
    permissions:
      contents: read
      packages: write
    if: ${{ needs.pre-job.outputs.should_run_server == 'false' && !github.event.pull_request.head.repo.fork }}
    runs-on: ubuntu-latest
    strategy:
@@ -83,370 +95,85 @@ jobs:
          username: ${{ github.repository_owner }}
          password: ${{ secrets.GITHUB_TOKEN }}
      - name: Re-tag image
        env:
          REGISTRY_NAME: 'ghcr.io'
          REPOSITORY: ${{ github.repository_owner }}/immich-server
          TAG_OLD: main${{ matrix.suffix }}
          TAG_PR: ${{ github.event.number == 0 && github.ref_name || format('pr-{0}', github.event.number) }}${{ matrix.suffix }}
          TAG_COMMIT: commit-${{ github.event_name != 'pull_request' && github.sha || github.event.pull_request.head.sha }}${{ matrix.suffix }}
        run: |
-          REGISTRY_NAME="ghcr.io"
+          docker buildx imagetools create -t "${REGISTRY_NAME}/${REPOSITORY}:${TAG_PR}" "${REGISTRY_NAME}/${REPOSITORY}:${TAG_OLD}"
-          REPOSITORY=${{ github.repository_owner }}/immich-server
+          docker buildx imagetools create -t "${REGISTRY_NAME}/${REPOSITORY}:${TAG_COMMIT}" "${REGISTRY_NAME}/${REPOSITORY}:${TAG_OLD}"
          TAG_OLD=main${{ matrix.suffix }}
          TAG_PR=${{ github.event.number == 0 && github.ref_name ||  format('pr-{0}', github.event.number)  }}${{ matrix.suffix }}
          TAG_COMMIT=commit-${{ github.event_name != 'pull_request' && github.sha || github.event.pull_request.head.sha }}${{ matrix.suffix }}
          docker buildx imagetools create -t $REGISTRY_NAME/$REPOSITORY:$TAG_PR $REGISTRY_NAME/$REPOSITORY:$TAG_OLD
          docker buildx imagetools create -t $REGISTRY_NAME/$REPOSITORY:$TAG_COMMIT $REGISTRY_NAME/$REPOSITORY:$TAG_OLD
-  build_and_push_ml:
+  machine-learning:
    name: Build and Push ML
    needs: pre-job
    if: ${{ needs.pre-job.outputs.should_run_ml == 'true' }}
    runs-on: ${{ matrix.runner }}
    env:
      image: immich-machine-learning
      context: machine-learning
      file: machine-learning/Dockerfile
      GHCR_REPO: ghcr.io/${{ github.repository_owner }}/immich-machine-learning
    strategy:
      # Prevent a failure in one image from stopping the other builds
      fail-fast: false
      matrix:
        include:
          - platform: linux/amd64
            runner: ubuntu-latest
            device: cpu
          - platform: linux/arm64
            runner: ubuntu-24.04-arm
            device: cpu
          - platform: linux/amd64
            runner: ubuntu-latest
            device: cuda
            suffix: -cuda
          - platform: linux/amd64
            runner: mich
            device: rocm
            suffix: -rocm
          - platform: linux/amd64
            runner: ubuntu-latest
            device: openvino
            suffix: -openvino
          - platform: linux/arm64
            runner: ubuntu-24.04-arm
            device: armnn
            suffix: -armnn
          - platform: linux/arm64
            runner: ubuntu-24.04-arm
            device: rknn
            suffix: -rknn
    steps:
      - name: Prepare
        run: |
          platform=${{ matrix.platform }}
          echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV
      - name: Checkout
        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0
      - name: Login to GitHub Container Registry
        uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3
        if: ${{ !github.event.pull_request.head.repo.fork }}
        with:
          registry: ghcr.io
          username: ${{ github.repository_owner }}
          password: ${{ secrets.GITHUB_TOKEN }}
      - name: Generate cache key suffix
        run: |
          if [[ "${{ github.event_name }}" == "pull_request" ]]; then
            echo "CACHE_KEY_SUFFIX=pr-${{ github.event.number }}" >> $GITHUB_ENV
          else
            echo "CACHE_KEY_SUFFIX=$(echo ${{ github.ref_name }} | sed 's/[^a-zA-Z0-9]/-/g')" >> $GITHUB_ENV
          fi
      - name: Generate cache target
        id: cache-target
        run: |
          if [[ "${{ github.event.pull_request.head.repo.fork }}" == "true" ]]; then
            # Essentially just ignore the cache output (forks can't write to registry cache)
            echo "cache-to=type=local,dest=/tmp/discard,ignore-error=true" >> $GITHUB_OUTPUT
          else
            echo "cache-to=type=registry,ref=${{ env.GHCR_REPO }}-build-cache:${{ env.PLATFORM_PAIR }}-${{ matrix.device }}-${{ env.CACHE_KEY_SUFFIX }},mode=max,compression=zstd" >> $GITHUB_OUTPUT
          fi
      - name: Build and push image
        id: build
        uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6.15.0
        with:
          context: ${{ env.context }}
          file: ${{ env.file }}
          platforms: ${{ matrix.platforms }}
          labels: ${{ steps.metadata.outputs.labels }}
          cache-to: ${{ steps.cache-target.outputs.cache-to }}
          cache-from: |
            type=registry,ref=${{ env.GHCR_REPO }}-build-cache:${{ env.PLATFORM_PAIR }}-${{ matrix.device }}-${{ env.CACHE_KEY_SUFFIX }}
            type=registry,ref=${{ env.GHCR_REPO }}-build-cache:${{ env.PLATFORM_PAIR }}-${{ matrix.device }}-main
          outputs: type=image,"name=${{ env.GHCR_REPO }}",push-by-digest=true,name-canonical=true,push=${{ !github.event.pull_request.head.repo.fork }}
          build-args: |
            DEVICE=${{ matrix.device }}
            BUILD_ID=${{ github.run_id }}
            BUILD_IMAGE=${{ github.event_name == 'release' && github.ref_name || steps.metadata.outputs.tags }}
            BUILD_SOURCE_REF=${{ github.ref_name }}
            BUILD_SOURCE_COMMIT=${{ github.sha }}
      - name: Export digest
        run: |
          mkdir -p ${{ runner.temp }}/digests
          digest="${{ steps.build.outputs.digest }}"
          touch "${{ runner.temp }}/digests/${digest#sha256:}"
      - name: Upload digest
        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4
        with:
          name: ml-digests-${{ matrix.device }}-${{ env.PLATFORM_PAIR }}
          path: ${{ runner.temp }}/digests/*
          if-no-files-found: error
          retention-days: 1
  merge_ml:
    name: Merge & Push ML
    runs-on: ubuntu-latest
    if: ${{ needs.pre-job.outputs.should_run_ml == 'true' && !github.event.pull_request.head.repo.fork }}
    env:
      GHCR_REPO: ghcr.io/${{ github.repository_owner }}/immich-machine-learning
      DOCKER_REPO: altran1502/immich-machine-learning
    strategy:
      matrix:
        include:
          - device: cpu
            tag-suffix: ''
          - device: cuda
-            suffix: -cuda
+            tag-suffix: '-cuda'
-          - device: rocm
+            platforms: linux/amd64
            suffix: -rocm
          - device: openvino
-            suffix: -openvino
+            tag-suffix: '-openvino'
            platforms: linux/amd64
          - device: armnn
-            suffix: -armnn
+            tag-suffix: '-armnn'
            platforms: linux/arm64
          - device: rknn
-            suffix: -rknn
+            tag-suffix: '-rknn'
-    needs:
+            platforms: linux/arm64
-      - build_and_push_ml
+          - device: rocm
-    steps:
+            tag-suffix: '-rocm'
-      - name: Download digests
+            platforms: linux/amd64
-        uses: actions/download-artifact@95815c38cf2ff2164869cbab79da8d1f422bc89e # v4
+            runner-mapping: '{"linux/amd64": "mich"}'
-        with:
+    uses: ./.github/workflows/multi-runner-build.yml
-          path: ${{ runner.temp }}/digests
+    permissions:
-          pattern: ml-digests-${{ matrix.device }}-*
+      contents: read
-          merge-multiple: true
+      actions: read
      packages: write
    secrets:
      DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }}
      DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }}
    with:
      image: immich-machine-learning
      context: machine-learning
      dockerfile: machine-learning/Dockerfile
      platforms: ${{ matrix.platforms }}
      runner-mapping: ${{ matrix.runner-mapping }}
      tag-suffix: ${{ matrix.tag-suffix }}
      dockerhub-push: ${{ github.event_name == 'release' }}
      build-args: |
        DEVICE=${{ matrix.device }}
-      - name: Login to Docker Hub
+  server:
        if: ${{ github.event_name == 'release' }}
        uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}
      - name: Login to GHCR
        uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3
        with:
          registry: ghcr.io
          username: ${{ github.repository_owner }}
          password: ${{ secrets.GITHUB_TOKEN }}
      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3
      - name: Generate docker image tags
        id: meta
        uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5
        env:
          DOCKER_METADATA_PR_HEAD_SHA: 'true'
        with:
          flavor: |
            # Disable latest tag
            latest=false
            suffix=${{ matrix.suffix }}
          images: |
            name=${{ env.GHCR_REPO }}
            name=${{ env.DOCKER_REPO }},enable=${{ github.event_name == 'release' }}
          tags: |
            # Tag with branch name
            type=ref,event=branch
            # Tag with pr-number
            type=ref,event=pr
            # Tag with long commit sha hash
            type=sha,format=long,prefix=commit-
            # Tag with git tag on release
            type=ref,event=tag
            type=raw,value=release,enable=${{ github.event_name == 'release' }}
      - name: Create manifest list and push
        working-directory: ${{ runner.temp }}/digests
        run: |
          docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
            $(printf '${{ env.GHCR_REPO }}@sha256:%s ' *)
  build_and_push_server:
    name: Build and Push Server
    runs-on: ${{ matrix.runner }}
    needs: pre-job
    if: ${{ needs.pre-job.outputs.should_run_server == 'true' }}
-    env:
+    uses: ./.github/workflows/multi-runner-build.yml
    permissions:
      contents: read
      actions: read
      packages: write
    secrets:
      DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }}
      DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }}
    with:
      image: immich-server
      context: .
-      file: server/Dockerfile
+      dockerfile: server/Dockerfile
-      GHCR_REPO: ghcr.io/${{ github.repository_owner }}/immich-server
+      dockerhub-push: ${{ github.event_name == 'release' }}
-    strategy:
+      build-args: |
-      fail-fast: false
+        DEVICE=cpu
      matrix:
        include:
          - platform: linux/amd64
            runner: ubuntu-latest
          - platform: linux/arm64
            runner: ubuntu-24.04-arm
    steps:
      - name: Prepare
        run: |
          platform=${{ matrix.platform }}
          echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV
      - name: Checkout
        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3
      - name: Login to GitHub Container Registry
        uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3
        if: ${{ !github.event.pull_request.head.repo.fork }}
        with:
          registry: ghcr.io
          username: ${{ github.repository_owner }}
          password: ${{ secrets.GITHUB_TOKEN }}
      - name: Generate cache key suffix
        run: |
          if [[ "${{ github.event_name }}" == "pull_request" ]]; then
            echo "CACHE_KEY_SUFFIX=pr-${{ github.event.number }}" >> $GITHUB_ENV
          else
            echo "CACHE_KEY_SUFFIX=$(echo ${{ github.ref_name }} | sed 's/[^a-zA-Z0-9]/-/g')" >> $GITHUB_ENV
          fi
      - name: Generate cache target
        id: cache-target
        run: |
          if [[ "${{ github.event.pull_request.head.repo.fork }}" == "true" ]]; then
            # Essentially just ignore the cache output (forks can't write to registry cache)
            echo "cache-to=type=local,dest=/tmp/discard,ignore-error=true" >> $GITHUB_OUTPUT
          else
            echo "cache-to=type=registry,ref=${{ env.GHCR_REPO }}-build-cache:${{ env.PLATFORM_PAIR }}-${{ matrix.device }}-${{ env.CACHE_KEY_SUFFIX }},mode=max,compression=zstd" >> $GITHUB_OUTPUT
          fi
      - name: Build and push image
        id: build
        uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6.15.0
        with:
          context: ${{ env.context }}
          file: ${{ env.file }}
          platforms: ${{ matrix.platform }}
          labels: ${{ steps.metadata.outputs.labels }}
          cache-to: ${{ steps.cache-target.outputs.cache-to }}
          cache-from: |
            type=registry,ref=${{ env.GHCR_REPO }}-build-cache:${{ env.PLATFORM_PAIR }}-${{ env.CACHE_KEY_SUFFIX }}
            type=registry,ref=${{ env.GHCR_REPO }}-build-cache:${{ env.PLATFORM_PAIR }}-main
          outputs: type=image,"name=${{ env.GHCR_REPO }}",push-by-digest=true,name-canonical=true,push=${{ !github.event.pull_request.head.repo.fork }}
          build-args: |
            DEVICE=cpu
            BUILD_ID=${{ github.run_id }}
            BUILD_IMAGE=${{ github.event_name == 'release' && github.ref_name || steps.metadata.outputs.tags }}
            BUILD_SOURCE_REF=${{ github.ref_name }}
            BUILD_SOURCE_COMMIT=${{ github.sha }}
      - name: Export digest
        run: |
          mkdir -p ${{ runner.temp }}/digests
          digest="${{ steps.build.outputs.digest }}"
          touch "${{ runner.temp }}/digests/${digest#sha256:}"
      - name: Upload digest
        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4
        with:
          name: server-digests-${{ env.PLATFORM_PAIR }}
          path: ${{ runner.temp }}/digests/*
          if-no-files-found: error
          retention-days: 1
  merge_server:
    name: Merge & Push Server
    runs-on: ubuntu-latest
    if: ${{ needs.pre-job.outputs.should_run_server == 'true' && !github.event.pull_request.head.repo.fork }}
    env:
      GHCR_REPO: ghcr.io/${{ github.repository_owner }}/immich-server
      DOCKER_REPO: altran1502/immich-server
    needs:
      - build_and_push_server
    steps:
      - name: Download digests
        uses: actions/download-artifact@95815c38cf2ff2164869cbab79da8d1f422bc89e # v4
        with:
          path: ${{ runner.temp }}/digests
          pattern: server-digests-*
          merge-multiple: true
      - name: Login to Docker Hub
        if: ${{ github.event_name == 'release' }}
        uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}
      - name: Login to GHCR
        uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3
        with:
          registry: ghcr.io
          username: ${{ github.repository_owner }}
          password: ${{ secrets.GITHUB_TOKEN }}
      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3
      - name: Generate docker image tags
        id: meta
        uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5
        env:
          DOCKER_METADATA_PR_HEAD_SHA: 'true'
        with:
          flavor: |
            # Disable latest tag
            latest=false
            suffix=${{ matrix.suffix }}
          images: |
            name=${{ env.GHCR_REPO }}
            name=${{ env.DOCKER_REPO }},enable=${{ github.event_name == 'release' }}
          tags: |
            # Tag with branch name
            type=ref,event=branch
            # Tag with pr-number
            type=ref,event=pr
            # Tag with long commit sha hash
            type=sha,format=long,prefix=commit-
            # Tag with git tag on release
            type=ref,event=tag
            type=raw,value=release,enable=${{ github.event_name == 'release' }}
      - name: Create manifest list and push
        working-directory: ${{ runner.temp }}/digests
        run: |
          docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
            $(printf '${{ env.GHCR_REPO }}@sha256:%s ' *)
  success-check-server:
    name: Docker Build & Push Server Success
-    needs: [merge_server, retag_server]
+    needs: [server, retag_server]
    permissions: {}
    runs-on: ubuntu-latest
    if: always()
    steps:
@@ -455,11 +182,13 @@ jobs:
        run: exit 1
      - name: All jobs passed or skipped
        if: ${{ !(contains(needs.*.result, 'failure')) }}
        # zizmor: ignore[template-injection]
        run: echo "All jobs passed or skipped" && echo "${{ toJSON(needs.*.result) }}"
  success-check-ml:
    name: Docker Build & Push ML Success
-    needs: [merge_ml, retag_ml]
+    needs: [machine-learning, retag_ml]
    permissions: {}
    runs-on: ubuntu-latest
    if: always()
    steps:
@@ -468,4 +197,5 @@ jobs:
        run: exit 1
      - name: All jobs passed or skipped
        if: ${{ !(contains(needs.*.result, 'failure')) }}
        # zizmor: ignore[template-injection]
        run: echo "All jobs passed or skipped" && echo "${{ toJSON(needs.*.result) }}"
--- a/.github/workflows/docs-build.yml
+++ b/.github/workflows/docs-build.yml
@@ -10,14 +10,20 @@ concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true
 permissions: {}
 jobs:
  pre-job:
    runs-on: ubuntu-latest
    permissions:
      contents: read
    outputs:
      should_run: ${{ steps.found_paths.outputs.docs == 'true' ||  steps.should_force.outputs.should_force == 'true' }}
    steps:
      - name: Checkout code
        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
        with:
          persist-credentials: false
      - id: found_paths
        uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3
        with:
@@ -33,6 +39,8 @@ jobs:
  build:
    name: Docs Build
    needs: pre-job
    permissions:
      contents: read
    if: ${{ needs.pre-job.outputs.should_run == 'true' }}
    runs-on: ubuntu-latest
    defaults:
@@ -42,9 +50,11 @@ jobs:
    steps:
      - name: Checkout code
        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
        with:
          persist-credentials: false
      - name: Setup Node
-        uses: actions/setup-node@cdca7365b2dadb8aad0a33bc7601856ffabcc48e # v4
+        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4
        with:
          node-version-file: './docs/.nvmrc'
@@ -62,4 +72,5 @@ jobs:
        with:
          name: docs-build-output
          path: docs/build/
          include-hidden-files: true
          retention-days: 1
--- a/.github/workflows/docs-deploy.yml
+++ b/.github/workflows/docs-deploy.yml
@@ -1,6 +1,6 @@
 name: Docs deploy
 on:
-  workflow_run:
+  workflow_run: # zizmor: ignore[dangerous-triggers] no attacker inputs are used here
    workflows: ['Docs build']
    types:
      - completed
@@ -9,6 +9,9 @@ jobs:
  checks:
    name: Docs Deploy Checks
    runs-on: ubuntu-latest
    permissions:
      actions: read
      pull-requests: read
    outputs:
      parameters: ${{ steps.parameters.outputs.result }}
      artifact: ${{ steps.get-artifact.outputs.result }}
@@ -36,6 +39,8 @@ jobs:
      - name: Determine deploy parameters
        id: parameters
        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7
        env:
          HEAD_SHA: ${{ github.event.workflow_run.head_sha }}
        with:
          script: |
            const eventType = context.payload.workflow_run.event;
@@ -57,7 +62,8 @@ jobs:
            } else if (eventType == "pull_request") {
              let pull_number = context.payload.workflow_run.pull_requests[0]?.number;
              if(!pull_number) {
-                const response = await github.rest.search.issuesAndPullRequests({q: 'repo:${{ github.repository }} is:pr sha:${{ github.event.workflow_run.head_sha }}',per_page: 1,})
+                const {HEAD_SHA} = process.env;
                const response = await github.rest.search.issuesAndPullRequests({q: `repo:${{ github.repository }} is:pr sha:${HEAD_SHA}`,per_page: 1,})
                const items = response.data.items
                if (items.length < 1) {
                  throw new Error("No pull request found for the commit")
@@ -95,30 +101,36 @@ jobs:
    name: Docs Deploy
    runs-on: ubuntu-latest
    needs: checks
    permissions:
      contents: read
      actions: read
      pull-requests: write
    if: ${{ fromJson(needs.checks.outputs.artifact).found && fromJson(needs.checks.outputs.parameters).shouldDeploy }}
    steps:
      - name: Checkout code
        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
        with:
          persist-credentials: false
      - name: Load parameters
        id: parameters
        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7
        env:
          PARAM_JSON: ${{ needs.checks.outputs.parameters }}
        with:
          script: |
-            const json = `${{ needs.checks.outputs.parameters }}`;
+            const parameters = JSON.parse(process.env.PARAM_JSON);
            const parameters = JSON.parse(json);
            core.setOutput("event", parameters.event);
            core.setOutput("name", parameters.name);
            core.setOutput("shouldDeploy", parameters.shouldDeploy);
      - run: |
          echo "Starting docs deployment for ${{ steps.parameters.outputs.event }} ${{ steps.parameters.outputs.name }}"
      - name: Download artifact
        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7
        env:
          ARTIFACT_JSON: ${{ needs.checks.outputs.artifact }}
        with:
          script: |
-            let artifact = ${{ needs.checks.outputs.artifact }};
+            let artifact = JSON.parse(process.env.ARTIFACT_JSON);
            let download = await github.rest.actions.downloadArtifact({
               owner: context.repo.owner,
               repo: context.repo.repo,
@@ -162,9 +174,11 @@ jobs:
      - name: Output Cleaning
        id: clean
        env:
          TG_OUTPUT: ${{ steps.docs-output.outputs.tg_action_output }}
        run: |
-          TG_OUT=$(echo '${{ steps.docs-output.outputs.tg_action_output }}' | sed 's|%0A|\n|g ; s|%3C|<|g' | jq -c .)
+          CLEANED=$(echo "$TG_OUTPUT" | sed 's|%0A|\n|g ; s|%3C|<|g' | jq -c .)
-          echo "output=$TG_OUT" >> $GITHUB_OUTPUT
+          echo "output=$CLEANED" >> $GITHUB_OUTPUT
      - name: Publish to Cloudflare Pages
        uses: cloudflare/pages-action@f0a1cd58cd66095dee69bfa18fa5efd1dde93bca # v1
--- a/.github/workflows/docs-destroy.yml
+++ b/.github/workflows/docs-destroy.yml
@@ -1,15 +1,22 @@
 name: Docs destroy
 on:
-  pull_request_target:
+  pull_request_target: # zizmor: ignore[dangerous-triggers] no attacker inputs are used here
    types: [closed]
 permissions: {}
 jobs:
  deploy:
    name: Docs Destroy
    runs-on: ubuntu-latest
    permissions:
      contents: read
      pull-requests: write
    steps:
      - name: Checkout code
        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
        with:
          persist-credentials: false
      - name: Destroy Docs Subdomain
        env:
--- a/.github/workflows/fix-format.yml
+++ b/.github/workflows/fix-format.yml
@@ -4,16 +4,19 @@ on:
  pull_request:
    types: [labeled]
 permissions: {}
 jobs:
  fix-formatting:
    runs-on: ubuntu-latest
    if: ${{ github.event.label.name == 'fix:formatting' }}
    permissions:
      contents: write
      pull-requests: write
    steps:
      - name: Generate a token
        id: generate-token
-        uses: actions/create-github-app-token@d72941d797fd3113feb6b93fd0dec494b13a2547 # v1
+        uses: actions/create-github-app-token@df432ceedc7162793a195dd1713ff69aefc7379e # v2
        with:
          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
@@ -23,9 +26,10 @@ jobs:
        with:
          ref: ${{ github.event.pull_request.head.ref }}
          token: ${{ steps.generate-token.outputs.token }}
          persist-credentials: true
      - name: Setup Node
-        uses: actions/setup-node@cdca7365b2dadb8aad0a33bc7601856ffabcc48e # v4
+        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4
        with:
          node-version-file: './server/.nvmrc'
--- a/.github/workflows/multi-runner-build.yml
+++ b/.github/workflows/multi-runner-build.yml
@@ -0,0 +1,185 @@
 name: 'Multi-runner container image build'
 on:
  workflow_call:
    inputs:
      image:
        description: 'Name of the image'
        type: string
        required: true
      context:
        description: 'Path to build context'
        type: string
        required: true
      dockerfile:
        description: 'Path to Dockerfile'
        type: string
        required: true
      tag-suffix:
        description: 'Suffix to append to the image tag'
        type: string
        default: ''
      dockerhub-push:
        description: 'Push to Docker Hub'
        type: boolean
        default: false
      build-args:
        description: 'Docker build arguments'
        type: string
        required: false
      platforms:
        description: 'Platforms to build for'
        type: string
      runner-mapping:
        description: 'Mapping from platforms to runners'
        type: string
    secrets:
      DOCKERHUB_USERNAME:
        required: false
      DOCKERHUB_TOKEN:
        required: false
 env:
  GHCR_IMAGE: ghcr.io/${{ github.repository_owner }}/${{ inputs.image }}
  DOCKERHUB_IMAGE: altran1502/${{ inputs.image }}
 jobs:
  matrix:
    name: 'Generate matrix'
    runs-on: ubuntu-latest
    outputs:
      matrix: ${{ steps.matrix.outputs.matrix }}
      key: ${{ steps.artifact-key.outputs.base }}
    steps:
      - name: Generate build matrix
        id: matrix
        shell: bash
        env:
          PLATFORMS: ${{ inputs.platforms || 'linux/amd64,linux/arm64' }}
          RUNNER_MAPPING: ${{ inputs.runner-mapping || '{"linux/amd64":"ubuntu-latest","linux/arm64":"ubuntu-24.04-arm"}' }}
        run: |
          matrix=$(jq -R -c \
            --argjson runner_mapping "${RUNNER_MAPPING}" \
            'split(",") | map({platform: ., runner: $runner_mapping[.]})' \
            <<< "${PLATFORMS}")
          echo "${matrix}"
          echo "matrix=${matrix}" >> $GITHUB_OUTPUT
      - name: Determine artifact key
        id: artifact-key
        shell: bash
        env:
          IMAGE: ${{ inputs.image }}
          SUFFIX: ${{ inputs.tag-suffix }}
        run: |
          if [[ -n "${SUFFIX}" ]]; then
              base="${IMAGE}${SUFFIX}-digests"
          else
              base="${IMAGE}-digests"
          fi
          echo "${base}"
          echo "base=${base}" >> $GITHUB_OUTPUT
  build:
    needs: matrix
    runs-on: ${{ matrix.runner }}
    permissions:
      contents: read
      packages: write
    strategy:
      fail-fast: false
      matrix:
        include: ${{ fromJson(needs.matrix.outputs.matrix) }}
    steps:
      - name: Checkout
        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
        with:
          persist-credentials: false
      - uses: ./.github/actions/image-build
        with:
          context: ${{ inputs.context }}
          dockerfile: ${{ inputs.dockerfile }}
          image: ${{ env.GHCR_IMAGE }}
          ghcr-token: ${{ secrets.GITHUB_TOKEN }}
          platform: ${{ matrix.platform }}
          artifact-key-base: ${{ needs.matrix.outputs.key }}
          build-args: ${{ inputs.build-args }}
  merge:
    needs: [matrix, build]
    runs-on: ubuntu-latest
    if: ${{ !github.event.pull_request.head.repo.fork }}
    permissions:
      contents: read
      actions: read
      packages: write
    steps:
      - name: Download digests
        uses: actions/download-artifact@95815c38cf2ff2164869cbab79da8d1f422bc89e # v4
        with:
          path: ${{ runner.temp }}/digests
          pattern: ${{ needs.matrix.outputs.key }}-*
          merge-multiple: true
      - name: Login to Docker Hub
        if: ${{ inputs.dockerhub-push }}
        uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}
      - name: Login to GHCR
        uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3
        with:
          registry: ghcr.io
          username: ${{ github.repository_owner }}
          password: ${{ secrets.GITHUB_TOKEN }}
      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3
      - name: Generate docker image tags
        id: meta
        uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5
        env:
          DOCKER_METADATA_PR_HEAD_SHA: 'true'
        with:
          flavor: |
            # Disable latest tag
            latest=false
            suffix=${{ inputs.tag-suffix }}
          images: |
            name=${{ env.GHCR_IMAGE }}
            name=${{ env.DOCKERHUB_IMAGE }},enable=${{ inputs.dockerhub-push }}
          tags: |
            # Tag with branch name
            type=ref,event=branch
            # Tag with pr-number
            type=ref,event=pr
            # Tag with long commit sha hash
            type=sha,format=long,prefix=commit-
            # Tag with git tag on release
            type=ref,event=tag
            type=raw,value=release,enable=${{ github.event_name == 'release' }}
      - name: Create manifest list and push
        working-directory: ${{ runner.temp }}/digests
        run: |
          # Process annotations
          declare -a ANNOTATIONS=()
          if [[ -n "$DOCKER_METADATA_OUTPUT_JSON" ]]; then
            while IFS= read -r annotation; do
              # Extract key and value by removing the manifest: prefix
              if [[ "$annotation" =~ ^manifest:(.+)=(.+)$ ]]; then
                key="${BASH_REMATCH[1]}"
                value="${BASH_REMATCH[2]}"
                # Use array to properly handle arguments with spaces
                ANNOTATIONS+=(--annotation "index:$key=$value")
              fi
            done < <(jq -r '.annotations[]' <<< "$DOCKER_METADATA_OUTPUT_JSON")
          fi
          TAGS=$(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
          SOURCE_ARGS=$(printf "${GHCR_IMAGE}@sha256:%s " *)
          docker buildx imagetools create $TAGS "${ANNOTATIONS[@]}" $SOURCE_ARGS
--- a/.github/workflows/pr-label-validation.yml
+++ b/.github/workflows/pr-label-validation.yml
@@ -1,9 +1,11 @@
 name: PR Label Validation
 on:
-  pull_request_target:
+  pull_request_target: # zizmor: ignore[dangerous-triggers] no attacker inputs are used here
    types: [opened, labeled, unlabeled, synchronize]
 permissions: {}
 jobs:
  validate-release-label:
    runs-on: ubuntu-latest
--- a/.github/workflows/pr-labeler.yml
+++ b/.github/workflows/pr-labeler.yml
@@ -1,6 +1,8 @@
 name: 'Pull Request Labeler'
 on:
-  - pull_request_target
+  - pull_request_target # zizmor: ignore[dangerous-triggers] no attacker inputs are used here
 permissions: {}
 jobs:
  labeler:
--- a/.github/workflows/pr-require-conventional-commit.yml
+++ b/.github/workflows/pr-require-conventional-commit.yml
@@ -4,9 +4,13 @@ on:
  pull_request:
    types: [opened, synchronize, reopened, edited]
 permissions: {}
 jobs:
  validate-pr-title:
    runs-on: ubuntu-latest
    permissions:
      pull-requests: write
    steps:
      - name: PR Conventional Commit Validation
        uses: ytanikin/PRConventionalCommits@b628c5a234cc32513014b7bfdd1e47b532124d98 # 1.3.0
--- a/.github/workflows/prepare-release.yml
+++ b/.github/workflows/prepare-release.yml
@@ -21,17 +21,18 @@ concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}-root
  cancel-in-progress: true
 permissions: {}
 jobs:
  bump_version:
    runs-on: ubuntu-latest
    outputs:
      ref: ${{ steps.push-tag.outputs.commit_long_sha }}
-
+    permissions: {} # No job-level permissions are needed because it uses the app-token
    steps:
      - name: Generate a token
        id: generate-token
-        uses: actions/create-github-app-token@d72941d797fd3113feb6b93fd0dec494b13a2547 # v1
+        uses: actions/create-github-app-token@df432ceedc7162793a195dd1713ff69aefc7379e # v2
        with:
          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
@@ -40,12 +41,16 @@ jobs:
        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
        with:
          token: ${{ steps.generate-token.outputs.token }}
          persist-credentials: true
      - name: Install uv
-        uses: astral-sh/setup-uv@0c5e2b8115b80b4c7c5ddf6ffdd634974642d182 # v5
+        uses: astral-sh/setup-uv@d4b2f3b6ecc6e67c4457f6d3e41ec42d3d0fcb86 # v5
      - name: Bump version
-        run: misc/release/pump-version.sh -s "${{ inputs.serverBump }}" -m "${{ inputs.mobileBump }}"
+        env:
          SERVER_BUMP: ${{ inputs.serverBump }}
          MOBILE_BUMP: ${{ inputs.mobileBump }}
        run: misc/release/pump-version.sh -s "${SERVER_BUMP}" -m "${MOBILE_BUMP}"
      - name: Commit and tag
        id: push-tag
@@ -59,18 +64,26 @@ jobs:
  build_mobile:
    uses: ./.github/workflows/build-mobile.yml
    needs: bump_version
-    secrets: inherit
+    permissions:
      contents: read
    secrets:
      KEY_JKS: ${{ secrets.KEY_JKS }}
      ALIAS: ${{ secrets.ALIAS }}
      ANDROID_KEY_PASSWORD: ${{ secrets.ANDROID_KEY_PASSWORD }}
      ANDROID_STORE_PASSWORD: ${{ secrets.ANDROID_STORE_PASSWORD }}
    with:
      ref: ${{ needs.bump_version.outputs.ref }}
  prepare_release:
    runs-on: ubuntu-latest
    needs: build_mobile
-
+    permissions:
      actions: read # To download the app artifact
      # No content permissions are needed because it uses the app-token
    steps:
      - name: Generate a token
        id: generate-token
-        uses: actions/create-github-app-token@d72941d797fd3113feb6b93fd0dec494b13a2547 # v1
+        uses: actions/create-github-app-token@df432ceedc7162793a195dd1713ff69aefc7379e # v2
        with:
          app-id: ${{ secrets.PUSH_O_MATIC_APP_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}
@@ -79,17 +92,19 @@ jobs:
        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
        with:
          token: ${{ steps.generate-token.outputs.token }}
          persist-credentials: false
      - name: Download APK
-        uses: actions/download-artifact@95815c38cf2ff2164869cbab79da8d1f422bc89e # v4
+        uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4
        with:
          name: release-apk-signed
      - name: Create draft release
-        uses: softprops/action-gh-release@c95fe1489396fe8a9eb87c0abf8aa5b2ef267fda # v2
+        uses: softprops/action-gh-release@da05d552573ad5aba039eaac05058a918a7bf631 # v2
        with:
          draft: true
          tag_name: ${{ env.IMMICH_VERSION }}
          token: ${{ steps.generate-token.outputs.token }}
          generate_release_notes: true
          body_path: misc/release/notes.tmpl
          files: |
--- a/.github/workflows/preview-label.yaml
+++ b/.github/workflows/preview-label.yaml
@@ -4,6 +4,8 @@ on:
  pull_request:
    types: [labeled, closed]
 permissions: {}
 jobs:
  comment-status:
    runs-on: ubuntu-latest
--- a/.github/workflows/sdk.yml
+++ b/.github/workflows/sdk.yml
@@ -4,20 +4,24 @@ on:
  release:
    types: [published]
-permissions:
+permissions: {}
  packages: write
 jobs:
  publish:
    name: Publish `@immich/sdk`
    runs-on: ubuntu-latest
    permissions:
      contents: read
    defaults:
      run:
        working-directory: ./open-api/typescript-sdk
    steps:
      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
        with:
          persist-credentials: false
      # Setup .npmrc file to publish to npm
-      - uses: actions/setup-node@cdca7365b2dadb8aad0a33bc7601856ffabcc48e # v4
+      - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4
        with:
          node-version-file: './open-api/typescript-sdk/.nvmrc'
          registry-url: 'https://registry.npmjs.org'
--- a/.github/workflows/static_analysis.yml
+++ b/.github/workflows/static_analysis.yml
@@ -9,14 +9,20 @@ concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true
 permissions: {}
 jobs:
  pre-job:
    runs-on: ubuntu-latest
    permissions:
      contents: read
    outputs:
      should_run: ${{ steps.found_paths.outputs.mobile == 'true' || steps.should_force.outputs.should_force == 'true' }}
    steps:
      - name: Checkout code
        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
        with:
          persist-credentials: false
      - id: found_paths
        uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3
        with:
@@ -33,12 +39,14 @@ jobs:
    name: Run Dart Code Analysis
    needs: pre-job
    if: ${{ needs.pre-job.outputs.should_run == 'true' }}
    runs-on: ubuntu-latest
-
+    permissions:
      contents: read
    steps:
      - name: Checkout code
        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
        with:
          persist-credentials: false
      - name: Setup Flutter SDK
        uses: subosito/flutter-action@e938fdf56512cc96ef2f93601a5a40bde3801046 # v2
@@ -50,6 +58,10 @@ jobs:
        run: dart pub get
        working-directory: ./mobile
      - name: Generate translation file
        run: make translation; dart format lib/generated/codegen_loader.g.dart
        working-directory: ./mobile
      - name: Run Build Runner
        run: make build
        working-directory: ./mobile
@@ -65,9 +77,11 @@ jobs:
      - name: Verify files have not changed
        if: steps.verify-changed-files.outputs.files_changed == 'true'
        env:
          CHANGED_FILES: ${{ steps.verify-changed-files.outputs.changed_files }}
        run: |
          echo "ERROR: Generated files not up to date! Run make_build inside the mobile directory"
-          echo "Changed files: ${{ steps.verify-changed-files.outputs.changed_files }}"
+          echo "Changed files: ${CHANGED_FILES}"
          exit 1
      - name: Run dart analyze
@@ -81,3 +95,30 @@ jobs:
      - name: Run dart custom_lint
        run: dart run custom_lint
        working-directory: ./mobile
  zizmor:
    name: zizmor
    runs-on: ubuntu-latest
    permissions:
      security-events: write
      contents: read
      actions: read
    steps:
      - name: Checkout repository
        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
        with:
          persist-credentials: false
      - name: Install the latest version of uv
        uses: astral-sh/setup-uv@d4b2f3b6ecc6e67c4457f6d3e41ec42d3d0fcb86 # v5
      - name: Run zizmor 🌈
        run: uvx zizmor --format=sarif . > results.sarif
        env:
          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
      - name: Upload SARIF file
        uses: github/codeql-action/upload-sarif@60168efe1c415ce0f5521ea06d5c2062adbeed1b # v3
        with:
          sarif_file: results.sarif
          category: zizmor
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -9,9 +9,13 @@ concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true
 permissions: {}
 jobs:
  pre-job:
    runs-on: ubuntu-latest
    permissions:
      contents: read
    outputs:
      should_run_web: ${{ steps.found_paths.outputs.web == 'true' || steps.should_force.outputs.should_force == 'true' }}
      should_run_server: ${{ steps.found_paths.outputs.server == 'true' || steps.should_force.outputs.should_force == 'true' }}
@@ -25,6 +29,9 @@ jobs:
    steps:
      - name: Checkout code
        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
        with:
          persist-credentials: false
      - id: found_paths
        uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3
        with:
@@ -58,6 +65,8 @@ jobs:
    needs: pre-job
    if: ${{ needs.pre-job.outputs.should_run_server == 'true' }}
    runs-on: ubuntu-latest
    permissions:
      contents: read
    defaults:
      run:
        working-directory: ./server
@@ -65,9 +74,11 @@ jobs:
    steps:
      - name: Checkout code
        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
        with:
          persist-credentials: false
      - name: Setup Node
-        uses: actions/setup-node@cdca7365b2dadb8aad0a33bc7601856ffabcc48e # v4
+        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4
        with:
          node-version-file: './server/.nvmrc'
@@ -95,6 +106,8 @@ jobs:
    needs: pre-job
    if: ${{ needs.pre-job.outputs.should_run_cli == 'true' }}
    runs-on: ubuntu-latest
    permissions:
      contents: read
    defaults:
      run:
        working-directory: ./cli
@@ -102,9 +115,11 @@ jobs:
    steps:
      - name: Checkout code
        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
        with:
          persist-credentials: false
      - name: Setup Node
-        uses: actions/setup-node@cdca7365b2dadb8aad0a33bc7601856ffabcc48e # v4
+        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4
        with:
          node-version-file: './cli/.nvmrc'
@@ -136,6 +151,8 @@ jobs:
    needs: pre-job
    if: ${{ needs.pre-job.outputs.should_run_cli == 'true' }}
    runs-on: windows-latest
    permissions:
      contents: read
    defaults:
      run:
        working-directory: ./cli
@@ -143,9 +160,11 @@ jobs:
    steps:
      - name: Checkout code
        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
        with:
          persist-credentials: false
      - name: Setup Node
-        uses: actions/setup-node@cdca7365b2dadb8aad0a33bc7601856ffabcc48e # v4
+        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4
        with:
          node-version-file: './cli/.nvmrc'
@@ -165,11 +184,13 @@ jobs:
        run: npm run test:cov
        if: ${{ !cancelled() }}
-  web-unit-tests:
+  web-lint:
-    name: Test & Lint Web
+    name: Lint Web
    needs: pre-job
    if: ${{ needs.pre-job.outputs.should_run_web == 'true' }}
-    runs-on: ubuntu-latest
+    runs-on: mich
    permissions:
      contents: read
    defaults:
      run:
        working-directory: ./web
@@ -177,9 +198,11 @@ jobs:
    steps:
      - name: Checkout code
        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
        with:
          persist-credentials: false
      - name: Setup Node
-        uses: actions/setup-node@cdca7365b2dadb8aad0a33bc7601856ffabcc48e # v4
+        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4
        with:
          node-version-file: './web/.nvmrc'
@@ -191,7 +214,7 @@ jobs:
        run: npm ci
      - name: Run linter
-        run: npm run lint
+        run: npm run lint:p
        if: ${{ !cancelled() }}
      - name: Run formatter
@@ -202,6 +225,35 @@ jobs:
        run: npm run check:svelte
        if: ${{ !cancelled() }}
  web-unit-tests:
    name: Test Web
    needs: pre-job
    if: ${{ needs.pre-job.outputs.should_run_web == 'true' }}
    runs-on: ubuntu-latest
    permissions:
      contents: read
    defaults:
      run:
        working-directory: ./web
    steps:
      - name: Checkout code
        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
        with:
          persist-credentials: false
      - name: Setup Node
        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4
        with:
          node-version-file: './web/.nvmrc'
      - name: Run setup typescript-sdk
        run: npm ci && npm run build
        working-directory: ./open-api/typescript-sdk
      - name: Run npm install
        run: npm ci
      - name: Run tsc
        run: npm run check:typescript
        if: ${{ !cancelled() }}
@@ -215,6 +267,8 @@ jobs:
    needs: pre-job
    if: ${{ needs.pre-job.outputs.should_run_e2e == 'true' }}
    runs-on: ubuntu-latest
    permissions:
      contents: read
    defaults:
      run:
        working-directory: ./e2e
@@ -222,9 +276,11 @@ jobs:
    steps:
      - name: Checkout code
        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
        with:
          persist-credentials: false
      - name: Setup Node
-        uses: actions/setup-node@cdca7365b2dadb8aad0a33bc7601856ffabcc48e # v4
+        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4
        with:
          node-version-file: './e2e/.nvmrc'
@@ -254,6 +310,8 @@ jobs:
    needs: pre-job
    if: ${{ needs.pre-job.outputs.should_run_server == 'true' }}
    runs-on: ubuntu-latest
    permissions:
      contents: read
    defaults:
      run:
        working-directory: ./server
@@ -261,9 +319,11 @@ jobs:
    steps:
      - name: Checkout code
        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
        with:
          persist-credentials: false
      - name: Setup Node
-        uses: actions/setup-node@cdca7365b2dadb8aad0a33bc7601856ffabcc48e # v4
+        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4
        with:
          node-version-file: './server/.nvmrc'
@@ -278,19 +338,25 @@ jobs:
    name: End-to-End Tests (Server & CLI)
    needs: pre-job
    if: ${{ needs.pre-job.outputs.should_run_e2e_server_cli == 'true' }}
-    runs-on: mich
+    runs-on: ${{ matrix.runner }}
    permissions:
      contents: read
    defaults:
      run:
        working-directory: ./e2e
    strategy:
      matrix:
        runner: [ubuntu-latest, ubuntu-24.04-arm]
    steps:
      - name: Checkout code
        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
        with:
          persist-credentials: false
          submodules: 'recursive'
      - name: Setup Node
-        uses: actions/setup-node@cdca7365b2dadb8aad0a33bc7601856ffabcc48e # v4
+        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4
        with:
          node-version-file: './e2e/.nvmrc'
@@ -320,19 +386,25 @@ jobs:
    name: End-to-End Tests (Web)
    needs: pre-job
    if: ${{ needs.pre-job.outputs.should_run_e2e_web == 'true' }}
-    runs-on: mich
+    runs-on: ${{ matrix.runner }}
    permissions:
      contents: read
    defaults:
      run:
        working-directory: ./e2e
    strategy:
      matrix:
        runner: [ubuntu-latest, ubuntu-24.04-arm]
    steps:
      - name: Checkout code
        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
        with:
          persist-credentials: false
          submodules: 'recursive'
      - name: Setup Node
-        uses: actions/setup-node@cdca7365b2dadb8aad0a33bc7601856ffabcc48e # v4
+        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4
        with:
          node-version-file: './e2e/.nvmrc'
@@ -357,13 +429,33 @@ jobs:
        run: npx playwright test
        if: ${{ !cancelled() }}
  success-check-e2e:
    name: End-to-End Tests Success
    needs: [e2e-tests-server-cli, e2e-tests-web]
    permissions: {}
    runs-on: ubuntu-latest
    if: always()
    steps:
      - name: Any jobs failed?
        if: ${{ contains(needs.*.result, 'failure') }}
        run: exit 1
      - name: All jobs passed or skipped
        if: ${{ !(contains(needs.*.result, 'failure')) }}
        # zizmor: ignore[template-injection]
        run: echo "All jobs passed or skipped" && echo "${{ toJSON(needs.*.result) }}"
  mobile-unit-tests:
    name: Unit Test Mobile
    needs: pre-job
    if: ${{ needs.pre-job.outputs.should_run_mobile == 'true' }}
    runs-on: ubuntu-latest
    permissions:
      contents: read
    steps:
      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
        with:
          persist-credentials: false
      - name: Setup Flutter SDK
        uses: subosito/flutter-action@e938fdf56512cc96ef2f93601a5a40bde3801046 # v2
        with:
@@ -378,14 +470,19 @@ jobs:
    needs: pre-job
    if: ${{ needs.pre-job.outputs.should_run_ml == 'true' }}
    runs-on: ubuntu-latest
    permissions:
      contents: read
    defaults:
      run:
        working-directory: ./machine-learning
    steps:
      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
        with:
          persist-credentials: false
      - name: Install uv
-        uses: astral-sh/setup-uv@0c5e2b8115b80b4c7c5ddf6ffdd634974642d182 # v5
+        uses: astral-sh/setup-uv@d4b2f3b6ecc6e67c4457f6d3e41ec42d3d0fcb86 # v5
-      - uses: actions/setup-python@8d9ed9ac5c53483de85588cdf95a591a75ab9f55 # v5
+      - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5
        # TODO: add caching when supported (https://github.com/actions/setup-python/pull/818)
        # with:
        #   python-version: 3.11
@@ -411,6 +508,8 @@ jobs:
    needs: pre-job
    if: ${{ needs.pre-job.outputs['should_run_.github'] == 'true' }}
    runs-on: ubuntu-latest
    permissions:
      contents: read
    defaults:
      run:
        working-directory: ./.github
@@ -418,9 +517,11 @@ jobs:
    steps:
      - name: Checkout code
        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
        with:
          persist-credentials: false
      - name: Setup Node
-        uses: actions/setup-node@cdca7365b2dadb8aad0a33bc7601856ffabcc48e # v4
+        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4
        with:
          node-version-file: './.github/.nvmrc'
@@ -434,25 +535,34 @@ jobs:
  shellcheck:
    name: ShellCheck
    runs-on: ubuntu-latest
    permissions:
      contents: read
    steps:
      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
        with:
          persist-credentials: false
      - name: Run ShellCheck
        uses: ludeeus/action-shellcheck@master
        with:
          ignore_paths: >-
            **/open-api/**
-            **/openapi/**
+            **/openapi**
            **/node_modules/**
  generated-api-up-to-date:
    name: OpenAPI Clients
    runs-on: ubuntu-latest
    permissions:
      contents: read
    steps:
      - name: Checkout code
        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
        with:
          persist-credentials: false
      - name: Setup Node
-        uses: actions/setup-node@cdca7365b2dadb8aad0a33bc7601856ffabcc48e # v4
+        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4
        with:
          node-version-file: './server/.nvmrc'
@@ -476,17 +586,21 @@ jobs:
      - name: Verify files have not changed
        if: steps.verify-changed-files.outputs.files_changed == 'true'
        env:
          CHANGED_FILES: ${{ steps.verify-changed-files.outputs.changed_files }}
        run: |
          echo "ERROR: Generated files not up to date!"
-          echo "Changed files: ${{ steps.verify-changed-files.outputs.changed_files }}"
+          echo "Changed files: ${CHANGED_FILES}"
          exit 1
-  generated-typeorm-migrations-up-to-date:
+  sql-schema-up-to-date:
-    name: TypeORM Checks
+    name: SQL Schema Checks
    runs-on: ubuntu-latest
    permissions:
      contents: read
    services:
      postgres:
-        image: tensorchord/pgvecto-rs:pg14-v0.2.0@sha256:739cdd626151ff1f796dc95a6591b55a714f341c737e27f045019ceabf8e8c52
+        image: tensorchord/vchord-postgres:pg14-v0.3.0
        env:
          POSTGRES_PASSWORD: postgres
          POSTGRES_USER: postgres
@@ -505,9 +619,11 @@ jobs:
    steps:
      - name: Checkout code
        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
        with:
          persist-credentials: false
      - name: Setup Node
-        uses: actions/setup-node@cdca7365b2dadb8aad0a33bc7601856ffabcc48e # v4
+        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4
        with:
          node-version-file: './server/.nvmrc'
@@ -521,11 +637,11 @@ jobs:
        run: npm run migrations:run
      - name: Test npm run schema:reset command works
-        run: npm run typeorm:schema:reset
+        run: npm run schema:reset
      - name: Generate new migrations
        continue-on-error: true
-        run: npm run migrations:generate TestMigration
+        run: npm run migrations:generate src/TestMigration
      - name: Find file changes
        uses: tj-actions/verify-changed-files@a1c6acee9df209257a246f2cc6ae8cb6581c1edf # v20
@@ -535,9 +651,11 @@ jobs:
            server/src
      - name: Verify migration files have not changed
        if: steps.verify-changed-files.outputs.files_changed == 'true'
        env:
          CHANGED_FILES: ${{ steps.verify-changed-files.outputs.changed_files }}
        run: |
          echo "ERROR: Generated migration files not up to date!"
-          echo "Changed files: ${{ steps.verify-changed-files.outputs.changed_files }}"
+          echo "Changed files: ${CHANGED_FILES}"
          cat ./src/*-TestMigration.ts
          exit 1
@@ -555,9 +673,11 @@ jobs:
      - name: Verify SQL files have not changed
        if: steps.verify-changed-sql-files.outputs.files_changed == 'true'
        env:
          CHANGED_FILES: ${{ steps.verify-changed-sql-files.outputs.changed_files }}
        run: |
          echo "ERROR: Generated SQL files not up to date!"
-          echo "Changed files: ${{ steps.verify-changed-sql-files.outputs.changed_files }}"
+          echo "Changed files: ${CHANGED_FILES}"
          exit 1
  # mobile-integration-tests:
--- a/.github/workflows/weblate-lock.yml
+++ b/.github/workflows/weblate-lock.yml
@@ -4,30 +4,32 @@ on:
  pull_request:
    branches: [main]
 permissions: {}
 jobs:
  pre-job:
    runs-on: ubuntu-latest
    permissions:
      contents: read
    outputs:
      should_run: ${{ steps.found_paths.outputs.i18n == 'true' && github.head_ref != 'chore/translations'}}
    steps:
      - name: Checkout code
        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
        with:
          persist-credentials: false
      - id: found_paths
        uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3
        with:
          filters: |
            i18n:
              - 'i18n/!(en)**\.json'
      - name: Debug
        run: |
          echo "Should run: ${{ steps.found_paths.outputs.i18n == 'true' && github.head_ref != 'chore/translations'}}"
          echo "Found i18n paths: ${{ steps.found_paths.outputs.i18n }}"
          echo "Head ref: ${{ github.head_ref }}"
  enforce-lock:
    name: Check Weblate Lock
    needs: [pre-job]
    runs-on: ubuntu-latest
    permissions: {}
    if: ${{ needs.pre-job.outputs.should_run == 'true' }}
    steps:
      - name: Check weblate lock
@@ -47,6 +49,7 @@ jobs:
    name: Weblate Lock Check Success
    needs: [enforce-lock]
    runs-on: ubuntu-latest
    permissions: {}
    if: always()
    steps:
      - name: Any jobs failed?
@@ -54,4 +57,5 @@ jobs:
        run: exit 1
      - name: All jobs passed or skipped
        if: ${{ !(contains(needs.*.result, 'failure')) }}
        # zizmor: ignore[template-injection]
        run: echo "All jobs passed or skipped" && echo "${{ toJSON(needs.*.result) }}"
--- a/.vscode/settings.json
+++ b/.vscode/settings.json
@@ -1,45 +1,63 @@
 {
  "editor.formatOnSave": true,
  "[javascript]": {
    "editor.defaultFormatter": "esbenp.prettier-vscode",
    "editor.tabSize": 2,
    "editor.formatOnSave": true
  },
  "[typescript]": {
    "editor.defaultFormatter": "esbenp.prettier-vscode",
    "editor.tabSize": 2,
    "editor.formatOnSave": true
  },
  "[css]": {
    "editor.defaultFormatter": "esbenp.prettier-vscode",
-    "editor.tabSize": 2,
+    "editor.formatOnSave": true,
    "editor.formatOnSave": true
  },
  "[svelte]": {
    "editor.defaultFormatter": "svelte.svelte-vscode",
    "editor.tabSize": 2
  },
  "svelte.enable-ts-plugin": true,
  "eslint.validate": [
    "javascript",
    "svelte"
  ],
  "typescript.preferences.importModuleSpecifier": "non-relative",
  "[dart]": {
    "editor.defaultFormatter": "Dart-Code.dart-code",
    "editor.formatOnSave": true,
    "editor.selectionHighlight": false,
    "editor.suggest.snippetsPreventQuickSuggestions": false,
    "editor.suggestSelection": "first",
    "editor.tabCompletion": "onlySnippets",
-    "editor.wordBasedSuggestions": "off",
+    "editor.wordBasedSuggestions": "off"
    "editor.defaultFormatter": "Dart-Code.dart-code"
  },
-  "cSpell.words": [
+  "[javascript]": {
-    "immich"
+    "editor.codeActionsOnSave": {
-  ],
+      "source.organizeImports": "explicit",
      "source.removeUnusedImports": "explicit"
    },
    "editor.defaultFormatter": "esbenp.prettier-vscode",
    "editor.formatOnSave": true,
    "editor.tabSize": 2
  },
  "[json]": {
    "editor.defaultFormatter": "esbenp.prettier-vscode",
    "editor.formatOnSave": true,
    "editor.tabSize": 2
  },
  "[jsonc]": {
    "editor.defaultFormatter": "esbenp.prettier-vscode",
    "editor.formatOnSave": true,
    "editor.tabSize": 2
  },
  "[svelte]": {
    "editor.codeActionsOnSave": {
      "source.organizeImports": "explicit",
      "source.removeUnusedImports": "explicit"
    },
    "editor.defaultFormatter": "svelte.svelte-vscode",
    "editor.formatOnSave": true,
    "editor.tabSize": 2
  },
  "[typescript]": {
    "editor.codeActionsOnSave": {
      "source.organizeImports": "explicit",
      "source.removeUnusedImports": "explicit"
    },
    "editor.defaultFormatter": "esbenp.prettier-vscode",
    "editor.formatOnSave": true,
    "editor.tabSize": 2
  },
  "cSpell.words": ["immich"],
  "editor.formatOnSave": true,
  "eslint.validate": ["javascript", "svelte"],
  "explorer.fileNesting.enabled": true,
  "explorer.fileNesting.patterns": {
-    "*.ts": "${capture}.spec.ts,${capture}.mock.ts",
+    "*.dart": "${capture}.g.dart,${capture}.gr.dart,${capture}.drift.dart",
-    "*.dart": "${capture}.g.dart,${capture}.gr.dart,${capture}.drift.dart"
+    "*.ts": "${capture}.spec.ts,${capture}.mock.ts"
-  }
+  },
-}
+  "svelte.enable-ts-plugin": true,
  "typescript.preferences.importModuleSpecifier": "non-relative"
 }
--- a/3
+++ b/3
@@ -17,6 +17,9 @@ e2e:
 prod:
 	docker compose -f ./docker/docker-compose.prod.yml up --build -V --remove-orphans
 prod-down:
 	docker compose -f ./docker/docker-compose.prod.yml down --remove-orphans
 prod-scale:
 	docker compose -f ./docker/docker-compose.prod.yml up --build -V --scale immich-server=3 --scale immich-microservices=3 --remove-orphans
--- a/cli/Dockerfile
+++ b/cli/Dockerfile
@@ -1,4 +1,4 @@
-FROM node:22.14.0-alpine3.20@sha256:40be979442621049f40b1d51a26b55e281246b5de4e5f51a18da7beb6e17e3f9 AS core
+FROM node:22.15.0-alpine3.20@sha256:686b8892b69879ef5bfd6047589666933508f9a5451c67320df3070ba0e9807b AS core
 WORKDIR /usr/src/open-api/typescript-sdk
 COPY open-api/typescript-sdk/package*.json open-api/typescript-sdk/tsconfig*.json ./
--- a/cli/package-lock.json
+++ b/cli/package-lock.json
--- a/cli/package.json
+++ b/cli/package.json
@@ -1,6 +1,6 @@
 {
  "name": "@immich/cli",
-  "version": "2.2.61",
+  "version": "2.2.65",
  "description": "Command Line Interface (CLI) for Immich",
  "type": "module",
  "exports": "./dist/index.js",
@@ -21,7 +21,7 @@
    "@types/lodash-es": "^4.17.12",
    "@types/micromatch": "^4.0.9",
    "@types/mock-fs": "^4.13.1",
-    "@types/node": "^22.14.0",
+    "@types/node": "^22.14.1",
    "@vitest/coverage-v8": "^3.0.0",
    "byte-size": "^9.0.0",
    "cli-progress": "^3.12.0",
--- a/docker/docker-compose.dev.yml
+++ b/docker/docker-compose.dev.yml
@@ -116,13 +116,13 @@ services:
  redis:
    container_name: immich_redis
-    image: docker.io/valkey/valkey:8-bookworm@sha256:42cba146593a5ea9a622002c1b7cba5da7be248650cbb64ecb9c6c33d29794b1
+    image: docker.io/valkey/valkey:8-bookworm@sha256:4a9f847af90037d59b34cd4d4ad14c6e055f46540cf4ff757aaafb266060fa28
    healthcheck:
      test: redis-cli ping || exit 1
  database:
    container_name: immich_postgres
-    image: tensorchord/pgvecto-rs:pg14-v0.2.0@sha256:739cdd626151ff1f796dc95a6591b55a714f341c737e27f045019ceabf8e8c52
+    image: ghcr.io/immich-app/postgres:14-vectorchord0.3.0-pgvectors0.2.0
    env_file:
      - .env
    environment:
@@ -134,24 +134,6 @@ services:
      - ${UPLOAD_LOCATION}/postgres:/var/lib/postgresql/data
    ports:
      - 5432:5432
    healthcheck:
      test: >-
        pg_isready --dbname="$${POSTGRES_DB}" --username="$${POSTGRES_USER}" || exit 1;
        Chksum="$$(psql --dbname="$${POSTGRES_DB}" --username="$${POSTGRES_USER}" --tuples-only --no-align
        --command='SELECT COALESCE(SUM(checksum_failures), 0) FROM pg_stat_database')";
        echo "checksum failure count is $$Chksum";
        [ "$$Chksum" = '0' ] || exit 1
      interval: 5m
      start_interval: 30s
      start_period: 5m
    command: >-
      postgres
      -c shared_preload_libraries=vectors.so
      -c 'search_path="$$user", public, vectors'
      -c logging_collector=on
      -c max_wal_size=2GB
      -c shared_buffers=512MB
      -c wal_compression=on
  # set IMMICH_TELEMETRY_INCLUDE=all in .env to enable metrics
  # immich-prometheus:
--- a/docker/docker-compose.prod.yml
+++ b/docker/docker-compose.prod.yml
@@ -56,14 +56,14 @@ services:
  redis:
    container_name: immich_redis
-    image: docker.io/valkey/valkey:8-bookworm@sha256:42cba146593a5ea9a622002c1b7cba5da7be248650cbb64ecb9c6c33d29794b1
+    image: docker.io/valkey/valkey:8-bookworm@sha256:4a9f847af90037d59b34cd4d4ad14c6e055f46540cf4ff757aaafb266060fa28
    healthcheck:
      test: redis-cli ping || exit 1
    restart: always
  database:
    container_name: immich_postgres
-    image: tensorchord/pgvecto-rs:pg14-v0.2.0@sha256:739cdd626151ff1f796dc95a6591b55a714f341c737e27f045019ceabf8e8c52
+    image: ghcr.io/immich-app/postgres:14-vectorchord0.3.0-pgvectors0.2.0
    env_file:
      - .env
    environment:
@@ -75,14 +75,6 @@ services:
      - ${UPLOAD_LOCATION}/postgres:/var/lib/postgresql/data
    ports:
      - 5432:5432
    healthcheck:
      test: >-
        pg_isready --dbname="$${POSTGRES_DB}" --username="$${POSTGRES_USER}" || exit 1; Chksum="$$(psql --dbname="$${POSTGRES_DB}" --username="$${POSTGRES_USER}" --tuples-only --no-align --command='SELECT COALESCE(SUM(checksum_failures), 0) FROM pg_stat_database')"; echo "checksum failure count is $$Chksum"; [ "$$Chksum" = '0' ] || exit 1
      interval: 5m
      start_interval: 30s
      start_period: 5m
    command: >-
      postgres -c shared_preload_libraries=vectors.so -c 'search_path="$$user", public, vectors' -c logging_collector=on -c max_wal_size=2GB -c shared_buffers=512MB -c wal_compression=on
    restart: always
  # set IMMICH_TELEMETRY_INCLUDE=all in .env to enable metrics
@@ -90,7 +82,7 @@ services:
    container_name: immich_prometheus
    ports:
      - 9090:9090
-    image: prom/prometheus@sha256:502ad90314c7485892ce696cb14a99fceab9fc27af29f4b427f41bd39701a199
+    image: prom/prometheus@sha256:e2b8aa62b64855956e3ec1e18b4f9387fb6203174a4471936f4662f437f04405
    volumes:
      - ./prometheus.yml:/etc/prometheus/prometheus.yml
      - prometheus-data:/prometheus
@@ -102,7 +94,7 @@ services:
    command: [ './run.sh', '-disable-reporting' ]
    ports:
      - 3000:3000
-    image: grafana/grafana:11.6.0-ubuntu@sha256:fd8fa48213c624e1a95122f1d93abbf1cf1cbe85fc73212c1e599dbd76c63ff8
+    image: grafana/grafana:11.6.1-ubuntu@sha256:6fc273288470ef499dd3c6b36aeade093170d4f608f864c5dd3a7fabeae77b50
    volumes:
      - grafana-data:/var/lib/grafana
--- a/docker/docker-compose.yml
+++ b/docker/docker-compose.yml
@@ -49,14 +49,14 @@ services:
  redis:
    container_name: immich_redis
-    image: docker.io/valkey/valkey:8-bookworm@sha256:42cba146593a5ea9a622002c1b7cba5da7be248650cbb64ecb9c6c33d29794b1
+    image: docker.io/valkey/valkey:8-bookworm@sha256:4a9f847af90037d59b34cd4d4ad14c6e055f46540cf4ff757aaafb266060fa28
    healthcheck:
      test: redis-cli ping || exit 1
    restart: always
  database:
    container_name: immich_postgres
-    image: docker.io/tensorchord/pgvecto-rs:pg14-v0.2.0@sha256:739cdd626151ff1f796dc95a6591b55a714f341c737e27f045019ceabf8e8c52
+    image: ghcr.io/immich-app/postgres:14-vectorchord0.3.0-pgvectors0.2.0
    environment:
      POSTGRES_PASSWORD: ${DB_PASSWORD}
      POSTGRES_USER: ${DB_USERNAME}
@@ -65,14 +65,8 @@ services:
    volumes:
      # Do not edit the next line. If you want to change the database storage location on your system, edit the value of DB_DATA_LOCATION in the .env file
      - ${DB_DATA_LOCATION}:/var/lib/postgresql/data
-    healthcheck:
+    # change ssd below to hdd if you are using a hard disk drive or other slow storage
-      test: >-
+    command: postgres -c config_file=/etc/postgresql/postgresql.ssd.conf
        pg_isready --dbname="$${POSTGRES_DB}" --username="$${POSTGRES_USER}" || exit 1; Chksum="$$(psql --dbname="$${POSTGRES_DB}" --username="$${POSTGRES_USER}" --tuples-only --no-align --command='SELECT COALESCE(SUM(checksum_failures), 0) FROM pg_stat_database')"; echo "checksum failure count is $$Chksum"; [ "$$Chksum" = '0' ] || exit 1
      interval: 5m
      start_interval: 30s
      start_period: 5m
    command: >-
      postgres -c shared_preload_libraries=vectors.so -c 'search_path="$$user", public, vectors' -c logging_collector=on -c max_wal_size=2GB -c shared_buffers=512MB -c wal_compression=on
    restart: always
 volumes:
--- a/docs/docs/administration/backup-and-restore.md
+++ b/docs/docs/administration/backup-and-restore.md
@@ -23,23 +23,32 @@ Refer to the official [postgres documentation](https://www.postgresql.org/docs/c
 It is not recommended to directly backup the `DB_DATA_LOCATION` folder. Doing so while the database is running can lead to a corrupted backup that cannot be restored.
 :::
-### Automatic Database Backups
+### Automatic Database Dumps
-For convenience, Immich will automatically create database backups by default. The backups are stored in `UPLOAD_LOCATION/backups`.  
+:::warning
-As mentioned above, you should make your own backup of these together with the asset folders as noted below.  
+The automatic database dumps can be used to restore the database in the event of damage to the Postgres database files.
-You can adjust the schedule and amount of kept backups in the [admin settings](http://my.immich.app/admin/system-settings?isOpen=backup).  
+There is no monitoring for these dumps and you will not be notified if they are unsuccessful.
-By default, Immich will keep the last 14 backups and create a new backup every day at 2:00 AM.
+:::
-#### Trigger Backup
+:::caution
 The database dumps do **NOT** contain any pictures or videos, only metadata. They are only usable with a copy of the other files in `UPLOAD_LOCATION` as outlined below.
 :::
-You are able to trigger a backup in the [admin job status page](http://my.immich.app/admin/jobs-status).
+For disaster-recovery purposes, Immich will automatically create database dumps. The dumps are stored in `UPLOAD_LOCATION/backups`.
-Visit the page, open the "Create job" modal from the top right, select "Backup Database" and click "Confirm".
+Please be sure to make your own, independent backup of the database together with the asset folders as noted below.
-A job will run and trigger a backup, you can verify this worked correctly by checking the logs or the backup folder.
+You can adjust the schedule and amount of kept database dumps in the [admin settings](http://my.immich.app/admin/system-settings?isOpen=backup).
-This backup will count towards the last X backups that will be kept based on your settings.
+By default, Immich will keep the last 14 database dumps and create a new dump every day at 2:00 AM.
 #### Trigger Dump
 You are able to trigger a database dump in the [admin job status page](http://my.immich.app/admin/jobs-status).
 Visit the page, open the "Create job" modal from the top right, select "Create Database Dump" and click "Confirm".
 A job will run and trigger a dump, you can verify this worked correctly by checking the logs or the `backups/` folder.
 This dumps will count towards the last `X` dumps that will be kept based on your settings.
 #### Restoring
-We hope to make restoring simpler in future versions, for now you can find the backups in the `UPLOAD_LOCATION/backups` folder on your host.  
+We hope to make restoring simpler in future versions, for now you can find the database dumps in the `UPLOAD_LOCATION/backups` folder on your host.
 Then please follow the steps in the following section for restoring the database.
 ### Manual Backup and Restore
--- a/docs/docs/administration/postgres-standalone.md
+++ b/docs/docs/administration/postgres-standalone.md
@@ -10,12 +10,12 @@ Running with a pre-existing Postgres server can unlock powerful administrative f
 ## Prerequisites
-You must install pgvecto.rs into your instance of Postgres using their [instructions][vectors-install]. After installation, add `shared_preload_libraries = 'vectors.so'` to your `postgresql.conf`. If you already have some `shared_preload_libraries` set, you can separate each extension with a comma. For example, `shared_preload_libraries = 'pg_stat_statements, vectors.so'`.
+You must install VectorChord into your instance of Postgres using their [instructions][vchord-install]. After installation, add `shared_preload_libraries = 'vchord.so'` to your `postgresql.conf`. If you already have some `shared_preload_libraries` set, you can separate each extension with a comma. For example, `shared_preload_libraries = 'pg_stat_statements, vchord.so'`.
 :::note
-Immich is known to work with Postgres versions 14, 15, and 16. Earlier versions are unsupported. Postgres 17 is nominally compatible, but pgvecto.rs does not have prebuilt images or packages for it as of writing.
+Immich is known to work with Postgres versions 14, 15, 16 and 17. Earlier versions are unsupported.
-Make sure the installed version of pgvecto.rs is compatible with your version of Immich. The current accepted range for pgvecto.rs is `>= 0.2.0, < 0.4.0`.
+Make sure the installed version of VectorChord is compatible with your version of Immich. The current accepted range for VectorChord is `>= 0.3.0, < 0.4.0`.
 :::
 ## Specifying the connection URL
@@ -53,16 +53,75 @@ CREATE DATABASE <immichdatabasename>;
 \c <immichdatabasename>
 BEGIN;
 ALTER DATABASE <immichdatabasename> OWNER TO <immichdbusername>;
-CREATE EXTENSION vectors;
+CREATE EXTENSION vchord CASCADE;
 CREATE EXTENSION earthdistance CASCADE;
 ALTER DATABASE <immichdatabasename> SET search_path TO "$user", public, vectors;
 ALTER SCHEMA vectors OWNER TO <immichdbusername>;
 COMMIT;
 ```
-### Updating pgvecto.rs
+### Updating VectorChord
-When installing a new version of pgvecto.rs, you will need to manually update the extension by connecting to the Immich database and running `ALTER EXTENSION vectors UPDATE;`.
+When installing a new version of VectorChord, you will need to manually update the extension by connecting to the Immich database and running `ALTER EXTENSION vchord UPDATE;`.
 ## Migrating to VectorChord
 VectorChord is the successor extension to pgvecto.rs, allowing for higher performance, lower memory usage and higher quality results for smart search and facial recognition.
 ### Migrating from pgvecto.rs
 Support for pgvecto.rs will be dropped in a later release, hence we recommend all users currently using pgvecto.rs to migrate to VectorChord at their convenience. There are two primary approaches to do so.
 The easiest option is to have both extensions installed during the migration:
 1. Ensure you still have pgvecto.rs installed
 2. [Install VectorChord][vchord-install]
 3. Add `shared_preload_libraries= 'vchord.so, vectors.so'` to your `postgresql.conf`, making sure to include _both_ `vchord.so` and `vectors.so`. You may include other libraries here as well if needed
 4. If Immich does not have superuser permissions, run the SQL command `CREATE EXTENSION vchord CASCADE;` using psql or your choice of database client
 5. Start Immich and wait for the logs `Reindexed face_index` and `Reindexed clip_index` to be output
 6. Remove the `vectors.so` entry from the `shared_preload_libraries` setting
 7. Uninstall pgvecto.rs (e.g. `apt-get purge vectors-pg14` on Debian-based environments, replacing `pg14` as appropriate)
 If it is not possible to have both VectorChord and pgvector.s installed at the same time, you can perform the migration with more manual steps:
 1. While pgvecto.rs is still installed, run the following SQL command using psql or your choice of database client. Take note of the number outputted by this command as you will need it later
 ```sql
 SELECT atttypmod as dimsize
    FROM pg_attribute f
    JOIN pg_class c ON c.oid = f.attrelid
    WHERE c.relkind = 'r'::char
    AND f.attnum > 0
    AND c.relname = 'smart_search'::text
    AND f.attname = 'embedding'::text;
 ```
 2. Remove references to pgvecto.rs using the below SQL commands
 ```sql
 DROP INDEX IF EXISTS clip_index;
 DROP INDEX IF EXISTS face_index;
 ALTER TABLE smart_search ALTER COLUMN embedding SET DATA TYPE real[];
 ALTER TABLE face_search ALTER COLUMN embedding SET DATA TYPE real[];
 ```
 3. [Install VectorChord][vchord-install]
 4. Change the columns back to the appropriate vector types, replacing `<number>` with the number from step 1
 ```sql
 CREATE EXTENSION IF NOT EXISTS vchord CASCADE;
 ALTER TABLE smart_search ALTER COLUMN embedding SET DATA TYPE vector(<number>);
 ALTER TABLE face_search ALTER COLUMN embedding SET DATA TYPE vector(512);
 ```
 5. Start Immich and let it create new indices using VectorChord
 ### Migrating from pgvector
 1. Ensure you have at least 0.7.0 of pgvector installed. If it is below that, please upgrade it and run the SQL command `ALTER EXTENSION vector UPDATE;` using psql or your choice of database client
 2. Follow the Prerequisites to install VectorChord
 3. If Immich does not have superuser permissions, run the SQL command `CREATE EXTENSION vchord CASCADE;`
 4. Start Immich and let it create new indices using VectorChord
 Note that VectorChord itself uses pgvector types, so you should not uninstall pgvector after following these steps.
 ### Common errors
@@ -70,4 +129,4 @@ When installing a new version of pgvecto.rs, you will need to manually update th
 If you get the error `driverError: error: permission denied for view pg_vector_index_stat`, you can fix this by connecting to the Immich database and running `GRANT SELECT ON TABLE pg_vector_index_stat TO <immichdbusername>;`.
-[vectors-install]: https://docs.vectorchord.ai/getting-started/installation.html
+[vchord-install]: https://docs.vectorchord.ai/vectorchord/getting-started/installation.html
--- a/docs/docs/administration/reverse-proxy.md
+++ b/docs/docs/administration/reverse-proxy.md
@@ -22,7 +22,7 @@ server {
    client_max_body_size 50000M;
    # Set headers
-    proxy_set_header Host              $http_host;
+    proxy_set_header Host              $host;
    proxy_set_header X-Real-IP         $remote_addr;
    proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
--- a/docs/docs/developer/database-migrations.md
+++ b/docs/docs/developer/database-migrations.md
@@ -1,14 +1,14 @@
 # Database Migrations
-After making any changes in the `server/src/entities`, a database migration need to run in order to register the changes in the database. Follow the steps below to create a new migration.
+After making any changes in the `server/src/schema`, a database migration need to run in order to register the changes in the database. Follow the steps below to create a new migration.
 1. Run the command
 ```bash
-npm run typeorm:migrations:generate <migration-name>
+npm run migrations:generate <migration-name>
 ```
 2. Check if the migration file makes sense.
-3. Move the migration file to folder `./server/src/migrations` in your code editor.
+3. Move the migration file to folder `./server/src/schema/migrations` in your code editor.
 The server will automatically detect `*.ts` file changes and restart. Part of the server start-up process includes running any new migrations, so it will be applied immediately.
--- a/docs/docs/developer/setup.md
+++ b/docs/docs/developer/setup.md
@@ -83,9 +83,20 @@ To see local changes to `@immich/ui` in Immich, do the following:
 ### Mobile app
-The mobile app `(/mobile)` will required Flutter toolchain 3.13.x and FVM to be installed on your system.
+#### Setup
-Please refer to the [Flutter's official documentation](https://flutter.dev/docs/get-started/install) for more information on setting up the toolchain on your machine.
+1. Setup Flutter toolchain using FVM.
 2. Run `flutter pub get` to install the dependencies.
 3. Run `make translation` to generate the translation file.
 4. Run `fvm flutter run` to start the app.
 #### Translation
 To add a new translation text, enter the key-value pair in the `i18n/en.json` in the root of the immich project. Then, from the `mobile/` directory, run
 ```bash
 make translation
 ```
 The mobile app asks you what backend to connect to. You can utilize the demo backend (https://demo.immich.app/) if you don't need to change server code or upload photos. Alternatively, you can run the server yourself per the instructions above.
--- a/docs/docs/features/command-line-interface.md
+++ b/docs/docs/features/command-line-interface.md
@@ -42,6 +42,12 @@ docker run -it -v "$(pwd)":/import:ro -e IMMICH_INSTANCE_URL=https://your-immich
 Please modify the `IMMICH_INSTANCE_URL` and `IMMICH_API_KEY` environment variables as suitable. You can also use a Docker env file to store your sensitive API key.
 This `docker run` command will directly run the command `immich` inside the container. You can directly append the desired parameters (see under "usage") to the commandline like this:
 ```bash
 docker run -it -v "$(pwd)":/import:ro -e IMMICH_INSTANCE_URL=https://your-immich-instance/api -e IMMICH_API_KEY=your-api-key ghcr.io/immich-app/immich-cli:latest upload -a -c 5 --recursive directory/
 ```
 ## Usage
 <details>
--- a/docs/docs/features/libraries.md
+++ b/docs/docs/features/libraries.md
@@ -72,7 +72,7 @@ In rare cases, the library watcher can hang, preventing Immich from starting up.
 ### Nightly job
-There is an automatic scan job that is scheduled to run once a day. This job also cleans up any libraries stuck in deletion. It is possible to trigger the cleanup by clicking "Scan all libraries" in the library managment page.
+There is an automatic scan job that is scheduled to run once a day. This job also cleans up any libraries stuck in deletion. It is possible to trigger the cleanup by clicking "Scan all libraries" in the library management page.
 ## Usage
--- a/docs/docs/features/ml-hardware-acceleration.md
+++ b/docs/docs/features/ml-hardware-acceleration.md
@@ -42,7 +42,7 @@ You do not need to redo any machine learning jobs after enabling hardware accele
 - The GPU must have compute capability 5.2 or greater.
 - The server must have the official NVIDIA driver installed.
- The installed driver must be >= 535 (it must support CUDA 12.2).
+- The installed driver must be >= 545 (it must support CUDA 12.3).
 - On Linux (except for WSL2), you also need to have [NVIDIA Container Toolkit][nvct] installed.
 #### ROCm
--- a/docs/docs/features/searching.md
+++ b/docs/docs/features/searching.md
@@ -5,7 +5,7 @@ import TabItem from '@theme/TabItem';
 Immich uses Postgres as its search database for both metadata and contextual CLIP search.
-Contextual CLIP search is powered by the [pgvecto.rs](https://github.com/tensorchord/pgvecto.rs) extension, utilizing machine learning models like [CLIP](https://openai.com/research/clip) to provide relevant search results. This allows for freeform searches without requiring specific keywords in the image or video metadata.
+Contextual CLIP search is powered by the [VectorChord](https://github.com/tensorchord/VectorChord) extension, utilizing machine learning models like [CLIP](https://openai.com/research/clip) to provide relevant search results. This allows for freeform searches without requiring specific keywords in the image or video metadata.
 ## Advanced Search Filters
@@ -92,7 +92,7 @@ Memory and execution time estimates were obtained without acceleration on a 7800
 **Execution Time (ms)**: After warming up the model with one pass, the mean execution time of 100 passes with the same input.
-**Memory (MiB)**: The peak RSS usage of the process afer performing the above timing benchmark. Does not include image decoding, concurrent processing, the web server, etc., which are relatively constant factors.
+**Memory (MiB)**: The peak RSS usage of the process after performing the above timing benchmark. Does not include image decoding, concurrent processing, the web server, etc., which are relatively constant factors.
 **Recall (%)**: Evaluated on Crossmodal-3600, the average of the recall@1, recall@5 and recall@10 results for zeroshot image retrieval. Chinese (Simplified), English, French, German, Italian, Japanese, Korean, Polish, Russian, Spanish and Turkish are additionally tested on XTD-10. Chinese (Simplified) and English are additionally tested on Flickr30k. The recall metrics are the average across all tested datasets.
--- a/docs/docs/guides/custom-map-styles.md
+++ b/docs/docs/guides/custom-map-styles.md
@@ -14,14 +14,14 @@ online generators you can use.
 2. Paste the link to your JSON style in either the **Light Style** or **Dark Style**. (You can add different styles which will help make the map style more appropriate depending on whether you set **Immich** to Light or Dark mode.)
 3. Save your selections. Reload the map, and enjoy your custom map style!
-## Use Maptiler to build a custom style
+## Use MapTiler to build a custom style
-Customizing the map style can be done easily using Maptiler, if you do not want to write an entire JSON document by hand.
+Customizing the map style can be done easily using MapTiler, if you do not want to write an entire JSON document by hand.
 1. Create a free account at https://cloud.maptiler.com
 2. Once logged in, you can either create a brand new map by clicking on **New Map**, selecting a starter map, and then clicking **Customize**, OR by selecting a **Standard Map** and customizing it from there.
 3. The **editor** interface is self-explanatory. You can change colors, remove visible layers, or add optional layers (e.g., administrative, topo, hydro, etc.) in the composer.
 4. Once you have your map composed, click on **Save** at the top right. Give it a unique name to save it to your account.
-5. Next, **Publish** your style using the **Publish** button at the top right. This will deploy it to production, which means it is able to be exposed over the Internet. Maptiler will present an interactive side-by-side map with the original and your changes prior to publication.<br/>![Maptiler Publication Settings](img/immich_map_styles_publish.webp)
+5. Next, **Publish** your style using the **Publish** button at the top right. This will deploy it to production, which means it is able to be exposed over the Internet. MapTiler will present an interactive side-by-side map with the original and your changes prior to publication.<br/>![MapTiler Publication Settings](img/immich_map_styles_publish.webp)
-6. Maptiler will warn you that changing the map will change it across all apps using the map. Since no apps are using the map yet, this is okay.
+6. MapTiler will warn you that changing the map will change it across all apps using the map. Since no apps are using the map yet, this is okay.
-7. Clicking on the name of your new map at the top left will bring you to the item's **details** page. From here, copy the link to the JSON style under **Use vector style**. This link will automatically contain your personal API key to Maptiler.
+7. Clicking on the name of your new map at the top left will bring you to the item's **details** page. From here, copy the link to the JSON style under **Use vector style**. This link will automatically contain your personal API key to MapTiler.
--- a/docs/docs/guides/database-queries.md
+++ b/docs/docs/guides/database-queries.md
@@ -1,7 +1,7 @@
 # Database Queries
 :::danger
-Keep in mind that mucking around in the database might set the moon on fire. Avoid modifying the database directly when possible, and always have current backups.
+Keep in mind that mucking around in the database might set the Moon on fire. Avoid modifying the database directly when possible, and always have current backups.
 :::
 :::tip
--- a/docs/docs/install/docker-compose.mdx
+++ b/docs/docs/install/docker-compose.mdx
@@ -2,53 +2,13 @@
 sidebar_position: 30
 ---
 import CodeBlock from '@theme/CodeBlock';
 import ExampleEnv from '!!raw-loader!../../../docker/example.env';
 # Docker Compose [Recommended]
 Docker Compose is the recommended method to run Immich in production. Below are the steps to deploy Immich with Docker Compose.
-## Step 1 - Download the required files
+import DockerComposeSteps from '/docs/partials/_docker-compose-install-steps.mdx';
-Create a directory of your choice (e.g. `./immich-app`) to hold the `docker-compose.yml` and `.env` files.
+<DockerComposeSteps />
 ```bash title="Move to the directory you created"
 mkdir ./immich-app
 cd ./immich-app
 ```
 Download [`docker-compose.yml`][compose-file] and [`example.env`][env-file] by running the following commands:
 ```bash title="Get docker-compose.yml file"
 wget -O docker-compose.yml https://github.com/immich-app/immich/releases/latest/download/docker-compose.yml
 ```
 ```bash title="Get .env file"
 wget -O .env https://github.com/immich-app/immich/releases/latest/download/example.env
 ```
 You can alternatively download these two files from your browser and move them to the directory that you created, in which case ensure that you rename `example.env` to `.env`.
 ## Step 2 - Populate the .env file with custom values
 <CodeBlock language="bash" title="Default environmental variable content">
  {ExampleEnv}
 </CodeBlock>
 - Populate `UPLOAD_LOCATION` with your preferred location for storing backup assets. It should be a new directory on the server with enough free space.
 - Consider changing `DB_PASSWORD` to a custom value. Postgres is not publicly exposed, so this password is only used for local authentication.
  To avoid issues with Docker parsing this value, it is best to use only the characters `A-Za-z0-9`. `pwgen` is a handy utility for this.
 - Set your timezone by uncommenting the `TZ=` line.
 - Populate custom database information if necessary.
 ## Step 3 - Start the containers
 From the directory you created in Step 1 (which should now contain your customized `docker-compose.yml` and `.env` files), run the following command to start Immich as a background service:
 ```bash title="Start the containers"
 docker compose up -d
 ```
 :::info Docker version
 If you get an error such as `unknown shorthand flag: 'd' in -d` or `open <location of your .env file>: permission denied`, you are probably running the wrong Docker version. (This happens, for example, with the docker.io package in Ubuntu 22.04.3 LTS.) You can correct the problem by following the complete [Docker Engine install](https://docs.docker.com/engine/install/) procedure for your distribution, crucially the "Uninstall old versions" and "Install using the apt/rpm repository" sections. These replace the distro's Docker packages with Docker's official ones.
@@ -70,6 +30,3 @@ If you get an error `can't set healthcheck.start_interval as feature require Doc
 ## Next Steps
 Read the [Post Installation](/docs/install/post-install.mdx) steps and [upgrade instructions](/docs/install/upgrading.md).
 [compose-file]: https://github.com/immich-app/immich/releases/latest/download/docker-compose.yml
 [env-file]: https://github.com/immich-app/immich/releases/latest/download/example.env
--- a/docs/docs/install/environment-variables.md
+++ b/docs/docs/install/environment-variables.md
@@ -72,20 +72,21 @@ Information on the current workers can be found [here](/docs/administration/jobs
 ## Database
-| Variable                            | Description                                                              |   Default    | Containers                     |
+| Variable                            | Description                                                                  |  Default   | Containers                     |
-| :---------------------------------- | :----------------------------------------------------------------------- | :----------: | :----------------------------- |
+| :---------------------------------- | :--------------------------------------------------------------------------- | :--------: | :----------------------------- |
-| `DB_URL`                            | Database URL                                                             |              | server                         |
+| `DB_URL`                            | Database URL                                                                 |            | server                         |
-| `DB_HOSTNAME`                       | Database host                                                            |  `database`  | server                         |
+| `DB_HOSTNAME`                       | Database host                                                                | `database` | server                         |
-| `DB_PORT`                           | Database port                                                            |    `5432`    | server                         |
+| `DB_PORT`                           | Database port                                                                |   `5432`   | server                         |
-| `DB_USERNAME`                       | Database user                                                            |  `postgres`  | server, database<sup>\*1</sup> |
+| `DB_USERNAME`                       | Database user                                                                | `postgres` | server, database<sup>\*1</sup> |
-| `DB_PASSWORD`                       | Database password                                                        |  `postgres`  | server, database<sup>\*1</sup> |
+| `DB_PASSWORD`                       | Database password                                                            | `postgres` | server, database<sup>\*1</sup> |
-| `DB_DATABASE_NAME`                  | Database name                                                            |   `immich`   | server, database<sup>\*1</sup> |
+| `DB_DATABASE_NAME`                  | Database name                                                                |  `immich`  | server, database<sup>\*1</sup> |
-| `DB_VECTOR_EXTENSION`<sup>\*2</sup> | Database vector extension (one of [`pgvector`, `pgvecto.rs`])            | `pgvecto.rs` | server                         |
+| `DB_SSL_MODE`                       | Database SSL mode                                                            |            | server                         |
-| `DB_SKIP_MIGRATIONS`                | Whether to skip running migrations on startup (one of [`true`, `false`]) |   `false`    | server                         |
+| `DB_VECTOR_EXTENSION`<sup>\*2</sup> | Database vector extension (one of [`vectorchord`, `pgvector`, `pgvecto.rs`]) |            | server                         |
 | `DB_SKIP_MIGRATIONS`                | Whether to skip running migrations on startup (one of [`true`, `false`])     |  `false`   | server                         |
 \*1: The values of `DB_USERNAME`, `DB_PASSWORD`, and `DB_DATABASE_NAME` are passed to the Postgres container as the variables `POSTGRES_USER`, `POSTGRES_PASSWORD`, and `POSTGRES_DB` in `docker-compose.yml`.
-\*2: This setting cannot be changed after the server has successfully started up.
+\*2: If not provided, the appropriate extension to use is auto-detected at startup by introspecting the database. When multiple extensions are installed, the order of preference is VectorChord, pgvecto.rs, pgvector.
 :::info
--- a/docs/docs/install/synology.md
+++ b/docs/docs/install/synology.md
@@ -29,7 +29,7 @@ Download [`docker-compose.yml`](https://github.com/immich-app/immich/releases/la
 ## Step 2 - Populate the .env file with custom values
-Follow [Step 2 in Docker Compose](./docker-compose#step-2---populate-the-env-file-with-custom-values) for instructions on customizing the `.env` file, and then return back to this guide to continue.
+Follow [Step 2 in Docker Compose](/docs/install/docker-compose#step-2---populate-the-env-file-with-custom-values) for instructions on customizing the `.env` file, and then return back to this guide to continue.
 ## Step 3 - Create a new project in Container Manager
--- a/docs/docs/install/truenas.md
+++ b/docs/docs/install/truenas.md
@@ -2,7 +2,7 @@
 sidebar_position: 80
 ---
-# TrueNAS SCALE [Community]
+# TrueNAS [Community]
 :::note
 This is a community contribution and not officially supported by the Immich team, but included here for convenience.
@@ -12,17 +12,17 @@ Community support can be found in the dedicated channel on the [Discord Server](
 **Please report app issues to the corresponding [Github Repository](https://github.com/truenas/charts/tree/master/community/immich).**
 :::
-Immich can easily be installed on TrueNAS SCALE via the **Community** train application.
+Immich can easily be installed on TrueNAS Community Edition via the **Community** train application.
-Consider reviewing the TrueNAS [Apps tutorial](https://www.truenas.com/docs/scale/scaletutorials/apps/) if you have not previously configured applications on your system.
+Consider reviewing the TrueNAS [Apps resources](https://apps.truenas.com/getting-started/) if you have not previously configured applications on your system.
-TrueNAS SCALE makes installing and updating Immich easy, but you must use the Immich web portal and mobile app to configure accounts and access libraries.
+TrueNAS Community Edition makes installing and updating Immich easy, but you must use the Immich web portal and mobile app to configure accounts and access libraries.
 ## First Steps
-The Immich app in TrueNAS SCALE installs, completes the initial configuration, then starts the Immich web portal.
+The Immich app in TrueNAS Community Edition installs, completes the initial configuration, then starts the Immich web portal.
-When updates become available, SCALE alerts and provides easy updates.
+When updates become available, TrueNAS alerts and provides easy updates.
-Before installing the Immich app in SCALE, review the [Environment Variables](#environment-variables) documentation to see if you want to configure any during installation.
+Before installing the Immich app in TrueNAS, review the [Environment Variables](#environment-variables) documentation to see if you want to configure any during installation.
 You may also configure environment variables at any time after deploying the application.
 ### Setting up Storage Datasets
@@ -126,9 +126,9 @@ className="border rounded-xl"
 Accept the default port `30041` in **WebUI Port** or enter a custom port number.
 :::info Allowed Port Numbers
-Only numbers within the range 9000-65535 may be used on SCALE versions below TrueNAS Scale 24.10 Electric Eel.
+Only numbers within the range 9000-65535 may be used on TrueNAS versions below TrueNAS Community Edition 24.10 Electric Eel.
-Regardless of version, to avoid port conflicts, don't use [ports on this list](https://www.truenas.com/docs/references/defaultports/).
+Regardless of version, to avoid port conflicts, don't use [ports on this list](https://www.truenas.com/docs/solutions/optimizations/security/#truenas-default-ports).
 :::
 ### Storage Configuration
@@ -173,7 +173,7 @@ className="border rounded-xl"
 You may configure [External Libraries](/docs/features/libraries) by mounting them using **Additional Storage**.
 The **Mount Path** is the location you will need to copy and paste into the External Library settings within Immich.
-The **Host Path** is the location on the TrueNAS SCALE server where your external library is located.
+The **Host Path** is the location on the TrueNAS Community Edition server where your external library is located.
 <!-- A section for Labels would go here but I don't know what they do. -->
@@ -188,17 +188,17 @@ className="border rounded-xl"
 Accept the default **CPU** limit of `2` threads or specify the number of threads (CPUs with Multi-/Hyper-threading have 2 threads per core).
-Accept the default **Memory** limit of `4096` MB or specify the number of MB of RAM. If you're using Machine Learning you should probably set this above 8000 MB.
+Specify the **Memory** limit in MB of RAM. Immich recommends at least 6000 MB (6GB). If you selected **Enable Machine Learning** in **Immich Configuration**, you should probably set this above 8000 MB.
-:::info Older SCALE Versions
+:::info Older TrueNAS Versions
-Before TrueNAS SCALE version 24.10 Electric Eel:
+Before TrueNAS Community Edition version 24.10 Electric Eel:
 The **CPU** value was specified in a different format with a default of `4000m` which is 4 threads.
 The **Memory** value was specified in a different format with a default of `8Gi` which is 8 GiB of RAM. The value was specified in bytes or a number with a measurement suffix. Examples: `129M`, `123Mi`, `1000000000`
 :::
-Enable **GPU Configuration** options if you have a GPU that you will use for [Hardware Transcoding](/docs/features/hardware-transcoding) and/or [Hardware-Accelerated Machine Learning](/docs/features/ml-hardware-acceleration.md). More info: [GPU Passthrough Docs for TrueNAS Apps](https://www.truenas.com/docs/truenasapps/#gpu-passthrough)
+Enable **GPU Configuration** options if you have a GPU that you will use for [Hardware Transcoding](/docs/features/hardware-transcoding) and/or [Hardware-Accelerated Machine Learning](/docs/features/ml-hardware-acceleration.md). More info: [GPU Passthrough Docs for TrueNAS Apps](https://apps.truenas.com/managing-apps/installing-apps/#gpu-passthrough)
 ### Install
@@ -240,7 +240,7 @@ className="border rounded-xl"
 />
 :::info
-Some Environment Variables are not available for the TrueNAS SCALE app. This is mainly because they can be configured through GUI options in the [Edit Immich screen](#edit-app-settings).
+Some Environment Variables are not available for the TrueNAS Community Edition app. This is mainly because they can be configured through GUI options in the [Edit Immich screen](#edit-app-settings).
 Some examples are: `IMMICH_VERSION`, `UPLOAD_LOCATION`, `DB_DATA_LOCATION`, `TZ`, `IMMICH_LOG_LEVEL`, `DB_PASSWORD`, `REDIS_PASSWORD`.
 :::
@@ -251,7 +251,7 @@ Some examples are: `IMMICH_VERSION`, `UPLOAD_LOCATION`, `DB_DATA_LOCATION`, `TZ`
 Make sure to read the general [upgrade instructions](/docs/install/upgrading.md).
 :::
-When updates become available, SCALE alerts and provides easy updates.
+When updates become available, TrueNAS alerts and provides easy updates.
 To update the app to the latest version:
 - Go to the **Installed Applications** screen and select Immich from the list of installed applications.
--- a/docs/docs/overview/comparison.md
+++ b/docs/docs/overview/comparison.md
@@ -1,5 +1,5 @@
 ---
-sidebar_position: 2
+sidebar_position: 3
 ---
 # Comparison
--- a/docs/docs/overview/img/social-preview-light.webp
+++ b/docs/docs/overview/img/social-preview-light.webp
--- a/docs/docs/overview/quick-start.mdx
+++ b/docs/docs/overview/quick-start.mdx
@@ -1,5 +1,5 @@
 ---
-sidebar_position: 3
+sidebar_position: 2
 ---
 # Quick start
@@ -10,11 +10,20 @@ to install and use it.
 ## Requirements
-Check the [requirements page](/docs/install/requirements) to get started.
+- A system with at least 4GB of RAM and 2 CPU cores.
 - [Docker](https://docs.docker.com/engine/install/)
 > For a more detailed list of requirements, see the [requirements page](/docs/install/requirements).
 ---
 ## Set up the server
-Follow the [Docker Compose (Recommended)](/docs/install/docker-compose) instructions to install the server.
+import DockerComposeSteps from '/docs/partials/_docker-compose-install-steps.mdx';
 <DockerComposeSteps />
 ---
 ## Try the web app
@@ -26,6 +35,8 @@ Try uploading a picture from your browser.
 <img src={require('./img/upload-button.webp').default} title="Upload button" />
 ---
 ## Try the mobile app
 ### Download the Mobile App
@@ -56,6 +67,8 @@ You can select the **Jobs** tab to see Immich processing your photos.
 <img src={require('/docs/guides/img/jobs-tab.webp').default} title="Jobs tab" width={300} />
 ---
 ## Review the database backup and restore process
 Immich has built-in database backups. You can refer to the
@@ -65,6 +78,8 @@ Immich has built-in database backups. You can refer to the
 The database only contains metadata and user information. You must setup manual backups of the images and videos stored in `UPLOAD_LOCATION`.
 :::
 ---
 ## Where to go from here?
 You may decide you'd like to install the server a different way; the Install category on the left menu provides many options.
--- a/docs/docs/overview/introduction.mdx
+++ b/docs/docs/overview/introduction.mdx
@@ -2,9 +2,13 @@
 sidebar_position: 1
 ---
-# Introduction
+# Welcome to Immich
-<img src={require('./img/feature-panel.webp').default} alt="Immich - Self-hosted photos and videos backup tool" />
+<img
  src={require('./img/social-preview-light.webp').default}
  alt="Immich - Self-hosted photos and videos backup tool"
  data-theme="light"
 />
 ## Welcome!
--- a/docs/docs/partials/_docker-compose-install-steps.mdx
+++ b/docs/docs/partials/_docker-compose-install-steps.mdx
@@ -0,0 +1,43 @@
 import CodeBlock from '@theme/CodeBlock';
 import ExampleEnv from '!!raw-loader!../../../docker/example.env';
 ### Step 1 - Download the required files
 Create a directory of your choice (e.g. `./immich-app`) to hold the `docker-compose.yml` and `.env` files.
 ```bash title="Move to the directory you created"
 mkdir ./immich-app
 cd ./immich-app
 ```
 Download [`docker-compose.yml`](https://github.com/immich-app/immich/releases/latest/download/docker-compose.yml) and [`example.env`](https://github.com/immich-app/immich/releases/latest/download/example.env) by running the following commands:
 ```bash title="Get docker-compose.yml file"
 wget -O docker-compose.yml https://github.com/immich-app/immich/releases/latest/download/docker-compose.yml
 ```
 ```bash title="Get .env file"
 wget -O .env https://github.com/immich-app/immich/releases/latest/download/example.env
 ```
 You can alternatively download these two files from your browser and move them to the directory that you created, in which case ensure that you rename `example.env` to `.env`.
 ### Step 2 - Populate the .env file with custom values
 <CodeBlock language="bash" title="Default environmental variable content">
  {ExampleEnv}
 </CodeBlock>
 - Populate `UPLOAD_LOCATION` with your preferred location for storing backup assets. It should be a new directory on the server with enough free space.
 - Consider changing `DB_PASSWORD` to a custom value. Postgres is not publicly exposed, so this password is only used for local authentication.
  To avoid issues with Docker parsing this value, it is best to use only the characters `A-Za-z0-9`. `pwgen` is a handy utility for this.
 - Set your timezone by uncommenting the `TZ=` line.
 - Populate custom database information if necessary.
 ### Step 3 - Start the containers
 From the directory you created in Step 1 (which should now contain your customized `docker-compose.yml` and `.env` files), run the following command to start Immich as a background service:
 ```bash title="Start the containers"
 docker compose up -d
 ```
--- a/docs/docusaurus.config.js
+++ b/docs/docusaurus.config.js
@@ -95,7 +95,7 @@ const config = {
            position: 'right',
          },
          {
-            to: '/docs/overview/introduction',
+            to: '/docs/overview/welcome',
            position: 'right',
            label: 'Docs',
          },
@@ -124,6 +124,12 @@ const config = {
            label: 'Discord',
            position: 'right',
          },
          {
            type: 'html',
            position: 'right',
            value:
              '<a href="https://buy.immich.app" target="_blank" class="no-underline hover:no-underline"><button class="buy-button bg-immich-primary dark:bg-immich-dark-primary text-white dark:text-black rounded-xl">Buy Immich</button></a>',
          },
        ],
      },
      footer: {
@@ -134,7 +140,7 @@ const config = {
            items: [
              {
                label: 'Welcome',
-                to: '/docs/overview/introduction',
+                to: '/docs/overview/welcome',
              },
              {
                label: 'Installation',
--- a/docs/package-lock.json
+++ b/docs/package-lock.json
--- a/docs/src/components/community-projects.tsx
+++ b/docs/src/components/community-projects.tsx
@@ -40,8 +40,9 @@ const projects: CommunityProjectProps[] = [
  },
  {
    title: 'Lightroom Immich Plugin: lrc-immich-plugin',
-    description: 'Another Lightroom plugin to publish or export photos from Lightroom to Immich.',
+    description:
-    url: 'https://github.com/bmachek/lrc-immich-plugin',
+      'Lightroom plugin to publish, export photos from Lightroom to Immich. Import from Immich to Lightroom is also supported.',
    url: 'https://blog.fokuspunk.de/lrc-immich-plugin/',
  },
  {
    title: 'Immich Duplicate Finder',
--- a/docs/src/css/custom.css
+++ b/docs/src/css/custom.css
@@ -7,14 +7,22 @@
@tailwind components;
@tailwind utilities;
-@import url('https://fonts.googleapis.com/css2?family=Be+Vietnam+Pro:ital,wght@0,100;0,200;0,300;0,400;0,500;0,600;0,700;0,800;0,900;1,100;1,200;1,300;1,400;1,500;1,600;1,700;1,800;1,900&display=swap');
+@font-face {
-
+  font-family: 'Overpass';
-body {
+  src: url('/fonts/overpass/Overpass.ttf') format('truetype-variations');
-  font-family: 'Be Vietnam Pro', serif;
+  font-weight: 1 999;
-  font-optical-sizing: auto;
+  font-style: normal;
  /* font-size: 1.125rem;
  ascent-override: 106.25%;
-  size-adjust: 106.25%; */
+  size-adjust: 106.25%;
 }
@font-face {
  font-family: 'Overpass Mono';
  src: url('/fonts/overpass/OverpassMono.ttf') format('truetype-variations');
  font-weight: 1 999;
  font-style: normal;
  ascent-override: 106.25%;
  size-adjust: 106.25%;
 }
 .breadcrumbs__link {
@@ -29,6 +37,7 @@ img {
 /* You can override the default Infima variables here. */
 :root {
  font-family: 'Overpass', sans-serif;
  --ifm-color-primary: #4250af;
  --ifm-color-primary-dark: #4250af;
  --ifm-color-primary-darker: #4250af;
@@ -59,14 +68,12 @@ div[class^='announcementBar_'] {
 }
 .menu__link {
-  padding: 10px;
+  padding: 10px 10px 10px 16px;
  padding-left: 16px;
  border-radius: 24px;
  margin-right: 16px;
 }
 .menu__list-item-collapsible {
  border-radius: 10px;
  margin-right: 16px;
  border-radius: 24px;
 }
@@ -83,3 +90,12 @@ div[class*='navbar__items'] > li:has(a[class*='version-switcher-34ab39']) {
 code {
  font-weight: 600;
 }
 .buy-button {
  padding: 8px 14px;
  border: 1px solid transparent;
  font-family: 'Overpass', sans-serif;
  font-weight: 500;
  cursor: pointer;
  box-shadow: 0 0 5px 2px rgba(181, 206, 254, 0.4);
 }
--- a/docs/src/pages/cursed-knowledge.tsx
+++ b/docs/src/pages/cursed-knowledge.tsx
@@ -2,6 +2,7 @@ import {
  mdiBug,
  mdiCalendarToday,
  mdiCrosshairsOff,
  mdiCrop,
  mdiDatabase,
  mdiLeadPencil,
  mdiLockOff,
@@ -22,6 +23,18 @@ const withLanguage = (date: Date) => (language: string) => date.toLocaleDateStri
 type Item = Omit<TimelineItem, 'done' | 'getDateLabel'> & { date: Date };
 const items: Item[] = [
  {
    icon: mdiCrop,
    iconColor: 'tomato',
    title: 'Image dimensions in EXIF metadata are cursed',
    description:
      'The dimensions in EXIF metadata can be different from the actual dimensions of the image, causing issues with cropping and resizing.',
    link: {
      url: 'https://github.com/immich-app/immich/pull/17974',
      text: '#17974',
    },
    date: new Date(2025, 5, 5),
  },
  {
    icon: mdiMicrosoftWindows,
    iconColor: '#357EC7',
--- a/docs/src/pages/errors.md
+++ b/docs/src/pages/errors.md
@@ -0,0 +1,5 @@
 # Errors
 ## TypeORM Upgrade
 The upgrade to Immich `v2.x.x` has a required upgrade path to `v1.132.0+`. This means it is required to start up the application at least once on version `1.132.0` (or later). Doing so will complete database schema upgrades that are required for `v2.0.0`. After Immich has successfully booted on this version, shut the system down and try the `v2.x.x` upgrade again.
--- a/docs/src/pages/index.tsx
+++ b/docs/src/pages/index.tsx
@@ -4,6 +4,7 @@ import Layout from '@theme/Layout';
 import { discordPath, discordViewBox } from '@site/src/components/svg-paths';
 import ThemedImage from '@theme/ThemedImage';
 import Icon from '@mdi/react';
 function HomepageHeader() {
  return (
    <header>
@@ -12,11 +13,14 @@ function HomepageHeader() {
        <div className="w-full h-[120vh] absolute left-0 top-0 backdrop-blur-3xl bg-immich-bg/40 dark:bg-transparent"></div>
      </div>
      <section className="text-center pt-12 sm:pt-24 bg-immich-bg/50 dark:bg-immich-dark-bg/80">
-        <ThemedImage
+        <a href="https://futo.org" target="_blank" rel="noopener noreferrer">
-          sources={{ dark: 'img/logomark-dark.svg', light: 'img/logomark-light.svg' }}
+          <ThemedImage
-          className="h-[115px] w-[115px] mb-2 antialiased rounded-none"
+            sources={{ dark: 'img/logomark-dark-with-futo.svg', light: 'img/logomark-light-with-futo.svg' }}
-          alt="Immich logo"
+            className="h-[125px] w-[125px] mb-2 antialiased rounded-none"
-        />
+            alt="Immich logo"
          />
        </a>
        <div className="mt-8">
          <p className="text-3xl md:text-5xl sm:leading-tight mb-1 font-extrabold text-black/90 dark:text-white px-4">
            Self-hosted{' '}
@@ -27,7 +31,7 @@ function HomepageHeader() {
            solution<span className="block"></span>
          </p>
-          <p className="max-w-1/4 m-auto mt-4 px-4">
+          <p className="max-w-1/4 m-auto mt-4 px-4 text-lg text-gray-700 dark:text-gray-100">
            Easily back up, organize, and manage your photos on your own server. Immich helps you
            <span className="sm:block"></span> browse, search and organize your photos and videos with ease, without
            sacrificing your privacy.
@@ -35,27 +39,21 @@ function HomepageHeader() {
        </div>
        <div className="flex flex-col sm:flex-row place-items-center place-content-center mt-9 gap-4 ">
          <Link
-            className="flex place-items-center place-content-center py-3 px-8 border bg-immich-primary dark:bg-immich-dark-primary rounded-xl no-underline hover:no-underline text-white hover:text-gray-50 dark:text-immich-dark-bg font-bold uppercase"
+            className="flex place-items-center place-content-center py-3 px-8 border bg-immich-primary dark:bg-immich-dark-primary rounded-xl no-underline hover:no-underline text-white hover:text-gray-50 dark:text-immich-dark-bg font-bold"
-            to="docs/overview/introduction"
+            to="docs/overview/quick-start"
          >
-            Get started
+            Get Started
          </Link>
          <Link
-            className="flex place-items-center place-content-center py-3 px-8 border bg-immich-primary/10 dark:bg-gray-300  rounded-xl hover:no-underline text-immich-primary dark:text-immich-dark-bg font-bold uppercase"
+            className="flex place-items-center place-content-center py-3 px-8 border bg-white/90 dark:bg-gray-300  rounded-xl hover:no-underline text-immich-primary dark:text-immich-dark-bg font-bold"
            to="https://demo.immich.app/"
          >
-            Demo
+            Open Demo
          </Link>
          <Link
            className="flex place-items-center place-content-center py-3 px-8 border bg-immich-primary/10 dark:bg-gray-300  rounded-xl hover:no-underline text-immich-primary dark:text-immich-dark-bg font-bold uppercase"
            to="https://immich.store"
          >
            Buy Merch
          </Link>
        </div>
-        <div className="my-12 flex gap-1 font-medium place-items-center place-content-center text-immich-primary dark:text-immich-dark-primary">
+
        <div className="my-8 flex gap-1 font-medium place-items-center place-content-center text-immich-primary dark:text-immich-dark-primary">
          <Icon
            path={discordPath}
            viewBox={discordViewBox} /* viewBox may show an error in your IDE but it is normal. */
@@ -88,11 +86,18 @@ function HomepageHeader() {
              <img className="h-24" alt="Get it on Google Play" src="/img/google-play-badge.png" />
            </a>
          </div>
          <div className="h-24">
            <a href="https://apps.apple.com/sg/app/immich/id1613945652">
              <img className="h-24 sm:p-3.5 p-3" alt="Download on the App Store" src="/img/ios-app-store-badge.svg" />
            </a>
          </div>
          <div className="h-24">
            <a href="https://github.com/immich-app/immich/releases/latest">
              <img className="h-24 sm:p-3.5 p-3" alt="Download APK" src="/img/download-apk-github.svg" />
            </a>
          </div>
        </div>
        <ThemedImage
          sources={{ dark: '/img/app-qr-code-dark.svg', light: '/img/app-qr-code-light.svg' }}
@@ -111,7 +116,7 @@ export default function Home(): JSX.Element {
      <HomepageHeader />
      <div className="flex flex-col place-items-center text-center place-content-center dark:bg-immich-dark-bg py-8">
        <p>This project is available under GNU AGPL v3 license.</p>
-        <p className="text-xs">Privacy should not be a luxury</p>
+        <p className="text-sm">Privacy should not be a luxury</p>
      </div>
    </Layout>
  );
--- a/docs/src/pages/privacy-policy.tsx
+++ b/docs/src/pages/privacy-policy.tsx
@@ -1,5 +1,4 @@
 import React from 'react';
 import Link from '@docusaurus/Link';
 import Layout from '@theme/Layout';
 function HomepageHeader() {
  return (
--- a/docs/src/pages/roadmap.tsx
+++ b/docs/src/pages/roadmap.tsx
@@ -76,6 +76,7 @@ import {
  mdiWeb,
  mdiDatabaseOutline,
  mdiLinkEdit,
  mdiTagFaces,
  mdiMovieOpenPlayOutline,
 } from '@mdi/js';
 import Layout from '@theme/Layout';
@@ -83,6 +84,8 @@ import React from 'react';
 import { Item, Timeline } from '../components/timeline';
 const releases = {
  'v1.130.0': new Date(2025, 2, 25),
  'v1.127.0': new Date(2025, 1, 26),
  'v1.122.0': new Date(2024, 11, 5),
  'v1.120.0': new Date(2024, 10, 6),
  'v1.114.0': new Date(2024, 8, 6),
@@ -242,6 +245,13 @@ const roadmap: Item[] = [
 ];
 const milestones: Item[] = [
  withRelease({
    icon: mdiFolderMultiple,
    iconColor: 'brown',
    title: 'Folders view in the mobile app',
    description: 'Browse your photos and videos in their folder structure inside the mobile app',
    release: 'v1.130.0',
  }),
  {
    icon: mdiStar,
    iconColor: 'gold',
@@ -249,6 +259,14 @@ const milestones: Item[] = [
    description: 'Reached 60K Stars on GitHub!',
    getDateLabel: withLanguage(new Date(2025, 2, 4)),
  },
  withRelease({
    icon: mdiTagFaces,
    iconColor: 'teal',
    title: 'Manual face tagging',
    description:
      'Manually tag or remove faces in photos and videos, even when automatic detection misses or misidentifies them.',
    release: 'v1.127.0',
  }),
  withRelease({
    icon: mdiLinkEdit,
    iconColor: 'crimson',
@@ -266,8 +284,8 @@ const milestones: Item[] = [
  withRelease({
    icon: mdiDatabaseOutline,
    iconColor: 'brown',
-    title: 'Automatic database backups',
+    title: 'Automatic database dumps',
-    description: 'Database backups are now integrated into the Immich server',
+    description: 'Database dumps are now integrated into the Immich server',
    release: 'v1.120.0',
  }),
  {
@@ -300,7 +318,7 @@ const milestones: Item[] = [
  withRelease({
    icon: mdiFolderMultiple,
    iconColor: 'brown',
-    title: 'Folders',
+    title: 'Folders view',
    description: 'Browse your photos and videos in their folder structure',
    release: 'v1.113.0',
  }),
--- a/docs/static/.well-known/security.txt
+++ b/docs/static/.well-known/security.txt
@@ -0,0 +1,5 @@
 Policy: https://github.com/immich-app/immich/blob/main/SECURITY.md
 Contact: mailto:security@immich.app
 Preferred-Languages: en
 Expires: 2026-05-01T23:59:00.000Z
 Canonical: https://immich.app/.well-known/security.txt
--- a/docs/static/_redirects
+++ b/docs/static/_redirects
@@ -30,3 +30,4 @@
 /docs/guides/api-album-sync /docs/community-projects 307
 /docs/guides/remove-offline-files /docs/community-projects 307
 /milestones /roadmap 307
 /docs/overview/introduction /docs/overview/welcome 307
--- a/docs/static/archived-versions.json
+++ b/docs/static/archived-versions.json
@@ -1,36 +1,16 @@
 [
  {
    "label": "v1.132.3",
    "url": "https://v1.132.3.archive.immich.app"
  },
  {
    "label": "v1.131.3",
    "url": "https://v1.131.3.archive.immich.app"
  },
  {
    "label": "v1.131.2",
    "url": "https://v1.131.2.archive.immich.app"
  },
  {
    "label": "v1.131.1",
    "url": "https://v1.131.1.archive.immich.app"
  },
  {
    "label": "v1.131.0",
    "url": "https://v1.131.0.archive.immich.app"
  },
  {
    "label": "v1.130.3",
    "url": "https://v1.130.3.archive.immich.app"
  },
  {
    "label": "v1.130.2",
    "url": "https://v1.130.2.archive.immich.app"
  },
  {
    "label": "v1.130.1",
    "url": "https://v1.130.1.archive.immich.app"
  },
  {
    "label": "v1.130.0",
    "url": "https://v1.130.0.archive.immich.app"
  },
  {
    "label": "v1.129.0",
    "url": "https://v1.129.0.archive.immich.app"
@@ -47,46 +27,14 @@
    "label": "v1.126.1",
    "url": "https://v1.126.1.archive.immich.app"
  },
  {
    "label": "v1.126.0",
    "url": "https://v1.126.0.archive.immich.app"
  },
  {
    "label": "v1.125.7",
    "url": "https://v1.125.7.archive.immich.app"
  },
  {
    "label": "v1.125.6",
    "url": "https://v1.125.6.archive.immich.app"
  },
  {
    "label": "v1.125.5",
    "url": "https://v1.125.5.archive.immich.app"
  },
  {
    "label": "v1.125.3",
    "url": "https://v1.125.3.archive.immich.app"
  },
  {
    "label": "v1.125.2",
    "url": "https://v1.125.2.archive.immich.app"
  },
  {
    "label": "v1.125.1",
    "url": "https://v1.125.1.archive.immich.app"
  },
  {
    "label": "v1.124.2",
    "url": "https://v1.124.2.archive.immich.app"
  },
  {
    "label": "v1.124.1",
    "url": "https://v1.124.1.archive.immich.app"
  },
  {
    "label": "v1.124.0",
    "url": "https://v1.124.0.archive.immich.app"
  },
  {
    "label": "v1.123.0",
    "url": "https://v1.123.0.archive.immich.app"
@@ -95,18 +43,6 @@
    "label": "v1.122.3",
    "url": "https://v1.122.3.archive.immich.app"
  },
  {
    "label": "v1.122.2",
    "url": "https://v1.122.2.archive.immich.app"
  },
  {
    "label": "v1.122.1",
    "url": "https://v1.122.1.archive.immich.app"
  },
  {
    "label": "v1.122.0",
    "url": "https://v1.122.0.archive.immich.app"
  },
  {
    "label": "v1.121.0",
    "url": "https://v1.121.0.archive.immich.app"
@@ -115,34 +51,14 @@
    "label": "v1.120.2",
    "url": "https://v1.120.2.archive.immich.app"
  },
  {
    "label": "v1.120.1",
    "url": "https://v1.120.1.archive.immich.app"
  },
  {
    "label": "v1.120.0",
    "url": "https://v1.120.0.archive.immich.app"
  },
  {
    "label": "v1.119.1",
    "url": "https://v1.119.1.archive.immich.app"
  },
  {
    "label": "v1.119.0",
    "url": "https://v1.119.0.archive.immich.app"
  },
  {
    "label": "v1.118.2",
    "url": "https://v1.118.2.archive.immich.app"
  },
  {
    "label": "v1.118.1",
    "url": "https://v1.118.1.archive.immich.app"
  },
  {
    "label": "v1.118.0",
    "url": "https://v1.118.0.archive.immich.app"
  },
  {
    "label": "v1.117.0",
    "url": "https://v1.117.0.archive.immich.app"
@@ -151,14 +67,6 @@
    "label": "v1.116.2",
    "url": "https://v1.116.2.archive.immich.app"
  },
  {
    "label": "v1.116.1",
    "url": "https://v1.116.1.archive.immich.app"
  },
  {
    "label": "v1.116.0",
    "url": "https://v1.116.0.archive.immich.app"
  },
  {
    "label": "v1.115.0",
    "url": "https://v1.115.0.archive.immich.app"
@@ -171,18 +79,10 @@
    "label": "v1.113.1",
    "url": "https://v1.113.1.archive.immich.app"
  },
  {
    "label": "v1.113.0",
    "url": "https://v1.113.0.archive.immich.app"
  },
  {
    "label": "v1.112.1",
    "url": "https://v1.112.1.archive.immich.app"
  },
  {
    "label": "v1.112.0",
    "url": "https://v1.112.0.archive.immich.app"
  },
  {
    "label": "v1.111.0",
    "url": "https://v1.111.0.archive.immich.app"
@@ -195,14 +95,6 @@
    "label": "v1.109.2",
    "url": "https://v1.109.2.archive.immich.app"
  },
  {
    "label": "v1.109.1",
    "url": "https://v1.109.1.archive.immich.app"
  },
  {
    "label": "v1.109.0",
    "url": "https://v1.109.0.archive.immich.app"
  },
  {
    "label": "v1.108.0",
    "url": "https://v1.108.0.archive.immich.app"
@@ -211,38 +103,14 @@
    "label": "v1.107.2",
    "url": "https://v1.107.2.archive.immich.app"
  },
  {
    "label": "v1.107.1",
    "url": "https://v1.107.1.archive.immich.app"
  },
  {
    "label": "v1.107.0",
    "url": "https://v1.107.0.archive.immich.app"
  },
  {
    "label": "v1.106.4",
    "url": "https://v1.106.4.archive.immich.app"
  },
  {
    "label": "v1.106.3",
    "url": "https://v1.106.3.archive.immich.app"
  },
  {
    "label": "v1.106.2",
    "url": "https://v1.106.2.archive.immich.app"
  },
  {
    "label": "v1.106.1",
    "url": "https://v1.106.1.archive.immich.app"
  },
  {
    "label": "v1.105.1",
    "url": "https://v1.105.1.archive.immich.app"
  },
  {
    "label": "v1.105.0",
    "url": "https://v1.105.0.archive.immich.app"
  },
  {
    "label": "v1.104.0",
    "url": "https://v1.104.0.archive.immich.app"
@@ -251,26 +119,10 @@
    "label": "v1.103.1",
    "url": "https://v1.103.1.archive.immich.app"
  },
  {
    "label": "v1.103.0",
    "url": "https://v1.103.0.archive.immich.app"
  },
  {
    "label": "v1.102.3",
    "url": "https://v1.102.3.archive.immich.app"
  },
  {
    "label": "v1.102.2",
    "url": "https://v1.102.2.archive.immich.app"
  },
  {
    "label": "v1.102.1",
    "url": "https://v1.102.1.archive.immich.app"
  },
  {
    "label": "v1.102.0",
    "url": "https://v1.102.0.archive.immich.app"
  },
  {
    "label": "v1.101.0",
    "url": "https://v1.101.0.archive.immich.app"
--- a/docs/static/fonts/overpass/Overpass-Italic.ttf
+++ b/docs/static/fonts/overpass/Overpass-Italic.ttf
--- a/docs/static/fonts/overpass/Overpass.ttf
+++ b/docs/static/fonts/overpass/Overpass.ttf
--- a/docs/static/fonts/overpass/OverpassMono.ttf
+++ b/docs/static/fonts/overpass/OverpassMono.ttf
--- a/docs/static/img/download-apk-github.svg
+++ b/docs/static/img/download-apk-github.svg
--- a/docs/static/img/logomark-dark-with-futo.svg
+++ b/docs/static/img/logomark-dark-with-futo.svg
--- a/docs/static/img/logomark-light-with-futo.svg
+++ b/docs/static/img/logomark-light-with-futo.svg
--- a/e2e/docker-compose.yml
+++ b/e2e/docker-compose.yml
@@ -34,11 +34,11 @@ services:
      - 2285:2285
  redis:
-    image: redis:6.2-alpine@sha256:148bb5411c184abd288d9aaed139c98123eeb8824c5d3fce03cf721db58066d8
+    image: redis:6.2-alpine@sha256:3211c33a618c457e5d241922c975dbc4f446d0bdb2dc75694f5573ef8e2d01fa
  database:
-    image: tensorchord/pgvecto-rs:pg14-v0.2.0@sha256:739cdd626151ff1f796dc95a6591b55a714f341c737e27f045019ceabf8e8c52
+    image: tensorchord/vchord-postgres:pg14-v0.3.0
-    command: -c fsync=off -c shared_preload_libraries=vectors.so
+    command: -c fsync=off -c shared_preload_libraries=vchord.so
    environment:
      POSTGRES_PASSWORD: postgres
      POSTGRES_USER: postgres
--- a/e2e/package-lock.json
+++ b/e2e/package-lock.json
--- a/e2e/package.json
+++ b/e2e/package.json
@@ -1,6 +1,6 @@
 {
  "name": "immich-e2e",
-  "version": "1.131.3",
+  "version": "1.132.3",
  "description": "",
  "main": "index.js",
  "type": "module",
@@ -25,7 +25,7 @@
    "@immich/sdk": "file:../open-api/typescript-sdk",
    "@playwright/test": "^1.44.1",
    "@types/luxon": "^3.4.2",
-    "@types/node": "^22.14.0",
+    "@types/node": "^22.14.1",
    "@types/oidc-provider": "^8.5.1",
    "@types/pg": "^8.11.0",
    "@types/pngjs": "^6.0.4",
--- a/e2e/src/api/specs/activity.e2e-spec.ts
+++ b/e2e/src/api/specs/activity.e2e-spec.ts
@@ -46,38 +46,6 @@ describe('/activities', () => {
  });
  describe('GET /activities', () => {
    it('should require authentication', async () => {
      const { status, body } = await request(app).get('/activities');
      expect(status).toBe(401);
      expect(body).toEqual(errorDto.unauthorized);
    });
    it('should require an albumId', async () => {
      const { status, body } = await request(app)
        .get('/activities')
        .set('Authorization', `Bearer ${admin.accessToken}`);
      expect(status).toEqual(400);
      expect(body).toEqual(errorDto.badRequest(expect.arrayContaining(['albumId must be a UUID'])));
    });
    it('should reject an invalid albumId', async () => {
      const { status, body } = await request(app)
        .get('/activities')
        .query({ albumId: uuidDto.invalid })
        .set('Authorization', `Bearer ${admin.accessToken}`);
      expect(status).toEqual(400);
      expect(body).toEqual(errorDto.badRequest(expect.arrayContaining(['albumId must be a UUID'])));
    });
    it('should reject an invalid assetId', async () => {
      const { status, body } = await request(app)
        .get('/activities')
        .query({ albumId: uuidDto.notFound, assetId: uuidDto.invalid })
        .set('Authorization', `Bearer ${admin.accessToken}`);
      expect(status).toEqual(400);
      expect(body).toEqual(errorDto.badRequest(expect.arrayContaining(['assetId must be a UUID'])));
    });
    it('should start off empty', async () => {
      const { status, body } = await request(app)
        .get('/activities')
@@ -192,30 +160,6 @@ describe('/activities', () => {
  });
  describe('POST /activities', () => {
    it('should require authentication', async () => {
      const { status, body } = await request(app).post('/activities');
      expect(status).toBe(401);
      expect(body).toEqual(errorDto.unauthorized);
    });
    it('should require an albumId', async () => {
      const { status, body } = await request(app)
        .post('/activities')
        .set('Authorization', `Bearer ${admin.accessToken}`)
        .send({ albumId: uuidDto.invalid });
      expect(status).toEqual(400);
      expect(body).toEqual(errorDto.badRequest(expect.arrayContaining(['albumId must be a UUID'])));
    });
    it('should require a comment when type is comment', async () => {
      const { status, body } = await request(app)
        .post('/activities')
        .set('Authorization', `Bearer ${admin.accessToken}`)
        .send({ albumId: uuidDto.notFound, type: 'comment', comment: null });
      expect(status).toEqual(400);
      expect(body).toEqual(errorDto.badRequest(['comment must be a string', 'comment should not be empty']));
    });
    it('should add a comment to an album', async () => {
      const { status, body } = await request(app)
        .post('/activities')
@@ -330,20 +274,6 @@ describe('/activities', () => {
  });
  describe('DELETE /activities/:id', () => {
    it('should require authentication', async () => {
      const { status, body } = await request(app).delete(`/activities/${uuidDto.notFound}`);
      expect(status).toBe(401);
      expect(body).toEqual(errorDto.unauthorized);
    });
    it('should require a valid uuid', async () => {
      const { status, body } = await request(app)
        .delete(`/activities/${uuidDto.invalid}`)
        .set('Authorization', `Bearer ${admin.accessToken}`);
      expect(status).toBe(400);
      expect(body).toEqual(errorDto.badRequest(['id must be a UUID']));
    });
    it('should remove a comment from an album', async () => {
      const reaction = await createActivity({
        albumId: album.id,
--- a/e2e/src/api/specs/album.e2e-spec.ts
+++ b/e2e/src/api/specs/album.e2e-spec.ts
@@ -9,7 +9,7 @@ import {
  LoginResponseDto,
  SharedLinkType,
 } from '@immich/sdk';
-import { createUserDto, uuidDto } from 'src/fixtures';
+import { createUserDto } from 'src/fixtures';
 import { errorDto } from 'src/responses';
 import { app, asBearerAuth, utils } from 'src/utils';
 import request from 'supertest';
@@ -128,28 +128,6 @@ describe('/albums', () => {
  });
  describe('GET /albums', () => {
    it('should require authentication', async () => {
      const { status, body } = await request(app).get('/albums');
      expect(status).toBe(401);
      expect(body).toEqual(errorDto.unauthorized);
    });
    it('should reject an invalid shared param', async () => {
      const { status, body } = await request(app)
        .get('/albums?shared=invalid')
        .set('Authorization', `Bearer ${user1.accessToken}`);
      expect(status).toEqual(400);
      expect(body).toEqual(errorDto.badRequest(['shared must be a boolean value']));
    });
    it('should reject an invalid assetId param', async () => {
      const { status, body } = await request(app)
        .get('/albums?assetId=invalid')
        .set('Authorization', `Bearer ${user1.accessToken}`);
      expect(status).toEqual(400);
      expect(body).toEqual(errorDto.badRequest(['assetId must be a UUID']));
    });
    it("should not show other users' favorites", async () => {
      const { status, body } = await request(app)
        .get(`/albums/${user1Albums[0].id}?withoutAssets=false`)
@@ -323,12 +301,6 @@ describe('/albums', () => {
  });
  describe('GET /albums/:id', () => {
    it('should require authentication', async () => {
      const { status, body } = await request(app).get(`/albums/${user1Albums[0].id}`);
      expect(status).toBe(401);
      expect(body).toEqual(errorDto.unauthorized);
    });
    it('should return album info for own album', async () => {
      const { status, body } = await request(app)
        .get(`/albums/${user1Albums[0].id}?withoutAssets=false`)
@@ -421,12 +393,6 @@ describe('/albums', () => {
  });
  describe('GET /albums/statistics', () => {
    it('should require authentication', async () => {
      const { status, body } = await request(app).get('/albums/statistics');
      expect(status).toBe(401);
      expect(body).toEqual(errorDto.unauthorized);
    });
    it('should return total count of albums the user has access to', async () => {
      const { status, body } = await request(app)
        .get('/albums/statistics')
@@ -438,12 +404,6 @@ describe('/albums', () => {
  });
  describe('POST /albums', () => {
    it('should require authentication', async () => {
      const { status, body } = await request(app).post('/albums').send({ albumName: 'New album' });
      expect(status).toBe(401);
      expect(body).toEqual(errorDto.unauthorized);
    });
    it('should create an album', async () => {
      const { status, body } = await request(app)
        .post('/albums')
@@ -471,12 +431,6 @@ describe('/albums', () => {
  });
  describe('PUT /albums/:id/assets', () => {
    it('should require authentication', async () => {
      const { status, body } = await request(app).put(`/albums/${user1Albums[0].id}/assets`);
      expect(status).toBe(401);
      expect(body).toEqual(errorDto.unauthorized);
    });
    it('should be able to add own asset to own album', async () => {
      const asset = await utils.createAsset(user1.accessToken);
      const { status, body } = await request(app)
@@ -526,14 +480,6 @@ describe('/albums', () => {
  });
  describe('PATCH /albums/:id', () => {
    it('should require authentication', async () => {
      const { status, body } = await request(app)
        .patch(`/albums/${uuidDto.notFound}`)
        .send({ albumName: 'New album name' });
      expect(status).toBe(401);
      expect(body).toEqual(errorDto.unauthorized);
    });
    it('should update an album', async () => {
      const album = await utils.createAlbum(user1.accessToken, {
        albumName: 'New album',
@@ -576,15 +522,6 @@ describe('/albums', () => {
  });
  describe('DELETE /albums/:id/assets', () => {
    it('should require authentication', async () => {
      const { status, body } = await request(app)
        .delete(`/albums/${user1Albums[0].id}/assets`)
        .send({ ids: [user1Asset1.id] });
      expect(status).toBe(401);
      expect(body).toEqual(errorDto.unauthorized);
    });
    it('should require authorization', async () => {
      const { status, body } = await request(app)
        .delete(`/albums/${user1Albums[1].id}/assets`)
@@ -679,13 +616,6 @@ describe('/albums', () => {
      });
    });
    it('should require authentication', async () => {
      const { status, body } = await request(app).put(`/albums/${user1Albums[0].id}/users`).send({ sharedUserIds: [] });
      expect(status).toBe(401);
      expect(body).toEqual(errorDto.unauthorized);
    });
    it('should be able to add user to own album', async () => {
      const { status, body } = await request(app)
        .put(`/albums/${album.id}/users`)
--- a/e2e/src/api/specs/api-key.e2e-spec.ts
+++ b/e2e/src/api/specs/api-key.e2e-spec.ts
@@ -1,5 +1,5 @@
 import { LoginResponseDto, Permission, createApiKey } from '@immich/sdk';
-import { createUserDto, uuidDto } from 'src/fixtures';
+import { createUserDto } from 'src/fixtures';
 import { errorDto } from 'src/responses';
 import { app, asBearerAuth, utils } from 'src/utils';
 import request from 'supertest';
@@ -24,12 +24,6 @@ describe('/api-keys', () => {
  });
  describe('POST /api-keys', () => {
    it('should require authentication', async () => {
      const { status, body } = await request(app).post('/api-keys').send({ name: 'API Key' });
      expect(status).toBe(401);
      expect(body).toEqual(errorDto.unauthorized);
    });
    it('should not work without permission', async () => {
      const { secret } = await create(user.accessToken, [Permission.ApiKeyRead]);
      const { status, body } = await request(app).post('/api-keys').set('x-api-key', secret).send({ name: 'API Key' });
@@ -99,12 +93,6 @@ describe('/api-keys', () => {
  });
  describe('GET /api-keys', () => {
    it('should require authentication', async () => {
      const { status, body } = await request(app).get('/api-keys');
      expect(status).toBe(401);
      expect(body).toEqual(errorDto.unauthorized);
    });
    it('should start off empty', async () => {
      const { status, body } = await request(app).get('/api-keys').set('Authorization', `Bearer ${admin.accessToken}`);
      expect(body).toEqual([]);
@@ -125,12 +113,6 @@ describe('/api-keys', () => {
  });
  describe('GET /api-keys/:id', () => {
    it('should require authentication', async () => {
      const { status, body } = await request(app).get(`/api-keys/${uuidDto.notFound}`);
      expect(status).toBe(401);
      expect(body).toEqual(errorDto.unauthorized);
    });
    it('should require authorization', async () => {
      const { apiKey } = await create(user.accessToken, [Permission.All]);
      const { status, body } = await request(app)
@@ -140,14 +122,6 @@ describe('/api-keys', () => {
      expect(body).toEqual(errorDto.badRequest('API Key not found'));
    });
    it('should require a valid uuid', async () => {
      const { status, body } = await request(app)
        .get(`/api-keys/${uuidDto.invalid}`)
        .set('Authorization', `Bearer ${admin.accessToken}`);
      expect(status).toBe(400);
      expect(body).toEqual(errorDto.badRequest(['id must be a UUID']));
    });
    it('should get api key details', async () => {
      const { apiKey } = await create(user.accessToken, [Permission.All]);
      const { status, body } = await request(app)
@@ -165,12 +139,6 @@ describe('/api-keys', () => {
  });
  describe('PUT /api-keys/:id', () => {
    it('should require authentication', async () => {
      const { status, body } = await request(app).put(`/api-keys/${uuidDto.notFound}`).send({ name: 'new name' });
      expect(status).toBe(401);
      expect(body).toEqual(errorDto.unauthorized);
    });
    it('should require authorization', async () => {
      const { apiKey } = await create(user.accessToken, [Permission.All]);
      const { status, body } = await request(app)
@@ -181,15 +149,6 @@ describe('/api-keys', () => {
      expect(body).toEqual(errorDto.badRequest('API Key not found'));
    });
    it('should require a valid uuid', async () => {
      const { status, body } = await request(app)
        .put(`/api-keys/${uuidDto.invalid}`)
        .send({ name: 'new name' })
        .set('Authorization', `Bearer ${admin.accessToken}`);
      expect(status).toBe(400);
      expect(body).toEqual(errorDto.badRequest(['id must be a UUID']));
    });
    it('should update api key details', async () => {
      const { apiKey } = await create(user.accessToken, [Permission.All]);
      const { status, body } = await request(app)
@@ -208,12 +167,6 @@ describe('/api-keys', () => {
  });
  describe('DELETE /api-keys/:id', () => {
    it('should require authentication', async () => {
      const { status, body } = await request(app).delete(`/api-keys/${uuidDto.notFound}`);
      expect(status).toBe(401);
      expect(body).toEqual(errorDto.unauthorized);
    });
    it('should require authorization', async () => {
      const { apiKey } = await create(user.accessToken, [Permission.All]);
      const { status, body } = await request(app)
@@ -223,14 +176,6 @@ describe('/api-keys', () => {
      expect(body).toEqual(errorDto.badRequest('API Key not found'));
    });
    it('should require a valid uuid', async () => {
      const { status, body } = await request(app)
        .delete(`/api-keys/${uuidDto.invalid}`)
        .set('Authorization', `Bearer ${admin.accessToken}`);
      expect(status).toBe(400);
      expect(body).toEqual(errorDto.badRequest(['id must be a UUID']));
    });
    it('should delete an api key', async () => {
      const { apiKey } = await create(user.accessToken, [Permission.All]);
      const { status } = await request(app)
--- a/e2e/src/api/specs/asset.e2e-spec.ts
+++ b/e2e/src/api/specs/asset.e2e-spec.ts
@@ -3,6 +3,7 @@ import {
  AssetMediaStatus,
  AssetResponseDto,
  AssetTypeEnum,
  AssetVisibility,
  getAssetInfo,
  getMyUser,
  LoginResponseDto,
@@ -22,27 +23,9 @@ import { app, asBearerAuth, tempDir, TEN_TIMES, testAssetDir, utils } from 'src/
 import request from 'supertest';
 import { afterAll, beforeAll, describe, expect, it } from 'vitest';
 const makeUploadDto = (options?: { omit: string }): Record<string, any> => {
  const dto: Record<string, any> = {
    deviceAssetId: 'example-image',
    deviceId: 'TEST',
    fileCreatedAt: new Date().toISOString(),
    fileModifiedAt: new Date().toISOString(),
    isFavorite: 'testing',
    duration: '0:00:00.000000',
  };
  const omit = options?.omit;
  if (omit) {
    delete dto[omit];
  }
  return dto;
 };
 const locationAssetFilepath = `${testAssetDir}/metadata/gps-position/thompson-springs.jpg`;
 const ratingAssetFilepath = `${testAssetDir}/metadata/rating/mongolels.jpg`;
-const facesAssetFilepath = `${testAssetDir}/metadata/faces/portrait.jpg`;
+const facesAssetDir = `${testAssetDir}/metadata/faces`;
 const readTags = async (bytes: Buffer, filename: string) => {
  const filepath = join(tempDir, filename);
@@ -137,9 +120,9 @@ describe('/asset', () => {
      // stats
      utils.createAsset(statsUser.accessToken),
      utils.createAsset(statsUser.accessToken, { isFavorite: true }),
-      utils.createAsset(statsUser.accessToken, { isArchived: true }),
+      utils.createAsset(statsUser.accessToken, { visibility: AssetVisibility.Archive }),
      utils.createAsset(statsUser.accessToken, {
-        isArchived: true,
+        visibility: AssetVisibility.Archive,
        isFavorite: true,
        assetData: { filename: 'example.mp4' },
      }),
@@ -160,13 +143,6 @@ describe('/asset', () => {
  });
  describe('GET /assets/:id/original', () => {
    it('should require authentication', async () => {
      const { status, body } = await request(app).get(`/assets/${uuidDto.notFound}/original`);
      expect(status).toBe(401);
      expect(body).toEqual(errorDto.unauthorized);
    });
    it('should download the file', async () => {
      const response = await request(app)
        .get(`/assets/${user1Assets[0].id}/original`)
@@ -178,20 +154,6 @@ describe('/asset', () => {
  });
  describe('GET /assets/:id', () => {
    it('should require authentication', async () => {
      const { status, body } = await request(app).get(`/assets/${uuidDto.notFound}`);
      expect(body).toEqual(errorDto.unauthorized);
      expect(status).toBe(401);
    });
    it('should require a valid id', async () => {
      const { status, body } = await request(app)
        .get(`/assets/${uuidDto.invalid}`)
        .set('Authorization', `Bearer ${user1.accessToken}`);
      expect(status).toBe(400);
      expect(body).toEqual(errorDto.badRequest(['id must be a UUID']));
    });
    it('should require access', async () => {
      const { status, body } = await request(app)
        .get(`/assets/${user2Assets[0].id}`)
@@ -224,27 +186,19 @@ describe('/asset', () => {
      });
    });
-    it('should get the asset faces', async () => {
+    describe('faces', () => {
-      const config = await utils.getSystemConfig(admin.accessToken);
+      const metadataFaceTests = [
-      config.metadata.faces.import = true;
+        {
-      await updateConfig({ systemConfigDto: config }, { headers: asBearerAuth(admin.accessToken) });
+          description: 'without orientation',
      // asset faces
      const facesAsset = await utils.createAsset(admin.accessToken, {
        assetData: {
          filename: 'portrait.jpg',
          bytes: await readFile(facesAssetFilepath),
        },
-      });
+        {
-
+          description: 'adjusting face regions to orientation',
-      await utils.waitForWebsocketEvent({ event: 'assetUpload', id: facesAsset.id });
+          filename: 'portrait-orientation-6.jpg',
-
+        },
-      const { status, body } = await request(app)
+      ];
-        .get(`/assets/${facesAsset.id}`)
+      // should produce same resulting face region coordinates for any orientation
-        .set('Authorization', `Bearer ${admin.accessToken}`);
+      const expectedFaces = [
      expect(status).toBe(200);
      expect(body.id).toEqual(facesAsset.id);
      expect(body.people).toMatchObject([
        {
          name: 'Marie Curie',
          birthDate: null,
@@ -279,7 +233,30 @@ describe('/asset', () => {
            },
          ],
        },
-      ]);
+      ];
      it.each(metadataFaceTests)('should get the asset faces from $filename $description', async ({ filename }) => {
        const config = await utils.getSystemConfig(admin.accessToken);
        config.metadata.faces.import = true;
        await updateConfig({ systemConfigDto: config }, { headers: asBearerAuth(admin.accessToken) });
        const facesAsset = await utils.createAsset(admin.accessToken, {
          assetData: {
            filename,
            bytes: await readFile(`${facesAssetDir}/${filename}`),
          },
        });
        await utils.waitForWebsocketEvent({ event: 'assetUpload', id: facesAsset.id });
        const { status, body } = await request(app)
          .get(`/assets/${facesAsset.id}`)
          .set('Authorization', `Bearer ${admin.accessToken}`);
        expect(status).toBe(200);
        expect(body.id).toEqual(facesAsset.id);
        expect(body.people).toMatchObject(expectedFaces);
      });
    });
    it('should work with a shared link', async () => {
@@ -333,7 +310,7 @@ describe('/asset', () => {
      });
      it('disallows viewing archived assets', async () => {
-        const asset = await utils.createAsset(user1.accessToken, { isArchived: true });
+        const asset = await utils.createAsset(user1.accessToken, { visibility: AssetVisibility.Archive });
        const { status } = await request(app)
          .get(`/assets/${asset.id}`)
@@ -354,13 +331,6 @@ describe('/asset', () => {
  });
  describe('GET /assets/statistics', () => {
    it('should require authentication', async () => {
      const { status, body } = await request(app).get('/assets/statistics');
      expect(status).toBe(401);
      expect(body).toEqual(errorDto.unauthorized);
    });
    it('should return stats of all assets', async () => {
      const { status, body } = await request(app)
        .get('/assets/statistics')
@@ -384,7 +354,7 @@ describe('/asset', () => {
      const { status, body } = await request(app)
        .get('/assets/statistics')
        .set('Authorization', `Bearer ${statsUser.accessToken}`)
-        .query({ isArchived: true });
+        .query({ visibility: AssetVisibility.Archive });
      expect(status).toBe(200);
      expect(body).toEqual({ images: 1, videos: 1, total: 2 });
@@ -394,7 +364,7 @@ describe('/asset', () => {
      const { status, body } = await request(app)
        .get('/assets/statistics')
        .set('Authorization', `Bearer ${statsUser.accessToken}`)
-        .query({ isFavorite: true, isArchived: true });
+        .query({ isFavorite: true, visibility: AssetVisibility.Archive });
      expect(status).toBe(200);
      expect(body).toEqual({ images: 0, videos: 1, total: 1 });
@@ -404,7 +374,7 @@ describe('/asset', () => {
      const { status, body } = await request(app)
        .get('/assets/statistics')
        .set('Authorization', `Bearer ${statsUser.accessToken}`)
-        .query({ isFavorite: false, isArchived: false });
+        .query({ isFavorite: false, visibility: AssetVisibility.Timeline });
      expect(status).toBe(200);
      expect(body).toEqual({ images: 1, videos: 0, total: 1 });
@@ -425,13 +395,6 @@ describe('/asset', () => {
      await utils.waitForQueueFinish(admin.accessToken, 'thumbnailGeneration');
    });
    it('should require authentication', async () => {
      const { status, body } = await request(app).get('/assets/random');
      expect(status).toBe(401);
      expect(body).toEqual(errorDto.unauthorized);
    });
    it.each(TEN_TIMES)('should return 1 random assets', async () => {
      const { status, body } = await request(app)
        .get('/assets/random')
@@ -467,31 +430,9 @@ describe('/asset', () => {
      expect(status).toBe(200);
      expect(body).toEqual([expect.objectContaining({ id: user2Assets[0].id })]);
    });
    it('should return error', async () => {
      const { status } = await request(app)
        .get('/assets/random?count=ABC')
        .set('Authorization', `Bearer ${user1.accessToken}`);
      expect(status).toBe(400);
    });
  });
  describe('PUT /assets/:id', () => {
    it('should require authentication', async () => {
      const { status, body } = await request(app).put(`/assets/:${uuidDto.notFound}`);
      expect(status).toBe(401);
      expect(body).toEqual(errorDto.unauthorized);
    });
    it('should require a valid id', async () => {
      const { status, body } = await request(app)
        .put(`/assets/${uuidDto.invalid}`)
        .set('Authorization', `Bearer ${user1.accessToken}`);
      expect(status).toBe(400);
      expect(body).toEqual(errorDto.badRequest(['id must be a UUID']));
    });
    it('should require access', async () => {
      const { status, body } = await request(app)
        .put(`/assets/${user2Assets[0].id}`)
@@ -519,7 +460,7 @@ describe('/asset', () => {
      const { status, body } = await request(app)
        .put(`/assets/${user1Assets[0].id}`)
        .set('Authorization', `Bearer ${user1.accessToken}`)
-        .send({ isArchived: true });
+        .send({ visibility: AssetVisibility.Archive });
      expect(body).toMatchObject({ id: user1Assets[0].id, isArchived: true });
      expect(status).toEqual(200);
    });
@@ -619,28 +560,6 @@ describe('/asset', () => {
      expect(status).toEqual(200);
    });
    it('should reject invalid gps coordinates', async () => {
      for (const test of [
        { latitude: 12 },
        { longitude: 12 },
        { latitude: 12, longitude: 'abc' },
        { latitude: 'abc', longitude: 12 },
        { latitude: null, longitude: 12 },
        { latitude: 12, longitude: null },
        { latitude: 91, longitude: 12 },
        { latitude: -91, longitude: 12 },
        { latitude: 12, longitude: -181 },
        { latitude: 12, longitude: 181 },
      ]) {
        const { status, body } = await request(app)
          .put(`/assets/${user1Assets[0].id}`)
          .send(test)
          .set('Authorization', `Bearer ${user1.accessToken}`);
        expect(status).toBe(400);
        expect(body).toEqual(errorDto.badRequest());
      }
    });
    it('should update gps data', async () => {
      const { status, body } = await request(app)
        .put(`/assets/${user1Assets[0].id}`)
@@ -712,17 +631,6 @@ describe('/asset', () => {
      expect(status).toEqual(200);
    });
    it('should reject invalid rating', async () => {
      for (const test of [{ rating: 7 }, { rating: 3.5 }, { rating: null }]) {
        const { status, body } = await request(app)
          .put(`/assets/${user1Assets[0].id}`)
          .send(test)
          .set('Authorization', `Bearer ${user1.accessToken}`);
        expect(status).toBe(400);
        expect(body).toEqual(errorDto.badRequest());
      }
    });
    it('should return tagged people', async () => {
      const { status, body } = await request(app)
        .put(`/assets/${user1Assets[0].id}`)
@@ -746,25 +654,6 @@ describe('/asset', () => {
  });
  describe('DELETE /assets', () => {
    it('should require authentication', async () => {
      const { status, body } = await request(app)
        .delete(`/assets`)
        .send({ ids: [uuidDto.notFound] });
      expect(status).toBe(401);
      expect(body).toEqual(errorDto.unauthorized);
    });
    it('should require a valid uuid', async () => {
      const { status, body } = await request(app)
        .delete(`/assets`)
        .send({ ids: [uuidDto.invalid] })
        .set('Authorization', `Bearer ${admin.accessToken}`);
      expect(status).toBe(400);
      expect(body).toEqual(errorDto.badRequest(['each value in ids must be a UUID']));
    });
    it('should throw an error when the id is not found', async () => {
      const { status, body } = await request(app)
        .delete(`/assets`)
@@ -877,13 +766,6 @@ describe('/asset', () => {
  });
  describe('GET /assets/:id/thumbnail', () => {
    it('should require authentication', async () => {
      const { status, body } = await request(app).get(`/assets/${locationAsset.id}/thumbnail`);
      expect(status).toBe(401);
      expect(body).toEqual(errorDto.unauthorized);
    });
    it('should not include gps data for webp thumbnails', async () => {
      await utils.waitForWebsocketEvent({
        event: 'assetUpload',
@@ -919,13 +801,6 @@ describe('/asset', () => {
  });
  describe('GET /assets/:id/original', () => {
    it('should require authentication', async () => {
      const { status, body } = await request(app).get(`/assets/${locationAsset.id}/original`);
      expect(status).toBe(401);
      expect(body).toEqual(errorDto.unauthorized);
    });
    it('should download the original', async () => {
      const { status, body, type } = await request(app)
        .get(`/assets/${locationAsset.id}/original`)
@@ -946,43 +821,9 @@ describe('/asset', () => {
    });
  });
  describe('PUT /assets', () => {
    it('should require authentication', async () => {
      const { status, body } = await request(app).put('/assets');
      expect(status).toBe(401);
      expect(body).toEqual(errorDto.unauthorized);
    });
  });
  describe('POST /assets', () => {
    beforeAll(setupTests, 30_000);
    it('should require authentication', async () => {
      const { status, body } = await request(app).post(`/assets`);
      expect(body).toEqual(errorDto.unauthorized);
      expect(status).toBe(401);
    });
    it.each([
      { should: 'require `deviceAssetId`', dto: { ...makeUploadDto({ omit: 'deviceAssetId' }) } },
      { should: 'require `deviceId`', dto: { ...makeUploadDto({ omit: 'deviceId' }) } },
      { should: 'require `fileCreatedAt`', dto: { ...makeUploadDto({ omit: 'fileCreatedAt' }) } },
      { should: 'require `fileModifiedAt`', dto: { ...makeUploadDto({ omit: 'fileModifiedAt' }) } },
      { should: 'require `duration`', dto: { ...makeUploadDto({ omit: 'duration' }) } },
      { should: 'throw if `isFavorite` is not a boolean', dto: { ...makeUploadDto(), isFavorite: 'not-a-boolean' } },
      { should: 'throw if `isVisible` is not a boolean', dto: { ...makeUploadDto(), isVisible: 'not-a-boolean' } },
      { should: 'throw if `isArchived` is not a boolean', dto: { ...makeUploadDto(), isArchived: 'not-a-boolean' } },
    ])('should $should', async ({ dto }) => {
      const { status, body } = await request(app)
        .post('/assets')
        .set('Authorization', `Bearer ${user1.accessToken}`)
        .attach('assetData', makeRandomImage(), 'example.png')
        .field(dto);
      expect(status).toBe(400);
      expect(body).toEqual(errorDto.badRequest());
    });
    const tests = [
      {
        input: 'formats/avif/8bit-sRGB.avif',
@@ -1244,31 +1085,21 @@ describe('/asset', () => {
      },
    ];
-    it(`should upload and generate a thumbnail for different file types`, async () => {
+    it.each(tests)(`should upload and generate a thumbnail for different file types`, async ({ input, expected }) => {
-      // upload in parallel
+      const filepath = join(testAssetDir, input);
-      const assets = await Promise.all(
+      const response = await utils.createAsset(admin.accessToken, {
-        tests.map(async ({ input }) => {
+        assetData: { bytes: await readFile(filepath), filename: basename(filepath) },
-          const filepath = join(testAssetDir, input);
+      });
          return utils.createAsset(admin.accessToken, {
            assetData: { bytes: await readFile(filepath), filename: basename(filepath) },
          });
        }),
      );
-      for (const { id, status } of assets) {
+      expect(response.status).toBe(AssetMediaStatus.Created);
-        expect(status).toBe(AssetMediaStatus.Created);
+      const id = response.id;
-        // longer timeout as the thumbnail generation from full-size raw files can take a while
+      // longer timeout as the thumbnail generation from full-size raw files can take a while
-        await utils.waitForWebsocketEvent({ event: 'assetUpload', id });
+      await utils.waitForWebsocketEvent({ event: 'assetUpload', id });
      }
-      for (const [i, { id }] of assets.entries()) {
+      const asset = await utils.getAssetInfo(admin.accessToken, id);
-        const { expected } = tests[i];
+      expect(asset.exifInfo).toBeDefined();
-        const asset = await utils.getAssetInfo(admin.accessToken, id);
+      expect(asset.exifInfo).toMatchObject(expected.exifInfo);
-
+      expect(asset).toMatchObject(expected);
        expect(asset.exifInfo).toBeDefined();
        expect(asset.exifInfo).toMatchObject(expected.exifInfo);
        expect(asset).toMatchObject(expected);
      }
    });
    it('should handle a duplicate', async () => {
--- a/e2e/src/api/specs/audit.e2e-spec.ts
+++ b/e2e/src/api/specs/audit.e2e-spec.ts
@@ -1,43 +0,0 @@
 import { deleteAssets, getAuditFiles, updateAsset, type LoginResponseDto } from '@immich/sdk';
 import { asBearerAuth, utils } from 'src/utils';
 import { beforeAll, describe, expect, it } from 'vitest';
 describe('/audits', () => {
  let admin: LoginResponseDto;
  beforeAll(async () => {
    await utils.resetDatabase();
    await utils.resetFilesystem();
    admin = await utils.adminSetup();
  });
  // TODO: Enable these tests again once #7436 is resolved as these were flaky
  describe.skip('GET :/file-report', () => {
    it('excludes assets without issues from report', async () => {
      const [trashedAsset, archivedAsset] = await Promise.all([
        utils.createAsset(admin.accessToken),
        utils.createAsset(admin.accessToken),
        utils.createAsset(admin.accessToken),
      ]);
      await Promise.all([
        deleteAssets({ assetBulkDeleteDto: { ids: [trashedAsset.id] } }, { headers: asBearerAuth(admin.accessToken) }),
        updateAsset(
          {
            id: archivedAsset.id,
            updateAssetDto: { isArchived: true },
          },
          { headers: asBearerAuth(admin.accessToken) },
        ),
      ]);
      const body = await getAuditFiles({
        headers: asBearerAuth(admin.accessToken),
      });
      expect(body.orphans).toHaveLength(0);
      expect(body.extras).toHaveLength(0);
    });
  });
 });
--- a/e2e/src/api/specs/auth.e2e-spec.ts
+++ b/e2e/src/api/specs/auth.e2e-spec.ts
@@ -5,7 +5,7 @@ import { app, utils } from 'src/utils';
 import request from 'supertest';
 import { beforeEach, describe, expect, it } from 'vitest';
-const { name, email, password } = signupDto.admin;
+const { email, password } = signupDto.admin;
 describe(`/auth/admin-sign-up`, () => {
  beforeEach(async () => {
@@ -13,58 +13,12 @@ describe(`/auth/admin-sign-up`, () => {
  });
  describe('POST /auth/admin-sign-up', () => {
    const invalid = [
      {
        should: 'require an email address',
        data: { name, password },
      },
      {
        should: 'require a password',
        data: { name, email },
      },
      {
        should: 'require a name',
        data: { email, password },
      },
      {
        should: 'require a valid email',
        data: { name, email: 'immich', password },
      },
    ];
    for (const { should, data } of invalid) {
      it(`should ${should}`, async () => {
        const { status, body } = await request(app).post('/auth/admin-sign-up').send(data);
        expect(status).toEqual(400);
        expect(body).toEqual(errorDto.badRequest());
      });
    }
    it(`should sign up the admin`, async () => {
      const { status, body } = await request(app).post('/auth/admin-sign-up').send(signupDto.admin);
      expect(status).toBe(201);
      expect(body).toEqual(signupResponseDto.admin);
    });
    it('should sign up the admin with a local domain', async () => {
      const { status, body } = await request(app)
        .post('/auth/admin-sign-up')
        .send({ ...signupDto.admin, email: 'admin@local' });
      expect(status).toEqual(201);
      expect(body).toEqual({
        ...signupResponseDto.admin,
        email: 'admin@local',
      });
    });
    it('should transform email to lower case', async () => {
      const { status, body } = await request(app)
        .post('/auth/admin-sign-up')
        .send({ ...signupDto.admin, email: 'aDmIn@IMMICH.cloud' });
      expect(status).toEqual(201);
      expect(body).toEqual(signupResponseDto.admin);
    });
    it('should not allow a second admin to sign up', async () => {
      await signUpAdmin({ signUpDto: signupDto.admin });
@@ -92,22 +46,6 @@ describe('/auth/*', () => {
      expect(body).toEqual(errorDto.incorrectLogin);
    });
    for (const key of Object.keys(loginDto.admin)) {
      it(`should not allow null ${key}`, async () => {
        const { status, body } = await request(app)
          .post('/auth/login')
          .send({ ...loginDto.admin, [key]: null });
        expect(status).toBe(400);
        expect(body).toEqual(errorDto.badRequest());
      });
      it('should reject an invalid email', async () => {
        const { status, body } = await request(app).post('/auth/login').send({ email: [], password });
        expect(status).toBe(400);
        expect(body).toEqual(errorDto.invalidEmail);
      });
    }
    it('should accept a correct password', async () => {
      const { status, body, headers } = await request(app).post('/auth/login').send({ email, password });
      expect(status).toBe(201);
@@ -162,14 +100,6 @@ describe('/auth/*', () => {
  });
  describe('POST /auth/change-password', () => {
    it('should require authentication', async () => {
      const { status, body } = await request(app)
        .post(`/auth/change-password`)
        .send({ password, newPassword: 'Password1234' });
      expect(status).toBe(401);
      expect(body).toEqual(errorDto.unauthorized);
    });
    it('should require the current password', async () => {
      const { status, body } = await request(app)
        .post(`/auth/change-password`)
--- a/e2e/src/api/specs/download.e2e-spec.ts
+++ b/e2e/src/api/specs/download.e2e-spec.ts
@@ -1,6 +1,5 @@
 import { AssetMediaResponseDto, LoginResponseDto } from '@immich/sdk';
 import { readFile, writeFile } from 'node:fs/promises';
 import { errorDto } from 'src/responses';
 import { app, tempDir, utils } from 'src/utils';
 import request from 'supertest';
 import { beforeAll, describe, expect, it } from 'vitest';
@@ -17,15 +16,6 @@ describe('/download', () => {
  });
  describe('POST /download/info', () => {
    it('should require authentication', async () => {
      const { status, body } = await request(app)
        .post(`/download/info`)
        .send({ assetIds: [asset1.id] });
      expect(status).toBe(401);
      expect(body).toEqual(errorDto.unauthorized);
    });
    it('should download info', async () => {
      const { status, body } = await request(app)
        .post('/download/info')
@@ -42,15 +32,6 @@ describe('/download', () => {
  });
  describe('POST /download/archive', () => {
    it('should require authentication', async () => {
      const { status, body } = await request(app)
        .post(`/download/archive`)
        .send({ assetIds: [asset1.id, asset2.id] });
      expect(status).toBe(401);
      expect(body).toEqual(errorDto.unauthorized);
    });
    it('should download an archive', async () => {
      const { status, body } = await request(app)
        .post('/download/archive')
--- a/e2e/src/api/specs/map.e2e-spec.ts
+++ b/e2e/src/api/specs/map.e2e-spec.ts
@@ -1,4 +1,4 @@
-import { LoginResponseDto } from '@immich/sdk';
+import { AssetVisibility, LoginResponseDto } from '@immich/sdk';
 import { readFile } from 'node:fs/promises';
 import { basename, join } from 'node:path';
 import { Socket } from 'socket.io-client';
@@ -44,7 +44,7 @@ describe('/map', () => {
    it('should get map markers for all non-archived assets', async () => {
      const { status, body } = await request(app)
        .get('/map/markers')
-        .query({ isArchived: false })
+        .query({ visibility: AssetVisibility.Timeline })
        .set('Authorization', `Bearer ${admin.accessToken}`);
      expect(status).toBe(200);
--- a/e2e/src/api/specs/oauth.e2e-spec.ts
+++ b/e2e/src/api/specs/oauth.e2e-spec.ts
@@ -6,6 +6,7 @@ import {
  startOAuth,
  updateConfig,
 } from '@immich/sdk';
 import { createHash, randomBytes } from 'node:crypto';
 import { errorDto } from 'src/responses';
 import { OAuthClient, OAuthUser } from 'src/setup/auth-server';
 import { app, asBearerAuth, baseUrl, utils } from 'src/utils';
@@ -21,18 +22,30 @@ const mobileOverrideRedirectUri = 'https://photos.immich.app/oauth/mobile-redire
 const redirect = async (url: string, cookies?: string[]) => {
  const { headers } = await request(url)
-    .get('/')
+    .get('')
    .set('Cookie', cookies || []);
  return { cookies: (headers['set-cookie'] as unknown as string[]) || [], location: headers.location };
 };
 // Function to generate a code challenge from the verifier
 const generateCodeChallenge = async (codeVerifier: string): Promise<string> => {
  const hashed = createHash('sha256').update(codeVerifier).digest();
  return hashed.toString('base64url');
 };
 const loginWithOAuth = async (sub: OAuthUser | string, redirectUri?: string) => {
-  const { url } = await startOAuth({ oAuthConfigDto: { redirectUri: redirectUri ?? `${baseUrl}/auth/login` } });
+  const state = randomBytes(16).toString('base64url');
  const codeVerifier = randomBytes(64).toString('base64url');
  const codeChallenge = await generateCodeChallenge(codeVerifier);
  const { url } = await startOAuth({
    oAuthConfigDto: { redirectUri: redirectUri ?? `${baseUrl}/auth/login`, state, codeChallenge },
  });
  // login
  const response1 = await redirect(url.replace(authServer.internal, authServer.external));
  const response2 = await request(authServer.external + response1.location)
-    .post('/')
+    .post('')
    .set('Cookie', response1.cookies)
    .type('form')
    .send({ prompt: 'login', login: sub, password: 'password' });
@@ -40,7 +53,7 @@ const loginWithOAuth = async (sub: OAuthUser | string, redirectUri?: string) =>
  // approve
  const response3 = await redirect(response2.header.location, response1.cookies);
  const response4 = await request(authServer.external + response3.location)
-    .post('/')
+    .post('')
    .type('form')
    .set('Cookie', response3.cookies)
    .send({ prompt: 'consent' });
@@ -51,9 +64,9 @@ const loginWithOAuth = async (sub: OAuthUser | string, redirectUri?: string) =>
  expect(redirectUrl).toBeDefined();
  const params = new URL(redirectUrl).searchParams;
  expect(params.get('code')).toBeDefined();
-  expect(params.get('state')).toBeDefined();
+  expect(params.get('state')).toBe(state);
-  return redirectUrl;
+  return { url: redirectUrl, state, codeVerifier };
 };
 const setupOAuth = async (token: string, dto: Partial<SystemConfigOAuthDto>) => {
@@ -119,9 +132,42 @@ describe(`/oauth`, () => {
      expect(body).toEqual(errorDto.badRequest(['url should not be empty']));
    });
-    it('should auto register the user by default', async () => {
+    it(`should throw an error if the state is not provided`, async () => {
-      const url = await loginWithOAuth('oauth-auto-register');
+      const { url } = await loginWithOAuth('oauth-auto-register');
      const { status, body } = await request(app).post('/oauth/callback').send({ url });
      expect(status).toBe(400);
      expect(body).toEqual(errorDto.badRequest('OAuth state is missing'));
    });
    it(`should throw an error if the state mismatches`, async () => {
      const callbackParams = await loginWithOAuth('oauth-auto-register');
      const { state } = await loginWithOAuth('oauth-auto-register');
      const { status } = await request(app)
        .post('/oauth/callback')
        .send({ ...callbackParams, state });
      expect(status).toBeGreaterThanOrEqual(400);
    });
    it(`should throw an error if the codeVerifier is not provided`, async () => {
      const { url, state } = await loginWithOAuth('oauth-auto-register');
      const { status, body } = await request(app).post('/oauth/callback').send({ url, state });
      expect(status).toBe(400);
      expect(body).toEqual(errorDto.badRequest('OAuth code verifier is missing'));
    });
    it(`should throw an error if the codeVerifier doesn't match the challenge`, async () => {
      const callbackParams = await loginWithOAuth('oauth-auto-register');
      const { codeVerifier } = await loginWithOAuth('oauth-auto-register');
      const { status, body } = await request(app)
        .post('/oauth/callback')
        .send({ ...callbackParams, codeVerifier });
      console.log(body);
      expect(status).toBeGreaterThanOrEqual(400);
    });
    it('should auto register the user by default', async () => {
      const callbackParams = await loginWithOAuth('oauth-auto-register');
      const { status, body } = await request(app).post('/oauth/callback').send(callbackParams);
      expect(status).toBe(201);
      expect(body).toMatchObject({
        accessToken: expect.any(String),
@@ -132,16 +178,30 @@ describe(`/oauth`, () => {
      });
    });
    it('should allow passing state and codeVerifier via cookies', async () => {
      const { url, state, codeVerifier } = await loginWithOAuth('oauth-auto-register');
      const { status, body } = await request(app)
        .post('/oauth/callback')
        .set('Cookie', [`immich_oauth_state=${state}`, `immich_oauth_code_verifier=${codeVerifier}`])
        .send({ url });
      expect(status).toBe(201);
      expect(body).toMatchObject({
        accessToken: expect.any(String),
        userId: expect.any(String),
        userEmail: 'oauth-auto-register@immich.app',
      });
    });
    it('should handle a user without an email', async () => {
-      const url = await loginWithOAuth(OAuthUser.NO_EMAIL);
+      const callbackParams = await loginWithOAuth(OAuthUser.NO_EMAIL);
-      const { status, body } = await request(app).post('/oauth/callback').send({ url });
+      const { status, body } = await request(app).post('/oauth/callback').send(callbackParams);
      expect(status).toBe(400);
      expect(body).toEqual(errorDto.badRequest('OAuth profile does not have an email address'));
    });
    it('should set the quota from a claim', async () => {
-      const url = await loginWithOAuth(OAuthUser.WITH_QUOTA);
+      const callbackParams = await loginWithOAuth(OAuthUser.WITH_QUOTA);
-      const { status, body } = await request(app).post('/oauth/callback').send({ url });
+      const { status, body } = await request(app).post('/oauth/callback').send(callbackParams);
      expect(status).toBe(201);
      expect(body).toMatchObject({
        accessToken: expect.any(String),
@@ -154,8 +214,8 @@ describe(`/oauth`, () => {
    });
    it('should set the storage label from a claim', async () => {
-      const url = await loginWithOAuth(OAuthUser.WITH_USERNAME);
+      const callbackParams = await loginWithOAuth(OAuthUser.WITH_USERNAME);
-      const { status, body } = await request(app).post('/oauth/callback').send({ url });
+      const { status, body } = await request(app).post('/oauth/callback').send(callbackParams);
      expect(status).toBe(201);
      expect(body).toMatchObject({
        accessToken: expect.any(String),
@@ -176,8 +236,8 @@ describe(`/oauth`, () => {
        buttonText: 'Login with Immich',
        signingAlgorithm: 'RS256',
      });
-      const url = await loginWithOAuth('oauth-RS256-token');
+      const callbackParams = await loginWithOAuth('oauth-RS256-token');
-      const { status, body } = await request(app).post('/oauth/callback').send({ url });
+      const { status, body } = await request(app).post('/oauth/callback').send(callbackParams);
      expect(status).toBe(201);
      expect(body).toMatchObject({
        accessToken: expect.any(String),
@@ -196,8 +256,8 @@ describe(`/oauth`, () => {
        buttonText: 'Login with Immich',
        profileSigningAlgorithm: 'RS256',
      });
-      const url = await loginWithOAuth('oauth-signed-profile');
+      const callbackParams = await loginWithOAuth('oauth-signed-profile');
-      const { status, body } = await request(app).post('/oauth/callback').send({ url });
+      const { status, body } = await request(app).post('/oauth/callback').send(callbackParams);
      expect(status).toBe(201);
      expect(body).toMatchObject({
        userId: expect.any(String),
@@ -213,8 +273,8 @@ describe(`/oauth`, () => {
        buttonText: 'Login with Immich',
        signingAlgorithm: 'something-that-does-not-work',
      });
-      const url = await loginWithOAuth('oauth-signed-bad');
+      const callbackParams = await loginWithOAuth('oauth-signed-bad');
-      const { status, body } = await request(app).post('/oauth/callback').send({ url });
+      const { status, body } = await request(app).post('/oauth/callback').send(callbackParams);
      expect(status).toBe(500);
      expect(body).toMatchObject({
        error: 'Internal Server Error',
@@ -235,8 +295,8 @@ describe(`/oauth`, () => {
      });
      it('should not auto register the user', async () => {
-        const url = await loginWithOAuth('oauth-no-auto-register');
+        const callbackParams = await loginWithOAuth('oauth-no-auto-register');
-        const { status, body } = await request(app).post('/oauth/callback').send({ url });
+        const { status, body } = await request(app).post('/oauth/callback').send(callbackParams);
        expect(status).toBe(400);
        expect(body).toEqual(errorDto.badRequest('User does not exist and auto registering is disabled.'));
      });
@@ -247,8 +307,8 @@ describe(`/oauth`, () => {
          email: 'oauth-user3@immich.app',
          password: 'password',
        });
-        const url = await loginWithOAuth('oauth-user3');
+        const callbackParams = await loginWithOAuth('oauth-user3');
-        const { status, body } = await request(app).post('/oauth/callback').send({ url });
+        const { status, body } = await request(app).post('/oauth/callback').send(callbackParams);
        expect(status).toBe(201);
        expect(body).toMatchObject({
          userId,
@@ -286,13 +346,15 @@ describe(`/oauth`, () => {
    });
    it('should auto register the user by default', async () => {
-      const url = await loginWithOAuth('oauth-mobile-override', 'app.immich:///oauth-callback');
+      const callbackParams = await loginWithOAuth('oauth-mobile-override', 'app.immich:///oauth-callback');
-      expect(url).toEqual(expect.stringContaining(mobileOverrideRedirectUri));
+      expect(callbackParams.url).toEqual(expect.stringContaining(mobileOverrideRedirectUri));
      // simulate redirecting back to mobile app
-      const redirectUri = url.replace(mobileOverrideRedirectUri, 'app.immich:///oauth-callback');
+      const url = callbackParams.url.replace(mobileOverrideRedirectUri, 'app.immich:///oauth-callback');
-      const { status, body } = await request(app).post('/oauth/callback').send({ url: redirectUri });
+      const { status, body } = await request(app)
        .post('/oauth/callback')
        .send({ ...callbackParams, url });
      expect(status).toBe(201);
      expect(body).toMatchObject({
        accessToken: expect.any(String),
--- a/e2e/src/api/specs/search.e2e-spec.ts
+++ b/e2e/src/api/specs/search.e2e-spec.ts
@@ -1,9 +1,15 @@
-import { AssetMediaResponseDto, AssetResponseDto, deleteAssets, LoginResponseDto, updateAsset } from '@immich/sdk';
+import {
  AssetMediaResponseDto,
  AssetResponseDto,
  AssetVisibility,
  deleteAssets,
  LoginResponseDto,
  updateAsset,
 } from '@immich/sdk';
 import { DateTime } from 'luxon';
 import { readFile } from 'node:fs/promises';
 import { join } from 'node:path';
 import { Socket } from 'socket.io-client';
 import { errorDto } from 'src/responses';
 import { app, asBearerAuth, TEN_TIMES, testAssetDir, utils } from 'src/utils';
 import request from 'supertest';
 import { afterAll, beforeAll, describe, expect, it } from 'vitest';
@@ -50,7 +56,7 @@ describe('/search', () => {
      { filename: '/formats/motionphoto/samsung-one-ui-6.heic' },
      { filename: '/formats/motionphoto/samsung-one-ui-5.jpg' },
-      { filename: '/metadata/gps-position/thompson-springs.jpg', dto: { isArchived: true } },
+      { filename: '/metadata/gps-position/thompson-springs.jpg', dto: { visibility: AssetVisibility.Archive } },
      // used for search suggestions
      { filename: '/formats/png/density_plot.png' },
@@ -141,65 +147,6 @@ describe('/search', () => {
  });
  describe('POST /search/metadata', () => {
    it('should require authentication', async () => {
      const { status, body } = await request(app).post('/search/metadata');
      expect(status).toBe(401);
      expect(body).toEqual(errorDto.unauthorized);
    });
    const badTests = [
      {
        should: 'should reject page as a string',
        dto: { page: 'abc' },
        expected: ['page must not be less than 1', 'page must be an integer number'],
      },
      {
        should: 'should reject page as a decimal',
        dto: { page: 1.5 },
        expected: ['page must be an integer number'],
      },
      {
        should: 'should reject page as a negative number',
        dto: { page: -10 },
        expected: ['page must not be less than 1'],
      },
      {
        should: 'should reject page as 0',
        dto: { page: 0 },
        expected: ['page must not be less than 1'],
      },
      {
        should: 'should reject size as a string',
        dto: { size: 'abc' },
        expected: [
          'size must not be greater than 1000',
          'size must not be less than 1',
          'size must be an integer number',
        ],
      },
      {
        should: 'should reject an invalid size',
        dto: { size: -1.5 },
        expected: ['size must not be less than 1', 'size must be an integer number'],
      },
      ...['isArchived', 'isFavorite', 'isEncoded', 'isOffline', 'isMotion', 'isVisible'].map((value) => ({
        should: `should reject ${value} not a boolean`,
        dto: { [value]: 'immich' },
        expected: [`${value} must be a boolean value`],
      })),
    ];
    for (const { should, dto, expected } of badTests) {
      it(should, async () => {
        const { status, body } = await request(app)
          .post('/search/metadata')
          .set('Authorization', `Bearer ${admin.accessToken}`)
          .send(dto);
        expect(status).toBe(400);
        expect(body).toEqual(errorDto.badRequest(expected));
      });
    }
    const searchTests = [
      {
        should: 'should get my assets',
@@ -231,12 +178,12 @@ describe('/search', () => {
        deferred: () => ({ dto: { size: 1, isFavorite: false }, assets: [assetLast] }),
      },
      {
-        should: 'should search by isArchived (true)',
+        should: 'should search by visibility (AssetVisibility.Archive)',
-        deferred: () => ({ dto: { isArchived: true }, assets: [assetSprings] }),
+        deferred: () => ({ dto: { visibility: AssetVisibility.Archive }, assets: [assetSprings] }),
      },
      {
-        should: 'should search by isArchived (false)',
+        should: 'should search by visibility (AssetVisibility.Timeline)',
-        deferred: () => ({ dto: { size: 1, isArchived: false }, assets: [assetLast] }),
+        deferred: () => ({ dto: { size: 1, visibility: AssetVisibility.Timeline }, assets: [assetLast] }),
      },
      {
        should: 'should search by type (image)',
@@ -245,7 +192,7 @@ describe('/search', () => {
      {
        should: 'should search by type (video)',
        deferred: () => ({
-          dto: { type: 'VIDEO' },
+          dto: { type: 'VIDEO', visibility: AssetVisibility.Hidden },
          assets: [
            // the three live motion photos
            { id: expect.any(String) },
@@ -289,13 +236,6 @@ describe('/search', () => {
        should: 'should search by takenAfter (no results)',
        deferred: () => ({ dto: { takenAfter: today.plus({ hour: 1 }).toJSDate() }, assets: [] }),
      },
      //   {
      //     should: 'should search by originalPath',
      //     deferred: () => ({
      //       dto: { originalPath: asset1.originalPath },
      //       assets: [asset1],
      //     }),
      //   },
      {
        should: 'should search by originalFilename',
        deferred: () => ({
@@ -325,7 +265,7 @@ describe('/search', () => {
        deferred: () => ({
          dto: {
            city: '',
-            isVisible: true,
+            visibility: AssetVisibility.Timeline,
            includeNull: true,
          },
          assets: [assetLast],
@@ -336,7 +276,7 @@ describe('/search', () => {
        deferred: () => ({
          dto: {
            city: null,
-            isVisible: true,
+            visibility: AssetVisibility.Timeline,
            includeNull: true,
          },
          assets: [assetLast],
@@ -357,7 +297,7 @@ describe('/search', () => {
        deferred: () => ({
          dto: {
            state: '',
-            isVisible: true,
+            visibility: AssetVisibility.Timeline,
            withExif: true,
            includeNull: true,
          },
@@ -369,7 +309,7 @@ describe('/search', () => {
        deferred: () => ({
          dto: {
            state: null,
-            isVisible: true,
+            visibility: AssetVisibility.Timeline,
            includeNull: true,
          },
          assets: [assetLast, assetNotocactus],
@@ -390,7 +330,7 @@ describe('/search', () => {
        deferred: () => ({
          dto: {
            country: '',
-            isVisible: true,
+            visibility: AssetVisibility.Timeline,
            includeNull: true,
          },
          assets: [assetLast],
@@ -401,7 +341,7 @@ describe('/search', () => {
        deferred: () => ({
          dto: {
            country: null,
-            isVisible: true,
+            visibility: AssetVisibility.Timeline,
            includeNull: true,
          },
          assets: [assetLast],
@@ -454,14 +394,6 @@ describe('/search', () => {
    }
  });
  describe('POST /search/smart', () => {
    it('should require authentication', async () => {
      const { status, body } = await request(app).post('/search/smart');
      expect(status).toBe(401);
      expect(body).toEqual(errorDto.unauthorized);
    });
  });
  describe('POST /search/random', () => {
    beforeAll(async () => {
      await Promise.all([
@@ -476,13 +408,6 @@ describe('/search', () => {
      await utils.waitForQueueFinish(admin.accessToken, 'thumbnailGeneration');
    });
    it('should require authentication', async () => {
      const { status, body } = await request(app).post('/search/random').send({ size: 1 });
      expect(status).toBe(401);
      expect(body).toEqual(errorDto.unauthorized);
    });
    it.each(TEN_TIMES)('should return 1 random assets', async () => {
      const { status, body } = await request(app)
        .post('/search/random')
@@ -512,12 +437,6 @@ describe('/search', () => {
  });
  describe('GET /search/explore', () => {
    it('should require authentication', async () => {
      const { status, body } = await request(app).get('/search/explore');
      expect(status).toBe(401);
      expect(body).toEqual(errorDto.unauthorized);
    });
    it('should get explore data', async () => {
      const { status, body } = await request(app)
        .get('/search/explore')
@@ -528,12 +447,6 @@ describe('/search', () => {
  });
  describe('GET /search/places', () => {
    it('should require authentication', async () => {
      const { status, body } = await request(app).get('/search/places');
      expect(status).toBe(401);
      expect(body).toEqual(errorDto.unauthorized);
    });
    it('should get relevant places', async () => {
      const name = 'Paris';
@@ -552,12 +465,6 @@ describe('/search', () => {
  });
  describe('GET /search/cities', () => {
    it('should require authentication', async () => {
      const { status, body } = await request(app).get('/search/cities');
      expect(status).toBe(401);
      expect(body).toEqual(errorDto.unauthorized);
    });
    it('should get all cities', async () => {
      const { status, body } = await request(app)
        .get('/search/cities')
@@ -576,12 +483,6 @@ describe('/search', () => {
  });
  describe('GET /search/suggestions', () => {
    it('should require authentication', async () => {
      const { status, body } = await request(app).get('/search/suggestions');
      expect(status).toBe(401);
      expect(body).toEqual(errorDto.unauthorized);
    });
    it('should get suggestions for country (including null)', async () => {
      const { status, body } = await request(app)
        .get('/search/suggestions?type=country&includeNull=true')
--- a/e2e/src/api/specs/timeline.e2e-spec.ts
+++ b/e2e/src/api/specs/timeline.e2e-spec.ts
@@ -1,4 +1,4 @@
-import { AssetMediaResponseDto, LoginResponseDto, SharedLinkType, TimeBucketSize } from '@immich/sdk';
+import { AssetMediaResponseDto, AssetVisibility, LoginResponseDto, SharedLinkType, TimeBucketSize } from '@immich/sdk';
 import { DateTime } from 'luxon';
 import { createUserDto } from 'src/fixtures';
 import { errorDto } from 'src/responses';
@@ -104,7 +104,7 @@ describe('/timeline', () => {
      const req1 = await request(app)
        .get('/timeline/buckets')
        .set('Authorization', `Bearer ${timeBucketUser.accessToken}`)
-        .query({ size: TimeBucketSize.Month, withPartners: true, isArchived: true });
+        .query({ size: TimeBucketSize.Month, withPartners: true, visibility: AssetVisibility.Archive });
      expect(req1.status).toBe(400);
      expect(req1.body).toEqual(errorDto.badRequest());
@@ -112,7 +112,7 @@ describe('/timeline', () => {
      const req2 = await request(app)
        .get('/timeline/buckets')
        .set('Authorization', `Bearer ${user.accessToken}`)
-        .query({ size: TimeBucketSize.Month, withPartners: true, isArchived: undefined });
+        .query({ size: TimeBucketSize.Month, withPartners: true, visibility: undefined });
      expect(req2.status).toBe(400);
      expect(req2.body).toEqual(errorDto.badRequest());
--- a/e2e/src/api/specs/user-admin.e2e-spec.ts
+++ b/e2e/src/api/specs/user-admin.e2e-spec.ts
@@ -215,6 +215,19 @@ describe('/admin/users', () => {
      const user = await getMyUser({ headers: asBearerAuth(token.accessToken) });
      expect(user).toMatchObject({ email: nonAdmin.userEmail });
    });
    it('should update the avatar color', async () => {
      const { status, body } = await request(app)
        .put(`/admin/users/${admin.userId}`)
        .send({ avatarColor: 'orange' })
        .set('Authorization', `Bearer ${admin.accessToken}`);
      expect(status).toBe(200);
      expect(body).toMatchObject({ avatarColor: 'orange' });
      const after = await getUserAdmin({ id: admin.userId }, { headers: asBearerAuth(admin.accessToken) });
      expect(after).toMatchObject({ avatarColor: 'orange' });
    });
  });
  describe('PUT /admin/users/:id/preferences', () => {
@@ -240,19 +253,6 @@ describe('/admin/users', () => {
      expect(after).toMatchObject({ memories: { enabled: false } });
    });
    it('should update the avatar color', async () => {
      const { status, body } = await request(app)
        .put(`/admin/users/${admin.userId}/preferences`)
        .send({ avatar: { color: 'orange' } })
        .set('Authorization', `Bearer ${admin.accessToken}`);
      expect(status).toBe(200);
      expect(body).toMatchObject({ avatar: { color: 'orange' } });
      const after = await getUserPreferencesAdmin({ id: admin.userId }, { headers: asBearerAuth(admin.accessToken) });
      expect(after).toMatchObject({ avatar: { color: 'orange' } });
    });
    it('should update download archive size', async () => {
      const { status, body } = await request(app)
        .put(`/admin/users/${admin.userId}/preferences`)
--- a/e2e/src/api/specs/user.e2e-spec.ts
+++ b/e2e/src/api/specs/user.e2e-spec.ts
@@ -31,33 +31,7 @@ describe('/users', () => {
    );
  });
  describe('GET /users', () => {
    it('should require authentication', async () => {
      const { status, body } = await request(app).get('/users');
      expect(status).toBe(401);
      expect(body).toEqual(errorDto.unauthorized);
    });
    it('should get users', async () => {
      const { status, body } = await request(app).get('/users').set('Authorization', `Bearer ${admin.accessToken}`);
      expect(status).toEqual(200);
      expect(body).toHaveLength(2);
      expect(body).toEqual(
        expect.arrayContaining([
          expect.objectContaining({ email: 'admin@immich.cloud' }),
          expect.objectContaining({ email: 'user2@immich.cloud' }),
        ]),
      );
    });
  });
  describe('GET /users/me', () => {
    it('should require authentication', async () => {
      const { status, body } = await request(app).get(`/users/me`);
      expect(status).toBe(401);
      expect(body).toEqual(errorDto.unauthorized);
    });
    it('should not work for shared links', async () => {
      const album = await utils.createAlbum(admin.accessToken, { albumName: 'Album' });
      const sharedLink = await utils.createSharedLink(admin.accessToken, {
@@ -99,24 +73,6 @@ describe('/users', () => {
  });
  describe('PUT /users/me', () => {
    it('should require authentication', async () => {
      const { status, body } = await request(app).put(`/users/me`);
      expect(status).toBe(401);
      expect(body).toEqual(errorDto.unauthorized);
    });
    for (const key of ['email', 'name']) {
      it(`should not allow null ${key}`, async () => {
        const dto = { [key]: null };
        const { status, body } = await request(app)
          .put(`/users/me`)
          .set('Authorization', `Bearer ${admin.accessToken}`)
          .send(dto);
        expect(status).toBe(400);
        expect(body).toEqual(errorDto.badRequest());
      });
    }
    it('should update first and last name', async () => {
      const before = await getMyUser({ headers: asBearerAuth(admin.accessToken) });
@@ -183,6 +139,19 @@ describe('/users', () => {
        profileChangedAt: expect.anything(),
      });
    });
    it('should update avatar color', async () => {
      const { status, body } = await request(app)
        .put(`/users/me`)
        .send({ avatarColor: 'blue' })
        .set('Authorization', `Bearer ${admin.accessToken}`);
      expect(status).toBe(200);
      expect(body).toMatchObject({ avatarColor: 'blue' });
      const after = await getMyUser({ headers: asBearerAuth(admin.accessToken) });
      expect(after).toMatchObject({ avatarColor: 'blue' });
    });
  });
  describe('PUT /users/me/preferences', () => {
@@ -202,19 +171,6 @@ describe('/users', () => {
      expect(after).toMatchObject({ memories: { enabled: false } });
    });
    it('should update avatar color', async () => {
      const { status, body } = await request(app)
        .put(`/users/me/preferences`)
        .send({ avatar: { color: 'blue' } })
        .set('Authorization', `Bearer ${admin.accessToken}`);
      expect(status).toBe(200);
      expect(body).toMatchObject({ avatar: { color: 'blue' } });
      const after = await getMyPreferences({ headers: asBearerAuth(admin.accessToken) });
      expect(after).toMatchObject({ avatar: { color: 'blue' } });
    });
    it('should require an integer for download archive size', async () => {
      const { status, body } = await request(app)
        .put(`/users/me/preferences`)
@@ -269,11 +225,6 @@ describe('/users', () => {
  });
  describe('GET /users/:id', () => {
    it('should require authentication', async () => {
      const { status } = await request(app).get(`/users/${admin.userId}`);
      expect(status).toEqual(401);
    });
    it('should get the user', async () => {
      const { status, body } = await request(app)
        .get(`/users/${admin.userId}`)
@@ -292,12 +243,6 @@ describe('/users', () => {
  });
  describe('GET /server/license', () => {
    it('should require authentication', async () => {
      const { status, body } = await request(app).get('/users/me/license');
      expect(status).toBe(401);
      expect(body).toEqual(errorDto.unauthorized);
    });
    it('should return the user license', async () => {
      await request(app)
        .put('/users/me/license')
@@ -315,11 +260,6 @@ describe('/users', () => {
  });
  describe('PUT /users/me/license', () => {
    it('should require authentication', async () => {
      const { status } = await request(app).put(`/users/me/license`);
      expect(status).toEqual(401);
    });
    it('should set the user license', async () => {
      const { status, body } = await request(app)
        .put(`/users/me/license`)
--- a/e2e/src/utils.ts
+++ b/e2e/src/utils.ts
@@ -3,6 +3,7 @@ import {
  AssetMediaCreateDto,
  AssetMediaResponseDto,
  AssetResponseDto,
  AssetVisibility,
  CheckExistingAssetsDto,
  CreateAlbumDto,
  CreateLibraryDto,
@@ -429,7 +430,10 @@ export const utils = {
  },
  archiveAssets: (accessToken: string, ids: string[]) =>
-    updateAssets({ assetBulkUpdateDto: { ids, isArchived: true } }, { headers: asBearerAuth(accessToken) }),
+    updateAssets(
      { assetBulkUpdateDto: { ids, visibility: AssetVisibility.Archive } },
      { headers: asBearerAuth(accessToken) },
    ),
  deleteAssets: (accessToken: string, ids: string[]) =>
    deleteAssets({ assetBulkDeleteDto: { ids } }, { headers: asBearerAuth(accessToken) }),
--- a/e2e/src/web/specs/auth.e2e-spec.ts
+++ b/e2e/src/web/specs/auth.e2e-spec.ts
@@ -25,7 +25,7 @@ test.describe('Registration', () => {
    // login
    await expect(page).toHaveTitle(/Login/);
-    await page.goto('/auth/login');
+    await page.goto('/auth/login?autoLaunch=0');
    await page.getByLabel('Email').fill('admin@immich.app');
    await page.getByLabel('Password').fill('password');
    await page.getByRole('button', { name: 'Login' }).click();
@@ -59,7 +59,7 @@ test.describe('Registration', () => {
    await context.clearCookies();
    // login
-    await page.goto('/auth/login');
+    await page.goto('/auth/login?autoLaunch=0');
    await page.getByLabel('Email').fill('user@immich.cloud');
    await page.getByLabel('Password').fill('password');
    await page.getByRole('button', { name: 'Login' }).click();
@@ -72,7 +72,7 @@ test.describe('Registration', () => {
    await page.getByRole('button', { name: 'Change password' }).click();
    // login with new password
-    await expect(page).toHaveURL('/auth/login');
+    await expect(page).toHaveURL('/auth/login?autoLaunch=0');
    await page.getByLabel('Email').fill('user@immich.cloud');
    await page.getByLabel('Password').fill('new-password');
    await page.getByRole('button', { name: 'Login' }).click();
--- a/e2e/src/web/specs/photo-viewer.e2e-spec.ts
+++ b/e2e/src/web/specs/photo-viewer.e2e-spec.ts
@@ -21,23 +21,9 @@ test.describe('Photo Viewer', () => {
  test.beforeEach(async ({ context, page }) => {
    // before each test, login as user
    await utils.setAuthCookies(context, admin.accessToken);
    await page.goto('/photos');
    await page.waitForLoadState('networkidle');
  });
  test('initially shows a loading spinner', async ({ page }) => {
    await page.route(`/api/assets/${asset.id}/thumbnail**`, async (route) => {
      // slow down the request for thumbnail, so spinner has chance to show up
      await new Promise((f) => setTimeout(f, 2000));
      await route.continue();
    });
    await page.goto(`/photos/${asset.id}`);
    await page.waitForLoadState('load');
    // this is the spinner
    await page.waitForSelector('svg[role=status]');
    await expect(page.getByTestId('loading-spinner')).toBeVisible();
  });
  test('loads original photo when zoomed', async ({ page }) => {
    await page.goto(`/photos/${asset.id}`);
    await expect.poll(async () => await imageLocator(page).getAttribute('src')).toContain('thumbnail');
--- a/e2e/src/web/specs/shared-link.e2e-spec.ts
+++ b/e2e/src/web/specs/shared-link.e2e-spec.ts
@@ -47,16 +47,13 @@ test.describe('Shared Links', () => {
    await page.locator(`[data-asset-id="${asset.id}"]`).hover();
    await page.waitForSelector('[data-group] svg');
    await page.getByRole('checkbox').click();
-    await page.getByRole('button', { name: 'Download' }).click();
+    await Promise.all([page.waitForEvent('download'), page.getByRole('button', { name: 'Download' }).click()]);
    await page.waitForEvent('download');
  });
  test('download all from shared link', async ({ page }) => {
    await page.goto(`/share/${sharedLink.key}`);
    await page.getByRole('heading', { name: 'Test Album' }).waitFor();
-    await page.getByRole('button', { name: 'Download' }).click();
+    await Promise.all([page.waitForEvent('download'), page.getByRole('button', { name: 'Download' }).click()]);
    await page.getByText('DOWNLOADING', { exact: true }).waitFor();
    await page.waitForEvent('download');
  });
  test('enter password for a shared link', async ({ page }) => {
--- a/e2e/test-assets
+++ b/e2e/test-assets
--- a/i18n/ar.json
+++ b/i18n/ar.json
--- a/i18n/be.json
+++ b/i18n/be.json
@@ -4,6 +4,7 @@
  "account_settings": "Налады ўліковага запісу",
  "acknowledge": "Пацвердзіць",
  "action": "Дзеянне",
  "action_common_update": "Абнавіць",
  "actions": "Дзеянні",
  "active": "Актыўны",
  "activity": "Актыўнасць",
@@ -13,6 +14,7 @@
  "add_a_location": "Дадаць месца",
  "add_a_name": "Дадаць імя",
  "add_a_title": "Дадаць загаловак",
  "add_endpoint": "Дадаць кропку доступу",
  "add_exclusion_pattern": "Дадаць шаблон выключэння",
  "add_import_path": "Дадаць шлях імпарту",
  "add_location": "Дадайце месца",
@@ -20,8 +22,10 @@
  "add_partner": "Дадаць партнёра",
  "add_path": "Дадаць шлях",
  "add_photos": "Дадаць фота",
-  "add_to": "Дадаць у...",
+  "add_to": "Дадаць у…",
  "add_to_album": "Дадаць у альбом",
  "add_to_album_bottom_sheet_added": "Дададзена да {album}",
  "add_to_album_bottom_sheet_already_exists": "Ужо знаходзіцца ў {album}",
  "add_to_shared_album": "Дадаць у агульны альбом",
  "add_url": "Дадаць URL",
  "added_to_archive": "Дададзена ў архіў",
@@ -39,8 +43,9 @@
    "backup_database_enable_description": "Уключыць рэзерваванне базы даных",
    "backup_keep_last_amount": "Колькасць папярэдніх рэзервовых копій для захавання",
    "backup_settings": "Налады рэзервовага капіявання",
-    "backup_settings_description": "Кіраванне наладкамі рэзервовага капіявання базы даных",
+    "backup_settings_description": "Кіраванне наладамі дампа базы дадзеных. Заўвага: гэтыя задачы не кантралююцца, і ў выпадку няўдачы паведамленне адпраўлена не будзе.",
    "check_all": "Праверыць усе",
    "cleanup": "Ачыстка",
    "cleared_jobs": "Ачышчаны заданні для: {job}",
    "config_set_by_file": "Канфігурацыя ў зараз усталявана праз файл канфігурацыі",
    "confirm_delete_library": "Вы ўпэўнены што жадаеце выдаліць {library} бібліятэку?",
@@ -58,8 +63,18 @@
    "external_library_created_at": "Знешняя бібліятэка (створана {date})",
    "external_library_management": "Кіраванне знешняй бібліятэкай",
    "face_detection": "Выяўленне твараў",
    "face_detection_description": "Выяўляць твары на фотаздымках і відэа з дапамогай машыннага навучання. Для відэа ўлічваецца толькі мініяцюра. \"Абнавіць\" (пера)апрацоўвае ўсе медыя. \"Скінуць\" дадаткова ачышчае ўсе бягучыя дадзеныя пра твары. \"Адсутнічае\" ставіць у чаргу медыя, якія яшчэ не былі апрацаваныя. Выяўленыя твары будуць пастаўлены ў чаргу для распазнавання асоб пасля завяршэння выяўлення твараў, з групаваннем іх па існуючых або новых людзях.",
    "facial_recognition_job_description": "Групаваць выяўленыя твары па асобах. Гэты этап выконваецца пасля завяршэння выяўлення твараў. \"Скінуць\" (паўторна) перагрупоўвае ўсе твары. \"Адсутнічае\" ставіць у чаргу твары, якія яшчэ не прыпісаныя да якой-небудзь асобы.",
    "failed_job_command": "Каманда {command} не выканалася для задання: {job}",
    "force_delete_user_warning": "ПАПЯРЭДЖАННЕ: Гэта дзеянне неадкладна выдаліць карыстальніка і ўсе аб'екты. Гэта дзеянне не можа быць адроблена і файлы немагчыма будзе аднавіць.",
    "forcing_refresh_library_files": "Прымусовае абнаўленне ўсіх файлаў бібліятэкі",
    "image_format": "Фармат",
    "image_format_description": "WebP стварае меншыя файлы, чым JPEG, але павольней кадуе.",
    "image_fullsize_description": "Выява ў поўным памеры без метаданых, выкарыстоўваецца пры павелічэнні",
    "image_fullsize_enabled": "Уключыць стварэнне выявы ў поўным памеры",
    "image_fullsize_enabled_description": "Ствараць выяву ў поўным памеры для фарматаў, што не прыдатныя для вэб. Калі ўключана опцыя \"Аддаваць перавагу ўбудаванай праяве\", прагляды выкарыстоўваюцца непасрэдна без канвертацыі. Не ўплывае на вэб-прыдатныя фарматы, такія як JPEG.",
    "image_fullsize_quality_description": "Якасць выявы ў поўным памеры ад 1 да 100. Больш высокае значэнне лепшае, але прыводзіць да павелічэння памеру файла.",
    "image_fullsize_title": "Налады выявы ў поўным памеры",
    "image_preview_title": "Налады папярэдняга прагляду",
    "image_quality": "Якасць",
    "image_resolution": "Раздзяляльнасць",
--- a/i18n/bg.json
+++ b/i18n/bg.json
@@ -162,7 +162,6 @@
    "no_pattern_added": "Няма добавен модел",
    "note_apply_storage_label_previous_assets": "Забележка: За да приложите етикета за съхранение към предварително качени файлове, стартирайте",
    "note_cannot_be_changed_later": "ВНИМАНИЕ: Това не може да бъде променено по-късно!",
    "note_unlimited_quota": "Бележка: Въведете 0 за да нямате лимит на квотата",
    "notification_email_from_address": "От адрес",
    "notification_email_from_address_description": "Електронна поща на изпращача, например: \"Immich Photo Server <noreply@example.com>\"",
    "notification_email_host_description": "Хост на сървъра за електронна поща (например: smtp.immich.app)",
@@ -184,20 +183,13 @@
    "oauth_auto_register": "Автоматична регистрация",
    "oauth_auto_register_description": "Автоматично регистриране на нови потребители след влизане с OAuth",
    "oauth_button_text": "Текст на бутона",
    "oauth_client_id": "Клиентски ID",
    "oauth_client_secret": "Клиентска тайна",
    "oauth_enable_description": "Влизане с OAuth",
    "oauth_issuer_url": "URL на издателя",
    "oauth_mobile_redirect_uri": "URI за мобилно пренасочване",
    "oauth_mobile_redirect_uri_override": "URI пренасочване за мобилни устройства",
    "oauth_mobile_redirect_uri_override_description": "Разреши когато доставчика за OAuth удостоверяване не позволява за мобилни URI идентификатори, като '{callback}'",
    "oauth_profile_signing_algorithm": "Алгоритъм за създаване на профили",
    "oauth_profile_signing_algorithm_description": "Алгоритъм използван за вписване на потребителски профил.",
    "oauth_scope": "Област/обхват на приложение",
    "oauth_settings": "OAuth",
    "oauth_settings_description": "Управление на настройките за вход с OAuth",
    "oauth_settings_more_details": "За повече информация за функционалността, се потърсете в <link>docs</link>.",
    "oauth_signing_algorithm": "Алгоритъм за вписване",
    "oauth_storage_label_claim": "Заявка за етикет за съхранение",
    "oauth_storage_label_claim_description": "Автоматично задайте етикета за съхранение на потребителя със стойността от тази заявка.",
    "oauth_storage_quota_claim": "Заявка за квота за съхранение",
@@ -923,7 +915,6 @@
  "no_shared_albums_message": "Създайте албум, за да споделяте снимки и видеоклипове с хората в мрежата си",
  "not_in_any_album": "Не е в никой албум",
  "note_apply_storage_label_to_previously_uploaded assets": "Забележка: За да приложите етикета за съхранение към предварително качени активи, стартирайте",
  "note_unlimited_quota": "Забележка: Въведете 0 за неограничена квота",
  "notes": "Бележки",
  "notification_toggle_setting_description": "Активиране на имейл известия",
  "notifications": "Известия",
--- a/i18n/bi.json
+++ b/i18n/bi.json
@@ -118,7 +118,6 @@
    "no_pattern_added": "",
    "note_apply_storage_label_previous_assets": "",
    "note_cannot_be_changed_later": "",
    "note_unlimited_quota": "",
    "notification_email_from_address": "",
    "notification_email_from_address_description": "",
    "notification_email_host_description": "",
@@ -139,17 +138,12 @@
    "oauth_auto_register": "",
    "oauth_auto_register_description": "",
    "oauth_button_text": "",
    "oauth_client_id": "",
    "oauth_client_secret": "",
    "oauth_enable_description": "",
    "oauth_issuer_url": "",
    "oauth_mobile_redirect_uri": "",
    "oauth_mobile_redirect_uri_override": "",
    "oauth_mobile_redirect_uri_override_description": "",
    "oauth_scope": "",
    "oauth_settings": "",
    "oauth_settings_description": "",
    "oauth_signing_algorithm": "",
    "oauth_storage_label_claim": "",
    "oauth_storage_label_claim_description": "",
    "oauth_storage_quota_claim": "",
@@ -614,7 +608,6 @@
  "no_shared_albums_message": "",
  "not_in_any_album": "",
  "note_apply_storage_label_to_previously_uploaded assets": "",
  "note_unlimited_quota": "",
  "notes": "",
  "notification_toggle_setting_description": "",
  "notifications": "",
--- a/i18n/ca.json
+++ b/i18n/ca.json
--- a/i18n/cs.json
+++ b/i18n/cs.json
--- a/i18n/da.json
+++ b/i18n/da.json
--- a/i18n/de.json
+++ b/i18n/de.json
--- a/i18n/el.json
+++ b/i18n/el.json
--- a/i18n/en.json
+++ b/i18n/en.json
--- a/i18n/es.json
+++ b/i18n/es.json
--- a/i18n/et.json
+++ b/i18n/et.json
@@ -4,6 +4,7 @@
  "account_settings": "Konto seaded",
  "acknowledge": "Sain aru",
  "action": "Tegevus",
  "action_common_update": "Uuenda",
  "actions": "Tegevused",
  "active": "Aktiivne",
  "activity": "Aktiivsus",
@@ -13,6 +14,7 @@
  "add_a_location": "Lisa asukoht",
  "add_a_name": "Lisa nimi",
  "add_a_title": "Lisa pealkiri",
  "add_endpoint": "Lisa lõpp-punkt",
  "add_exclusion_pattern": "Lisa välistamismuster",
  "add_import_path": "Lisa imporditee",
  "add_location": "Lisa asukoht",
@@ -22,6 +24,8 @@
  "add_photos": "Lisa fotosid",
  "add_to": "Lisa kohta…",
  "add_to_album": "Lisa albumisse",
  "add_to_album_bottom_sheet_added": "Lisatud albumisse {album}",
  "add_to_album_bottom_sheet_already_exists": "On juba albumis {album}",
  "add_to_shared_album": "Lisa jagatud albumisse",
  "add_url": "Lisa URL",
  "added_to_archive": "Lisatud arhiivi",
@@ -35,11 +39,11 @@
    "authentication_settings_disable_all": "Kas oled kindel, et soovid kõik sisselogimismeetodid välja lülitada? Sisselogimine lülitatakse täielikult välja.",
    "authentication_settings_reenable": "Et taas lubada, kasuta <link>serveri käsku</link>.",
    "background_task_job": "Tausttegumid",
-    "backup_database": "Varunda andmebaas",
+    "backup_database": "Loo andmebaasi tõmmis",
-    "backup_database_enable_description": "Luba andmebaasi varundamine",
+    "backup_database_enable_description": "Luba andmebaasi tõmmised",
-    "backup_keep_last_amount": "Varukoopiate arv, mida alles hoida",
+    "backup_keep_last_amount": "Eelmiste tõmmiste arv, mida alles hoida",
-    "backup_settings": "Varundamise seaded",
+    "backup_settings": "Andmebaasi tõmmiste seaded",
-    "backup_settings_description": "Halda andmebaasi varundamise seadeid",
+    "backup_settings_description": "Halda andmebaasi tõmmiste seadeid. Märkus: Neid tööteid ei jälgita ning ebaõnnestumisest ei hoiatata.",
    "check_all": "Märgi kõik",
    "cleanup": "Koristus",
    "cleared_jobs": "Tööted eemaldatud: {job}",
@@ -167,7 +171,6 @@
    "no_pattern_added": "Mustreid ei ole",
    "note_apply_storage_label_previous_assets": "Märkus: Et rakendada talletussilt varem üleslaaditud üksustele, käivita",
    "note_cannot_be_changed_later": "MÄRKUS: Seda ei saa hiljem muuta!",
    "note_unlimited_quota": "Märkus: Piiramatu kvoodi jaoks sisesta 0",
    "notification_email_from_address": "Saatja aadress",
    "notification_email_from_address_description": "Saatja e-posti aadress, näiteks: \"Immich Photo Server <noreply@example.com>\"",
    "notification_email_host_description": "E-posti serveri host (nt. smtp.immich.app)",
@@ -189,26 +192,22 @@
    "oauth_auto_register": "Automaatne registreerimine",
    "oauth_auto_register_description": "Registreeri uued kasutajad automaatselt OAuth abil sisselogimisel",
    "oauth_button_text": "Nupu tekst",
-    "oauth_client_id": "Kliendi ID",
+    "oauth_client_secret_description": "Nõutud, kui PKCE (Proof Key for Code Exchange) ei ole OAuth pakkuja poolt toetatud",
    "oauth_client_secret": "Kliendi saladus",
    "oauth_enable_description": "Sisene OAuth abil",
    "oauth_issuer_url": "Väljastaja URL",
    "oauth_mobile_redirect_uri": "Mobiilne ümbersuunamise URI",
    "oauth_mobile_redirect_uri_override": "Mobiilse ümbersuunamise URI ülekirjutamine",
    "oauth_mobile_redirect_uri_override_description": "Lülita sisse, kui OAuth pakkuja ei luba mobiilset URI-d, näiteks '{callback}'",
    "oauth_profile_signing_algorithm": "Profiili allkirjastamise algoritm",
    "oauth_profile_signing_algorithm_description": "Algoritm, mida kasutatakse kasutajaprofiili allkirjastamiseks.",
    "oauth_scope": "Skoop",
    "oauth_settings": "OAuth",
    "oauth_settings_description": "Halda OAuth sisselogimise seadeid",
    "oauth_settings_more_details": "Selle funktsiooni kohta rohkem teada saamiseks loe <link>dokumentatsiooni</link>.",
    "oauth_signing_algorithm": "Allkirjastamise algoritm",
    "oauth_storage_label_claim": "Talletussildi väide",
    "oauth_storage_label_claim_description": "Sea kasutaja talletussildiks automaatselt selle väite väärtus.",
    "oauth_storage_quota_claim": "Talletuskvoodi väide",
    "oauth_storage_quota_claim_description": "Sea kasutaja talletuskvoodiks automaatselt selle väite väärtus.",
    "oauth_storage_quota_default": "Vaikimisi talletuskvoot (GiB)",
    "oauth_storage_quota_default_description": "Kvoot (GiB), mida kasutada, kui ühtegi väidet pole esitatud (piiramatu kvoodi jaoks sisesta 0).",
    "oauth_timeout": "Päringu ajalõpp",
    "oauth_timeout_description": "Päringute ajalõpp millisekundites",
    "offline_paths": "Ühenduseta failiteed",
    "offline_paths_description": "Need tulemused võivad olla põhjustatud manuaalselt kustutatud failidest, mis ei ole osa välisest kogust.",
    "password_enable_description": "Logi sisse e-posti aadressi ja parooliga",
@@ -368,6 +367,19 @@
  "admin_password": "Administraatori parool",
  "administration": "Administratsioon",
  "advanced": "Täpsemad valikud",
  "advanced_settings_enable_alternate_media_filter_subtitle": "Kasuta seda valikut, et filtreerida sünkroonimise ajal üksuseid alternatiivsete kriteeriumite alusel. Proovi seda ainult siis, kui rakendusel on probleeme kõigi albumite tuvastamisega.",
  "advanced_settings_enable_alternate_media_filter_title": "[EKSPERIMENTAALNE] Kasuta alternatiivset seadme albumi sünkroonimise filtrit",
  "advanced_settings_log_level_title": "Logimistase: {}",
  "advanced_settings_prefer_remote_subtitle": "Mõned seadmed laadivad seadmes olevate üksuste pisipilte piinavalt aeglaselt. Aktiveeri see seadistus, et laadida selle asemel kaugpilte.",
  "advanced_settings_prefer_remote_title": "Eelista kaugpilte",
  "advanced_settings_proxy_headers_subtitle": "Määra vaheserveri päised, mida Immich peaks iga päringuga saatma",
  "advanced_settings_proxy_headers_title": "Vaheserveri päised",
  "advanced_settings_self_signed_ssl_subtitle": "Jätab serveri lõpp-punkti SSL-sertifikaadi kontrolli vahele. Nõutud endasigneeritud sertifikaatide jaoks.",
  "advanced_settings_self_signed_ssl_title": "Luba endasigneeritud SSL-sertifikaadid",
  "advanced_settings_sync_remote_deletions_subtitle": "Kustuta või taasta üksus selles seadmes automaatself, kui sama tegevus toimub veebis",
  "advanced_settings_sync_remote_deletions_title": "Sünkrooni kaugkustutamised [EKSPERIMENTAALNE]",
  "advanced_settings_troubleshooting_subtitle": "Luba lisafunktsioonid tõrkeotsinguks",
  "advanced_settings_troubleshooting_title": "Tõrkeotsing",
  "age_months": "Vanus {months, plural, one {# kuu} other {# kuud}}",
  "age_year_months": "Vanus 1 aasta, {months, plural, one {# kuu} other {# kuud}}",
  "age_years": "{years, plural, other {Vanus #}}",
@@ -376,6 +388,8 @@
  "album_cover_updated": "Albumi kaanepilt muudetud",
  "album_delete_confirmation": "Kas oled kindel, et soovid albumi {album} kustutada?",
  "album_delete_confirmation_description": "Kui see album on jagatud, ei pääse teised kasutajad sellele enam ligi.",
  "album_info_card_backup_album_excluded": "VÄLJA JÄETUD",
  "album_info_card_backup_album_included": "LISATUD",
  "album_info_updated": "Albumi info muudetud",
  "album_leave": "Lahku albumist?",
  "album_leave_confirmation": "Kas oled kindel, et soovid albumist {album} lahkuda?",
@@ -384,10 +398,22 @@
  "album_remove_user": "Eemalda kasutaja?",
  "album_remove_user_confirmation": "Kas oled kindel, et soovid kasutaja {user} eemaldada?",
  "album_share_no_users": "Paistab, et oled seda albumit kõikide kasutajatega jaganud, või pole ühtegi kasutajat, kellega jagada.",
  "album_thumbnail_card_item": "1 üksus",
  "album_thumbnail_card_items": "{} üksust",
  "album_thumbnail_card_shared": " · Jagatud",
  "album_thumbnail_shared_by": "Jagas {}",
  "album_updated": "Album muudetud",
  "album_updated_setting_description": "Saa teavitus e-posti teel, kui jagatud albumis on uusi üksuseid",
  "album_user_left": "Lahkutud albumist {album}",
  "album_user_removed": "Kasutaja {user} eemaldatud",
  "album_viewer_appbar_delete_confirm": "Kas oled kindel, et soovid selle albumi oma kontolt kustutada?",
  "album_viewer_appbar_share_err_delete": "Albumi kustutamine ebaõnnestus",
  "album_viewer_appbar_share_err_leave": "Albumist lahkumine ebaõnnestus",
  "album_viewer_appbar_share_err_remove": "Üksuste albumist eemaldamisel tekkis probleeme",
  "album_viewer_appbar_share_err_title": "Albumi pealkirja muutmine ebaõnnestus",
  "album_viewer_appbar_share_leave": "Lahku albumist",
  "album_viewer_appbar_share_to": "Jaga",
  "album_viewer_page_share_add_users": "Lisa kasutajaid",
  "album_with_link_access": "Luba kõigil, kellel on link, näha selle albumi fotosid ja isikuid.",
  "albums": "Albumid",
  "albums_count": "{count, plural, one {{count, number} album} other {{count, number} albumit}}",
@@ -405,42 +431,94 @@
  "api_key_description": "Seda väärtust kuvatakse ainult üks kord. Kopeeri see enne akna sulgemist.",
  "api_key_empty": "Su API võtme nimi ei tohiks olla tühi",
  "api_keys": "API võtmed",
  "app_bar_signout_dialog_content": "Kas oled kindel, et soovid välja logida?",
  "app_bar_signout_dialog_ok": "Jah",
  "app_bar_signout_dialog_title": "Logi välja",
  "app_settings": "Rakenduse seaded",
  "appears_in": "Albumid",
  "archive": "Arhiiv",
  "archive_or_unarchive_photo": "Arhiveeri või taasta foto",
  "archive_page_no_archived_assets": "Arhiveeritud üksuseid ei leitud",
  "archive_page_title": "Arhiveeri ({})",
  "archive_size": "Arhiivi suurus",
  "archive_size_description": "Seadista arhiivi suurus allalaadimiseks (GiB)",
  "archived": "Arhiveeritud",
  "archived_count": "{count, plural, other {# arhiveeritud}}",
  "are_these_the_same_person": "Kas need on sama isik?",
  "are_you_sure_to_do_this": "Kas oled kindel, et soovid seda teha?",
  "asset_action_delete_err_read_only": "Kirjutuskaitstud üksuseid ei saa kustutada, jätan vahele",
  "asset_added_to_album": "Lisatud albumisse",
  "asset_adding_to_album": "Albumisse lisamine…",
  "asset_description_updated": "Üksuse kirjeldus on muudetud",
  "asset_filename_is_offline": "Üksus {filename} ei ole kättesaadav",
  "asset_has_unassigned_faces": "Üksusel on seostamata nägusid",
  "asset_hashing": "Räsimine…",
  "asset_list_group_by_sub_title": "Grupeeri",
  "asset_list_layout_settings_dynamic_layout_title": "Dünaamiline asetus",
  "asset_list_layout_settings_group_automatically": "Automaatne",
  "asset_list_layout_settings_group_by": "Grupeeri üksused",
  "asset_list_layout_settings_group_by_month_day": "Kuu + päev",
  "asset_list_layout_sub_title": "Asetus",
  "asset_list_settings_subtitle": "Fotoruudustiku paigutuse sätted",
  "asset_list_settings_title": "Fotoruudustik",
  "asset_offline": "Üksus pole kättesaadav",
  "asset_offline_description": "Seda välise kogu üksust ei leitud kettalt. Abi saamiseks palun võta ühendust oma Immich'i administraatoriga.",
  "asset_restored_successfully": "Üksus edukalt taastatud",
  "asset_skipped": "Vahele jäetud",
  "asset_skipped_in_trash": "Prügikastis",
  "asset_uploaded": "Üleslaaditud",
  "asset_uploading": "Üleslaadimine…",
  "asset_viewer_settings_subtitle": "Halda galeriivaaturi seadeid",
  "asset_viewer_settings_title": "Üksuste vaatur",
  "assets": "Üksused",
  "assets_added_count": "{count, plural, one {# üksus} other {# üksust}} lisatud",
  "assets_added_to_album_count": "{count, plural, one {# üksus} other {# üksust}} albumisse lisatud",
  "assets_added_to_name_count": "{count, plural, one {# üksus} other {# üksust}} lisatud {hasName, select, true {albumisse <b>{name}</b>} other {uude albumisse}}",
  "assets_count": "{count, plural, one {# üksus} other {# üksust}}",
  "assets_deleted_permanently": "{} üksus(t) jäädavalt kustutatud",
  "assets_deleted_permanently_from_server": "{} üksus(t) Immich'i serverist jäädavalt kustutatud",
  "assets_moved_to_trash_count": "{count, plural, one {# üksus} other {# üksust}} liigutatud prügikasti",
  "assets_permanently_deleted_count": "{count, plural, one {# üksus} other {# üksust}} jäädavalt kustutatud",
  "assets_removed_count": "{count, plural, one {# üksus} other {# üksust}} eemaldatud",
  "assets_removed_permanently_from_device": "{} üksus(t) seadmest jäädavalt eemaldatud",
  "assets_restore_confirmation": "Kas oled kindel, et soovid oma prügikasti liigutatud üksused taastada? Seda ei saa tagasi võtta! Pane tähele, et sel meetodil ei saa taastada ühenduseta üksuseid.",
  "assets_restored_count": "{count, plural, one {# üksus} other {# üksust}} taastatud",
  "assets_restored_successfully": "{} üksus(t) edukalt taastatud",
  "assets_trashed": "{} üksus(t) liigutatud prügikasti",
  "assets_trashed_count": "{count, plural, one {# üksus} other {# üksust}} liigutatud prügikasti",
  "assets_trashed_from_server": "{} üksus(t) liigutatud Immich'i serveris prügikasti",
  "assets_were_part_of_album_count": "{count, plural, one {Üksus oli} other {Üksused olid}} juba osa albumist",
  "authorized_devices": "Autoriseeritud seadmed",
  "automatic_endpoint_switching_subtitle": "Ühendu lokaalselt üle valitud WiFi-võrgu, kui see on saadaval, ja kasuta mujal alternatiivseid ühendusi",
  "automatic_endpoint_switching_title": "Automaatne URL-i ümberlülitamine",
  "back": "Tagasi",
  "back_close_deselect": "Tagasi, sulge või tühista valik",
  "backup_album_selection_page_select_albums": "Vali albumid",
  "backup_album_selection_page_selection_info": "Valiku info",
  "backup_album_selection_page_total_assets": "Unikaalseid üksuseid kokku",
  "backup_all": "Kõik",
  "backup_background_service_default_notification": "Uute üksuste kontrollimine…",
  "backup_background_service_error_title": "Varundamise viga",
  "backup_controller_page_background_app_refresh_disabled_content": "Taustal varundamise kasutamiseks luba rakenduse taustal värskendamine: Seaded > Üldine > Rakenduse taustal värskendamine.",
  "backup_controller_page_background_app_refresh_disabled_title": "Rakenduse taustal värskendamine keelatud",
  "backup_controller_page_background_battery_info_link": "Näita mulle, kuidas",
  "backup_controller_page_background_battery_info_ok": "OK",
  "backup_controller_page_background_configure_error": "Taustateenuse seadistamine ebaõnnestus",
  "backup_controller_page_background_description": "Lülita taustateenus sisse, et uusi üksuseid automaatselt varundada, ilma et peaks rakendust avama",
  "backup_controller_page_background_is_off": "Automaatne varundamine on välja lülitatud",
  "backup_controller_page_background_is_on": "Automaatne varundamine on sisse lülitatud",
  "backup_controller_page_background_turn_off": "Lülita taustateenus välja",
  "backup_controller_page_background_turn_on": "Lülita taustateenus sisse",
  "backup_controller_page_background_wifi": "Ainult WiFi-võrgus",
  "backup_controller_page_backup_sub": "Varundatud fotod ja videod",
  "backup_controller_page_desc_backup": "Lülita sisse esiplaanil varundamine, et rakenduse avamisel uued üksused automaatselt serverisse üles laadida.",
  "backup_controller_page_to_backup": "Albumid, mida varundada",
  "backup_controller_page_total_sub": "Kõik unikaalsed fotod ja videod valitud albumitest",
  "backup_err_only_album": "Ei saa ainsat albumit eemaldada",
  "backup_info_card_assets": "üksused",
  "backup_manual_cancelled": "Tühistatud",
  "backup_manual_title": "Üleslaadimise staatus",
  "backup_setting_subtitle": "Halda taustal ja esiplaanil üleslaadimise seadeid",
  "backward": "Tagasi",
  "birthdate_saved": "Sünnikuupäev salvestatud",
  "birthdate_set_description": "Sünnikuupäeva kasutatakse isiku vanuse arvutamiseks foto tegemise hetkel.",
@@ -452,11 +530,19 @@
  "bulk_keep_duplicates_confirmation": "Kas oled kindel, et soovid {count, plural, one {# dubleeritud üksuse} other {# dubleeritud üksust}} alles jätta? Sellega märgitakse kõik duplikaadigrupid lahendatuks ilma midagi kustutamata.",
  "bulk_trash_duplicates_confirmation": "Kas oled kindel, et soovid {count, plural, one {# dubleeritud üksuse} other {# dubleeritud üksust}} masskustutada? Sellega jäetakse alles iga grupi suurim üksus ning duplikaadid liigutatakse prügikasti.",
  "buy": "Osta Immich",
  "cache_settings_clear_cache_button": "Tühjenda puhver",
  "cache_settings_statistics_album": "Kogu pisipildid",
  "cache_settings_statistics_full": "Täismõõdus pildid",
  "cache_settings_statistics_shared": "Jagatud albumite pisipildid",
  "cache_settings_statistics_thumbnail": "Pisipildid",
  "cache_settings_statistics_title": "Puhvri kasutus",
  "cache_settings_thumbnail_size": "Pisipiltide puhvri suurus ({} üksust)",
  "camera": "Kaamera",
  "camera_brand": "Kaamera mark",
  "camera_model": "Kaamera mudel",
  "cancel": "Katkesta",
  "cancel_search": "Katkesta otsing",
  "canceled": "Tühistatud",
  "cannot_merge_people": "Ei saa isikuid ühendada",
  "cannot_undo_this_action": "Sa ei saa seda tagasi võtta!",
  "cannot_update_the_description": "Kirjelduse muutmine ebaõnnestus",
@@ -467,6 +553,10 @@
  "change_name_successfully": "Nimi edukalt muudetud",
  "change_password": "Parooli muutmine",
  "change_password_description": "See on su esimene kord süsteemi siseneda, või on tehtud taotlus parooli muutmiseks. Palun sisesta allpool uus parool.",
  "change_password_form_confirm_password": "Kinnita parool",
  "change_password_form_new_password": "Uus parool",
  "change_password_form_password_mismatch": "Paroolid ei klapi",
  "change_password_form_reenter_new_password": "Korda uut parooli",
  "change_your_password": "Muuda oma parooli",
  "changed_visibility_successfully": "Nähtavus muudetud",
  "check_all": "Märgi kõik",
@@ -478,6 +568,14 @@
  "clear_all_recent_searches": "Tühjenda hiljutised otsingud",
  "clear_message": "Tühjenda sõnum",
  "clear_value": "Tühjenda väärtus",
  "client_cert_dialog_msg_confirm": "OK",
  "client_cert_enter_password": "Sisesta parool",
  "client_cert_import": "Impordi",
  "client_cert_import_success_msg": "Klientsertifikaat on imporditud",
  "client_cert_invalid_msg": "Vigane sertifikaadi fail või vale parool",
  "client_cert_remove_msg": "Klientsertifikaat on eemaldatud",
  "client_cert_subtitle": "Toetab ainult PKCS12 (.p12, .pfx) formaati. Sertifikaadi importimine/eemaldamine on saadaval ainult enne sisselogimist",
  "client_cert_title": "SSL klientsertifikaat",
  "clockwise": "Päripäeva",
  "close": "Sulge",
  "collapse": "Peida",
@@ -488,6 +586,8 @@
  "comment_options": "Kommentaari valikud",
  "comments_and_likes": "Kommentaarid ja meeldimised",
  "comments_are_disabled": "Kommentaarid on keelatud",
  "common_create_new_album": "Lisa uus album",
  "completed": "Lõpetatud",
  "confirm": "Kinnita",
  "confirm_admin_password": "Kinnita administraatori parool",
  "confirm_delete_face": "Kas oled kindel, et soovid isiku {name} näo üksuselt kustutada?",
@@ -497,6 +597,10 @@
  "contain": "Mahuta ära",
  "context": "Kontekst",
  "continue": "Jätka",
  "control_bottom_app_bar_create_new_album": "Lisa uus album",
  "control_bottom_app_bar_delete_from_local": "Kustuta seadmest",
  "control_bottom_app_bar_edit_location": "Muuda asukohta",
  "control_bottom_app_bar_edit_time": "Muuda kuupäeva ja aega",
  "copied_image_to_clipboard": "Pilt kopeeritud lõikelauale.",
  "copied_to_clipboard": "Kopeeritud lõikelauale!",
  "copy_error": "Kopeeri viga",
@@ -518,6 +622,7 @@
  "create_new_person": "Lisa uus isik",
  "create_new_person_hint": "Seosta valitud üksused uue isikuga",
  "create_new_user": "Lisa uus kasutaja",
  "create_shared_album_page_share_select_photos": "Vali fotod",
  "create_tag": "Lisa silt",
  "create_tag_description": "Lisa uus silt. Pesastatud siltide jaoks sisesta täielik tee koos kaldkriipsudega.",
  "create_user": "Lisa kasutaja",
@@ -542,19 +647,23 @@
  "delete": "Kustuta",
  "delete_album": "Kustuta album",
  "delete_api_key_prompt": "Kas oled kindel, et soovid selle API võtme kustutada?",
  "delete_dialog_title": "Kustuta jäädavalt",
  "delete_duplicates_confirmation": "Kas oled kindel, et soovid need duplikaadid jäädavalt kustutada?",
  "delete_face": "Kustuta nägu",
  "delete_key": "Kustuta võti",
  "delete_library": "Kustuta kogu",
  "delete_link": "Kustuta link",
  "delete_local_dialog_ok_backed_up_only": "Kustuta ainult varundatud",
  "delete_others": "Kustuta teised",
  "delete_shared_link": "Kustuta jagatud link",
  "delete_shared_link_dialog_title": "Kustuta jagatud link",
  "delete_tag": "Kustuta silt",
  "delete_tag_confirmation_prompt": "Kas oled kindel, et soovid sildi {tagName} kustutada?",
  "delete_user": "Kustuta kasutaja",
  "deleted_shared_link": "Jagatud link kustutatud",
  "deletes_missing_assets": "Kustutab üksused, mis on kettalt puudu",
  "description": "Kirjeldus",
  "description_input_hint_text": "Lisa kirjeldus...",
  "details": "Üksikasjad",
  "direction": "Suund",
  "disabled": "Välja lülitatud",
@@ -571,10 +680,20 @@
  "documentation": "Dokumentatsioon",
  "done": "Tehtud",
  "download": "Laadi alla",
  "download_canceled": "Allalaadimine katkestatud",
  "download_complete": "Allalaadimine lõpetatud",
  "download_enqueue": "Allalaadimine ootel",
  "download_error": "Allalaadimise viga",
  "download_failed": "Allalaadimine ebaõnnestus",
  "download_finished": "Allalaadimine lõpetatud",
  "download_include_embedded_motion_videos": "Manustatud videod",
  "download_include_embedded_motion_videos_description": "Lisa liikuvatesse fotodesse manustatud videod eraldi failidena",
  "download_paused": "Allalaadimine peatatud",
  "download_settings": "Allalaadimine",
  "download_settings_description": "Halda üksuste allalaadimise seadeid",
  "download_started": "Allalaadimine alustatud",
  "download_sucess": "Allalaadimine õnnestus",
  "download_sucess_android": "Meediumid laaditi alla kataloogi DCIM/Immich",
  "downloading": "Allalaadimine",
  "downloading_asset_filename": "Üksuse {filename} allalaadimine",
  "drop_files_to_upload": "Failide üleslaadimiseks sikuta need ükskõik kuhu",
@@ -593,6 +712,7 @@
  "edit_key": "Muuda võtit",
  "edit_link": "Muuda linki",
  "edit_location": "Muuda asukohta",
  "edit_location_dialog_title": "Asukoht",
  "edit_name": "Muuda nime",
  "edit_people": "Muuda isikuid",
  "edit_tag": "Muuda silti",
@@ -605,12 +725,15 @@
  "editor_crop_tool_h2_aspect_ratios": "Kuvasuhted",
  "editor_crop_tool_h2_rotation": "Pööre",
  "email": "E-post",
  "empty_folder": "See kaust on tühi",
  "empty_trash": "Tühjenda prügikast",
  "empty_trash_confirmation": "Kas oled kindel, et soovid prügikasti tühjendada? See eemaldab kõik seal olevad üksused Immich'ist jäädavalt.\nSeda tegevust ei saa tagasi võtta!",
  "enable": "Luba",
  "enabled": "Lubatud",
  "end_date": "Lõppkuupäev",
  "enter_wifi_name": "Sisesta WiFi-võrgu nimi",
  "error": "Viga",
  "error_change_sort_album": "Albumi sorteerimisjärjestuse muutmine ebaõnnestus",
  "error_delete_face": "Viga näo kustutamisel",
  "error_loading_image": "Viga pildi laadimisel",
  "error_title": "Viga - midagi läks valesti",
@@ -642,10 +765,12 @@
    "failed_to_keep_this_delete_others": "Selle üksuse säilitamine ja ülejäänute kustutamine ebaõnnestus",
    "failed_to_load_asset": "Üksuse laadimine ebaõnnestus",
    "failed_to_load_assets": "Üksuste laadimine ebaõnnestus",
    "failed_to_load_notifications": "Teavituste laadimine ebaõnnestus",
    "failed_to_load_people": "Isikute laadimine ebaõnnestus",
    "failed_to_remove_product_key": "Tootevõtme eemaldamine ebaõnnestus",
    "failed_to_stack_assets": "Üksuste virnastamine ebaõnnestus",
    "failed_to_unstack_assets": "Üksuste eraldamine ebaõnnestus",
    "failed_to_update_notification_status": "Teavituste seisundi uuendamine ebaõnnestus",
    "import_path_already_exists": "See imporditee on juba olemas.",
    "incorrect_email_or_password": "Vale e-posti aadress või parool",
    "paths_validation_failed": "{paths, plural, one {# tee} other {# teed}} ei valideerunud",
@@ -741,8 +866,14 @@
    "unable_to_upload_file": "Faili üleslaadimine ebaõnnestus"
  },
  "exif": "Exif",
  "exif_bottom_sheet_description": "Lisa kirjeldus...",
  "exif_bottom_sheet_details": "ÜKSIKASJAD",
  "exif_bottom_sheet_location": "ASUKOHT",
  "exif_bottom_sheet_people": "ISIKUD",
  "exif_bottom_sheet_person_add_person": "Lisa nimi",
  "exit_slideshow": "Sulge slaidiesitlus",
  "expand_all": "Näita kõik",
  "experimental_settings_title": "Eksperimentaalne",
  "expire_after": "Aegub",
  "expired": "Aegunud",
  "expires_date": "Aegub {date}",
@@ -753,6 +884,7 @@
  "extension": "Laiend",
  "external": "Väline",
  "external_libraries": "Välised kogud",
  "external_network_sheet_info": "Kui seade ei ole eelistatud WiFi-võrgus, ühendub rakendus serveriga allolevatest URL-idest esimese kättesaadava kaudu, alustades ülevalt",
  "face_unassigned": "Seostamata",
  "failed_to_load_assets": "Üksuste laadimine ebaõnnestus",
  "favorite": "Lemmik",
@@ -768,6 +900,8 @@
  "filter_people": "Filtreeri isikuid",
  "find_them_fast": "Leia teda kiiresti nime järgi otsides",
  "fix_incorrect_match": "Paranda ebaõige vaste",
  "folder": "Kaust",
  "folder_not_found": "Kausta ei leitud",
  "folders": "Kaustad",
  "folders_feature_description": "Kaustavaate abil failisüsteemis olevate fotode ja videote sirvimine",
  "forward": "Edasi",
@@ -783,7 +917,15 @@
  "group_owner": "Grupeeri omaniku kaupa",
  "group_places_by": "Grupeeri kohad...",
  "group_year": "Grupeeri aasta kaupa",
  "haptic_feedback_switch": "Luba haptiline tagasiside",
  "haptic_feedback_title": "Haptiline tagasiside",
  "has_quota": "On kvoot",
  "header_settings_add_header_tip": "Lisa päis",
  "header_settings_field_validator_msg": "Väärtus ei saa olla tühi",
  "header_settings_header_name_input": "Päise nimi",
  "header_settings_header_value_input": "Päise väärtus",
  "headers_settings_tile_subtitle": "Määra vaheserveri päised, mida rakendus peaks iga päringuga saatma",
  "headers_settings_tile_title": "Kohandatud vaheserveri päised",
  "hi_user": "Tere {name} ({email})",
  "hide_all_people": "Peida kõik isikud",
  "hide_gallery": "Peida galerii",
@@ -791,8 +933,20 @@
  "hide_password": "Peida parool",
  "hide_person": "Peida isik",
  "hide_unnamed_people": "Peida nimetud isikud",
  "home_page_add_to_album_conflicts": "{added} üksust lisati albumisse {album}. {failed} üksust oli juba albumis.",
  "home_page_add_to_album_err_local": "Lokaalseid üksuseid ei saa veel albumisse lisada, jätan vahele",
  "home_page_add_to_album_success": "{added} üksust lisati albumisse {album}.",
  "home_page_album_err_partner": "Partneri üksuseid ei saa veel albumisse lisada, jätan vahele",
  "home_page_archive_err_local": "Lokaalseid üksuseid ei saa veel arhiveerida, jätan vahele",
  "home_page_archive_err_partner": "Partneri üksuseid ei saa arhiveerida, jätan vahele",
  "home_page_building_timeline": "Ajajoone koostamine",
  "home_page_delete_err_partner": "Partneri üksuseid ei saa kustutada, jätan vahele",
  "home_page_favorite_err_local": "Lokaalseid üksuseid ei saa lemmikuks märkida, jätan vahele",
  "home_page_favorite_err_partner": "Partneri üksuseid ei saa lemmikuks märkida, jätan vahele",
  "home_page_share_err_local": "Lokaalseid üksuseid ei saa lingiga jagada, jätan vahele",
  "host": "Host",
  "hour": "Tund",
  "ignore_icloud_photos": "Ignoreeri iCloud fotosid",
  "image": "Pilt",
  "image_alt_text_date": "{isVideo, select, true {Video} other {Pilt}} tehtud {date}",
  "image_alt_text_date_1_person": "{isVideo, select, true {Video} other {Pilt}} tehtud {date} koos isikuga {person1}",
@@ -804,6 +958,8 @@
  "image_alt_text_date_place_2_people": "{isVideo, select, true {Video} other {Pilt}} tehtud {date} kohas {city}, {country} koos isikutega {person1} ja {person2}",
  "image_alt_text_date_place_3_people": "{isVideo, select, true {Video} other {Pilt}} tehtud {date} kohas {city}, {country} koos isikutega {person1}, {person2} ja {person3}",
  "image_alt_text_date_place_4_or_more_people": "{isVideo, select, true {Video} other {Pilt}} tehtud {date} kohas {city}, {country} koos {person1}, {person2} ja veel {additionalCount, number} isikuga",
  "image_viewer_page_state_provider_download_started": "Allalaadimine alustatud",
  "image_viewer_page_state_provider_download_success": "Allalaadimine õnnestus",
  "immich_logo": "Immich'i logo",
  "immich_web_interface": "Immich'i veebiliides",
  "import_from_json": "Impordi JSON-formaadist",
@@ -822,6 +978,8 @@
    "night_at_midnight": "Iga päev keskööl",
    "night_at_twoam": "Iga öö kell 2"
  },
  "invalid_date": "Vigane kuupäev",
  "invalid_date_format": "Vigane kuupäevaformaat",
  "invite_people": "Kutsu inimesi",
  "invite_to_album": "Kutsu albumisse",
  "items_count": "{count, plural, one {# üksus} other {# üksust}}",
@@ -842,6 +1000,9 @@
  "level": "Tase",
  "library": "Kogu",
  "library_options": "Kogu seaded",
  "library_page_new_album": "Uus album",
  "library_page_sort_asset_count": "Üksuste arv",
  "library_page_sort_title": "Albumi pealkiri",
  "light": "Hele",
  "like_deleted": "Meeldimine kustutatud",
  "link_motion_video": "Lingi liikuv video",
@@ -851,12 +1012,29 @@
  "list": "Loend",
  "loading": "Laadimine",
  "loading_search_results_failed": "Otsitulemuste laadimine ebaõnnestus",
  "local_network_sheet_info": "Rakendus ühendub valitud Wi-Fi võrgus olles serveriga selle URL-i kaudu",
  "location_permission_content": "Automaatseks ümberlülitumiseks vajab Immich täpse asukoha luba, et saaks lugeda aktiivse WiFi-võrgu nime",
  "location_picker_choose_on_map": "Vali kaardil",
  "log_out": "Logi välja",
  "log_out_all_devices": "Logi kõigist seadmetest välja",
  "logged_out_all_devices": "Kõigist seadmetest välja logitud",
  "logged_out_device": "Seadmest välja logitud",
  "login": "Logi sisse",
  "login_form_back_button_text": "Tagasi",
  "login_form_email_hint": "sinunimi@email.com",
  "login_form_endpoint_hint": "http://serveri-ip:port",
  "login_form_endpoint_url": "Serveri lõpp-punkti URL",
  "login_form_err_http": "Palun täpsusta http:// või https://",
  "login_form_err_invalid_email": "Vigane e-posti aadress",
  "login_form_err_invalid_url": "Vigane URL",
  "login_form_err_leading_whitespace": "Eelnevad tühikud",
  "login_form_err_trailing_whitespace": "Järgnevad tühikud",
  "login_form_password_hint": "parool",
  "login_form_save_login": "Jää sisselogituks",
  "login_form_server_empty": "Sisesta serveri URL.",
  "login_form_server_error": "Serveriga ühendumine ebaõnnestus.",
  "login_has_been_disabled": "Sisselogimine on keelatud.",
  "login_password_changed_success": "Parool edukalt uuendatud",
  "logout_all_device_confirmation": "Kas oled kindel, et soovid kõigist seadmetest välja logida?",
  "logout_this_device_confirmation": "Kas oled kindel, et soovid sellest seadmest välja logida?",
  "longitude": "Pikkuskraad",
@@ -874,13 +1052,27 @@
  "manage_your_devices": "Halda oma autenditud seadmeid",
  "manage_your_oauth_connection": "Halda oma OAuth ühendust",
  "map": "Kaart",
  "map_assets_in_bound": "{} foto",
  "map_assets_in_bounds": "{} fotot",
  "map_location_dialog_yes": "Jah",
  "map_location_picker_page_use_location": "Kasuta seda asukohta",
  "map_marker_for_images": "Kaardimarker kohas {city}, {country} tehtud piltide jaoks",
  "map_marker_with_image": "Kaardimarker pildiga",
  "map_settings": "Kaardi seaded",
  "map_settings_date_range_option_day": "Viimased 24 tundi",
  "map_settings_date_range_option_days": "Viimased {} päeva",
  "map_settings_date_range_option_year": "Viimane aasta",
  "map_settings_date_range_option_years": "Viimased {} aastat",
  "map_settings_dialog_title": "Kaardi seaded",
  "mark_all_as_read": "Märgi kõik loetuks",
  "mark_as_read": "Märgi loetuks",
  "marked_all_as_read": "Kõik märgiti loetuks",
  "matches": "Ühtivad failid",
-  "media_type": "Meedia tüüp",
+  "media_type": "Meediumi tüüp",
  "memories": "Mälestused",
  "memories_setting_description": "Halda, mida sa oma mälestustes näed",
  "memories_year_ago": "Aasta tagasi",
  "memories_years_ago": "{} aastat tagasi",
  "memory": "Mälestus",
  "memory_lane_title": "Mälestus {title}",
  "menu": "Menüü",
@@ -895,12 +1087,19 @@
  "missing": "Puuduvad",
  "model": "Mudel",
  "month": "Kuu",
  "monthly_title_text_date_format": "MMMM y",
  "more": "Rohkem",
  "moved_to_archive": "{count, plural, one {# üksus} other {# üksust}} liigutatud arhiivi",
  "moved_to_library": "{count, plural, one {# üksus} other {# üksust}} liigutatud kogusse",
  "moved_to_trash": "Liigutatud prügikasti",
  "multiselect_grid_edit_date_time_err_read_only": "Kirjutuskaitsega üksus(t)e kuupäeva ei saa muuta, jätan vahele",
  "multiselect_grid_edit_gps_err_read_only": "Kirjutuskaitsega üksus(t)e asukohta ei saa muuta, jätan vahele",
  "mute_memories": "Vaigista mälestused",
  "my_albums": "Minu albumid",
  "name": "Nimi",
  "name_or_nickname": "Nimi või hüüdnimi",
  "networking_settings": "Võrguühendus",
  "networking_subtitle": "Halda serveri lõpp-punkti seadeid",
  "never": "Mitte kunagi",
  "new_album": "Uus album",
  "new_api_key": "Uus API võti",
@@ -923,14 +1122,17 @@
  "no_favorites_message": "Lisa lemmikud, et oma parimaid fotosid ja videosid kiiresti leida",
  "no_libraries_message": "Lisa väline kogu oma fotode ja videote vaatamiseks",
  "no_name": "Nimetu",
  "no_notifications": "Teavitusi pole",
  "no_places": "Kohti ei ole",
  "no_results": "Vasteid pole",
  "no_results_description": "Proovi sünonüümi või üldisemat märksõna",
  "no_shared_albums_message": "Lisa album, et fotosid ja videosid teistega jagada",
  "not_in_any_album": "Pole üheski albumis",
  "note_apply_storage_label_to_previously_uploaded assets": "Märkus: Et rakendada talletussilt varem üleslaaditud üksustele, käivita",
  "note_unlimited_quota": "Märkus: Piiramatu kvoodi jaoks sisesta 0",
  "notes": "Märkused",
  "notification_permission_list_tile_content": "Anna luba teavituste saatmiseks.",
  "notification_permission_list_tile_enable_button": "Luba teavitused",
  "notification_permission_list_tile_title": "Teavituste luba",
  "notification_toggle_setting_description": "Luba e-posti teel teavitused",
  "notifications": "Teavitused",
  "notifications_setting_description": "Halda teavitusi",
@@ -941,6 +1143,7 @@
  "offline_paths_description": "Need tulemused võivad olla põhjustatud manuaalselt kustutatud failidest, mis ei ole osa välisest kogust.",
  "ok": "Ok",
  "oldest_first": "Vanemad eespool",
  "on_this_device": "Sellel seadmel",
  "onboarding": "Kasutuselevõtt",
  "onboarding_privacy_description": "Järgnevad (valikulised) funktsioonid sõltuvad välistest teenustest ning neid saab igal ajal administraatori seadetes välja lülitada.",
  "onboarding_theme_description": "Vali oma serverile värviteema. Saad seda hiljem seadetes muuta.",
@@ -948,6 +1151,7 @@
  "onboarding_welcome_user": "Tere tulemast, {user}",
  "online": "Ühendatud",
  "only_favorites": "Ainult lemmikud",
  "open": "Ava",
  "open_in_map_view": "Ava kaardi vaates",
  "open_in_openstreetmap": "Ava OpenStreetMap",
  "open_the_search_filters": "Ava otsingufiltrid",
@@ -964,6 +1168,10 @@
  "partner_can_access": "{partner} pääseb ligi",
  "partner_can_access_assets": "Kõik su fotod ja videod, välja arvatud arhiveeritud ja kustutatud",
  "partner_can_access_location": "Asukohad, kus su fotod tehti",
  "partner_list_user_photos": "Kasutaja {user} fotod",
  "partner_list_view_all": "Vaata kõiki",
  "partner_page_partner_add_failed": "Partneri lisamine ebaõnnestus",
  "partner_page_select_partner": "Vali partner",
  "partner_sharing": "Partneriga jagamine",
  "partners": "Partnerid",
  "password": "Parool",
@@ -992,6 +1200,8 @@
  "permanently_delete_assets_prompt": "Kas oled kindel, et soovid {count, plural, one {selle üksuse} other {need <b>#</b> üksust}} jäädavalt kustutada? Sellega eemaldatakse {count, plural, one {see} other {need}} ka oma albumi(te)st.",
  "permanently_deleted_asset": "Üksus jäädavalt kustutatud",
  "permanently_deleted_assets_count": "{count, plural, one {# üksus} other {# üksust}} jäädavalt kustutatud",
  "permission_onboarding_back": "Tagasi",
  "permission_onboarding_continue_anyway": "Jätka sellegipoolest",
  "person": "Isik",
  "person_birthdate": "Sündinud {date}",
  "person_hidden": "{name}{hidden, select, true { (peidetud)} other {}}",
@@ -1009,6 +1219,8 @@
  "play_motion_photo": "Esita liikuv foto",
  "play_or_pause_video": "Esita või peata video",
  "port": "Port",
  "preferences_settings_subtitle": "Halda rakenduse eelistusi",
  "preferences_settings_title": "Eelistused",
  "preset": "Eelseadistus",
  "preview": "Eelvaade",
  "previous": "Eelmine",
@@ -1016,6 +1228,8 @@
  "previous_or_next_photo": "Eelmine või järgmine foto",
  "primary": "Peamine",
  "privacy": "Privaatsus",
  "profile_drawer_app_logs": "Logid",
  "profile_drawer_github": "GitHub",
  "profile_image_of_user": "Kasutaja {user} profiilipilt",
  "profile_picture_set": "Profiilipilt määratud.",
  "public_album": "Avalik album",
@@ -1065,6 +1279,8 @@
  "recent": "Hiljutine",
  "recent-albums": "Hiljutised albumid",
  "recent_searches": "Hiljutised otsingud",
  "recently_added": "Hiljuti lisatud",
  "recently_added_page_title": "Hiljuti lisatud",
  "refresh": "Värskenda",
  "refresh_encoded_videos": "Värskenda kodeeritud videod",
  "refresh_faces": "Värskenda näod",
@@ -1121,6 +1337,7 @@
  "role_editor": "Muutja",
  "role_viewer": "Vaataja",
  "save": "Salvesta",
  "save_to_gallery": "Salvesta galeriisse",
  "saved_api_key": "API võti salvestatud",
  "saved_profile": "Profiil salvestatud",
  "saved_settings": "Seaded salvestatud",
@@ -1140,14 +1357,33 @@
  "search_camera_model": "Otsi kaamera mudelit...",
  "search_city": "Otsi linna...",
  "search_country": "Otsi riiki...",
  "search_filter_apply": "Rakenda filter",
  "search_filter_camera_title": "Vali kaamera tüüp",
  "search_filter_date": "Kuupäev",
  "search_filter_date_interval": "{start} kuni {end}",
  "search_filter_date_title": "Vali kuupäevavahemik",
  "search_filter_display_options": "Kuva valikud",
  "search_filter_filename": "Otsi failinime alusel",
  "search_filter_location": "Asukoht",
  "search_filter_location_title": "Vali asukoht",
  "search_filter_media_type": "Meediumi tüüp",
  "search_filter_media_type_title": "Vali meediumi tüüp",
  "search_filter_people_title": "Vali isikud",
  "search_for": "Otsi",
  "search_for_existing_person": "Otsi olemasolevat isikut",
  "search_no_people": "Isikuid ei ole",
  "search_no_people_named": "Ei ole isikuid nimega \"{name}\"",
  "search_options": "Otsingu valikud",
  "search_page_categories": "Kategooriad",
  "search_page_screenshots": "Ekraanipildid",
  "search_page_search_photos_videos": "Otsi oma fotosid ja videosid",
  "search_page_selfies": "Selfid",
  "search_page_things": "Asjad",
  "search_page_view_all_button": "Vaata kõiki",
  "search_people": "Otsi inimesi",
  "search_places": "Otsi kohti",
  "search_rating": "Otsi hinnangu järgi...",
  "search_result_page_new_search_hint": "Uus otsing",
  "search_settings": "Otsi seadeid",
  "search_state": "Otsi osariiki...",
  "search_tags": "Otsi silte...",
@@ -1168,12 +1404,17 @@
  "select_keep_all": "Vali jäta kõik alles",
  "select_library_owner": "Vali kogu omanik",
  "select_new_face": "Vali uus nägu",
  "select_person_to_tag": "Vali sildistamiseks isik",
  "select_photos": "Vali fotod",
  "select_trash_all": "Vali kõik prügikasti",
  "select_user_for_sharing_page_err_album": "Albumi lisamine ebaõnnestus",
  "selected": "Valitud",
  "selected_count": "{count, plural, other {# valitud}}",
  "send_message": "Saada sõnum",
  "send_welcome_email": "Saada tervituskiri",
  "server_endpoint": "Serveri lõpp-punkt",
  "server_info_box_app_version": "Rakenduse versioon",
  "server_info_box_server_url": "Serveri URL",
  "server_offline": "Serveriga ühendus puudub",
  "server_online": "Server ühendatud",
  "server_stats": "Serveri statistika",
@@ -1185,22 +1426,70 @@
  "set_date_of_birth": "Määra sünnikuupäev",
  "set_profile_picture": "Sea profiilipilt",
  "set_slideshow_to_fullscreen": "Kuva slaidiesitlus täisekraanil",
  "setting_image_viewer_help": "Detailivaatur laadib kõigepealt väikese pisipildi, seejärel keskmises mõõdus eelvaate (kui lubatud) ja lõpuks originaalpildi (kui lubatud).",
  "setting_image_viewer_preview_subtitle": "Luba keskmise resolutsiooniga pildi laadimine. Keela, et laadida kohe originaalpilt või kasutada ainult pisipilti.",
  "setting_image_viewer_preview_title": "Laadi pildi eelvaade",
  "setting_image_viewer_title": "Pildid",
  "setting_languages_apply": "Rakenda",
  "setting_languages_subtitle": "Muuda rakenduse keelt",
  "setting_languages_title": "Keeled",
  "setting_notifications_notify_hours": "{} tundi",
  "setting_notifications_notify_immediately": "kohe",
  "setting_notifications_notify_minutes": "{} minutit",
  "setting_notifications_notify_never": "mitte kunagi",
  "setting_notifications_notify_seconds": "{} sekundit",
  "setting_notifications_single_progress_title": "Kuva taustal varundamise detailset edenemist",
  "setting_notifications_subtitle": "Halda oma teavituste eelistusi",
  "setting_notifications_total_progress_title": "Kuva taustal varundamise üldist edenemist",
  "settings": "Seaded",
  "settings_saved": "Seaded salvestatud",
  "share": "Jaga",
  "share_add_photos": "Lisa fotosid",
  "share_assets_selected": "{} valitud",
  "shared": "Jagatud",
  "shared_album_section_people_action_error": "Viga albumist eemaldamisel/lahkumisel",
  "shared_album_section_people_action_leave": "Eemalda kasutaja albumist",
  "shared_album_section_people_action_remove_user": "Eemalda kasutaja albumist",
  "shared_album_section_people_title": "ISIKUD",
  "shared_by": "Jagas",
  "shared_by_user": "Jagas {user}",
  "shared_by_you": "Jagasid sina",
  "shared_from_partner": "Fotod partnerilt {partner}",
  "shared_link_app_bar_title": "Jagatud lingid",
  "shared_link_clipboard_copied_massage": "Kopeeritud lõikelauale",
  "shared_link_clipboard_text": "Link: {}\nParool: {}",
  "shared_link_create_error": "Viga jagatud lingi loomisel",
  "shared_link_edit_expire_after_option_day": "1 päev",
  "shared_link_edit_expire_after_option_days": "{} päeva",
  "shared_link_edit_expire_after_option_hour": "1 tund",
  "shared_link_edit_expire_after_option_hours": "{} tundi",
  "shared_link_edit_expire_after_option_minute": "1 minut",
  "shared_link_edit_expire_after_option_minutes": "{} minutit",
  "shared_link_edit_expire_after_option_months": "{} kuud",
  "shared_link_edit_expire_after_option_year": "{} aasta",
  "shared_link_expires_day": "Aegub {} päeva pärast",
  "shared_link_expires_days": "Aegub {} päeva pärast",
  "shared_link_expires_hour": "Aegub {} tunni pärast",
  "shared_link_expires_hours": "Aegub {} tunni pärast",
  "shared_link_expires_minute": "Aegub {} minuti pärast",
  "shared_link_expires_minutes": "Aegub {} minuti pärast",
  "shared_link_expires_never": "Ei aegu",
  "shared_link_expires_second": "Aegub {} sekundi pärast",
  "shared_link_expires_seconds": "Aegub {} sekundi pärast",
  "shared_link_info_chip_metadata": "EXIF",
  "shared_link_manage_links": "Halda jagatud linke",
  "shared_link_options": "Jagatud lingi valikud",
  "shared_links": "Jagatud lingid",
  "shared_links_description": "Jaga fotosid ja videosid lingiga",
  "shared_photos_and_videos_count": "{assetCount, plural, other {# jagatud fotot ja videot.}}",
  "shared_with_me": "Minuga jagatud",
  "shared_with_partner": "Jagatud partneriga {partner}",
  "sharing": "Jagamine",
  "sharing_enter_password": "Palun sisesta selle lehe vaatamiseks salasõna.",
  "sharing_page_album": "Jagatud albumid",
  "sharing_sidebar_description": "Kuva külgmenüüs Jagamise linki",
  "sharing_silver_appbar_create_shared_album": "Uus jagatud album",
  "sharing_silver_appbar_share_partner": "Jaga partneriga",
  "shift_to_permanent_delete": "vajuta ⇧, et üksus jäädavalt kustutada",
  "show_album_options": "Näita albumi valikuid",
  "show_albums": "Näita albumeid",
@@ -1267,6 +1556,7 @@
  "support_third_party_description": "Sinu Immich'i install on kolmanda osapoole pakendatud. Probleemid, mida täheldad, võivad olla põhjustatud selle pakendamise poolt, seega võta esmajärjekorras nendega ühendust, kasutades allolevaid linke.",
  "swap_merge_direction": "Muuda ühendamise suunda",
  "sync": "Sünkrooni",
  "sync_albums": "Sünkrooni albumid",
  "tag": "Silt",
  "tag_assets": "Sildista üksuseid",
  "tag_created": "Lisatud silt: {tag}",
@@ -1280,6 +1570,13 @@
  "theme": "Teema",
  "theme_selection": "Teema valik",
  "theme_selection_description": "Sea automaatselt hele või tume teema vastavalt veebilehitseja eelistustele",
  "theme_setting_colorful_interface_subtitle": "Rakenda taustapindadele primaarne värv.",
  "theme_setting_colorful_interface_title": "Värviline kasutajaliides",
  "theme_setting_image_viewer_quality_subtitle": "Kohanda detailvaaturi kvaliteeti",
  "theme_setting_image_viewer_quality_title": "Pildivaaturi kvaliteet",
  "theme_setting_primary_color_title": "Põhivärv",
  "theme_setting_system_primary_color_title": "Kasuta süsteemset värvi",
  "theme_setting_system_theme_switch": "Automaatne (järgi süsteemi seadet)",
  "they_will_be_merged_together": "Nad ühendatakse kokku",
  "third_party_resources": "Kolmanda osapoole ressursid",
  "time_based_memories": "Ajapõhised mälestused",
@@ -1299,7 +1596,11 @@
  "trash_all": "Kõik prügikasti",
  "trash_count": "Liiguta {count, number} prügikasti",
  "trash_delete_asset": "Kustuta üksus",
  "trash_emptied": "Prügikast tühjendatud",
  "trash_no_results_message": "Siia ilmuvad prügikasti liigutatud fotod ja videod.",
  "trash_page_delete_all": "Kustuta kõik",
  "trash_page_restore_all": "Taasta kõik",
  "trash_page_select_assets_btn": "Vali üksused",
  "trashed_items_will_be_permanently_deleted_after": "Prügikasti tõstetud üksused kustutatakse jäädavalt {days, plural, one {# päeva} other {# päeva}} pärast.",
  "type": "Tüüp",
  "unarchive": "Taasta arhiivist",
@@ -1335,6 +1636,7 @@
  "upload_status_errors": "Vead",
  "upload_status_uploaded": "Üleslaaditud",
  "upload_success": "Üleslaadimine õnnestus, uute üksuste nägemiseks värskenda lehte.",
  "uploading": "Üleslaadimine",
  "url": "URL",
  "usage": "Kasutus",
  "use_custom_date_range": "Kasuta kohandatud kuupäevavahemikku",
@@ -1355,6 +1657,7 @@
  "version": "Versioon",
  "version_announcement_closing": "Sinu sõber, Alex",
  "version_announcement_message": "Hei! Saadaval on uus Immich'i versioon. Palun võta aega, et lugeda <link>väljalasketeadet</link> ning veendu, et su seadistus on ajakohane, et vältida konfiguratsiooniprobleeme, eriti kui kasutad WatchTower'it või muud mehhanismi, mis Immich'it automaatselt uuendab.",
  "version_announcement_overlay_title": "Uus serveri versioon saadaval 🎉",
  "version_history": "Versiooniajalugu",
  "version_history_item": "Versioon {version} paigaldatud {date}",
  "video": "Video",
@@ -1372,16 +1675,21 @@
  "view_name": "Vaade",
  "view_next_asset": "Vaata järgmist üksust",
  "view_previous_asset": "Vaata eelmist üksust",
  "view_qr_code": "Vaata QR-koodi",
  "view_stack": "Vaata virna",
  "viewer_remove_from_stack": "Eemalda virnast",
  "viewer_unstack": "Eralda",
  "visibility_changed": "{count, plural, one {# isiku} other {# isiku}} nähtavus muudetud",
  "waiting": "Ootel",
  "warning": "Hoiatus",
  "week": "Nädal",
  "welcome": "Tere tulemast",
  "welcome_to_immich": "Tere tulemast Immich'isse",
  "wifi_name": "WiFi-võrgu nimi",
  "year": "Aasta",
  "years_ago": "{years, plural, one {# aasta} other {# aastat}} tagasi",
  "yes": "Jah",
  "you_dont_have_any_shared_links": "Sul pole ühtegi jagatud linki",
  "your_wifi_name": "Sinu WiFi-võrgu nimi",
  "zoom_image": "Suumi pilti"
 }
--- a/Show More
+++ b/Show More