Immich is such a no-brainer replacement for Apple Photos or Google Photos, combined with VPN like Tailscale, it's almost a drop in replacement

Beware that migrating back from Immich to iCloud/Google is not something Immich cares about. There is no "download all" anywhere, best way is to go to the server and get raw files from there.

https://github.com/immich-app/immich/discussions/14365

They’re literally on a disk drive I can physically touch. I think I can figure out a migration strategy for that.

It's tricky with iOS. Plugging iPhone into a server is stupid. Adding server as a network storage in Files app is smarter, but downloading photos this way does not guarantee deduplication. Would be great if Immmich iOS app had a restore functionality as convenient as existing backup functionality.

You migrate from the server, not the client. You seem confused about what Immich is.

The immediately obvious and simple to handle on-disk format for everything I cared about was one of the things that convinced me to give it a try. Well-crafted exporters are great and all, but I really like being confident that I can convert it by hand even if the company ceases to exist.

Backups are easy too: you can very reasonably just rsync the library folder, and it'll be recoverable from that alone (I tried it! Worked great). You'll lose accounts and image-content search and iirc faces (possibly painful), but most of that is trivially rebuilt or not very interesting for single-person scenarios.

This is symptoms of a chronically cloud-native brain. What is a file system?

what do you mean download all? its your server over your files. If you want them, go get them! Or just point google / apple / whatever upload at your library directory.

A download button would be great but the files are already stored on the device you can copy them with a usb or go on the device and upload it directly.

maybe I fail to see your point, but following the link, then https://github.com/immich-app/immich/discussions/5068 is referenced which is resolved by pr https://github.com/immich-app/immich/pull/18878 adding bulk download functionality (may have manually select all to bulk download, unsure). At any rate I don't see where they say explicitly that they are against it

[dead]

Maybe I'm missing something but the linked discussion has a link to a closed issue that links a PR that added the feature you say is missing.

It's just files on a disc drive. Why do you need a button for this?

I put all my files in a folder. I’d simply get them there. No concern about this at all.

There’s no download all in apple photos either unless they added it

Yes, that's even more stupid! Best way to export photos from iCloud if you don't have mac is to use iCloud from the browser and bulk download from there, but it has a 10k files-per download limit! It also doesn't allow you to select all and partiton download this way, I had to manually increase selection until it's 10k and remember where I started.

You can download all you Apple data now, including photos.

https://privacy.apple.com/account -> "Get a copy of your data"

Then you will need to chose the maximum size of an archive part and wait for link to a download page.

CMD-A then export all X unmodified originals works fine

And yet, the same is true for Apple photos about ease of export:

If you set the pref to keep originals locally, they're all on your drive, in original form, as well as the derived versions including caches of raw to jpeg, resolutions, and edited versions.

That said, Apple Photos does let you export even if only in cloud. Open the library, select all, and File > Export ... > Export Unmodified Originals.

It pauses for a second or two on my quarter million images, but is then happy to comply.

Or you can get all you data from https://privacy.apple.com/account

Are there any side effects of leaving Immich public? I think people overestimate the risks. Just update your stuff regularly, follow simple rules, and set up something like CrowdSec. I know it's simpler to just use Tailscale and similar tools, but recently I see the trend that people don't even consider otherwise.

I'd throw it behind Wireguard, personally. Belt and suspenders.

(I keep meaning to look at it and keep kicking it down the road.)

That's what I do. I have Wireguard connected on my iPhone at all times.

LLMs became so good that I don't trust a codebase like Immich to have ports to my server exposed publicly.

I put everything behind Wireguard to limit the number of lines of code that might bring down my setup.

> Are there any side effects of leaving Immich public ?

Yes: it is necessary to share selected albums through public URL.

There is a project, which proxies album requests to a private immich instance, if one doesn't want to expose it: https://github.com/alangrainger/immich-public-proxy

I only wish it would support nested albums (or albums in folders) so it could be an easy replacement for lightroom cloud as well.

I have all of my photos organized like this: `events -> year/month - holiday -> (album_1, ...)`. and: `home town -> year -> (album_1, ...)`. Photos will be in multiple albums, and there will be edits as well. And I need to track the picked/rejected state as well (and filter on it).

Only reason I haven't moved over to Immich yet is because I am struggling to map my photo organization onto it's way of doing things in a way that's nice. So far my attempts have been unwieldy.

I’ve been using photoprism. Should I switch?

I'm in the same boat, and have been meaning to try immich but slightly worried about migration effort. Should I import fresh into Immich or setup my existing photoprism as an external library? I think the former is probably correct, but the latter might be easier?

Anyone have experience with this? I haven't done much modification or album creation in photoprism, so am happy to start from scratch on that front.

Give it a try, Immich is truly wonderful. Rich in features, polished UX, it's now better than Google Photos.

Is there any side effects of leaving the phone connected to Tailscale VPN all day?

I can only comment about battery life. It's proportinal to how much tailscale is really being used: If you use tailscale with an "exit node", i.e. all traffic is routed through it and it's working continously, it drains battery. If it's only used for services on your tailnet, e.g. Immich, the impact will be very small.

I have a static route configured on my home's gateway that enables any device on my network to access Tailscale. I have Tailscale turned on my iPhone pretty much all the time anyway, but even if I didn't I'd still be able to access services I have hosted that are only accessible on my tailnet.

i've had tailscale almost permanently enabled for a couple of years at this point and it's never a problem (ios, nextdns with a tailscale specific profile rather than a pihole or something)

If you are okay with internet exposure on some level, Cloudflare Tunnel is a really fantastic product:

https://developers.cloudflare.com/tunnel/

It’s obviously not a magical security layer that eliminates all issues related to public Internet exposure, but in my opinion it is good enough for the average home user.

Note that Cloudflare Tunnel blocks requests above 100MiB, which makes it impossible to upload long videos. This is being addressed in https://github.com/immich-app/immich/pull/22385

Oh good callout, I had only tried it for not-giant-upload services.

[dead]

Could impact battery usage, possibly?

But the way I do access Immich externally is not with Tailscale directly on my phone but involves exposing a caddy instance, running on a $1 VPS, to the internet.

If requests include a specific very long header (which I randomly made up), it then forwards those requests to my real Immich instance, which runs on my NAS. Headers can be configured within the mobile app. It has worked really well for me so far.

Here's some data. Well, technically anecdata, I suppose.

My phone has been powered on but inactive all night; I charged it to 80% before going to bed, then unplugged it and left it where I can reach it from my bed, as is my habit. (I'm in an Asian timezone, in case you hadn't guessed, so it's morning for me while it's evening in America right now). Its battery is now at 73%. The Android battery report says 6% battery usage from Kindle (makes sense, I started reading a book when I woke up), 0.7% from Signal (haven't sent any messages yet today but have received a few), and 0.3% from Tailscale.

So when you're not using the Tailscale network actively, you'll hardly notice the battery drain.

On an older iPhone, my Settings shows 3% going toward Tailscale.

I remember having problems using tailscale vpn 24/7 and pihole on my home network with the phone pointed at the 192.168 address for DNS. Pages would take 5s to resolve and start loading.

Unfortunately, Pihole was less important than Tailscale and I have to put up with mobile ads.

If you're on Android and don't like mobile ads [Morphe](https://morphe.software/) might be worth a look.

If Tailscale is on, I can't concurrently run a DNS-blocking local VPN, so I see ads in mobile Chrome.

Put a Pihole container on your homelab which you have the Tailscale exit node on and then set it as the forced Tailnet DNS.

Could host it in the tailnet?

You can but it’s a lot slower.

I leave my phone connected 24/7 and don’t notice any downsides. Only have to disable it on some networks when traveling to make awful captive portals work.

No lots of people including myself do this for homelab access purposes it just works (tm).