overthinkos/immich-ml
ov-immich/skills/immich-ml/SKILL.md
Immich photo management with CUDA ML backend for face recognition and smart search. Includes PostgreSQL, Redis, and the immich-ml service. MUST be invoked before building, deploying, configuring, or troubleshooting the immich-ml image.
development
Updated May 6, 2026
$ install --global
skillsauthnpx skillsauth add overthinkos/overthink-plugins immich-mlInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: May 6, 2026, 6:55 AM243.9s1 file scanned
SKILL.md
- name:
- immich-ml
- description:
- |
immich-ml
Immich photo management with GPU-accelerated machine learning for face recognition and smart search.
Image Properties
| Property | Value | |----------|-------| | Base | fedora | | Layers | agent-forwarding, nodejs24, cuda, python-ml, supervisord, postgresql, vectorchord, redis, immich, immich-ml | | Platforms | linux/amd64 | | Ports | 2283 | | Registry | ghcr.io/overthinkos |
Full Layer Stack
fedora(quay.io/fedora/fedora:43)pixi→python→supervisord(transitive)nodejs24— Node.js 24 runtimecuda— CUDA toolkit, cuDNNpython-ml— ML Python environmentpostgresql— database on :5432vectorchord— VectorChord vector similarity extensionredis— cache on :6379immich— Immich server on :2283immich-ml— ML backend on :3003
Ports
| Port | Service | Protocol | |------|---------|----------| | 2283 | Immich web UI + API | HTTP |
Volumes
| Name | Path | Purpose | |------|------|---------| | library | ~/.immich/library | Photo/video storage | | cache | ~/.immich/cache | Thumbnail cache | | import | ~/.immich/import | Photo import directory | | external | ~/.immich/external | External library (no-copy) | | pgdata | ~/.postgresql | PostgreSQL data | | models | ~/.immich/models | ML models |
Quick Start
ov image build immich-ml
ov config setup immich-ml
ov start immich-ml
# Open http://localhost:2283
Key Layers
/ov-immich:immich— Immich server, db init, library/cache volumes/ov-immich:immich-ml— ML backend for face recognition and smart search/ov-foundation:cuda— GPU support/ov-foundation:python-ml— ML Python environment/ov-foundation:postgresql— database backend/ov-foundation:vectorchord— VectorChord for smart search/ov-foundation:redis— session/cache backend
Related Images
/ov-immich:immich— CPU-only (no ML, no face recognition)/ov-foundation:nvidia— GPU base without Immich
Verification
After ov start:
ov status immich-ml— container runningov service status immich-ml— all services RUNNINGcurl -s -o /dev/null -w '%{http_code}' http://localhost:2283— Immich HTTP returns 200curl -s -o /dev/null -w '%{http_code}' http://localhost:3003— ML backend HTTP returns 200
Test Coverage
Latest ov eval live immich-ml run: 61 passed, 0 failed, 2 skipped.
The 2 skips are redis-responds and redis-port-open — they reference
${HOST_PORT:6379} which isn't mapped on this image (redis is internal
to the pod). Correct skip behavior; no authoring action needed.
Covers postgres binaries + pg_isready, valkey-compat-redis package
(Fedora 43 rename — see /ov-foundation:redis), pytorch + vllm importable
in python-ml pixi env, nodejs24 + cuda, Immich server dist/main.js,
DB migrate script, geodata init SQL, ML venv + immich_ml/ module.
Deploy-scope: port 2283 host-reachable, /api/server/ping returns 200
with pong, internal ML endpoint reachable via in-container
curl http://127.0.0.1:3003/ping. Image-scope: supervisorctl orchestrates
postgresql + redis + immich-server + immich-ml all RUNNING.
Related Skills
/ov-immich:immich,/ov-immich:immich-ml,/ov-foundation:postgresql,/ov-foundation:vectorchord,/ov-foundation:redis,/ov-foundation:nvidia,/ov-foundation:cuda,/ov-foundation:python-ml,/ov-coder:nodejs24,/ov-foundation:supervisord,/ov-foundation:dbus,/ov-foundation:ov,/ov-foundation:agent-forwarding/ov-build:eval— framework + runtime variable rules (why skips happen)/ov-core:config— deploy setup (pg password secret, volume backing)/ov-immich:immich— non-ML variant
When to Use This Skill
MUST be invoked when the task involves the immich-ml image, Immich ML features, or GPU-accelerated photo management. Invoke this skill BEFORE reading source code or launching Explore agents.
Related
/ov-build:image— image family umbrella (image:entries inoverthink.yml, build/validate/inspect/list)/ov-build:build—build.ymlvocabulary (distros, builders, init-systems)
Related Skills
overthinkos/charly
tools
VerifiedTrustedCommunity
OpenCharly CLI (charly) binary installed into container/VM images for in-container use. Use when working with charly binary deployment inside containers, native D-Bus support, or the full charly toolchain (charly binary + virtualization + gocryptfs + socat).
SKILL.mdUpdated Jun 10, 2026
overthinkos/charly-cachyos
development
VerifiedTrustedCommunity
Operator CachyOS workstation profile — a kind:local template + target:local deploy that installs the full dev stack (30 candies) onto a CachyOS host via ShellExecutor. Lives in the overthinkos/cachyos submodule. MUST be invoked before editing or applying the charly-cachyos workstation profile.
SKILL.mdUpdated Jun 10, 2026
overthinkos/charly-fedora
tools
VerifiedTrustedCommunity
Fedora box with the full charly toolchain using shared candies. Rootless-first — runs as uid=1000 with passwordless sudo (no root, no cap_add: ALL). Same candy list as charly-arch. Includes NVIDIA GPU runtime. MUST be invoked before building, deploying, configuring, or troubleshooting the charly-fedora box.
SKILL.mdUpdated Jun 10, 2026
overthinkos/charly-arch
tools
VerifiedTrustedCommunity
Arch Linux box with the full charly toolchain. Rootless-first — runs as uid=1000 with passwordless sudo (no root, no cap_add: ALL). Composes /charly-coder:charly-mcp so the box is reachable as an MCP gateway on port 18765. NVIDIA GPU runtime composed in. MUST be invoked before building, deploying, configuring, or troubleshooting the charly-arch box.
SKILL.mdUpdated Jun 10, 2026