---
tags:
  - service
  - josiedot
  - irc-now
domain: irc.pics
status: active
stack:
  - Rust
  - Axum
  - Keycloak OIDC
  - PostgreSQL
  - MinIO (S3)
auth: Keycloak
---
# irc.now Image Host (irc.pics)

Authenticated image hosting for irc.now users. Generates WebP thumbnails.

## URLs
- https://irc.pics

## Stack
- Rust (Axum 0.8, openid 0.23, tower-sessions, askama 0.15)
- PostgreSQL via CNPG (pics-db)
- MinIO (S3) via rust-s3 0.35
- image 0.25 for thumbnail generation (300px WebP)

## Auth
Keycloak OIDC via `irc-now` realm, client `pics`.
- Session: tower-sessions MemoryStore, SameSite::Lax

## Routes
- /auth/login, /auth/callback, /auth/logout
- / (upload page), /upload (POST)
- /my (user's images)
- /{id} (view), /{id}/raw (original), /{id}/thumb (300px WebP thumbnail), /{id}/delete (POST)

## Storage
- MinIO at http://minio.irc-josie-cloud:9000
- Bucket: pics
- Credentials: minio-credentials secret
- Limits: 50MB free / 1GB pro

## Expiry
- Free: 90-day expiry
- Pro + content_expires=true: 90-day expiry
- Pro + content_expires=false: no expiry
- Hourly cleanup task: queries expired images, deletes from S3 (original + thumbnail), deletes from DB
- Plan and content_expires extracted from Keycloak ID token JWT custom claims

## Deployment
- OCP namespace: irc-josie-cloud
- Build: `oc start-build pics --from-archive` (rust:1.88 -> ubi9-minimal)
- Containerfile: crates/pics/Containerfile
- Resources: 128Mi/512Mi memory, 50m/500m cpu
- TLS: cert-manager Certificate CR -> externalCertificate on Route
- Certificate: irc-pics-tls
- Env from secrets: pics-db-app, oidc-pics, minio-credentials

## Source
- Repo: ~/development/irc-now
- Crate: `crates/pics/`

## Related
- [[irc-now-portal]]
- [[irc-now-txt]]