fix(immich): improve thumbnail loading performance on iOS app

- Bump immich-server memory 1700Mi/2500Mi → 2000Mi/3500Mi to prevent OOM kills
- Disable anti-AI middleware chain for Immich (removes 3 unnecessary ForwardAuth
  hops per request — Immich content is behind auth, not crawlable)
- Double rate limit to 200 avg / 2000 burst for fast-scroll thumbnail requests
- Fix ImmichFrame image tag (1.7.4 → v1.0.32.0)
- Add PostgreSQL vector search prewarming and tuning (SSD storage type,
  init container for override conf, postStart pg_prewarm)

stacks/immich/frame.tf

@@ -64,7 +64,7 @@ resource "kubernetes_deployment" "immich-frame" {
       }
       spec {
         container {
-          image = "ghcr.io/immichframe/immichframe:1.7.4"
+          image = "ghcr.io/immichframe/immichframe:v1.0.32.0"
           name  = "immich-frame"
           resources {
             requests = {

stacks/immich/main.tf

@@ -284,10 +284,10 @@ resource "kubernetes_deployment" "immich_server" {
           resources {
             requests = {
               cpu    = "100m"
-              memory = "1700Mi"
+              memory = "2000Mi"
             }
             limits = {
-              memory = "2500Mi"
+              memory = "3500Mi"
             }
           }
         }
@@ -422,22 +422,56 @@ resource "kubernetes_deployment" "immich-postgres" {
           }
           env {
             name  = "DB_STORAGE_TYPE"
-            value = "HDD"
+            value = "SSD"
           }
           volume_mount {
             name       = "postgresql-persistent-storage"
             mount_path = "/var/lib/postgresql/data"
           }
+          lifecycle {
+            post_start {
+              exec {
+                command = ["/bin/sh", "-c", <<-EOT
+                  # Wait for PG to accept connections, then prewarm vector search tables
+                  for i in $(seq 1 60); do
+                    if pg_isready -U postgres > /dev/null 2>&1; then
+                      psql -U postgres -d immich -c "CREATE EXTENSION IF NOT EXISTS pg_prewarm; SELECT pg_prewarm('smart_search'); SELECT pg_prewarm('clip_index');" > /dev/null 2>&1
+                      break
+                    fi
+                    sleep 1
+                  done
+                EOT
+                ]
+              }
+            }
+          }
           resources {
             requests = {
-              cpu    = "50m"
-              memory = "1Gi"
+              cpu    = "100m"
+              memory = "2Gi"
             }
             limits = {
-              memory = "1Gi"
+              memory = "2Gi"
             }
           }
         }
+        init_container {
+          name  = "write-pg-override-conf"
+          image = "busybox:1.36"
+          command = ["sh", "-c", <<-EOT
+            cat > /data/postgresql.override.conf <<'PGCONF'
+            # Immich vector search performance tuning
+            shared_buffers = 1024MB
+            effective_cache_size = 1536MB
+            work_mem = 64MB
+            PGCONF
+          EOT
+          ]
+          volume_mount {
+            name       = "postgresql-persistent-storage"
+            mount_path = "/data"
+          }
+        }
         volume {
           name = "postgresql-persistent-storage"
           persistent_volume_claim {
@@ -646,6 +680,7 @@ module "ingress-immich" {
   rybbit_site_id          = "35eedb7a3d2b"
   skip_default_rate_limit = true
   extra_middlewares       = ["traefik-immich-rate-limit@kubernetescrd"]
+  anti_ai_scraping        = false
   extra_annotations = {
     "gethomepage.dev/enabled"        = "true"
     "gethomepage.dev/description"    = "Photos library"

stacks/traefik/modules/traefik/middleware.tf

@@ -244,8 +244,8 @@ resource "kubernetes_manifest" "middleware_immich_rate_limit" {
     }
     spec = {
       rateLimit = {
-        average = 100
-        burst   = 1000
+        average = 200
+        burst   = 2000
       }
     }
   }