promote to table of content

* feat: handle-error minor improvments

* review comments

* Update web/src/lib/utils/handle-error.ts

Co-authored-by: Jason Rasmussen <jason@rasm.me>

---------

Co-authored-by: Alex <alex.tran1502@gmail.com>
Co-authored-by: Jason Rasmussen <jason@rasm.me>

docs/docs/administration/backup-and-restore.md

@@ -5,53 +5,98 @@ import TabItem from '@theme/TabItem';
 
 A [3-2-1 backup strategy](https://www.backblaze.com/blog/the-3-2-1-backup-strategy/) is recommended to protect your data. You should keep copies of your uploaded photos/videos as well as the Immich database for a comprehensive backup solution. This page provides an overview on how to backup the database and the location of user-uploaded pictures and videos. A template bash script that can be run as a cron job is provided [here](/guides/template-backup-script.md)
 
-:::danger
-The instructions on this page show you how to prepare your Immich instance to be backed up, and which files to take a backup of. You still need to take care of using an actual backup tool to make a backup yourself.
-:::
-
 ## Database
 
-:::caution
-Immich saves [file paths in the database](https://github.com/immich-app/immich/discussions/3299), it does not scan the library folder to update the database so backups are crucial.
-:::
+Immich stores [file paths in the database](https://github.com/immich-app/immich/discussions/3299), users metadata in the database, it does not scan the library folder, so database backups are essential
 
-:::info
-Refer to the official [postgres documentation](https://www.postgresql.org/docs/current/backup.html) for details about backing up and restoring a postgres database.
-:::
+### Automatic Database Backups
+
+Immich automatically creates database backups for disaster-recovery purposes. These backups are stored in `UPLOAD_LOCATION/backups` and can be managed through the web interface.
+
+You can adjust the backup schedule and retention settings in **Administration > Settings > Backup** (default: keep last 14 backups, create daily at 2:00 AM).
 
 :::caution
-It is not recommended to directly backup the `DB_DATA_LOCATION` folder. Doing so while the database is running can lead to a corrupted backup that cannot be restored.
+Database backups do **NOT** contain photos or videos — only metadata. They must be used together with a copy of the files in `UPLOAD_LOCATION` as outlined below.
 :::
 
-### Automatic Database Dumps
+#### Creating a Backup
+
+You can trigger a database backup manually:
+
+1. Go to **Administration > Queues**
+2. Click **Create job** in the top right
+3. Select **Create Database Backup** and click **Confirm**
+
+The backup will appear in `UPLOAD_LOCATION/backups` and counts toward your retention limit.
+
+### Restoring a Database Backup
+
+Immich provides two ways to restore a database backup: through the web interface or via the command line. The web interface is the recommended method for most users.
+
+### Restore from Settings {#restore-from-settings}
+
+If you have an existing Immich installation:
+
+1. Go to **Administration > Maintenance**
+2. Expand the **Restore database backup** section
+3. You'll see a list of available backups with their version and creation date
+4. Click **Restore** next to the backup you want to restore
+5. Confirm the restore operation
 
 :::warning
-The automatic database dumps can be used to restore the database in the event of damage to the Postgres database files.
-There is no monitoring for these dumps and you will not be notified if they are unsuccessful.
+Restoring a backup will wipe the current database and replace it with the backup. A restore point is automatically created before the operation begins, allowing rollback if the restore fails.
 :::
 
-:::caution
-The database dumps do **NOT** contain any pictures or videos, only metadata. They are only usable with a copy of the other files in `UPLOAD_LOCATION` as outlined below.
+### Restore from Onboarding {#restore-from-onboarding}
+
+If you're setting up Immich on a fresh installation and want to restore from an existing backup:
+
+1. On the welcome screen, click **Restore from backup**
+2. Immich will enter maintenance mode and display integrity checks for your storage folders
+3. Review the folder status to ensure your library files are accessible
+4. Click **Next** to proceed to backup selection
+5. Select a backup from the list or upload a backup file (`.sql.gz`)
+6. Click **Restore** to begin the restoration process
+
+:::tip
+Before restoring, ensure your `UPLOAD_LOCATION` folders contain the same files that existed when the backup was created. The integrity check will show you which folders are readable/writable and how many files they contain.
 :::
 
-For disaster-recovery purposes, Immich will automatically create database dumps. The dumps are stored in `UPLOAD_LOCATION/backups`.
-Please be sure to make your own, independent backup of the database together with the asset folders as noted below.
-You can adjust the schedule and amount of kept database dumps in the [admin settings](http://my.immich.app/admin/system-settings?isOpen=backup).
-By default, Immich will keep the last 14 database dumps and create a new dump every day at 2:00 AM.
+### Uploading a Backup File {#uploading-backup}
 
-#### Trigger Dump
+You can upload a database backup file directly:
 
-You are able to trigger a database dump in the [admin job status page](http://my.immich.app/admin/queues).
-Visit the page, open the "Create job" modal from the top right, select "Create Database Dump" and click "Confirm".
-A job will run and trigger a dump, you can verify this worked correctly by checking the logs or the `backups/` folder.
-This dumps will count towards the last `X` dumps that will be kept based on your settings.
+1. In the **Restore database backup** section, click **Select from computer**
+2. Choose a `.sql.gz` file
+3. The uploaded backup will appear in the list with an "uploaded-" prefix
+4. Click **Restore** to restore from the uploaded file
 
-#### Restoring
+### Backup Version Compatibility {#backup-compatibility}
 
-We hope to make restoring simpler in future versions, for now you can find the database dumps in the `UPLOAD_LOCATION/backups` folder on your host.
-Then please follow the steps in the following section for restoring the database.
+When viewing backups, Immich displays compatibility indicators:
 
-### Manual Backup and Restore
+- ✅ **Green checkmark**: Backup version matches current Immich version
+- ⚠️ **Warning**: Backup was created with a different Immich version
+- ❌ **Error**: Could not determine backup version
+
+:::warning
+Restoring a backup from a different Immich version may require database migrations. The restore process will attempt to run migrations automatically, but you should ensure you're restoring to a compatible version when possible.
+:::
+
+### Restore Process {#restore-process}
+
+During restoration, Immich will:
+
+1. Create a backup of the current database (restore point)
+2. Restore the selected backup
+3. Run database migrations if needed
+4. Perform a health check to verify the restore succeeded
+
+If the restore fails (e.g., corrupted backup or missing admin user), Immich will automatically roll back to the restore point.
+
+### Restore via Command Line {#restore-cli}
+
+For advanced users or automated recovery scenarios, you can restore a database backup using the command line.
 
 <Tabs>
   <TabItem value="Linux system" label="Linux system" default>
@@ -106,10 +151,12 @@ docker compose up -d                              # Start remainder of Immich ap
   </TabItem>
 </Tabs>
 
-Note that for the database restore to proceed properly, it requires a completely fresh install (i.e. the Immich server has never run since creating the Docker containers). If the Immich app has run, Postgres conflicts may be encountered upon database restoration (relation already exists, violated foreign key constraints, multiple primary keys, etc.), in which case you need to delete the `DB_DATA_LOCATION` folder to reset the database.
+:::note
+For the database restore to proceed properly, it requires a completely fresh install (i.e., the Immich server has never run since creating the Docker containers). If the Immich app has run, you may encounter Postgres conflicts (relation already exists, violated foreign key constraints, etc.). In this case, delete the `DB_DATA_LOCATION` folder to reset the database.
+:::
 
 :::tip
-Some deployment methods make it difficult to start the database without also starting the server. In these cases, you may set the environment variable `DB_SKIP_MIGRATIONS=true` before starting the services. This will prevent the server from running migrations that interfere with the restore process. Be sure to remove this variable and restart the services after the database is restored.
+Some deployment methods make it difficult to start the database without also starting the server. In these cases, set the environment variable `DB_SKIP_MIGRATIONS=true` before starting the services. This prevents the server from running migrations that interfere with the restore process. Remove this variable and restart services after the database is restored.
 :::
 
 ## Filesystem

docs/docs/features/automatic-backup.md

@@ -1,37 +1,42 @@
 # Automatic Backup
 
+## Overview
+
 Immich supports uploading photos and videos from your mobile device to the server automatically.
 
----
+By enable the backup button, Immich will upload new photos and videos from selected albums when you open or resume the app, as well as periodically in the background (iOS), or when the a new photos or videos are taken (Android).
 
-You can enable the settings by accessing the upload options from the upload page
+<img
+src={require('./img/enable-backup-button.webp').default}
+width="300px"
+title="Upload button"
+/>
 
-<img src={require('./img/backup-settings-access.webp').default} width="50%" title="Backup option selection" />
+## Platform Specific Features
 
-<img src={require('./img/background-foreground-backup.webp').default} width="50%" title="Foreground&Background Backup" />
+### General
 
-## Foreground backup
+By default, Immich will only upload photos and videos when connected to Wi-Fi. You can change this behavior in the backup settings page.
 
-If foreground backup is enabled: whenever the app is opened or resumed, it will check if any photos or videos in the selected album(s) have yet to be uploaded to the cloud (the remainder count). If there are any, they will be uploaded.
+<img
+src={require('./img/backup-options.webp').default}
+width="500px"
+title="Upload button"
+/>
 
-## Background backup
+### Android
 
-This feature is intended for everyday use. For initial bulk uploading, please use the foreground upload feature. For more information on why background upload is not working as expected, please refer to the [FAQ](/FAQ#why-does-foreground-backup-stop-when-i-navigate-away-from-the-app-shouldnt-it-transfer-the-job-to-background-backup).
-
-If background backup is enabled. The app will periodically check if there are any new photos or videos in the selected album(s) to be uploaded to the server. If there are, it will upload them to the cloud in the background.
-
-:::info Note
-
-#### General
-
-- The app must be in the background for the backup worker to start running.
-- If you reopen the app and the first page you see is the backup page, the counts will not reflect the background uploaded result. You have to navigate out of the page and come back to see the updated counts.
-
-#### Android
+<img
+src={require('./img/android-backup-options.webp').default}
+width="500px"
+title="Upload button"
+/>
 
 - It is a well-known problem that some Android models are very strict with battery optimization settings, which can cause a problem with the background worker. Please visit [Don't kill my app](https://dontkillmyapp.com/) for a guide on disabling this setting on your phone.
+- You can allow the background task to run when the device is charging.
+- You can set the minimum delay from the time a photo is taken to when the background upload task will run.
 
-#### iOS
+### iOS
 
 - You must enable **Background App Refresh** for the app to work in the background. You can enable it in the Settings app under General > Background App Refresh.
 
@@ -39,4 +44,4 @@ If background backup is enabled. The app will periodically check if there are an
 <img src={require('./img/background-app-refresh.webp').default} width="30%" title="background-app-refresh" />
 </div>
 
-:::
+- iOS automatically manages background tasks, the app cannot control when the background upload task will run. It is known that the more frequently you open the app, the more often the background task will run.

docs/docs/features/command-line-interface.md

@@ -188,6 +188,8 @@ immich upload --dry-run . | tail -n +6 | jq .newFiles[]
 
 ### Obtain the API Key
 
-The API key can be obtained in the user setting panel on the web interface.
+The API key can be obtained in the user setting panel on the web interface. You can also specify permissions for the key to limit its access.
 
 ![Obtain Api Key](./img/obtain-api-key.webp)
+
+![Specify permission for the key](./img/obtain-api-key-2.webp)

docs/docs/features/facial-recognition.md

@@ -21,14 +21,14 @@ The asset detail view will also show the faces that are recognized in the asset.
 Additional actions you can do include:
 
 - Changing the feature photo of the person
-- Setting a person's date of birth
-- Merging two or more detected faces into one person
 - Hiding the faces of a person from the Explore page and detail view
-- Assigning an unrecognized face to a person
+- Setting a person's date of birth, so that the age of the person can be shown at the time the photo was taken
+- Merging two or more detected faces into one person
+- Favoriting a person to pin them to the top of the list
 
 It can be found from the app bar when you access the detail view of a person.
 
-<img src={require('./img/facial-recognition-4.webp').default} title='Facial Recognition 4' width="70%"/>
+<img src={require('./img/facial-recognition-4.webp').default} title='Facial Recognition 4' />
 
 ## How Face Detection Works
 

docs/docs/features/mobile-app.mdx

@@ -20,14 +20,6 @@ Below are the SHA-256 fingerprints for the certificates signing the android appl
 
 :::
 
-:::info Beta Program
-The beta release channel allows users to test upcoming changes before they are officially released. To join the channel use the links below.
-
-- Android: Invitation link from [web](https://play.google.com/store/apps/details?id=app.alextran.immich) or from [mobile](https://play.google.com/store/apps/details?id=app.alextran.immich)
-- iOS: [TestFlight invitation link](https://testflight.apple.com/join/1vYsAa8P)
-
-:::
-
 ## Login
 
 <MobileAppLogin />
@@ -36,10 +28,6 @@ The beta release channel allows users to test upcoming changes before they are o
 
 <MobileAppBackup />
 
-:::info
-You can enable automatic backup on supported devices. For more information see [Automatic Backup](/features/automatic-backup.md).
-:::
-
 ## Sync only selected photos
 
 If you have a large number of photos on the device, and you would prefer not to backup all the photos, then it might be prudent to only backup selected photos from device to the Immich server.
@@ -57,17 +45,45 @@ This will enable a small cloud icon on the bottom right corner of the asset tile
 
 Now make sure that the local album is selected in the backup screen (steps 1-2 above). You can find these albums listed in **<ins>Library -> On this device</ins>**. To selectively upload photos from these albums, simply select the local-only photos and tap on "Upload" button in the dynamic bottom menu.
 
-<img
-  src={require('./img/mobile-upload-open-photo.webp').default}
-  width="50%"
-  title="Upload button on local asset preview"
-/>
 <img
   src={require('./img/mobile-upload-selected-photos.webp').default}
   width="40%"
   title="Upload button after photos selection"
 />
 
+## Free Up Space
+
+The **Free Up Space** tool allows you to remove local media files from your device that have already been successfully backed up to your Immich server (and are not in the Immich trash). This helps reclaim storage on your mobile device without losing your memories.
+
+### How it works
+
+<img src={require('./img/free-up-space.webp').default} title="Free up space" />
+
+1.  **Configuration:**
+    - **Cutoff Date:** You can select a cutoff date. The tool will only look for photos and videos **on or before** this date.
+    - **Filter Options:** You can choose to remove **All** assets, or restrict removal to **Photos only** or **Videos only**.
+    - **Keep Favorites:** By default, local assets marked as favorites are preserved on your device, even if they match the cutoff date.
+2.  **Scan & Review:** Before any files are removed, you are presented with a review screen to verify which items will be deleted.
+3.  **Deletion:** Confirmed items are moved to your device's native Trash/Recycle Bin.
+
+:::info reclaim storage
+To permanently free up space, you must manually empty the system/gallery trash.
+:::
+
+### iCloud Photos
+
+If you use **iCloud Photos** alongside Immich, it is vital to understand how deletion affects your data. iCloud utilizes a two-way sync; this means deleting a photo from your iPhone to free up space will **also delete it from iCloud**.
+
+Assets that are part of an **iCloud Shared Album** are automatically excluded from the cleanup scan because iCloud does not allow removing the items from the device.
+
+### External App Dependencies (WhatsApp, etc.)
+
+Android applications like **WhatsApp** rely on local files to display media in chat history.
+
+If Immich backs up your WhatsApp folder and you run **Free Up Space**, the local copies of these images will be deleted. Consequently, **media in your WhatsApp chats will appear blurry or missing.** You will only be able to view these photos inside the Immich app; they will no longer be visible within the WhatsApp interface.
+
+**Recommendation:** If keeping chat history intact is important, please ensure you review the deletion list carefully or consider excluding WhatsApp folders from the backup if you intend to use this feature frequently.
+
 ## Album Sync
 
 You can sync or mirror an album from your phone to the Immich server on your account. For example, if you select Recents, Camera and Videos album for backup, the corresponding album with the same name will be created on the server. Once the assets from those albums are uploaded, they will be put into the target albums automatically.

docs/docs/install/environment-variables.md

@@ -17,11 +17,11 @@ If this does not work, try running `docker compose up -d --force-recreate`.
 
 ## Docker Compose
 
-| Variable           | Description                     |  Default  | Containers               |
-| :----------------- | :------------------------------ | :-------: | :----------------------- |
-| `IMMICH_VERSION`   | Image tags                      | `release` | server, machine learning |
-| `UPLOAD_LOCATION`  | Host path for uploads           |           | server                   |
-| `DB_DATA_LOCATION` | Host path for Postgres database |           | database                 |
+| Variable           | Description                     | Default | Containers               |
+| :----------------- | :------------------------------ | :-----: | :----------------------- |
+| `IMMICH_VERSION`   | Image tags                      |  `v2`   | server, machine learning |
+| `UPLOAD_LOCATION`  | Host path for uploads           |         | server                   |
+| `DB_DATA_LOCATION` | Host path for Postgres database |         | database                 |
 
 :::tip
 These environment variables are used by the `docker-compose.yml` file and do **NOT** affect the containers directly.

docs/docs/overview/quick-start.mdx

@@ -10,7 +10,7 @@ to install and use it.
 
 ## Requirements
 
-- A system with at least 4GB of RAM and 2 CPU cores.
+- A system with at least 6GB of RAM and 2 CPU cores.
 - [Docker](https://docs.docker.com/engine/install/)
 
 > For a more detailed list of requirements, see the [requirements page](/install/requirements).
@@ -63,9 +63,9 @@ The backup time differs depending on how many photos are on your mobile device.
 take quite a while.
 To quickly get going, you can selectively upload few photos first, by following this [guide](/features/mobile-app#sync-only-selected-photos).
 
-You can select the **Jobs** tab to see Immich processing your photos.
+You can select the **Job Queues** tab to see Immich processing your photos.
 
-<img src={require('/docs/guides/img/jobs-tab.webp').default} title="Jobs tab" width={300} />
+<img src={require('/docs/guides/img/jobs-tab.webp').default} title="Job Queues Tah" width={300} />
 
 ---
 

docs/docs/partials/_mobile-app-backup.md

@@ -6,4 +6,4 @@
 
 <img src={require('./img/album-selection.webp').default} width='50%' title='Backup button' />
 
-3. Scroll down to the bottom and press "**Start Backup**" to start the backup process. This will upload all the assets in the selected albums.
+3. Scroll down to the bottom and press "**Enable Backup**" to start the backup process. This will upload all the assets in the selected albums.

docs/docs/partials/_user-create.md

@@ -2,6 +2,6 @@ If you have friends or family members who want to use the application as well, y
 
 <img src={require('./img/create-new-user.webp').default} width="90%" title='New User Registration' />
 
-In the Administration panel, you can click on the **Create user** button, and you'll be presented with the following dialog:
+In the **Administration > Users** page, you can click on the **Create user** button, and you'll be presented with the following dialog:
 
-<img src={require('./img/create-new-user-dialog.webp').default} width="90%" title='New User Registration Dialog' />
+<img src={require('./img/create-new-user-dialog.webp').default} width="40%" title='New User Registration Dialog' />

docs/docusaurus.config.js

@@ -76,6 +76,10 @@ const config = {
           autoCollapseCategories: false,
         },
       },
+      tableOfContents: {
+        minHeadingLevel: 2,
+        maxHeadingLevel: 4,
+      },
       navbar: {
         logo: {
           alt: 'Immich Logo',

docs/src/css/custom.css

@@ -69,7 +69,13 @@ h6 {
   --ifm-color-primary-lighter: #e9f1fe;
   --ifm-color-primary-lightest: #ffffff;
   --docusaurus-highlighted-code-line-bg: rgba(0, 0, 0, 0.3);
-  --ifm-background-color: #000000;
+  --ifm-navbar-background-color: #0c0c0c;
+  --ifm-footer-background-color: #0c0c0c;
+}
+
+[data-theme='dark'] body,
+[data-theme='dark'] .main-wrapper {
+  background-color: #070707;
 }
 
 div[class^='announcementBar_'] {

docs/tailwind.config.js

@@ -17,9 +17,9 @@ module.exports = {
 
         // Dark Theme
         'immich-dark-primary': '#adcbfa',
-        'immich-dark-bg': '#070a14',
+        'immich-dark-bg': '#000000',
         'immich-dark-fg': '#e5e7eb',
-        'immich-dark-gray': '#212121',
+        'immich-dark-gray': '#111111',
       },
     },
   },

e2e/playwright.config.ts

@@ -8,7 +8,7 @@ dotenv.config({ path: resolve(import.meta.dirname, '.env') });
 export const playwrightHost = process.env.PLAYWRIGHT_HOST ?? '127.0.0.1';
 export const playwrightDbHost = process.env.PLAYWRIGHT_DB_HOST ?? '127.0.0.1';
 export const playwriteBaseUrl = process.env.PLAYWRIGHT_BASE_URL ?? `http://${playwrightHost}:2285`;
-export const playwriteSlowMo = parseInt(process.env.PLAYWRIGHT_SLOW_MO ?? '0');
+export const playwriteSlowMo = Number.parseInt(process.env.PLAYWRIGHT_SLOW_MO ?? '0');
 export const playwrightDisableWebserver = process.env.PLAYWRIGHT_DISABLE_WEBSERVER;
 
 process.env.PW_EXPERIMENTAL_SERVICE_WORKER_NETWORK_EVENTS = '1';
@@ -39,13 +39,13 @@ const config: PlaywrightTestConfig = {
       testMatch: /.*\.e2e-spec\.ts/,
       workers: 1,
     },
-    {
-      name: 'parallel tests',
-      use: { ...devices['Desktop Chrome'] },
-      testMatch: /.*\.parallel-e2e-spec\.ts/,
-      fullyParallel: true,
-      workers: process.env.CI ? 3 : Math.max(1, Math.round(cpus().length * 0.75) - 1),
-    },
+    // {
+    //   name: 'parallel tests',
+    //   use: { ...devices['Desktop Chrome'] },
+    //   testMatch: /.*\.parallel-e2e-spec\.ts/,
+    //   fullyParallel: true,
+    //   workers: process.env.CI ? 3 : Math.max(1, Math.round(cpus().length * 0.75) - 1),
+    // },
 
     // {
     //   name: 'firefox',

e2e/src/api/specs/database-backups.e2e-spec.ts

@@ -0,0 +1,350 @@
+import { LoginResponseDto, ManualJobName } from '@immich/sdk';
+import { errorDto } from 'src/responses';
+import { app, utils } from 'src/utils';
+import request from 'supertest';
+import { afterAll, beforeAll, describe, expect, it } from 'vitest';
+
+describe('/admin/database-backups', () => {
+  let cookie: string | undefined;
+  let admin: LoginResponseDto;
+
+  beforeAll(async () => {
+    await utils.resetDatabase();
+    admin = await utils.adminSetup();
+    await utils.resetBackups(admin.accessToken);
+  });
+
+  describe('GET /', async () => {
+    it('should succeed and be empty', async () => {
+      const { status, body } = await request(app)
+        .get('/admin/database-backups')
+        .set('Authorization', `Bearer ${admin.accessToken}`);
+      expect(status).toBe(200);
+      expect(body).toEqual({
+        backups: [],
+      });
+    });
+
+    it('should contain a created backup', async () => {
+      await utils.createJob(admin.accessToken, {
+        name: ManualJobName.BackupDatabase,
+      });
+
+      await utils.waitForQueueFinish(admin.accessToken, 'backupDatabase');
+
+      await expect
+        .poll(
+          async () => {
+            const { status, body } = await request(app)
+              .get('/admin/database-backups')
+              .set('Authorization', `Bearer ${admin.accessToken}`);
+
+            expect(status).toBe(200);
+            return body;
+          },
+          {
+            interval: 500,
+            timeout: 10_000,
+          },
+        )
+        .toEqual(
+          expect.objectContaining({
+            backups: [
+              expect.objectContaining({
+                filename: expect.stringMatching(/immich-db-backup-\d{8}T\d{6}-v.*-pg.*\.sql\.gz$/),
+                filesize: expect.any(Number),
+              }),
+            ],
+          }),
+        );
+    });
+  });
+
+  describe('DELETE /', async () => {
+    it('should delete backup', async () => {
+      const filename = await utils.createBackup(admin.accessToken);
+
+      const { status } = await request(app)
+        .delete(`/admin/database-backups`)
+        .set('Authorization', `Bearer ${admin.accessToken}`)
+        .send({ backups: [filename] });
+
+      expect(status).toBe(200);
+
+      const { status: listStatus, body } = await request(app)
+        .get('/admin/database-backups')
+        .set('Authorization', `Bearer ${admin.accessToken}`);
+
+      expect(listStatus).toBe(200);
+      expect(body).toEqual(
+        expect.objectContaining({
+          backups: [],
+        }),
+      );
+    });
+  });
+
+  // => action: restore database flow
+
+  describe.sequential('POST /start-restore', () => {
+    afterAll(async () => {
+      await request(app).post('/admin/maintenance').set('cookie', cookie!).send({ action: 'end' });
+      await utils.poll(
+        () => request(app).get('/server/config'),
+        ({ status, body }) => status === 200 && !body.maintenanceMode,
+      );
+
+      admin = await utils.adminSetup();
+    });
+
+    it.sequential('should not work when the server is configured', async () => {
+      const { status, body } = await request(app).post('/admin/database-backups/start-restore').send();
+
+      expect(status).toBe(400);
+      expect(body).toEqual(errorDto.badRequest('The server already has an admin'));
+    });
+
+    it.sequential('should enter maintenance mode in "database restore mode"', async () => {
+      await utils.resetDatabase(); // reset database before running this test
+
+      const { status, headers } = await request(app).post('/admin/database-backups/start-restore').send();
+
+      expect(status).toBe(201);
+
+      cookie = headers['set-cookie'][0].split(';')[0];
+
+      await expect
+        .poll(
+          async () => {
+            const { status, body } = await request(app).get('/server/config');
+            expect(status).toBe(200);
+            return body.maintenanceMode;
+          },
+          {
+            interval: 500,
+            timeout: 10_000,
+          },
+        )
+        .toBeTruthy();
+
+      const { status: status2, body } = await request(app).get('/admin/maintenance/status').send({ token: 'token' });
+      expect(status2).toBe(200);
+      expect(body).toEqual({
+        active: true,
+        action: 'select_database_restore',
+      });
+    });
+  });
+
+  // => action: restore database
+
+  describe.sequential('POST /backups/restore', () => {
+    beforeAll(async () => {
+      await utils.disconnectDatabase();
+    });
+
+    afterAll(async () => {
+      await utils.connectDatabase();
+    });
+
+    it.sequential('should restore a backup', { timeout: 60_000 }, async () => {
+      let filename = await utils.createBackup(admin.accessToken);
+
+      // work-around until test is running on released version
+      await utils.move(
+        `/data/backups/${filename}`,
+        '/data/backups/immich-db-backup-20260114T184016-v2.5.0-pg14.19.sql.gz',
+      );
+      filename = 'immich-db-backup-20260114T184016-v2.5.0-pg14.19.sql.gz';
+
+      const { status } = await request(app)
+        .post('/admin/maintenance')
+        .set('Authorization', `Bearer ${admin.accessToken}`)
+        .send({
+          action: 'restore_database',
+          restoreBackupFilename: filename,
+        });
+
+      expect(status).toBe(201);
+
+      await expect
+        .poll(
+          async () => {
+            const { status, body } = await request(app).get('/server/config');
+            expect(status).toBe(200);
+            return body.maintenanceMode;
+          },
+          {
+            interval: 500,
+            timeout: 10_000,
+          },
+        )
+        .toBeTruthy();
+
+      const { status: status2, body } = await request(app).get('/admin/maintenance/status').send({ token: 'token' });
+      expect(status2).toBe(200);
+      expect(body).toEqual(
+        expect.objectContaining({
+          active: true,
+          action: 'restore_database',
+        }),
+      );
+
+      await expect
+        .poll(
+          async () => {
+            const { status, body } = await request(app).get('/server/config');
+            expect(status).toBe(200);
+            return body.maintenanceMode;
+          },
+          {
+            interval: 500,
+            timeout: 60_000,
+          },
+        )
+        .toBeFalsy();
+    });
+
+    it.sequential('fail to restore a corrupted backup', { timeout: 60_000 }, async () => {
+      await utils.prepareTestBackup('corrupted');
+
+      const { status, headers } = await request(app)
+        .post('/admin/maintenance')
+        .set('Authorization', `Bearer ${admin.accessToken}`)
+        .send({
+          action: 'restore_database',
+          restoreBackupFilename: 'development-corrupted.sql.gz',
+        });
+
+      expect(status).toBe(201);
+      cookie = headers['set-cookie'][0].split(';')[0];
+
+      await expect
+        .poll(
+          async () => {
+            const { status, body } = await request(app).get('/server/config');
+            expect(status).toBe(200);
+            return body.maintenanceMode;
+          },
+          {
+            interval: 500,
+            timeout: 10_000,
+          },
+        )
+        .toBeTruthy();
+
+      await expect
+        .poll(
+          async () => {
+            const { status, body } = await request(app).get('/admin/maintenance/status').send({ token: 'token' });
+            expect(status).toBe(200);
+            return body;
+          },
+          {
+            interval: 500,
+            timeout: 10_000,
+          },
+        )
+        .toEqual(
+          expect.objectContaining({
+            active: true,
+            action: 'restore_database',
+            error: 'Something went wrong, see logs!',
+          }),
+        );
+
+      const { status: status2, body: body2 } = await request(app)
+        .get('/admin/maintenance/status')
+        .set('cookie', cookie!)
+        .send({ token: 'token' });
+      expect(status2).toBe(200);
+      expect(body2).toEqual(
+        expect.objectContaining({
+          active: true,
+          action: 'restore_database',
+          error: expect.stringContaining('IM CORRUPTED'),
+        }),
+      );
+
+      await request(app).post('/admin/maintenance').set('cookie', cookie!).send({
+        action: 'end',
+      });
+
+      await utils.poll(
+        () => request(app).get('/server/config'),
+        ({ status, body }) => status === 200 && !body.maintenanceMode,
+      );
+    });
+
+    it.sequential('rollback to restore point if backup is missing admin', { timeout: 60_000 }, async () => {
+      await utils.prepareTestBackup('empty');
+
+      const { status, headers } = await request(app)
+        .post('/admin/maintenance')
+        .set('Authorization', `Bearer ${admin.accessToken}`)
+        .send({
+          action: 'restore_database',
+          restoreBackupFilename: 'development-empty.sql.gz',
+        });
+
+      expect(status).toBe(201);
+      cookie = headers['set-cookie'][0].split(';')[0];
+
+      await expect
+        .poll(
+          async () => {
+            const { status, body } = await request(app).get('/server/config');
+            expect(status).toBe(200);
+            return body.maintenanceMode;
+          },
+          {
+            interval: 500,
+            timeout: 10_000,
+          },
+        )
+        .toBeTruthy();
+
+      await expect
+        .poll(
+          async () => {
+            const { status, body } = await request(app).get('/admin/maintenance/status').send({ token: 'token' });
+            expect(status).toBe(200);
+            return body;
+          },
+          {
+            interval: 500,
+            timeout: 30_000,
+          },
+        )
+        .toEqual(
+          expect.objectContaining({
+            active: true,
+            action: 'restore_database',
+            error: 'Something went wrong, see logs!',
+          }),
+        );
+
+      const { status: status2, body: body2 } = await request(app)
+        .get('/admin/maintenance/status')
+        .set('cookie', cookie!)
+        .send({ token: 'token' });
+      expect(status2).toBe(200);
+      expect(body2).toEqual(
+        expect.objectContaining({
+          active: true,
+          action: 'restore_database',
+          error: expect.stringContaining('Server health check failed, no admin exists.'),
+        }),
+      );
+
+      await request(app).post('/admin/maintenance').set('cookie', cookie!).send({
+        action: 'end',
+      });
+
+      await utils.poll(
+        () => request(app).get('/server/config'),
+        ({ status, body }) => status === 200 && !body.maintenanceMode,
+      );
+    });
+  });
+});

e2e/src/api/specs/maintenance.e2e-spec.ts

@@ -14,6 +14,7 @@ describe('/admin/maintenance', () => {
     await utils.resetDatabase();
     admin = await utils.adminSetup();
     nonAdmin = await utils.userSetup(admin.accessToken, createUserDto.user1);
+    await utils.resetBackups(admin.accessToken);
   });
 
   // => outside of maintenance mode
@@ -26,6 +27,17 @@ describe('/admin/maintenance', () => {
     });
   });
 
+  describe('GET /status', async () => {
+    it('to always indicate we are not in maintenance mode', async () => {
+      const { status, body } = await request(app).get('/admin/maintenance/status').send({ token: 'token' });
+      expect(status).toBe(200);
+      expect(body).toEqual({
+        active: false,
+        action: 'end',
+      });
+    });
+  });
+
   describe('POST /login', async () => {
     it('should not work out of maintenance mode', async () => {
       const { status, body } = await request(app).post('/admin/maintenance/login').send({ token: 'token' });
@@ -39,6 +51,7 @@ describe('/admin/maintenance', () => {
   describe.sequential('POST /', () => {
     it('should require authentication', async () => {
       const { status, body } = await request(app).post('/admin/maintenance').send({
+        active: false,
         action: 'end',
       });
       expect(status).toBe(401);
@@ -69,6 +82,7 @@ describe('/admin/maintenance', () => {
         .send({
           action: 'start',
         });
+
       expect(status).toBe(201);
 
       cookie = headers['set-cookie'][0].split(';')[0];
@@ -79,12 +93,13 @@ describe('/admin/maintenance', () => {
       await expect
         .poll(
           async () => {
-            const { body } = await request(app).get('/server/config');
+            const { status, body } = await request(app).get('/server/config');
+            expect(status).toBe(200);
             return body.maintenanceMode;
           },
           {
-            interval: 5e2,
-            timeout: 1e4,
+            interval: 500,
+            timeout: 10_000,
           },
         )
         .toBeTruthy();
@@ -102,6 +117,17 @@ describe('/admin/maintenance', () => {
       });
     });
 
+    describe('GET /status', async () => {
+      it('to indicate we are in maintenance mode', async () => {
+        const { status, body } = await request(app).get('/admin/maintenance/status').send({ token: 'token' });
+        expect(status).toBe(200);
+        expect(body).toEqual({
+          active: true,
+          action: 'start',
+        });
+      });
+    });
+
     describe('POST /login', async () => {
       it('should fail without cookie or token in body', async () => {
         const { status, body } = await request(app).post('/admin/maintenance/login').send({});
@@ -158,12 +184,13 @@ describe('/admin/maintenance', () => {
       await expect
         .poll(
           async () => {
-            const { body } = await request(app).get('/server/config');
+            const { status, body } = await request(app).get('/server/config');
+            expect(status).toBe(200);
             return body.maintenanceMode;
           },
           {
-            interval: 5e2,
-            timeout: 1e4,
+            interval: 500,
+            timeout: 10_000,
           },
         )
         .toBeFalsy();

e2e/src/utils.ts

@@ -6,7 +6,9 @@ import {
   CheckExistingAssetsDto,
   CreateAlbumDto,
   CreateLibraryDto,
+  JobCreateDto,
   MaintenanceAction,
+  ManualJobName,
   MetadataSearchDto,
   Permission,
   PersonCreateDto,
@@ -21,6 +23,7 @@ import {
   checkExistingAssets,
   createAlbum,
   createApiKey,
+  createJob,
   createLibrary,
   createPartner,
   createPerson,
@@ -28,10 +31,12 @@ import {
   createStack,
   createUserAdmin,
   deleteAssets,
+  deleteDatabaseBackup,
   getAssetInfo,
   getConfig,
   getConfigDefaults,
   getQueuesLegacy,
+  listDatabaseBackups,
   login,
   runQueueCommandLegacy,
   scanLibrary,
@@ -52,11 +57,15 @@ import {
 import { BrowserContext } from '@playwright/test';
 import { exec, spawn } from 'node:child_process';
 import { createHash } from 'node:crypto';
-import { existsSync, mkdirSync, renameSync, rmSync, writeFileSync } from 'node:fs';
+import { createWriteStream, existsSync, mkdirSync, renameSync, rmSync, writeFileSync } from 'node:fs';
+import { mkdtemp } from 'node:fs/promises';
 import { tmpdir } from 'node:os';
-import { dirname, resolve } from 'node:path';
+import { dirname, join, resolve } from 'node:path';
+import { Readable } from 'node:stream';
+import { pipeline } from 'node:stream/promises';
 import { setTimeout as setAsyncTimeout } from 'node:timers/promises';
 import { promisify } from 'node:util';
+import { createGzip } from 'node:zlib';
 import pg from 'pg';
 import { io, type Socket } from 'socket.io-client';
 import { loginDto, signupDto } from 'src/fixtures';
@@ -84,8 +93,9 @@ export const asBearerAuth = (accessToken: string) => ({ Authorization: `Bearer $
 export const asKeyAuth = (key: string) => ({ 'x-api-key': key });
 export const immichCli = (args: string[]) =>
   executeCommand('pnpm', ['exec', 'immich', '-d', `/${tempDir}/immich/`, ...args], { cwd: '../cli' }).promise;
-export const immichAdmin = (args: string[]) =>
-  executeCommand('docker', ['exec', '-i', 'immich-e2e-server', '/bin/bash', '-c', `immich-admin ${args.join(' ')}`]);
+export const dockerExec = (args: string[]) =>
+  executeCommand('docker', ['exec', '-i', 'immich-e2e-server', '/bin/bash', '-c', args.join(' ')]);
+export const immichAdmin = (args: string[]) => dockerExec([`immich-admin ${args.join(' ')}`]);
 export const specialCharStrings = ["'", '"', ',', '{', '}', '*'];
 export const TEN_TIMES = [0, 1, 2, 3, 4, 5, 6, 7, 8, 9];
 
@@ -149,12 +159,26 @@ const onEvent = ({ event, id }: { event: EventType; id: string }) => {
 };
 
 export const utils = {
+  connectDatabase: async () => {
+    if (!client) {
+      client = new pg.Client(dbUrl);
+      client.on('end', () => (client = null));
+      client.on('error', () => (client = null));
+      await client.connect();
+    }
+
+    return client;
+  },
+
+  disconnectDatabase: async () => {
+    if (client) {
+      await client.end();
+    }
+  },
+
   resetDatabase: async (tables?: string[]) => {
     try {
-      if (!client) {
-        client = new pg.Client(dbUrl);
-        await client.connect();
-      }
+      client = await utils.connectDatabase();
 
       tables = tables || [
         // TODO e2e test for deleting a stack, since it is quite complex
@@ -481,6 +505,9 @@ export const utils = {
   tagAssets: (accessToken: string, tagId: string, assetIds: string[]) =>
     tagAssets({ id: tagId, bulkIdsDto: { ids: assetIds } }, { headers: asBearerAuth(accessToken) }),
 
+  createJob: async (accessToken: string, jobCreateDto: JobCreateDto) =>
+    createJob({ jobCreateDto }, { headers: asBearerAuth(accessToken) }),
+
   queueCommand: async (accessToken: string, name: QueueName, queueCommandDto: QueueCommandDto) =>
     runQueueCommandLegacy({ name, queueCommandDto }, { headers: asBearerAuth(accessToken) }),
 
@@ -559,6 +586,45 @@ export const utils = {
     mkdirSync(`${testAssetDir}/temp`, { recursive: true });
   },
 
+  async move(source: string, dest: string) {
+    return executeCommand('docker', ['exec', 'immich-e2e-server', 'mv', source, dest]).promise;
+  },
+
+  createBackup: async (accessToken: string) => {
+    await utils.createJob(accessToken, {
+      name: ManualJobName.BackupDatabase,
+    });
+
+    return utils.poll(
+      () => request(app).get('/admin/database-backups').set('Authorization', `Bearer ${accessToken}`),
+      ({ status, body }) => status === 200 && body.backups.length === 1,
+      ({ body }) => body.backups[0].filename,
+    );
+  },
+
+  resetBackups: async (accessToken: string) => {
+    const { backups } = await listDatabaseBackups({ headers: asBearerAuth(accessToken) });
+
+    const backupFiles = backups.map((b) => b.filename);
+    await deleteDatabaseBackup(
+      { databaseBackupDeleteDto: { backups: backupFiles } },
+      { headers: asBearerAuth(accessToken) },
+    );
+  },
+
+  prepareTestBackup: async (generate: 'empty' | 'corrupted') => {
+    const dir = await mkdtemp(join(tmpdir(), 'test-'));
+    const fn = join(dir, 'file');
+
+    const sql = Readable.from(generate === 'corrupted' ? 'IM CORRUPTED;' : 'SELECT 1;');
+    const gzip = createGzip();
+    const writeStream = createWriteStream(fn);
+    await pipeline(sql, gzip, writeStream);
+
+    await executeCommand('docker', ['cp', fn, `immich-e2e-server:/data/backups/development-${generate}.sql.gz`])
+      .promise;
+  },
+
   resetAdminConfig: async (accessToken: string) => {
     const defaultConfig = await getConfigDefaults({ headers: asBearerAuth(accessToken) });
     await updateConfig({ systemConfigDto: defaultConfig }, { headers: asBearerAuth(accessToken) });
@@ -601,6 +667,25 @@ export const utils = {
     await utils.waitForQueueFinish(accessToken, 'sidecar');
     await utils.waitForQueueFinish(accessToken, 'metadataExtraction');
   },
+
+  async poll<T>(cb: () => Promise<T>, validate: (value: T) => boolean, map?: (value: T) => any) {
+    let timeout = 0;
+    while (true) {
+      try {
+        const data = await cb();
+        if (validate(data)) {
+          return map ? map(data) : data;
+        }
+        timeout++;
+        if (timeout >= 10) {
+          throw 'Could not clean up test.';
+        }
+        await new Promise((resolve) => setTimeout(resolve, 5e2));
+      } catch {
+        // no-op
+      }
+    }
+  },
 };
 
 utils.initSdk();

e2e/src/web/specs/asset-viewer/asset-viewer.parallel-e2e-spec.ts

@@ -12,7 +12,7 @@ import {
 import { setupBaseMockApiRoutes } from 'src/mock-network/base-network';
 import { setupTimelineMockApiRoutes, TimelineTestContext } from 'src/mock-network/timeline-network';
 import { utils } from 'src/utils';
-import { assetViewerUtils, cancelAllPollers } from 'src/web/specs/timeline/utils';
+import { assetViewerUtils } from 'src/web/specs/timeline/utils';
 
 test.describe.configure({ mode: 'parallel' });
 test.describe('asset-viewer', () => {
@@ -49,7 +49,6 @@ test.describe('asset-viewer', () => {
   });
 
   test.afterEach(() => {
-    cancelAllPollers();
     testContext.slowBucket = false;
     changes.albumAdditions = [];
     changes.assetDeletions = [];

e2e/src/web/specs/database-backups.e2e-spec.ts

@@ -0,0 +1,105 @@
+import { LoginResponseDto } from '@immich/sdk';
+import { expect, test } from '@playwright/test';
+import { utils } from 'src/utils';
+
+test.describe.configure({ mode: 'serial' });
+
+test.describe('Database Backups', () => {
+  let admin: LoginResponseDto;
+
+  test.beforeAll(async () => {
+    utils.initSdk();
+    await utils.resetDatabase();
+    admin = await utils.adminSetup();
+  });
+
+  test('restore a backup from settings', async ({ context, page }) => {
+    test.setTimeout(60_000);
+
+    await utils.resetBackups(admin.accessToken);
+    const filename = await utils.createBackup(admin.accessToken);
+    await utils.setAuthCookies(context, admin.accessToken);
+
+    // work-around until test is running on released version
+    await utils.move(
+      `/data/backups/${filename}`,
+      '/data/backups/immich-db-backup-20260114T184016-v2.5.0-pg14.19.sql.gz',
+    );
+
+    await page.goto('/admin/maintenance?isOpen=backups');
+    await page.getByRole('button', { name: 'Restore', exact: true }).click();
+    await page.getByRole('dialog').getByRole('button', { name: 'Restore' }).click();
+
+    await page.waitForURL('/maintenance?**');
+    await page.waitForURL('/admin/maintenance**', { timeout: 60_000 });
+  });
+
+  test('handle backup restore failure', async ({ context, page }) => {
+    test.setTimeout(60_000);
+
+    await utils.resetBackups(admin.accessToken);
+    await utils.prepareTestBackup('corrupted');
+    await utils.setAuthCookies(context, admin.accessToken);
+
+    await page.goto('/admin/maintenance?isOpen=backups');
+    await page.getByRole('button', { name: 'Restore', exact: true }).click();
+    await page.getByRole('dialog').getByRole('button', { name: 'Restore' }).click();
+
+    await page.waitForURL('/maintenance?**');
+    await expect(page.getByText('IM CORRUPTED')).toBeVisible({ timeout: 60_000 });
+    await page.getByRole('button', { name: 'End maintenance mode' }).click();
+    await page.waitForURL('/admin/maintenance**');
+  });
+
+  test('rollback to restore point if backup is missing admin', async ({ context, page }) => {
+    test.setTimeout(60_000);
+
+    await utils.resetBackups(admin.accessToken);
+    await utils.prepareTestBackup('empty');
+    await utils.setAuthCookies(context, admin.accessToken);
+
+    await page.goto('/admin/maintenance?isOpen=backups');
+    await page.getByRole('button', { name: 'Restore', exact: true }).click();
+    await page.getByRole('dialog').getByRole('button', { name: 'Restore' }).click();
+
+    await page.waitForURL('/maintenance?**');
+    await expect(page.getByText('Server health check failed, no admin exists.')).toBeVisible({ timeout: 60_000 });
+    await page.getByRole('button', { name: 'End maintenance mode' }).click();
+    await page.waitForURL('/admin/maintenance**');
+  });
+
+  test('restore a backup from onboarding', async ({ context, page }) => {
+    test.setTimeout(60_000);
+
+    await utils.resetBackups(admin.accessToken);
+    const filename = await utils.createBackup(admin.accessToken);
+    await utils.setAuthCookies(context, admin.accessToken);
+
+    // work-around until test is running on released version
+    await utils.move(
+      `/data/backups/${filename}`,
+      '/data/backups/immich-db-backup-20260114T184016-v2.5.0-pg14.19.sql.gz',
+    );
+
+    await utils.resetDatabase();
+
+    await page.goto('/');
+    await page.getByRole('button', { name: 'Restore from backup' }).click();
+
+    try {
+      await page.waitForURL('/maintenance**');
+    } catch {
+      // when chained with the rest of the tests
+      // this navigation may fail..? not sure why...
+      await page.goto('/maintenance');
+      await page.waitForURL('/maintenance**');
+    }
+
+    await page.getByRole('button', { name: 'Next' }).click();
+    await page.getByRole('button', { name: 'Restore', exact: true }).click();
+    await page.getByRole('dialog').getByRole('button', { name: 'Restore' }).click();
+
+    await page.waitForURL('/maintenance?**');
+    await page.waitForURL('/photos', { timeout: 60_000 });
+  });
+});

e2e/src/web/specs/maintenance.e2e-spec.ts

@@ -16,12 +16,12 @@ test.describe('Maintenance', () => {
   test('enter and exit maintenance mode', async ({ context, page }) => {
     await utils.setAuthCookies(context, admin.accessToken);
 
-    await page.goto('/admin/system-settings?isOpen=maintenance');
-    await page.getByRole('button', { name: 'Start maintenance mode' }).click();
+    await page.goto('/admin/maintenance');
+    await page.getByRole('button', { name: 'Switch to maintenance mode' }).click();
 
     await expect(page.getByText('Temporarily Unavailable')).toBeVisible({ timeout: 10_000 });
     await page.getByRole('button', { name: 'End maintenance mode' }).click();
-    await page.waitForURL('**/admin/system-settings*', { timeout: 10_000 });
+    await page.waitForURL('**/admin/maintenance*', { timeout: 10_000 });
   });
 
   test('maintenance shows no options to users until they authenticate', async ({ page }) => {

e2e/src/web/specs/timeline/timeline.parallel-e2e-spec.ts

@@ -18,7 +18,6 @@ import { pageRoutePromise, setupTimelineMockApiRoutes, TimelineTestContext } fro
 import { utils } from 'src/utils';
 import {
   assetViewerUtils,
-  cancelAllPollers,
   padYearMonth,
   pageUtils,
   poll,
@@ -64,7 +63,6 @@ test.describe('Timeline', () => {
   });
 
   test.afterEach(() => {
-    cancelAllPollers();
     testContext.slowBucket = false;
     changes.albumAdditions = [];
     changes.assetDeletions = [];

e2e/src/web/specs/timeline/utils.ts

@@ -23,13 +23,6 @@ export async function throttlePage(context: BrowserContext, page: Page) {
   await session.send('Emulation.setCPUThrottlingRate', { rate: 10 });
 }
 
-let activePollsAbortController = new AbortController();
-
-export const cancelAllPollers = () => {
-  activePollsAbortController.abort();
-  activePollsAbortController = new AbortController();
-};
-
 export const poll = async <T>(
   page: Page,
   query: () => Promise<T>,
@@ -37,21 +30,14 @@ export const poll = async <T>(
 ) => {
   let result;
   const timeout = Date.now() + 10_000;
-  const signal = activePollsAbortController.signal;
 
   const terminate = callback || ((result: Awaited<T> | undefined) => !!result);
   while (!terminate(result) && Date.now() < timeout) {
-    if (signal.aborted) {
-      return;
-    }
     try {
       result = await query();
     } catch {
       // ignore
     }
-    if (signal.aborted) {
-      return;
-    }
     if (page.isClosed()) {
       return;
     }

i18n/en.json

@@ -188,10 +188,21 @@
     "machine_learning_smart_search_enabled": "Enable smart search",
     "machine_learning_smart_search_enabled_description": "If disabled, images will not be encoded for smart search.",
     "machine_learning_url_description": "The URL of the machine learning server. If more than one URL is provided, each server will be attempted one-at-a-time until one responds successfully, in order from first to last. Servers that don't respond will be temporarily ignored until they come back online.",
+    "maintenance_delete_backup": "Delete Backup",
+    "maintenance_delete_backup_description": "This file will be irrevocably deleted.",
+    "maintenance_delete_error": "Failed to delete backup.",
+    "maintenance_restore_backup": "Restore Backup",
+    "maintenance_restore_backup_description": "Immich will be wiped and restored from the chosen backup. A backup will be created before continuing.",
+    "maintenance_restore_backup_different_version": "This backup was created with a different version of Immich!",
+    "maintenance_restore_backup_unknown_version": "Couldn't determine backup version.",
+    "maintenance_restore_database_backup": "Restore database backup",
+    "maintenance_restore_database_backup_description": "Rollback to an earlier database state using a backup file",
     "maintenance_settings": "Maintenance",
     "maintenance_settings_description": "Put Immich into maintenance mode.",
-    "maintenance_start": "Start maintenance mode",
+    "maintenance_start": "Switch to maintenance mode",
     "maintenance_start_error": "Failed to start maintenance mode.",
+    "maintenance_upload_backup": "Upload database backup file",
+    "maintenance_upload_backup_error": "Could not upload backup, is it an .sql/.sql.gz file?",
     "manage_concurrency": "Manage Concurrency",
     "manage_concurrency_description": "Navigate to the jobs page to manage job concurrency",
     "manage_log_settings": "Manage log settings",
@@ -998,9 +1009,11 @@
   "error_getting_places": "Error getting places",
   "error_loading_image": "Error loading image",
   "error_loading_partners": "Error loading partners: {error}",
+  "error_retrieving_asset_information": "Error retrieving asset information",
   "error_saving_image": "Error: {error}",
   "error_tag_face_bounding_box": "Error tagging face - cannot get bounding box coordinates",
   "error_title": "Error - Something went wrong",
+  "error_while_navigating": "Error while navigating to asset",
   "errors": {
     "cannot_navigate_next_asset": "Cannot navigate to the next asset",
     "cannot_navigate_previous_asset": "Cannot navigate to previous asset",
@@ -1404,10 +1417,28 @@
   "loop_videos_description": "Enable to automatically loop a video in the detail viewer.",
   "main_branch_warning": "You're using a development version; we strongly recommend using a release version!",
   "main_menu": "Main menu",
+  "maintenance_action_restore": "Restoring Database",
   "maintenance_description": "Immich has been put into <link>maintenance mode</link>.",
   "maintenance_end": "End maintenance mode",
   "maintenance_end_error": "Failed to end maintenance mode.",
   "maintenance_logged_in_as": "Currently logged in as {user}",
+  "maintenance_restore_from_backup": "Restore From Backup",
+  "maintenance_restore_library": "Restore Your Library",
+  "maintenance_restore_library_confirm": "If this looks correct, continue to restoring a backup!",
+  "maintenance_restore_library_description": "Restoring Database",
+  "maintenance_restore_library_folder_has_files": "{folder} has {count} folder(s)",
+  "maintenance_restore_library_folder_no_files": "{folder} is missing files!",
+  "maintenance_restore_library_folder_pass": "readable and writable",
+  "maintenance_restore_library_folder_read_fail": "not readable",
+  "maintenance_restore_library_folder_write_fail": "not writable",
+  "maintenance_restore_library_hint_missing_files": "You may be missing important files",
+  "maintenance_restore_library_hint_regenerate_later": "You can regenerate these later in settings",
+  "maintenance_restore_library_hint_storage_template_missing_files": "Using storage template? You may be missing files",
+  "maintenance_restore_library_loading": "Loading integrity checks and heuristics…",
+  "maintenance_task_backup": "Creating a backup of the existing database…",
+  "maintenance_task_migrations": "Running database migrations…",
+  "maintenance_task_restore": "Restoring the chosen backup…",
+  "maintenance_task_rollback": "Restore failed, rolling back to restore point…",
   "maintenance_title": "Temporarily Unavailable",
   "make": "Make",
   "manage_geolocation": "Manage location",
@@ -1526,7 +1557,7 @@
   "no_albums_with_name_yet": "It looks like you do not have any albums with this name yet.",
   "no_albums_yet": "It looks like you do not have any albums yet.",
   "no_archived_assets_message": "Archive photos and videos to hide them from your Photos view",
-  "no_assets_message": "CLICK TO UPLOAD YOUR FIRST PHOTO",
+  "no_assets_message": "Click to upload your first photo",
   "no_assets_to_show": "No assets to show",
   "no_cast_devices_found": "No cast devices found",
   "no_checksum_local": "No checksum available - cannot fetch local assets",
@@ -2160,6 +2191,7 @@
   "theme_setting_theme_subtitle": "Choose the app's theme setting",
   "theme_setting_three_stage_loading_subtitle": "Three-stage loading might increase the loading performance but causes significantly higher network load",
   "theme_setting_three_stage_loading_title": "Enable three-stage loading",
+  "then": "Then",
   "they_will_be_merged_together": "They will be merged together",
   "third_party_resources": "Third-Party Resources",
   "time": "Time",
@@ -2215,6 +2247,7 @@
   "unhide_person": "Unhide person",
   "unknown": "Unknown",
   "unknown_country": "Unknown Country",
+  "unknown_date": "Unknown date",
   "unknown_year": "Unknown Year",
   "unlimited": "Unlimited",
   "unlink_motion_video": "Unlink motion video",

mobile/lib/pages/common/splash_screen.page.dart

@@ -10,6 +10,7 @@ import 'package:immich_mobile/providers/background_sync.provider.dart';
 import 'package:immich_mobile/providers/backup/backup.provider.dart';
 import 'package:immich_mobile/providers/backup/drift_backup.provider.dart';
 import 'package:immich_mobile/providers/gallery_permission.provider.dart';
+import 'package:immich_mobile/providers/server_info.provider.dart';
 import 'package:immich_mobile/providers/websocket.provider.dart';
 import 'package:immich_mobile/routing/router.dart';
 import 'package:logging/logging.dart';
@@ -49,6 +50,7 @@ class SplashScreenPageState extends ConsumerState<SplashScreenPage> {
     final accessToken = Store.tryGet(StoreKey.accessToken);
 
     if (accessToken != null && serverUrl != null && endpoint != null) {
+      final infoProvider = ref.read(serverInfoProvider.notifier);
       final wsProvider = ref.read(websocketProvider.notifier);
       final backgroundManager = ref.read(backgroundSyncProvider);
       final backupProvider = ref.read(driftBackupProvider.notifier);
@@ -58,6 +60,7 @@ class SplashScreenPageState extends ConsumerState<SplashScreenPage> {
           (_) async {
             try {
               wsProvider.connect();
+              unawaited(infoProvider.getServerInfo());
 
               if (Store.isBetaTimelineEnabled) {
                 bool syncSuccess = false;

mobile/lib/presentation/widgets/images/thumbnail_tile.widget.dart

@@ -6,6 +6,7 @@ import 'package:immich_mobile/domain/models/setting.model.dart';
 import 'package:immich_mobile/extensions/build_context_extensions.dart';
 import 'package:immich_mobile/extensions/duration_extensions.dart';
 import 'package:immich_mobile/extensions/theme_extensions.dart';
+import 'package:immich_mobile/presentation/widgets/asset_viewer/asset_viewer.state.dart';
 import 'package:immich_mobile/presentation/widgets/images/thumbnail.widget.dart';
 import 'package:immich_mobile/presentation/widgets/timeline/constants.dart';
 import 'package:immich_mobile/providers/backup/asset_upload_progress.provider.dart';
@@ -47,6 +48,7 @@ class _ThumbnailTileState extends ConsumerState<ThumbnailTile> {
   Widget build(BuildContext context) {
     final asset = widget.asset;
     final heroIndex = widget.heroOffset ?? TabsRouterScope.of(context)?.controller.activeIndex ?? 0;
+    final isCurrentAsset = ref.watch(assetViewerProvider.select((current) => current.currentAsset == asset));
 
     final assetContainerColor = context.isDarkTheme
         ? context.primaryColor.darken(amount: 0.4)
@@ -59,6 +61,10 @@ class _ThumbnailTileState extends ConsumerState<ThumbnailTile> {
     final bool storageIndicator =
         ref.watch(settingsProvider.select((s) => s.get(Setting.showStorageIndicator))) && widget.showStorageIndicator;
 
+    if (!isCurrentAsset) {
+      _hideIndicators = false;
+    }
+
     if (isSelected) {
       _showSelectionContainer = true;
     }
@@ -96,7 +102,11 @@ class _ThumbnailTileState extends ConsumerState<ThumbnailTile> {
               children: [
                 Positioned.fill(
                   child: Hero(
-                    tag: '${asset?.heroTag ?? ''}_$heroIndex',
+                    // This key resets the hero animation when the asset is changed in the asset viewer.
+                    // It doesn't seem like the best solution, and only works to reset the hero, not prime the hero of the new active asset for animation,
+                    // but other solutions have failed thus far.
+                    key: ValueKey(isCurrentAsset),
+                    tag: '${asset?.heroTag}_$heroIndex',
                     child: Thumbnail.fromAsset(asset: asset, size: widget.size),
                     // Placeholderbuilder used to hide indicators on first hero animation, since flightShuttleBuilder isn't called until both source and destination hero exist in widget tree.
                     placeholderBuilder: (context, heroSize, child) {

mobile/lib/providers/app_life_cycle.provider.dart

@@ -160,7 +160,7 @@ class AppLifeCycleNotifier extends StateNotifier<AppLifeCycleEnum> {
             _resumeBackup();
           }),
           _resumeBackup(),
-          backgroundManager.syncCloudIds(),
+          _safeRun(backgroundManager.syncCloudIds(), "syncCloudIds"),
         ]);
       } else {
         await _safeRun(backgroundManager.hashAssets(), "hashAssets");

mobile/lib/services/background_upload.service.dart

@@ -285,7 +285,12 @@ class BackgroundUploadService {
       return null;
     }
 
-    final fileName = await _assetMediaRepository.getOriginalFilename(asset.id) ?? asset.name;
+    String fileName = await _assetMediaRepository.getOriginalFilename(asset.id) ?? asset.name;
+    final hasExtension = p.extension(fileName).isNotEmpty;
+    if (!hasExtension) {
+      fileName = p.setExtension(fileName, p.extension(asset.name));
+    }
+
     final originalFileName = entity.isLivePhoto ? p.setExtension(fileName, p.extension(file.path)) : fileName;
 
     String metadata = UploadTaskMetadata(
@@ -307,10 +312,10 @@ class BackgroundUploadService {
       priority: priority,
       isFavorite: asset.isFavorite,
       requiresWiFi: requiresWiFi,
-      cloudId: asset.cloudId,
-      adjustmentTime: asset.adjustmentTime?.toIso8601String(),
-      latitude: asset.latitude?.toString(),
-      longitude: asset.longitude?.toString(),
+      cloudId: entity.isLivePhoto ? null : asset.cloudId,
+      adjustmentTime: entity.isLivePhoto ? null : asset.adjustmentTime?.toIso8601String(),
+      latitude: entity.isLivePhoto ? null : asset.latitude?.toString(),
+      longitude: entity.isLivePhoto ? null : asset.longitude?.toString(),
     );
   }
 

mobile/lib/services/foreground_upload.service.dart

@@ -16,6 +16,7 @@ import 'package:immich_mobile/platform/connectivity_api.g.dart';
 import 'package:immich_mobile/providers/app_settings.provider.dart';
 import 'package:immich_mobile/providers/infrastructure/platform.provider.dart';
 import 'package:immich_mobile/providers/infrastructure/storage.provider.dart';
+import 'package:immich_mobile/repositories/asset_media.repository.dart';
 import 'package:immich_mobile/repositories/upload.repository.dart';
 import 'package:immich_mobile/services/api.service.dart';
 import 'package:immich_mobile/services/app_settings.service.dart';
@@ -40,6 +41,7 @@ final foregroundUploadServiceProvider = Provider((ref) {
     ref.watch(backupRepositoryProvider),
     ref.watch(connectivityApiProvider),
     ref.watch(appSettingsServiceProvider),
+    ref.watch(assetMediaRepositoryProvider),
   );
 });
 
@@ -55,6 +57,7 @@ class ForegroundUploadService {
     this._backupRepository,
     this._connectivityApi,
     this._appSettingsService,
+    this._assetMediaRepository,
   );
 
   final UploadRepository _uploadRepository;
@@ -62,6 +65,7 @@ class ForegroundUploadService {
   final DriftBackupRepository _backupRepository;
   final ConnectivityApi _connectivityApi;
   final AppSettingsService _appSettingsService;
+  final AssetMediaRepository _assetMediaRepository;
   final Logger _logger = Logger('ForegroundUploadService');
 
   bool shouldAbortUpload = false;
@@ -311,7 +315,17 @@ class ForegroundUploadService {
         return;
       }
 
-      final originalFileName = entity.isLivePhoto ? p.setExtension(asset.name, p.extension(file.path)) : asset.name;
+      String fileName = await _assetMediaRepository.getOriginalFilename(asset.id) ?? asset.name;
+
+      /// Handle special file name from DJI or Fusion app
+      /// If the file name has no extension, likely due to special renaming template by specific apps
+      /// we append the original extension from the asset name
+      final hasExtension = p.extension(fileName).isNotEmpty;
+      if (!hasExtension) {
+        fileName = p.setExtension(fileName, p.extension(asset.name));
+      }
+
+      final originalFileName = entity.isLivePhoto ? p.setExtension(fileName, p.extension(file.path)) : fileName;
       final deviceId = Store.get(StoreKey.deviceId);
 
       final headers = ApiService.getRequestHeaders();
@@ -322,19 +336,6 @@ class ForegroundUploadService {
         'fileModifiedAt': asset.updatedAt.toUtc().toIso8601String(),
         'isFavorite': asset.isFavorite.toString(),
         'duration': asset.duration.toString(),
-        if (CurrentPlatform.isIOS && asset.cloudId != null)
-          'metadata': jsonEncode([
-            RemoteAssetMetadataItem(
-              key: RemoteAssetMetadataKey.mobileApp,
-              value: RemoteAssetMobileAppMetadata(
-                cloudId: asset.cloudId,
-                createdAt: asset.createdAt.toIso8601String(),
-                adjustmentTime: asset.adjustmentTime?.toIso8601String(),
-                latitude: asset.latitude?.toString(),
-                longitude: asset.longitude?.toString(),
-              ),
-            ),
-          ]),
       };
 
       // Upload live photo video first if available
@@ -363,6 +364,22 @@ class ForegroundUploadService {
         fields['livePhotoVideoId'] = livePhotoVideoId;
       }
 
+      // Add cloudId metadata only to the still image, not the motion video, becasue when the sync id happens, the motion video can get associated with the wrong still image.
+      if (CurrentPlatform.isIOS && asset.cloudId != null) {
+        fields['metadata'] = jsonEncode([
+          RemoteAssetMetadataItem(
+            key: RemoteAssetMetadataKey.mobileApp,
+            value: RemoteAssetMobileAppMetadata(
+              cloudId: asset.cloudId,
+              createdAt: asset.createdAt.toIso8601String(),
+              adjustmentTime: asset.adjustmentTime?.toIso8601String(),
+              latitude: asset.latitude?.toString(),
+              longitude: asset.longitude?.toString(),
+            ),
+          ),
+        ]);
+      }
+
       final result = await _uploadRepository.uploadFile(
         file: file,
         originalFileName: originalFileName,

mobile/lib/widgets/settings/backup_settings/drift_backup_settings.dart

@@ -326,7 +326,7 @@ class _BackupDelaySliderState extends ConsumerState<_BackupDelaySlider> {
       crossAxisAlignment: CrossAxisAlignment.start,
       children: [
         Padding(
-          padding: const EdgeInsets.only(left: 16.0, top: 8.0),
+          padding: const EdgeInsets.only(left: 24.0, top: 8.0),
           child: Text(
             'backup_controller_page_background_delay'.tr(
               namedArgs: {'duration': formatBackupDelaySliderValue(currentValue)},

mobile/openapi/README.md

@@ -138,6 +138,11 @@ Class | Method | HTTP request | Description
 *AuthenticationApi* | [**unlockAuthSession**](doc//AuthenticationApi.md#unlockauthsession) | **POST** /auth/session/unlock | Unlock auth session
 *AuthenticationApi* | [**validateAccessToken**](doc//AuthenticationApi.md#validateaccesstoken) | **POST** /auth/validateToken | Validate access token
 *AuthenticationAdminApi* | [**unlinkAllOAuthAccountsAdmin**](doc//AuthenticationAdminApi.md#unlinkalloauthaccountsadmin) | **POST** /admin/auth/unlink-all | Unlink all OAuth accounts
+*DatabaseBackupsAdminApi* | [**deleteDatabaseBackup**](doc//DatabaseBackupsAdminApi.md#deletedatabasebackup) | **DELETE** /admin/database-backups | Delete database backup
+*DatabaseBackupsAdminApi* | [**downloadDatabaseBackup**](doc//DatabaseBackupsAdminApi.md#downloaddatabasebackup) | **GET** /admin/database-backups/{filename} | Download database backup
+*DatabaseBackupsAdminApi* | [**listDatabaseBackups**](doc//DatabaseBackupsAdminApi.md#listdatabasebackups) | **GET** /admin/database-backups | List database backups
+*DatabaseBackupsAdminApi* | [**startDatabaseRestoreFlow**](doc//DatabaseBackupsAdminApi.md#startdatabaserestoreflow) | **POST** /admin/database-backups/start-restore | Start database backup restore flow
+*DatabaseBackupsAdminApi* | [**uploadDatabaseBackup**](doc//DatabaseBackupsAdminApi.md#uploaddatabasebackup) | **POST** /admin/database-backups/upload | Upload database backup
 *DeprecatedApi* | [**createPartnerDeprecated**](doc//DeprecatedApi.md#createpartnerdeprecated) | **POST** /partners/{id} | Create a partner
 *DeprecatedApi* | [**getAllUserAssetsByDeviceId**](doc//DeprecatedApi.md#getalluserassetsbydeviceid) | **GET** /assets/device/{deviceId} | Retrieve assets by device ID
 *DeprecatedApi* | [**getDeltaSync**](doc//DeprecatedApi.md#getdeltasync) | **POST** /sync/delta-sync | Get delta sync for user
@@ -166,6 +171,8 @@ Class | Method | HTTP request | Description
 *LibrariesApi* | [**scanLibrary**](doc//LibrariesApi.md#scanlibrary) | **POST** /libraries/{id}/scan | Scan a library
 *LibrariesApi* | [**updateLibrary**](doc//LibrariesApi.md#updatelibrary) | **PUT** /libraries/{id} | Update a library
 *LibrariesApi* | [**validate**](doc//LibrariesApi.md#validate) | **POST** /libraries/{id}/validate | Validate library settings
+*MaintenanceAdminApi* | [**detectPriorInstall**](doc//MaintenanceAdminApi.md#detectpriorinstall) | **GET** /admin/maintenance/detect-install | Detect existing install
+*MaintenanceAdminApi* | [**getMaintenanceStatus**](doc//MaintenanceAdminApi.md#getmaintenancestatus) | **GET** /admin/maintenance/status | Get maintenance mode status
 *MaintenanceAdminApi* | [**maintenanceLogin**](doc//MaintenanceAdminApi.md#maintenancelogin) | **POST** /admin/maintenance/login | Log into maintenance mode
 *MaintenanceAdminApi* | [**setMaintenanceMode**](doc//MaintenanceAdminApi.md#setmaintenancemode) | **POST** /admin/maintenance | Set maintenance mode
 *MapApi* | [**getMapMarkers**](doc//MapApi.md#getmapmarkers) | **GET** /map/markers | Retrieve map markers
@@ -405,6 +412,9 @@ Class | Method | HTTP request | Description
  - [CreateProfileImageResponseDto](doc//CreateProfileImageResponseDto.md)
  - [CropParameters](doc//CropParameters.md)
  - [DatabaseBackupConfig](doc//DatabaseBackupConfig.md)
+ - [DatabaseBackupDeleteDto](doc//DatabaseBackupDeleteDto.md)
+ - [DatabaseBackupDto](doc//DatabaseBackupDto.md)
+ - [DatabaseBackupListResponseDto](doc//DatabaseBackupListResponseDto.md)
  - [DownloadArchiveInfo](doc//DownloadArchiveInfo.md)
  - [DownloadInfoDto](doc//DownloadInfoDto.md)
  - [DownloadResponse](doc//DownloadResponse.md)
@@ -434,7 +444,10 @@ Class | Method | HTTP request | Description
  - [MachineLearningAvailabilityChecksDto](doc//MachineLearningAvailabilityChecksDto.md)
  - [MaintenanceAction](doc//MaintenanceAction.md)
  - [MaintenanceAuthDto](doc//MaintenanceAuthDto.md)
+ - [MaintenanceDetectInstallResponseDto](doc//MaintenanceDetectInstallResponseDto.md)
+ - [MaintenanceDetectInstallStorageFolderDto](doc//MaintenanceDetectInstallStorageFolderDto.md)
  - [MaintenanceLoginDto](doc//MaintenanceLoginDto.md)
+ - [MaintenanceStatusResponseDto](doc//MaintenanceStatusResponseDto.md)
  - [ManualJobName](doc//ManualJobName.md)
  - [MapMarkerResponseDto](doc//MapMarkerResponseDto.md)
  - [MapReverseGeocodeResponseDto](doc//MapReverseGeocodeResponseDto.md)
@@ -550,6 +563,7 @@ Class | Method | HTTP request | Description
  - [StackResponseDto](doc//StackResponseDto.md)
  - [StackUpdateDto](doc//StackUpdateDto.md)
  - [StatisticsSearchDto](doc//StatisticsSearchDto.md)
+ - [StorageFolder](doc//StorageFolder.md)
  - [SyncAckDeleteDto](doc//SyncAckDeleteDto.md)
  - [SyncAckDto](doc//SyncAckDto.md)
  - [SyncAckSetDto](doc//SyncAckSetDto.md)

mobile/openapi/lib/api.dart

@@ -36,6 +36,7 @@ part 'api/albums_api.dart';
 part 'api/assets_api.dart';
 part 'api/authentication_api.dart';
 part 'api/authentication_admin_api.dart';
+part 'api/database_backups_admin_api.dart';
 part 'api/deprecated_api.dart';
 part 'api/download_api.dart';
 part 'api/duplicates_api.dart';
@@ -151,6 +152,9 @@ part 'model/create_library_dto.dart';
 part 'model/create_profile_image_response_dto.dart';
 part 'model/crop_parameters.dart';
 part 'model/database_backup_config.dart';
+part 'model/database_backup_delete_dto.dart';
+part 'model/database_backup_dto.dart';
+part 'model/database_backup_list_response_dto.dart';
 part 'model/download_archive_info.dart';
 part 'model/download_info_dto.dart';
 part 'model/download_response.dart';
@@ -180,7 +184,10 @@ part 'model/logout_response_dto.dart';
 part 'model/machine_learning_availability_checks_dto.dart';
 part 'model/maintenance_action.dart';
 part 'model/maintenance_auth_dto.dart';
+part 'model/maintenance_detect_install_response_dto.dart';
+part 'model/maintenance_detect_install_storage_folder_dto.dart';
 part 'model/maintenance_login_dto.dart';
+part 'model/maintenance_status_response_dto.dart';
 part 'model/manual_job_name.dart';
 part 'model/map_marker_response_dto.dart';
 part 'model/map_reverse_geocode_response_dto.dart';
@@ -296,6 +303,7 @@ part 'model/stack_create_dto.dart';
 part 'model/stack_response_dto.dart';
 part 'model/stack_update_dto.dart';
 part 'model/statistics_search_dto.dart';
+part 'model/storage_folder.dart';
 part 'model/sync_ack_delete_dto.dart';
 part 'model/sync_ack_dto.dart';
 part 'model/sync_ack_set_dto.dart';

mobile/openapi/lib/api/database_backups_admin_api.dart

@@ -0,0 +1,269 @@
+//
+// AUTO-GENERATED FILE, DO NOT MODIFY!
+//
+// @dart=2.18
+
+// ignore_for_file: unused_element, unused_import
+// ignore_for_file: always_put_required_named_parameters_first
+// ignore_for_file: constant_identifier_names
+// ignore_for_file: lines_longer_than_80_chars
+
+part of openapi.api;
+
+
+class DatabaseBackupsAdminApi {
+  DatabaseBackupsAdminApi([ApiClient? apiClient]) : apiClient = apiClient ?? defaultApiClient;
+
+  final ApiClient apiClient;
+
+  /// Delete database backup
+  ///
+  /// Delete a backup by its filename
+  ///
+  /// Note: This method returns the HTTP [Response].
+  ///
+  /// Parameters:
+  ///
+  /// * [DatabaseBackupDeleteDto] databaseBackupDeleteDto (required):
+  Future<Response> deleteDatabaseBackupWithHttpInfo(DatabaseBackupDeleteDto databaseBackupDeleteDto,) async {
+    // ignore: prefer_const_declarations
+    final apiPath = r'/admin/database-backups';
+
+    // ignore: prefer_final_locals
+    Object? postBody = databaseBackupDeleteDto;
+
+    final queryParams = <QueryParam>[];
+    final headerParams = <String, String>{};
+    final formParams = <String, String>{};
+
+    const contentTypes = <String>['application/json'];
+
+
+    return apiClient.invokeAPI(
+      apiPath,
+      'DELETE',
+      queryParams,
+      postBody,
+      headerParams,
+      formParams,
+      contentTypes.isEmpty ? null : contentTypes.first,
+    );
+  }
+
+  /// Delete database backup
+  ///
+  /// Delete a backup by its filename
+  ///
+  /// Parameters:
+  ///
+  /// * [DatabaseBackupDeleteDto] databaseBackupDeleteDto (required):
+  Future<void> deleteDatabaseBackup(DatabaseBackupDeleteDto databaseBackupDeleteDto,) async {
+    final response = await deleteDatabaseBackupWithHttpInfo(databaseBackupDeleteDto,);
+    if (response.statusCode >= HttpStatus.badRequest) {
+      throw ApiException(response.statusCode, await _decodeBodyBytes(response));
+    }
+  }
+
+  /// Download database backup
+  ///
+  /// Downloads the database backup file
+  ///
+  /// Note: This method returns the HTTP [Response].
+  ///
+  /// Parameters:
+  ///
+  /// * [String] filename (required):
+  Future<Response> downloadDatabaseBackupWithHttpInfo(String filename,) async {
+    // ignore: prefer_const_declarations
+    final apiPath = r'/admin/database-backups/{filename}'
+      .replaceAll('{filename}', filename);
+
+    // ignore: prefer_final_locals
+    Object? postBody;
+
+    final queryParams = <QueryParam>[];
+    final headerParams = <String, String>{};
+    final formParams = <String, String>{};
+
+    const contentTypes = <String>[];
+
+
+    return apiClient.invokeAPI(
+      apiPath,
+      'GET',
+      queryParams,
+      postBody,
+      headerParams,
+      formParams,
+      contentTypes.isEmpty ? null : contentTypes.first,
+    );
+  }
+
+  /// Download database backup
+  ///
+  /// Downloads the database backup file
+  ///
+  /// Parameters:
+  ///
+  /// * [String] filename (required):
+  Future<MultipartFile?> downloadDatabaseBackup(String filename,) async {
+    final response = await downloadDatabaseBackupWithHttpInfo(filename,);
+    if (response.statusCode >= HttpStatus.badRequest) {
+      throw ApiException(response.statusCode, await _decodeBodyBytes(response));
+    }
+    // When a remote server returns no body with a status of 204, we shall not decode it.
+    // At the time of writing this, `dart:convert` will throw an "Unexpected end of input"
+    // FormatException when trying to decode an empty string.
+    if (response.body.isNotEmpty && response.statusCode != HttpStatus.noContent) {
+      return await apiClient.deserializeAsync(await _decodeBodyBytes(response), 'MultipartFile',) as MultipartFile;
+    
+    }
+    return null;
+  }
+
+  /// List database backups
+  ///
+  /// Get the list of the successful and failed backups
+  ///
+  /// Note: This method returns the HTTP [Response].
+  Future<Response> listDatabaseBackupsWithHttpInfo() async {
+    // ignore: prefer_const_declarations
+    final apiPath = r'/admin/database-backups';
+
+    // ignore: prefer_final_locals
+    Object? postBody;
+
+    final queryParams = <QueryParam>[];
+    final headerParams = <String, String>{};
+    final formParams = <String, String>{};
+
+    const contentTypes = <String>[];
+
+
+    return apiClient.invokeAPI(
+      apiPath,
+      'GET',
+      queryParams,
+      postBody,
+      headerParams,
+      formParams,
+      contentTypes.isEmpty ? null : contentTypes.first,
+    );
+  }
+
+  /// List database backups
+  ///
+  /// Get the list of the successful and failed backups
+  Future<DatabaseBackupListResponseDto?> listDatabaseBackups() async {
+    final response = await listDatabaseBackupsWithHttpInfo();
+    if (response.statusCode >= HttpStatus.badRequest) {
+      throw ApiException(response.statusCode, await _decodeBodyBytes(response));
+    }
+    // When a remote server returns no body with a status of 204, we shall not decode it.
+    // At the time of writing this, `dart:convert` will throw an "Unexpected end of input"
+    // FormatException when trying to decode an empty string.
+    if (response.body.isNotEmpty && response.statusCode != HttpStatus.noContent) {
+      return await apiClient.deserializeAsync(await _decodeBodyBytes(response), 'DatabaseBackupListResponseDto',) as DatabaseBackupListResponseDto;
+    
+    }
+    return null;
+  }
+
+  /// Start database backup restore flow
+  ///
+  /// Put Immich into maintenance mode to restore a backup (Immich must not be configured)
+  ///
+  /// Note: This method returns the HTTP [Response].
+  Future<Response> startDatabaseRestoreFlowWithHttpInfo() async {
+    // ignore: prefer_const_declarations
+    final apiPath = r'/admin/database-backups/start-restore';
+
+    // ignore: prefer_final_locals
+    Object? postBody;
+
+    final queryParams = <QueryParam>[];
+    final headerParams = <String, String>{};
+    final formParams = <String, String>{};
+
+    const contentTypes = <String>[];
+
+
+    return apiClient.invokeAPI(
+      apiPath,
+      'POST',
+      queryParams,
+      postBody,
+      headerParams,
+      formParams,
+      contentTypes.isEmpty ? null : contentTypes.first,
+    );
+  }
+
+  /// Start database backup restore flow
+  ///
+  /// Put Immich into maintenance mode to restore a backup (Immich must not be configured)
+  Future<void> startDatabaseRestoreFlow() async {
+    final response = await startDatabaseRestoreFlowWithHttpInfo();
+    if (response.statusCode >= HttpStatus.badRequest) {
+      throw ApiException(response.statusCode, await _decodeBodyBytes(response));
+    }
+  }
+
+  /// Upload database backup
+  ///
+  /// Uploads .sql/.sql.gz file to restore backup from
+  ///
+  /// Note: This method returns the HTTP [Response].
+  ///
+  /// Parameters:
+  ///
+  /// * [MultipartFile] file:
+  Future<Response> uploadDatabaseBackupWithHttpInfo({ MultipartFile? file, }) async {
+    // ignore: prefer_const_declarations
+    final apiPath = r'/admin/database-backups/upload';
+
+    // ignore: prefer_final_locals
+    Object? postBody;
+
+    final queryParams = <QueryParam>[];
+    final headerParams = <String, String>{};
+    final formParams = <String, String>{};
+
+    const contentTypes = <String>['multipart/form-data'];
+
+    bool hasFields = false;
+    final mp = MultipartRequest('POST', Uri.parse(apiPath));
+    if (file != null) {
+      hasFields = true;
+      mp.fields[r'file'] = file.field;
+      mp.files.add(file);
+    }
+    if (hasFields) {
+      postBody = mp;
+    }
+
+    return apiClient.invokeAPI(
+      apiPath,
+      'POST',
+      queryParams,
+      postBody,
+      headerParams,
+      formParams,
+      contentTypes.isEmpty ? null : contentTypes.first,
+    );
+  }
+
+  /// Upload database backup
+  ///
+  /// Uploads .sql/.sql.gz file to restore backup from
+  ///
+  /// Parameters:
+  ///
+  /// * [MultipartFile] file:
+  Future<void> uploadDatabaseBackup({ MultipartFile? file, }) async {
+    final response = await uploadDatabaseBackupWithHttpInfo( file: file, );
+    if (response.statusCode >= HttpStatus.badRequest) {
+      throw ApiException(response.statusCode, await _decodeBodyBytes(response));
+    }
+  }
+}

mobile/openapi/lib/api/maintenance_admin_api.dart

@@ -16,6 +16,102 @@ class MaintenanceAdminApi {
 
   final ApiClient apiClient;
 
+  /// Detect existing install
+  ///
+  /// Collect integrity checks and other heuristics about local data.
+  ///
+  /// Note: This method returns the HTTP [Response].
+  Future<Response> detectPriorInstallWithHttpInfo() async {
+    // ignore: prefer_const_declarations
+    final apiPath = r'/admin/maintenance/detect-install';
+
+    // ignore: prefer_final_locals
+    Object? postBody;
+
+    final queryParams = <QueryParam>[];
+    final headerParams = <String, String>{};
+    final formParams = <String, String>{};
+
+    const contentTypes = <String>[];
+
+
+    return apiClient.invokeAPI(
+      apiPath,
+      'GET',
+      queryParams,
+      postBody,
+      headerParams,
+      formParams,
+      contentTypes.isEmpty ? null : contentTypes.first,
+    );
+  }
+
+  /// Detect existing install
+  ///
+  /// Collect integrity checks and other heuristics about local data.
+  Future<MaintenanceDetectInstallResponseDto?> detectPriorInstall() async {
+    final response = await detectPriorInstallWithHttpInfo();
+    if (response.statusCode >= HttpStatus.badRequest) {
+      throw ApiException(response.statusCode, await _decodeBodyBytes(response));
+    }
+    // When a remote server returns no body with a status of 204, we shall not decode it.
+    // At the time of writing this, `dart:convert` will throw an "Unexpected end of input"
+    // FormatException when trying to decode an empty string.
+    if (response.body.isNotEmpty && response.statusCode != HttpStatus.noContent) {
+      return await apiClient.deserializeAsync(await _decodeBodyBytes(response), 'MaintenanceDetectInstallResponseDto',) as MaintenanceDetectInstallResponseDto;
+    
+    }
+    return null;
+  }
+
+  /// Get maintenance mode status
+  ///
+  /// Fetch information about the currently running maintenance action.
+  ///
+  /// Note: This method returns the HTTP [Response].
+  Future<Response> getMaintenanceStatusWithHttpInfo() async {
+    // ignore: prefer_const_declarations
+    final apiPath = r'/admin/maintenance/status';
+
+    // ignore: prefer_final_locals
+    Object? postBody;
+
+    final queryParams = <QueryParam>[];
+    final headerParams = <String, String>{};
+    final formParams = <String, String>{};
+
+    const contentTypes = <String>[];
+
+
+    return apiClient.invokeAPI(
+      apiPath,
+      'GET',
+      queryParams,
+      postBody,
+      headerParams,
+      formParams,
+      contentTypes.isEmpty ? null : contentTypes.first,
+    );
+  }
+
+  /// Get maintenance mode status
+  ///
+  /// Fetch information about the currently running maintenance action.
+  Future<MaintenanceStatusResponseDto?> getMaintenanceStatus() async {
+    final response = await getMaintenanceStatusWithHttpInfo();
+    if (response.statusCode >= HttpStatus.badRequest) {
+      throw ApiException(response.statusCode, await _decodeBodyBytes(response));
+    }
+    // When a remote server returns no body with a status of 204, we shall not decode it.
+    // At the time of writing this, `dart:convert` will throw an "Unexpected end of input"
+    // FormatException when trying to decode an empty string.
+    if (response.body.isNotEmpty && response.statusCode != HttpStatus.noContent) {
+      return await apiClient.deserializeAsync(await _decodeBodyBytes(response), 'MaintenanceStatusResponseDto',) as MaintenanceStatusResponseDto;
+    
+    }
+    return null;
+  }
+
   /// Log into maintenance mode
   ///
   /// Login with maintenance token or cookie to receive current information and perform further actions.

mobile/openapi/lib/api_client.dart

@@ -350,6 +350,12 @@ class ApiClient {
           return CropParameters.fromJson(value);
         case 'DatabaseBackupConfig':
           return DatabaseBackupConfig.fromJson(value);
+        case 'DatabaseBackupDeleteDto':
+          return DatabaseBackupDeleteDto.fromJson(value);
+        case 'DatabaseBackupDto':
+          return DatabaseBackupDto.fromJson(value);
+        case 'DatabaseBackupListResponseDto':
+          return DatabaseBackupListResponseDto.fromJson(value);
         case 'DownloadArchiveInfo':
           return DownloadArchiveInfo.fromJson(value);
         case 'DownloadInfoDto':
@@ -408,8 +414,14 @@ class ApiClient {
           return MaintenanceActionTypeTransformer().decode(value);
         case 'MaintenanceAuthDto':
           return MaintenanceAuthDto.fromJson(value);
+        case 'MaintenanceDetectInstallResponseDto':
+          return MaintenanceDetectInstallResponseDto.fromJson(value);
+        case 'MaintenanceDetectInstallStorageFolderDto':
+          return MaintenanceDetectInstallStorageFolderDto.fromJson(value);
         case 'MaintenanceLoginDto':
           return MaintenanceLoginDto.fromJson(value);
+        case 'MaintenanceStatusResponseDto':
+          return MaintenanceStatusResponseDto.fromJson(value);
         case 'ManualJobName':
           return ManualJobNameTypeTransformer().decode(value);
         case 'MapMarkerResponseDto':
@@ -640,6 +652,8 @@ class ApiClient {
           return StackUpdateDto.fromJson(value);
         case 'StatisticsSearchDto':
           return StatisticsSearchDto.fromJson(value);
+        case 'StorageFolder':
+          return StorageFolderTypeTransformer().decode(value);
         case 'SyncAckDeleteDto':
           return SyncAckDeleteDto.fromJson(value);
         case 'SyncAckDto':

mobile/openapi/lib/api_helper.dart

@@ -160,6 +160,9 @@ String parameterToString(dynamic value) {
   if (value is SourceType) {
     return SourceTypeTypeTransformer().encode(value).toString();
   }
+  if (value is StorageFolder) {
+    return StorageFolderTypeTransformer().encode(value).toString();
+  }
   if (value is SyncEntityType) {
     return SyncEntityTypeTypeTransformer().encode(value).toString();
   }

mobile/openapi/lib/model/database_backup_delete_dto.dart

@@ -0,0 +1,101 @@
+//
+// AUTO-GENERATED FILE, DO NOT MODIFY!
+//
+// @dart=2.18
+
+// ignore_for_file: unused_element, unused_import
+// ignore_for_file: always_put_required_named_parameters_first
+// ignore_for_file: constant_identifier_names
+// ignore_for_file: lines_longer_than_80_chars
+
+part of openapi.api;
+
+class DatabaseBackupDeleteDto {
+  /// Returns a new [DatabaseBackupDeleteDto] instance.
+  DatabaseBackupDeleteDto({
+    this.backups = const [],
+  });
+
+  List<String> backups;
+
+  @override
+  bool operator ==(Object other) => identical(this, other) || other is DatabaseBackupDeleteDto &&
+    _deepEquality.equals(other.backups, backups);
+
+  @override
+  int get hashCode =>
+    // ignore: unnecessary_parenthesis
+    (backups.hashCode);
+
+  @override
+  String toString() => 'DatabaseBackupDeleteDto[backups=$backups]';
+
+  Map<String, dynamic> toJson() {
+    final json = <String, dynamic>{};
+      json[r'backups'] = this.backups;
+    return json;
+  }
+
+  /// Returns a new [DatabaseBackupDeleteDto] instance and imports its values from
+  /// [value] if it's a [Map], null otherwise.
+  // ignore: prefer_constructors_over_static_methods
+  static DatabaseBackupDeleteDto? fromJson(dynamic value) {
+    upgradeDto(value, "DatabaseBackupDeleteDto");
+    if (value is Map) {
+      final json = value.cast<String, dynamic>();
+
+      return DatabaseBackupDeleteDto(
+        backups: json[r'backups'] is Iterable
+            ? (json[r'backups'] as Iterable).cast<String>().toList(growable: false)
+            : const [],
+      );
+    }
+    return null;
+  }
+
+  static List<DatabaseBackupDeleteDto> listFromJson(dynamic json, {bool growable = false,}) {
+    final result = <DatabaseBackupDeleteDto>[];
+    if (json is List && json.isNotEmpty) {
+      for (final row in json) {
+        final value = DatabaseBackupDeleteDto.fromJson(row);
+        if (value != null) {
+          result.add(value);
+        }
+      }
+    }
+    return result.toList(growable: growable);
+  }
+
+  static Map<String, DatabaseBackupDeleteDto> mapFromJson(dynamic json) {
+    final map = <String, DatabaseBackupDeleteDto>{};
+    if (json is Map && json.isNotEmpty) {
+      json = json.cast<String, dynamic>(); // ignore: parameter_assignments
+      for (final entry in json.entries) {
+        final value = DatabaseBackupDeleteDto.fromJson(entry.value);
+        if (value != null) {
+          map[entry.key] = value;
+        }
+      }
+    }
+    return map;
+  }
+
+  // maps a json object with a list of DatabaseBackupDeleteDto-objects as value to a dart map
+  static Map<String, List<DatabaseBackupDeleteDto>> mapListFromJson(dynamic json, {bool growable = false,}) {
+    final map = <String, List<DatabaseBackupDeleteDto>>{};
+    if (json is Map && json.isNotEmpty) {
+      // ignore: parameter_assignments
+      json = json.cast<String, dynamic>();
+      for (final entry in json.entries) {
+        map[entry.key] = DatabaseBackupDeleteDto.listFromJson(entry.value, growable: growable,);
+      }
+    }
+    return map;
+  }
+
+  /// The list of required keys that must be present in a JSON.
+  static const requiredKeys = <String>{
+    'backups',
+  };
+}
+

mobile/openapi/lib/model/database_backup_dto.dart

@@ -0,0 +1,107 @@
+//
+// AUTO-GENERATED FILE, DO NOT MODIFY!
+//
+// @dart=2.18
+
+// ignore_for_file: unused_element, unused_import
+// ignore_for_file: always_put_required_named_parameters_first
+// ignore_for_file: constant_identifier_names
+// ignore_for_file: lines_longer_than_80_chars
+
+part of openapi.api;
+
+class DatabaseBackupDto {
+  /// Returns a new [DatabaseBackupDto] instance.
+  DatabaseBackupDto({
+    required this.filename,
+    required this.filesize,
+  });
+
+  String filename;
+
+  num filesize;
+
+  @override
+  bool operator ==(Object other) => identical(this, other) || other is DatabaseBackupDto &&
+    other.filename == filename &&
+    other.filesize == filesize;
+
+  @override
+  int get hashCode =>
+    // ignore: unnecessary_parenthesis
+    (filename.hashCode) +
+    (filesize.hashCode);
+
+  @override
+  String toString() => 'DatabaseBackupDto[filename=$filename, filesize=$filesize]';
+
+  Map<String, dynamic> toJson() {
+    final json = <String, dynamic>{};
+      json[r'filename'] = this.filename;
+      json[r'filesize'] = this.filesize;
+    return json;
+  }
+
+  /// Returns a new [DatabaseBackupDto] instance and imports its values from
+  /// [value] if it's a [Map], null otherwise.
+  // ignore: prefer_constructors_over_static_methods
+  static DatabaseBackupDto? fromJson(dynamic value) {
+    upgradeDto(value, "DatabaseBackupDto");
+    if (value is Map) {
+      final json = value.cast<String, dynamic>();
+
+      return DatabaseBackupDto(
+        filename: mapValueOfType<String>(json, r'filename')!,
+        filesize: num.parse('${json[r'filesize']}'),
+      );
+    }
+    return null;
+  }
+
+  static List<DatabaseBackupDto> listFromJson(dynamic json, {bool growable = false,}) {
+    final result = <DatabaseBackupDto>[];
+    if (json is List && json.isNotEmpty) {
+      for (final row in json) {
+        final value = DatabaseBackupDto.fromJson(row);
+        if (value != null) {
+          result.add(value);
+        }
+      }
+    }
+    return result.toList(growable: growable);
+  }
+
+  static Map<String, DatabaseBackupDto> mapFromJson(dynamic json) {
+    final map = <String, DatabaseBackupDto>{};
+    if (json is Map && json.isNotEmpty) {
+      json = json.cast<String, dynamic>(); // ignore: parameter_assignments
+      for (final entry in json.entries) {
+        final value = DatabaseBackupDto.fromJson(entry.value);
+        if (value != null) {
+          map[entry.key] = value;
+        }
+      }
+    }
+    return map;
+  }
+
+  // maps a json object with a list of DatabaseBackupDto-objects as value to a dart map
+  static Map<String, List<DatabaseBackupDto>> mapListFromJson(dynamic json, {bool growable = false,}) {
+    final map = <String, List<DatabaseBackupDto>>{};
+    if (json is Map && json.isNotEmpty) {
+      // ignore: parameter_assignments
+      json = json.cast<String, dynamic>();
+      for (final entry in json.entries) {
+        map[entry.key] = DatabaseBackupDto.listFromJson(entry.value, growable: growable,);
+      }
+    }
+    return map;
+  }
+
+  /// The list of required keys that must be present in a JSON.
+  static const requiredKeys = <String>{
+    'filename',
+    'filesize',
+  };
+}
+

mobile/openapi/lib/model/database_backup_list_response_dto.dart

@@ -0,0 +1,99 @@
+//
+// AUTO-GENERATED FILE, DO NOT MODIFY!
+//
+// @dart=2.18
+
+// ignore_for_file: unused_element, unused_import
+// ignore_for_file: always_put_required_named_parameters_first
+// ignore_for_file: constant_identifier_names
+// ignore_for_file: lines_longer_than_80_chars
+
+part of openapi.api;
+
+class DatabaseBackupListResponseDto {
+  /// Returns a new [DatabaseBackupListResponseDto] instance.
+  DatabaseBackupListResponseDto({
+    this.backups = const [],
+  });
+
+  List<DatabaseBackupDto> backups;
+
+  @override
+  bool operator ==(Object other) => identical(this, other) || other is DatabaseBackupListResponseDto &&
+    _deepEquality.equals(other.backups, backups);
+
+  @override
+  int get hashCode =>
+    // ignore: unnecessary_parenthesis
+    (backups.hashCode);
+
+  @override
+  String toString() => 'DatabaseBackupListResponseDto[backups=$backups]';
+
+  Map<String, dynamic> toJson() {
+    final json = <String, dynamic>{};
+      json[r'backups'] = this.backups;
+    return json;
+  }
+
+  /// Returns a new [DatabaseBackupListResponseDto] instance and imports its values from
+  /// [value] if it's a [Map], null otherwise.
+  // ignore: prefer_constructors_over_static_methods
+  static DatabaseBackupListResponseDto? fromJson(dynamic value) {
+    upgradeDto(value, "DatabaseBackupListResponseDto");
+    if (value is Map) {
+      final json = value.cast<String, dynamic>();
+
+      return DatabaseBackupListResponseDto(
+        backups: DatabaseBackupDto.listFromJson(json[r'backups']),
+      );
+    }
+    return null;
+  }
+
+  static List<DatabaseBackupListResponseDto> listFromJson(dynamic json, {bool growable = false,}) {
+    final result = <DatabaseBackupListResponseDto>[];
+    if (json is List && json.isNotEmpty) {
+      for (final row in json) {
+        final value = DatabaseBackupListResponseDto.fromJson(row);
+        if (value != null) {
+          result.add(value);
+        }
+      }
+    }
+    return result.toList(growable: growable);
+  }
+
+  static Map<String, DatabaseBackupListResponseDto> mapFromJson(dynamic json) {
+    final map = <String, DatabaseBackupListResponseDto>{};
+    if (json is Map && json.isNotEmpty) {
+      json = json.cast<String, dynamic>(); // ignore: parameter_assignments
+      for (final entry in json.entries) {
+        final value = DatabaseBackupListResponseDto.fromJson(entry.value);
+        if (value != null) {
+          map[entry.key] = value;
+        }
+      }
+    }
+    return map;
+  }
+
+  // maps a json object with a list of DatabaseBackupListResponseDto-objects as value to a dart map
+  static Map<String, List<DatabaseBackupListResponseDto>> mapListFromJson(dynamic json, {bool growable = false,}) {
+    final map = <String, List<DatabaseBackupListResponseDto>>{};
+    if (json is Map && json.isNotEmpty) {
+      // ignore: parameter_assignments
+      json = json.cast<String, dynamic>();
+      for (final entry in json.entries) {
+        map[entry.key] = DatabaseBackupListResponseDto.listFromJson(entry.value, growable: growable,);
+      }
+    }
+    return map;
+  }
+
+  /// The list of required keys that must be present in a JSON.
+  static const requiredKeys = <String>{
+    'backups',
+  };
+}
+

mobile/openapi/lib/model/maintenance_action.dart

@@ -25,11 +25,15 @@ class MaintenanceAction {
 
   static const start = MaintenanceAction._(r'start');
   static const end = MaintenanceAction._(r'end');
+  static const selectDatabaseRestore = MaintenanceAction._(r'select_database_restore');
+  static const restoreDatabase = MaintenanceAction._(r'restore_database');
 
   /// List of all possible values in this [enum][MaintenanceAction].
   static const values = <MaintenanceAction>[
     start,
     end,
+    selectDatabaseRestore,
+    restoreDatabase,
   ];
 
   static MaintenanceAction? fromJson(dynamic value) => MaintenanceActionTypeTransformer().decode(value);
@@ -70,6 +74,8 @@ class MaintenanceActionTypeTransformer {
       switch (data) {
         case r'start': return MaintenanceAction.start;
         case r'end': return MaintenanceAction.end;
+        case r'select_database_restore': return MaintenanceAction.selectDatabaseRestore;
+        case r'restore_database': return MaintenanceAction.restoreDatabase;
         default:
           if (!allowNull) {
             throw ArgumentError('Unknown enum value to decode: $data');

mobile/openapi/lib/model/maintenance_detect_install_response_dto.dart

@@ -0,0 +1,99 @@
+//
+// AUTO-GENERATED FILE, DO NOT MODIFY!
+//
+// @dart=2.18
+
+// ignore_for_file: unused_element, unused_import
+// ignore_for_file: always_put_required_named_parameters_first
+// ignore_for_file: constant_identifier_names
+// ignore_for_file: lines_longer_than_80_chars
+
+part of openapi.api;
+
+class MaintenanceDetectInstallResponseDto {
+  /// Returns a new [MaintenanceDetectInstallResponseDto] instance.
+  MaintenanceDetectInstallResponseDto({
+    this.storage = const [],
+  });
+
+  List<MaintenanceDetectInstallStorageFolderDto> storage;
+
+  @override
+  bool operator ==(Object other) => identical(this, other) || other is MaintenanceDetectInstallResponseDto &&
+    _deepEquality.equals(other.storage, storage);
+
+  @override
+  int get hashCode =>
+    // ignore: unnecessary_parenthesis
+    (storage.hashCode);
+
+  @override
+  String toString() => 'MaintenanceDetectInstallResponseDto[storage=$storage]';
+
+  Map<String, dynamic> toJson() {
+    final json = <String, dynamic>{};
+      json[r'storage'] = this.storage;
+    return json;
+  }
+
+  /// Returns a new [MaintenanceDetectInstallResponseDto] instance and imports its values from
+  /// [value] if it's a [Map], null otherwise.
+  // ignore: prefer_constructors_over_static_methods
+  static MaintenanceDetectInstallResponseDto? fromJson(dynamic value) {
+    upgradeDto(value, "MaintenanceDetectInstallResponseDto");
+    if (value is Map) {
+      final json = value.cast<String, dynamic>();
+
+      return MaintenanceDetectInstallResponseDto(
+        storage: MaintenanceDetectInstallStorageFolderDto.listFromJson(json[r'storage']),
+      );
+    }
+    return null;
+  }
+
+  static List<MaintenanceDetectInstallResponseDto> listFromJson(dynamic json, {bool growable = false,}) {
+    final result = <MaintenanceDetectInstallResponseDto>[];
+    if (json is List && json.isNotEmpty) {
+      for (final row in json) {
+        final value = MaintenanceDetectInstallResponseDto.fromJson(row);
+        if (value != null) {
+          result.add(value);
+        }
+      }
+    }
+    return result.toList(growable: growable);
+  }
+
+  static Map<String, MaintenanceDetectInstallResponseDto> mapFromJson(dynamic json) {
+    final map = <String, MaintenanceDetectInstallResponseDto>{};
+    if (json is Map && json.isNotEmpty) {
+      json = json.cast<String, dynamic>(); // ignore: parameter_assignments
+      for (final entry in json.entries) {
+        final value = MaintenanceDetectInstallResponseDto.fromJson(entry.value);
+        if (value != null) {
+          map[entry.key] = value;
+        }
+      }
+    }
+    return map;
+  }
+
+  // maps a json object with a list of MaintenanceDetectInstallResponseDto-objects as value to a dart map
+  static Map<String, List<MaintenanceDetectInstallResponseDto>> mapListFromJson(dynamic json, {bool growable = false,}) {
+    final map = <String, List<MaintenanceDetectInstallResponseDto>>{};
+    if (json is Map && json.isNotEmpty) {
+      // ignore: parameter_assignments
+      json = json.cast<String, dynamic>();
+      for (final entry in json.entries) {
+        map[entry.key] = MaintenanceDetectInstallResponseDto.listFromJson(entry.value, growable: growable,);
+      }
+    }
+    return map;
+  }
+
+  /// The list of required keys that must be present in a JSON.
+  static const requiredKeys = <String>{
+    'storage',
+  };
+}
+

mobile/openapi/lib/model/maintenance_detect_install_storage_folder_dto.dart

@@ -0,0 +1,123 @@
+//
+// AUTO-GENERATED FILE, DO NOT MODIFY!
+//
+// @dart=2.18
+
+// ignore_for_file: unused_element, unused_import
+// ignore_for_file: always_put_required_named_parameters_first
+// ignore_for_file: constant_identifier_names
+// ignore_for_file: lines_longer_than_80_chars
+
+part of openapi.api;
+
+class MaintenanceDetectInstallStorageFolderDto {
+  /// Returns a new [MaintenanceDetectInstallStorageFolderDto] instance.
+  MaintenanceDetectInstallStorageFolderDto({
+    required this.files,
+    required this.folder,
+    required this.readable,
+    required this.writable,
+  });
+
+  num files;
+
+  StorageFolder folder;
+
+  bool readable;
+
+  bool writable;
+
+  @override
+  bool operator ==(Object other) => identical(this, other) || other is MaintenanceDetectInstallStorageFolderDto &&
+    other.files == files &&
+    other.folder == folder &&
+    other.readable == readable &&
+    other.writable == writable;
+
+  @override
+  int get hashCode =>
+    // ignore: unnecessary_parenthesis
+    (files.hashCode) +
+    (folder.hashCode) +
+    (readable.hashCode) +
+    (writable.hashCode);
+
+  @override
+  String toString() => 'MaintenanceDetectInstallStorageFolderDto[files=$files, folder=$folder, readable=$readable, writable=$writable]';
+
+  Map<String, dynamic> toJson() {
+    final json = <String, dynamic>{};
+      json[r'files'] = this.files;
+      json[r'folder'] = this.folder;
+      json[r'readable'] = this.readable;
+      json[r'writable'] = this.writable;
+    return json;
+  }
+
+  /// Returns a new [MaintenanceDetectInstallStorageFolderDto] instance and imports its values from
+  /// [value] if it's a [Map], null otherwise.
+  // ignore: prefer_constructors_over_static_methods
+  static MaintenanceDetectInstallStorageFolderDto? fromJson(dynamic value) {
+    upgradeDto(value, "MaintenanceDetectInstallStorageFolderDto");
+    if (value is Map) {
+      final json = value.cast<String, dynamic>();
+
+      return MaintenanceDetectInstallStorageFolderDto(
+        files: num.parse('${json[r'files']}'),
+        folder: StorageFolder.fromJson(json[r'folder'])!,
+        readable: mapValueOfType<bool>(json, r'readable')!,
+        writable: mapValueOfType<bool>(json, r'writable')!,
+      );
+    }
+    return null;
+  }
+
+  static List<MaintenanceDetectInstallStorageFolderDto> listFromJson(dynamic json, {bool growable = false,}) {
+    final result = <MaintenanceDetectInstallStorageFolderDto>[];
+    if (json is List && json.isNotEmpty) {
+      for (final row in json) {
+        final value = MaintenanceDetectInstallStorageFolderDto.fromJson(row);
+        if (value != null) {
+          result.add(value);
+        }
+      }
+    }
+    return result.toList(growable: growable);
+  }
+
+  static Map<String, MaintenanceDetectInstallStorageFolderDto> mapFromJson(dynamic json) {
+    final map = <String, MaintenanceDetectInstallStorageFolderDto>{};
+    if (json is Map && json.isNotEmpty) {
+      json = json.cast<String, dynamic>(); // ignore: parameter_assignments
+      for (final entry in json.entries) {
+        final value = MaintenanceDetectInstallStorageFolderDto.fromJson(entry.value);
+        if (value != null) {
+          map[entry.key] = value;
+        }
+      }
+    }
+    return map;
+  }
+
+  // maps a json object with a list of MaintenanceDetectInstallStorageFolderDto-objects as value to a dart map
+  static Map<String, List<MaintenanceDetectInstallStorageFolderDto>> mapListFromJson(dynamic json, {bool growable = false,}) {
+    final map = <String, List<MaintenanceDetectInstallStorageFolderDto>>{};
+    if (json is Map && json.isNotEmpty) {
+      // ignore: parameter_assignments
+      json = json.cast<String, dynamic>();
+      for (final entry in json.entries) {
+        map[entry.key] = MaintenanceDetectInstallStorageFolderDto.listFromJson(entry.value, growable: growable,);
+      }
+    }
+    return map;
+  }
+
+  /// The list of required keys that must be present in a JSON.
+  static const requiredKeys = <String>{
+    'files',
+    'folder',
+    'readable',
+    'writable',
+  };
+}
+

mobile/openapi/lib/model/maintenance_status_response_dto.dart

@@ -0,0 +1,158 @@
+//
+// AUTO-GENERATED FILE, DO NOT MODIFY!
+//
+// @dart=2.18
+
+// ignore_for_file: unused_element, unused_import
+// ignore_for_file: always_put_required_named_parameters_first
+// ignore_for_file: constant_identifier_names
+// ignore_for_file: lines_longer_than_80_chars
+
+part of openapi.api;
+
+class MaintenanceStatusResponseDto {
+  /// Returns a new [MaintenanceStatusResponseDto] instance.
+  MaintenanceStatusResponseDto({
+    required this.action,
+    required this.active,
+    this.error,
+    this.progress,
+    this.task,
+  });
+
+  MaintenanceAction action;
+
+  bool active;
+
+  ///
+  /// Please note: This property should have been non-nullable! Since the specification file
+  /// does not include a default value (using the "default:" property), however, the generated
+  /// source code must fall back to having a nullable type.
+  /// Consider adding a "default:" property in the specification file to hide this note.
+  ///
+  String? error;
+
+  ///
+  /// Please note: This property should have been non-nullable! Since the specification file
+  /// does not include a default value (using the "default:" property), however, the generated
+  /// source code must fall back to having a nullable type.
+  /// Consider adding a "default:" property in the specification file to hide this note.
+  ///
+  num? progress;
+
+  ///
+  /// Please note: This property should have been non-nullable! Since the specification file
+  /// does not include a default value (using the "default:" property), however, the generated
+  /// source code must fall back to having a nullable type.
+  /// Consider adding a "default:" property in the specification file to hide this note.
+  ///
+  String? task;
+
+  @override
+  bool operator ==(Object other) => identical(this, other) || other is MaintenanceStatusResponseDto &&
+    other.action == action &&
+    other.active == active &&
+    other.error == error &&
+    other.progress == progress &&
+    other.task == task;
+
+  @override
+  int get hashCode =>
+    // ignore: unnecessary_parenthesis
+    (action.hashCode) +
+    (active.hashCode) +
+    (error == null ? 0 : error!.hashCode) +
+    (progress == null ? 0 : progress!.hashCode) +
+    (task == null ? 0 : task!.hashCode);
+
+  @override
+  String toString() => 'MaintenanceStatusResponseDto[action=$action, active=$active, error=$error, progress=$progress, task=$task]';
+
+  Map<String, dynamic> toJson() {
+    final json = <String, dynamic>{};
+      json[r'action'] = this.action;
+      json[r'active'] = this.active;
+    if (this.error != null) {
+      json[r'error'] = this.error;
+    } else {
+    //  json[r'error'] = null;
+    }
+    if (this.progress != null) {
+      json[r'progress'] = this.progress;
+    } else {
+    //  json[r'progress'] = null;
+    }
+    if (this.task != null) {
+      json[r'task'] = this.task;
+    } else {
+    //  json[r'task'] = null;
+    }
+    return json;
+  }
+
+  /// Returns a new [MaintenanceStatusResponseDto] instance and imports its values from
+  /// [value] if it's a [Map], null otherwise.
+  // ignore: prefer_constructors_over_static_methods
+  static MaintenanceStatusResponseDto? fromJson(dynamic value) {
+    upgradeDto(value, "MaintenanceStatusResponseDto");
+    if (value is Map) {
+      final json = value.cast<String, dynamic>();
+
+      return MaintenanceStatusResponseDto(
+        action: MaintenanceAction.fromJson(json[r'action'])!,
+        active: mapValueOfType<bool>(json, r'active')!,
+        error: mapValueOfType<String>(json, r'error'),
+        progress: num.parse('${json[r'progress']}'),
+        task: mapValueOfType<String>(json, r'task'),
+      );
+    }
+    return null;
+  }
+
+  static List<MaintenanceStatusResponseDto> listFromJson(dynamic json, {bool growable = false,}) {
+    final result = <MaintenanceStatusResponseDto>[];
+    if (json is List && json.isNotEmpty) {
+      for (final row in json) {
+        final value = MaintenanceStatusResponseDto.fromJson(row);
+        if (value != null) {
+          result.add(value);
+        }
+      }
+    }
+    return result.toList(growable: growable);
+  }
+
+  static Map<String, MaintenanceStatusResponseDto> mapFromJson(dynamic json) {
+    final map = <String, MaintenanceStatusResponseDto>{};
+    if (json is Map && json.isNotEmpty) {
+      json = json.cast<String, dynamic>(); // ignore: parameter_assignments
+      for (final entry in json.entries) {
+        final value = MaintenanceStatusResponseDto.fromJson(entry.value);
+        if (value != null) {
+          map[entry.key] = value;
+        }
+      }
+    }
+    return map;
+  }
+
+  // maps a json object with a list of MaintenanceStatusResponseDto-objects as value to a dart map
+  static Map<String, List<MaintenanceStatusResponseDto>> mapListFromJson(dynamic json, {bool growable = false,}) {
+    final map = <String, List<MaintenanceStatusResponseDto>>{};
+    if (json is Map && json.isNotEmpty) {
+      // ignore: parameter_assignments
+      json = json.cast<String, dynamic>();
+      for (final entry in json.entries) {
+        map[entry.key] = MaintenanceStatusResponseDto.listFromJson(entry.value, growable: growable,);
+      }
+    }
+    return map;
+  }
+
+  /// The list of required keys that must be present in a JSON.
+  static const requiredKeys = <String>{
+    'action',
+    'active',
+  };
+}
+

mobile/openapi/lib/model/permission.dart

@@ -62,6 +62,10 @@ class Permission {
   static const authPeriodChangePassword = Permission._(r'auth.changePassword');
   static const authDevicePeriodDelete = Permission._(r'authDevice.delete');
   static const archivePeriodRead = Permission._(r'archive.read');
+  static const backupPeriodList = Permission._(r'backup.list');
+  static const backupPeriodDownload = Permission._(r'backup.download');
+  static const backupPeriodUpload = Permission._(r'backup.upload');
+  static const backupPeriodDelete = Permission._(r'backup.delete');
   static const duplicatePeriodRead = Permission._(r'duplicate.read');
   static const duplicatePeriodDelete = Permission._(r'duplicate.delete');
   static const facePeriodCreate = Permission._(r'face.create');
@@ -214,6 +218,10 @@ class Permission {
     authPeriodChangePassword,
     authDevicePeriodDelete,
     archivePeriodRead,
+    backupPeriodList,
+    backupPeriodDownload,
+    backupPeriodUpload,
+    backupPeriodDelete,
     duplicatePeriodRead,
     duplicatePeriodDelete,
     facePeriodCreate,
@@ -401,6 +409,10 @@ class PermissionTypeTransformer {
         case r'auth.changePassword': return Permission.authPeriodChangePassword;
         case r'authDevice.delete': return Permission.authDevicePeriodDelete;
         case r'archive.read': return Permission.archivePeriodRead;
+        case r'backup.list': return Permission.backupPeriodList;
+        case r'backup.download': return Permission.backupPeriodDownload;
+        case r'backup.upload': return Permission.backupPeriodUpload;
+        case r'backup.delete': return Permission.backupPeriodDelete;
         case r'duplicate.read': return Permission.duplicatePeriodRead;
         case r'duplicate.delete': return Permission.duplicatePeriodDelete;
         case r'face.create': return Permission.facePeriodCreate;

mobile/openapi/lib/model/set_maintenance_mode_dto.dart

@@ -14,25 +14,41 @@ class SetMaintenanceModeDto {
   /// Returns a new [SetMaintenanceModeDto] instance.
   SetMaintenanceModeDto({
     required this.action,
+    this.restoreBackupFilename,
   });
 
   MaintenanceAction action;
 
+  ///
+  /// Please note: This property should have been non-nullable! Since the specification file
+  /// does not include a default value (using the "default:" property), however, the generated
+  /// source code must fall back to having a nullable type.
+  /// Consider adding a "default:" property in the specification file to hide this note.
+  ///
+  String? restoreBackupFilename;
+
   @override
   bool operator ==(Object other) => identical(this, other) || other is SetMaintenanceModeDto &&
-    other.action == action;
+    other.action == action &&
+    other.restoreBackupFilename == restoreBackupFilename;
 
   @override
   int get hashCode =>
     // ignore: unnecessary_parenthesis
-    (action.hashCode);
+    (action.hashCode) +
+    (restoreBackupFilename == null ? 0 : restoreBackupFilename!.hashCode);
 
   @override
-  String toString() => 'SetMaintenanceModeDto[action=$action]';
+  String toString() => 'SetMaintenanceModeDto[action=$action, restoreBackupFilename=$restoreBackupFilename]';
 
   Map<String, dynamic> toJson() {
     final json = <String, dynamic>{};
       json[r'action'] = this.action;
+    if (this.restoreBackupFilename != null) {
+      json[r'restoreBackupFilename'] = this.restoreBackupFilename;
+    } else {
+    //  json[r'restoreBackupFilename'] = null;
+    }
     return json;
   }
 
@@ -46,6 +62,7 @@ class SetMaintenanceModeDto {
 
       return SetMaintenanceModeDto(
         action: MaintenanceAction.fromJson(json[r'action'])!,
+        restoreBackupFilename: mapValueOfType<String>(json, r'restoreBackupFilename'),
       );
     }
     return null;

mobile/openapi/lib/model/storage_folder.dart

@@ -0,0 +1,97 @@
+//
+// AUTO-GENERATED FILE, DO NOT MODIFY!
+//
+// @dart=2.18
+
+// ignore_for_file: unused_element, unused_import
+// ignore_for_file: always_put_required_named_parameters_first
+// ignore_for_file: constant_identifier_names
+// ignore_for_file: lines_longer_than_80_chars
+
+part of openapi.api;
+
+
+class StorageFolder {
+  /// Instantiate a new enum with the provided [value].
+  const StorageFolder._(this.value);
+
+  /// The underlying value of this enum member.
+  final String value;
+
+  @override
+  String toString() => value;
+
+  String toJson() => value;
+
+  static const encodedVideo = StorageFolder._(r'encoded-video');
+  static const library_ = StorageFolder._(r'library');
+  static const upload = StorageFolder._(r'upload');
+  static const profile = StorageFolder._(r'profile');
+  static const thumbs = StorageFolder._(r'thumbs');
+  static const backups = StorageFolder._(r'backups');
+
+  /// List of all possible values in this [enum][StorageFolder].
+  static const values = <StorageFolder>[
+    encodedVideo,
+    library_,
+    upload,
+    profile,
+    thumbs,
+    backups,
+  ];
+
+  static StorageFolder? fromJson(dynamic value) => StorageFolderTypeTransformer().decode(value);
+
+  static List<StorageFolder> listFromJson(dynamic json, {bool growable = false,}) {
+    final result = <StorageFolder>[];
+    if (json is List && json.isNotEmpty) {
+      for (final row in json) {
+        final value = StorageFolder.fromJson(row);
+        if (value != null) {
+          result.add(value);
+        }
+      }
+    }
+    return result.toList(growable: growable);
+  }
+}
+
+/// Transformation class that can [encode] an instance of [StorageFolder] to String,
+/// and [decode] dynamic data back to [StorageFolder].
+class StorageFolderTypeTransformer {
+  factory StorageFolderTypeTransformer() => _instance ??= const StorageFolderTypeTransformer._();
+
+  const StorageFolderTypeTransformer._();
+
+  String encode(StorageFolder data) => data.value;
+
+  /// Decodes a [dynamic value][data] to a StorageFolder.
+  ///
+  /// If [allowNull] is true and the [dynamic value][data] cannot be decoded successfully,
+  /// then null is returned. However, if [allowNull] is false and the [dynamic value][data]
+  /// cannot be decoded successfully, then an [UnimplementedError] is thrown.
+  ///
+  /// The [allowNull] is very handy when an API changes and a new enum value is added or removed,
+  /// and users are still using an old app with the old code.
+  StorageFolder? decode(dynamic data, {bool allowNull = true}) {
+    if (data != null) {
+      switch (data) {
+        case r'encoded-video': return StorageFolder.encodedVideo;
+        case r'library': return StorageFolder.library_;
+        case r'upload': return StorageFolder.upload;
+        case r'profile': return StorageFolder.profile;
+        case r'thumbs': return StorageFolder.thumbs;
+        case r'backups': return StorageFolder.backups;
+        default:
+          if (!allowNull) {
+            throw ArgumentError('Unknown enum value to decode: $data');
+          }
+      }
+    }
+    return null;
+  }
+
+  /// Singleton [StorageFolderTypeTransformer] instance.
+  static StorageFolderTypeTransformer? _instance;
+}
+

open-api/immich-openapi-specs.json

@@ -322,6 +322,237 @@
         "x-immich-state": "Stable"
       }
     },
+    "/admin/database-backups": {
+      "delete": {
+        "description": "Delete a backup by its filename",
+        "operationId": "deleteDatabaseBackup",
+        "parameters": [],
+        "requestBody": {
+          "content": {
+            "application/json": {
+              "schema": {
+                "$ref": "#/components/schemas/DatabaseBackupDeleteDto"
+              }
+            }
+          },
+          "required": true
+        },
+        "responses": {
+          "200": {
+            "description": ""
+          }
+        },
+        "security": [
+          {
+            "bearer": []
+          },
+          {
+            "cookie": []
+          },
+          {
+            "api_key": []
+          }
+        ],
+        "summary": "Delete database backup",
+        "tags": [
+          "Database Backups (admin)"
+        ],
+        "x-immich-admin-only": true,
+        "x-immich-history": [
+          {
+            "version": "v2.5.0",
+            "state": "Added"
+          },
+          {
+            "version": "v2.5.0",
+            "state": "Alpha"
+          }
+        ],
+        "x-immich-permission": "backup.delete",
+        "x-immich-state": "Alpha"
+      },
+      "get": {
+        "description": "Get the list of the successful and failed backups",
+        "operationId": "listDatabaseBackups",
+        "parameters": [],
+        "responses": {
+          "200": {
+            "content": {
+              "application/json": {
+                "schema": {
+                  "$ref": "#/components/schemas/DatabaseBackupListResponseDto"
+                }
+              }
+            },
+            "description": ""
+          }
+        },
+        "security": [
+          {
+            "bearer": []
+          },
+          {
+            "cookie": []
+          },
+          {
+            "api_key": []
+          }
+        ],
+        "summary": "List database backups",
+        "tags": [
+          "Database Backups (admin)"
+        ],
+        "x-immich-admin-only": true,
+        "x-immich-history": [
+          {
+            "version": "v2.5.0",
+            "state": "Added"
+          },
+          {
+            "version": "v2.5.0",
+            "state": "Alpha"
+          }
+        ],
+        "x-immich-permission": "maintenance",
+        "x-immich-state": "Alpha"
+      }
+    },
+    "/admin/database-backups/start-restore": {
+      "post": {
+        "description": "Put Immich into maintenance mode to restore a backup (Immich must not be configured)",
+        "operationId": "startDatabaseRestoreFlow",
+        "parameters": [],
+        "responses": {
+          "201": {
+            "description": ""
+          }
+        },
+        "summary": "Start database backup restore flow",
+        "tags": [
+          "Database Backups (admin)"
+        ],
+        "x-immich-history": [
+          {
+            "version": "v2.5.0",
+            "state": "Added"
+          },
+          {
+            "version": "v2.5.0",
+            "state": "Alpha"
+          }
+        ],
+        "x-immich-state": "Alpha"
+      }
+    },
+    "/admin/database-backups/upload": {
+      "post": {
+        "description": "Uploads .sql/.sql.gz file to restore backup from",
+        "operationId": "uploadDatabaseBackup",
+        "parameters": [],
+        "requestBody": {
+          "content": {
+            "multipart/form-data": {
+              "schema": {
+                "$ref": "#/components/schemas/DatabaseBackupUploadDto"
+              }
+            }
+          },
+          "description": "Backup Upload",
+          "required": true
+        },
+        "responses": {
+          "201": {
+            "description": ""
+          }
+        },
+        "security": [
+          {
+            "bearer": []
+          },
+          {
+            "cookie": []
+          },
+          {
+            "api_key": []
+          }
+        ],
+        "summary": "Upload database backup",
+        "tags": [
+          "Database Backups (admin)"
+        ],
+        "x-immich-admin-only": true,
+        "x-immich-history": [
+          {
+            "version": "v2.5.0",
+            "state": "Added"
+          },
+          {
+            "version": "v2.5.0",
+            "state": "Alpha"
+          }
+        ],
+        "x-immich-permission": "backup.upload",
+        "x-immich-state": "Alpha"
+      }
+    },
+    "/admin/database-backups/{filename}": {
+      "get": {
+        "description": "Downloads the database backup file",
+        "operationId": "downloadDatabaseBackup",
+        "parameters": [
+          {
+            "name": "filename",
+            "required": true,
+            "in": "path",
+            "schema": {
+              "format": "string",
+              "type": "string"
+            }
+          }
+        ],
+        "responses": {
+          "200": {
+            "content": {
+              "application/octet-stream": {
+                "schema": {
+                  "format": "binary",
+                  "type": "string"
+                }
+              }
+            },
+            "description": ""
+          }
+        },
+        "security": [
+          {
+            "bearer": []
+          },
+          {
+            "cookie": []
+          },
+          {
+            "api_key": []
+          }
+        ],
+        "summary": "Download database backup",
+        "tags": [
+          "Database Backups (admin)"
+        ],
+        "x-immich-admin-only": true,
+        "x-immich-history": [
+          {
+            "version": "v2.5.0",
+            "state": "Added"
+          },
+          {
+            "version": "v2.5.0",
+            "state": "Alpha"
+          }
+        ],
+        "x-immich-permission": "backup.download",
+        "x-immich-state": "Alpha"
+      }
+    },
     "/admin/maintenance": {
       "post": {
         "description": "Put Immich into or take it out of maintenance mode",
@@ -372,6 +603,53 @@
         "x-immich-state": "Alpha"
       }
     },
+    "/admin/maintenance/detect-install": {
+      "get": {
+        "description": "Collect integrity checks and other heuristics about local data.",
+        "operationId": "detectPriorInstall",
+        "parameters": [],
+        "responses": {
+          "200": {
+            "content": {
+              "application/json": {
+                "schema": {
+                  "$ref": "#/components/schemas/MaintenanceDetectInstallResponseDto"
+                }
+              }
+            },
+            "description": ""
+          }
+        },
+        "security": [
+          {
+            "bearer": []
+          },
+          {
+            "cookie": []
+          },
+          {
+            "api_key": []
+          }
+        ],
+        "summary": "Detect existing install",
+        "tags": [
+          "Maintenance (admin)"
+        ],
+        "x-immich-admin-only": true,
+        "x-immich-history": [
+          {
+            "version": "v2.5.0",
+            "state": "Added"
+          },
+          {
+            "version": "v2.5.0",
+            "state": "Alpha"
+          }
+        ],
+        "x-immich-permission": "maintenance",
+        "x-immich-state": "Alpha"
+      }
+    },
     "/admin/maintenance/login": {
       "post": {
         "description": "Login with maintenance token or cookie to receive current information and perform further actions.",
@@ -416,6 +694,40 @@
         "x-immich-state": "Alpha"
       }
     },
+    "/admin/maintenance/status": {
+      "get": {
+        "description": "Fetch information about the currently running maintenance action.",
+        "operationId": "getMaintenanceStatus",
+        "parameters": [],
+        "responses": {
+          "200": {
+            "content": {
+              "application/json": {
+                "schema": {
+                  "$ref": "#/components/schemas/MaintenanceStatusResponseDto"
+                }
+              }
+            },
+            "description": ""
+          }
+        },
+        "summary": "Get maintenance mode status",
+        "tags": [
+          "Maintenance (admin)"
+        ],
+        "x-immich-history": [
+          {
+            "version": "v2.5.0",
+            "state": "Added"
+          },
+          {
+            "version": "v2.5.0",
+            "state": "Alpha"
+          }
+        ],
+        "x-immich-state": "Alpha"
+      }
+    },
     "/admin/notifications": {
       "post": {
         "description": "Create a new notification for a specific user.",
@@ -14661,6 +14973,10 @@
       "name": "Authentication (admin)",
       "description": "Administrative endpoints related to authentication."
     },
+    {
+      "name": "Database Backups (admin)",
+      "description": "Manage backups of the Immich database."
+    },
     {
       "name": "Deprecated",
       "description": "Deprecated endpoints that are planned for removal in the next major release."
@@ -16849,6 +17165,58 @@
         ],
         "type": "object"
       },
+      "DatabaseBackupDeleteDto": {
+        "properties": {
+          "backups": {
+            "items": {
+              "type": "string"
+            },
+            "type": "array"
+          }
+        },
+        "required": [
+          "backups"
+        ],
+        "type": "object"
+      },
+      "DatabaseBackupDto": {
+        "properties": {
+          "filename": {
+            "type": "string"
+          },
+          "filesize": {
+            "type": "number"
+          }
+        },
+        "required": [
+          "filename",
+          "filesize"
+        ],
+        "type": "object"
+      },
+      "DatabaseBackupListResponseDto": {
+        "properties": {
+          "backups": {
+            "items": {
+              "$ref": "#/components/schemas/DatabaseBackupDto"
+            },
+            "type": "array"
+          }
+        },
+        "required": [
+          "backups"
+        ],
+        "type": "object"
+      },
+      "DatabaseBackupUploadDto": {
+        "properties": {
+          "file": {
+            "format": "binary",
+            "type": "string"
+          }
+        },
+        "type": "object"
+      },
       "DownloadArchiveInfo": {
         "properties": {
           "assetIds": {
@@ -17516,7 +17884,9 @@
       "MaintenanceAction": {
         "enum": [
           "start",
-          "end"
+          "end",
+          "select_database_restore",
+          "restore_database"
         ],
         "type": "string"
       },
@@ -17531,6 +17901,47 @@
         ],
         "type": "object"
       },
+      "MaintenanceDetectInstallResponseDto": {
+        "properties": {
+          "storage": {
+            "items": {
+              "$ref": "#/components/schemas/MaintenanceDetectInstallStorageFolderDto"
+            },
+            "type": "array"
+          }
+        },
+        "required": [
+          "storage"
+        ],
+        "type": "object"
+      },
+      "MaintenanceDetectInstallStorageFolderDto": {
+        "properties": {
+          "files": {
+            "type": "number"
+          },
+          "folder": {
+            "allOf": [
+              {
+                "$ref": "#/components/schemas/StorageFolder"
+              }
+            ]
+          },
+          "readable": {
+            "type": "boolean"
+          },
+          "writable": {
+            "type": "boolean"
+          }
+        },
+        "required": [
+          "files",
+          "folder",
+          "readable",
+          "writable"
+        ],
+        "type": "object"
+      },
       "MaintenanceLoginDto": {
         "properties": {
           "token": {
@@ -17539,6 +17950,34 @@
         },
         "type": "object"
       },
+      "MaintenanceStatusResponseDto": {
+        "properties": {
+          "action": {
+            "allOf": [
+              {
+                "$ref": "#/components/schemas/MaintenanceAction"
+              }
+            ]
+          },
+          "active": {
+            "type": "boolean"
+          },
+          "error": {
+            "type": "string"
+          },
+          "progress": {
+            "type": "number"
+          },
+          "task": {
+            "type": "string"
+          }
+        },
+        "required": [
+          "action",
+          "active"
+        ],
+        "type": "object"
+      },
       "ManualJobName": {
         "enum": [
           "person-cleanup",
@@ -18507,6 +18946,10 @@
           "auth.changePassword",
           "authDevice.delete",
           "archive.read",
+          "backup.list",
+          "backup.download",
+          "backup.upload",
+          "backup.delete",
           "duplicate.read",
           "duplicate.delete",
           "face.create",
@@ -20285,6 +20728,9 @@
                 "$ref": "#/components/schemas/MaintenanceAction"
               }
             ]
+          },
+          "restoreBackupFilename": {
+            "type": "string"
           }
         },
         "required": [
@@ -20857,6 +21303,17 @@
         },
         "type": "object"
       },
+      "StorageFolder": {
+        "enum": [
+          "encoded-video",
+          "library",
+          "upload",
+          "profile",
+          "thumbs",
+          "backups"
+        ],
+        "type": "string"
+      },
       "SyncAckDeleteDto": {
         "properties": {
           "types": {

open-api/typescript-sdk/src/fetch-client.ts

@@ -40,8 +40,31 @@ export type ActivityStatisticsResponseDto = {
     comments: number;
     likes: number;
 };
+export type DatabaseBackupDeleteDto = {
+    backups: string[];
+};
+export type DatabaseBackupDto = {
+    filename: string;
+    filesize: number;
+};
+export type DatabaseBackupListResponseDto = {
+    backups: DatabaseBackupDto[];
+};
+export type DatabaseBackupUploadDto = {
+    file?: Blob;
+};
 export type SetMaintenanceModeDto = {
     action: MaintenanceAction;
+    restoreBackupFilename?: string;
+};
+export type MaintenanceDetectInstallStorageFolderDto = {
+    files: number;
+    folder: StorageFolder;
+    readable: boolean;
+    writable: boolean;
+};
+export type MaintenanceDetectInstallResponseDto = {
+    storage: MaintenanceDetectInstallStorageFolderDto[];
 };
 export type MaintenanceLoginDto = {
     token?: string;
@@ -49,6 +72,13 @@ export type MaintenanceLoginDto = {
 export type MaintenanceAuthDto = {
     username: string;
 };
+export type MaintenanceStatusResponseDto = {
+    action: MaintenanceAction;
+    active: boolean;
+    error?: string;
+    progress?: number;
+    task?: string;
+};
 export type NotificationCreateDto = {
     data?: object;
     description?: string | null;
@@ -1920,6 +1950,63 @@ export function unlinkAllOAuthAccountsAdmin(opts?: Oazapfts.RequestOpts) {
         method: "POST"
     }));
 }
+/**
+ * Delete database backup
+ */
+export function deleteDatabaseBackup({ databaseBackupDeleteDto }: {
+    databaseBackupDeleteDto: DatabaseBackupDeleteDto;
+}, opts?: Oazapfts.RequestOpts) {
+    return oazapfts.ok(oazapfts.fetchText("/admin/database-backups", oazapfts.json({
+        ...opts,
+        method: "DELETE",
+        body: databaseBackupDeleteDto
+    })));
+}
+/**
+ * List database backups
+ */
+export function listDatabaseBackups(opts?: Oazapfts.RequestOpts) {
+    return oazapfts.ok(oazapfts.fetchJson<{
+        status: 200;
+        data: DatabaseBackupListResponseDto;
+    }>("/admin/database-backups", {
+        ...opts
+    }));
+}
+/**
+ * Start database backup restore flow
+ */
+export function startDatabaseRestoreFlow(opts?: Oazapfts.RequestOpts) {
+    return oazapfts.ok(oazapfts.fetchText("/admin/database-backups/start-restore", {
+        ...opts,
+        method: "POST"
+    }));
+}
+/**
+ * Upload database backup
+ */
+export function uploadDatabaseBackup({ databaseBackupUploadDto }: {
+    databaseBackupUploadDto: DatabaseBackupUploadDto;
+}, opts?: Oazapfts.RequestOpts) {
+    return oazapfts.ok(oazapfts.fetchText("/admin/database-backups/upload", oazapfts.multipart({
+        ...opts,
+        method: "POST",
+        body: databaseBackupUploadDto
+    })));
+}
+/**
+ * Download database backup
+ */
+export function downloadDatabaseBackup({ filename }: {
+    filename: string;
+}, opts?: Oazapfts.RequestOpts) {
+    return oazapfts.ok(oazapfts.fetchBlob<{
+        status: 200;
+        data: Blob;
+    }>(`/admin/database-backups/${encodeURIComponent(filename)}`, {
+        ...opts
+    }));
+}
 /**
  * Set maintenance mode
  */
@@ -1932,6 +2019,17 @@ export function setMaintenanceMode({ setMaintenanceModeDto }: {
         body: setMaintenanceModeDto
     })));
 }
+/**
+ * Detect existing install
+ */
+export function detectPriorInstall(opts?: Oazapfts.RequestOpts) {
+    return oazapfts.ok(oazapfts.fetchJson<{
+        status: 200;
+        data: MaintenanceDetectInstallResponseDto;
+    }>("/admin/maintenance/detect-install", {
+        ...opts
+    }));
+}
 /**
  * Log into maintenance mode
  */
@@ -1947,6 +2045,17 @@ export function maintenanceLogin({ maintenanceLoginDto }: {
         body: maintenanceLoginDto
     })));
 }
+/**
+ * Get maintenance mode status
+ */
+export function getMaintenanceStatus(opts?: Oazapfts.RequestOpts) {
+    return oazapfts.ok(oazapfts.fetchJson<{
+        status: 200;
+        data: MaintenanceStatusResponseDto;
+    }>("/admin/maintenance/status", {
+        ...opts
+    }));
+}
 /**
  * Create a notification
  */
@@ -5297,7 +5406,17 @@ export enum UserAvatarColor {
 }
 export enum MaintenanceAction {
     Start = "start",
-    End = "end"
+    End = "end",
+    SelectDatabaseRestore = "select_database_restore",
+    RestoreDatabase = "restore_database"
+}
+export enum StorageFolder {
+    EncodedVideo = "encoded-video",
+    Library = "library",
+    Upload = "upload",
+    Profile = "profile",
+    Thumbs = "thumbs",
+    Backups = "backups"
 }
 export enum NotificationLevel {
     Success = "success",
@@ -5395,6 +5514,10 @@ export enum Permission {
     AuthChangePassword = "auth.changePassword",
     AuthDeviceDelete = "authDevice.delete",
     ArchiveRead = "archive.read",
+    BackupList = "backup.list",
+    BackupDownload = "backup.download",
+    BackupUpload = "backup.upload",
+    BackupDelete = "backup.delete",
     DuplicateRead = "duplicate.read",
     DuplicateDelete = "duplicate.delete",
     FaceCreate = "face.create",

server/src/app.module.ts

@@ -10,6 +10,7 @@ import { IWorker } from 'src/constants';
 import { controllers } from 'src/controllers';
 import { ImmichWorker } from 'src/enum';
 import { MaintenanceAuthGuard } from 'src/maintenance/maintenance-auth.guard';
+import { MaintenanceHealthRepository } from 'src/maintenance/maintenance-health.repository';
 import { MaintenanceWebsocketRepository } from 'src/maintenance/maintenance-websocket.repository';
 import { MaintenanceWorkerController } from 'src/maintenance/maintenance-worker.controller';
 import { MaintenanceWorkerService } from 'src/maintenance/maintenance-worker.service';
@@ -21,8 +22,11 @@ import { LoggingInterceptor } from 'src/middleware/logging.interceptor';
 import { repositories } from 'src/repositories';
 import { AppRepository } from 'src/repositories/app.repository';
 import { ConfigRepository } from 'src/repositories/config.repository';
+import { DatabaseRepository } from 'src/repositories/database.repository';
 import { EventRepository } from 'src/repositories/event.repository';
 import { LoggingRepository } from 'src/repositories/logging.repository';
+import { ProcessRepository } from 'src/repositories/process.repository';
+import { StorageRepository } from 'src/repositories/storage.repository';
 import { SystemMetadataRepository } from 'src/repositories/system-metadata.repository';
 import { teardownTelemetry, TelemetryRepository } from 'src/repositories/telemetry.repository';
 import { WebsocketRepository } from 'src/repositories/websocket.repository';
@@ -103,8 +107,12 @@ export class ApiModule extends BaseModule {}
   providers: [
     ConfigRepository,
     LoggingRepository,
+    StorageRepository,
+    ProcessRepository,
+    DatabaseRepository,
     SystemMetadataRepository,
     AppRepository,
+    MaintenanceHealthRepository,
     MaintenanceWebsocketRepository,
     MaintenanceWorkerService,
     ...commonMiddleware,
@@ -116,9 +124,14 @@ export class MaintenanceModule {
   constructor(
     @Inject(IWorker) private worker: ImmichWorker,
     logger: LoggingRepository,
+    private maintenanceWorkerService: MaintenanceWorkerService,
   ) {
     logger.setAppName(this.worker);
   }
+
+  async onModuleInit() {
+    await this.maintenanceWorkerService.init();
+  }
 }
 
 @Module({

server/src/constants.ts

@@ -141,6 +141,7 @@ export const endpointTags: Record<ApiTag, string> = {
   [ApiTag.Assets]: 'An asset is an image or video that has been uploaded to Immich.',
   [ApiTag.Authentication]: 'Endpoints related to user authentication, including OAuth.',
   [ApiTag.AuthenticationAdmin]: 'Administrative endpoints related to authentication.',
+  [ApiTag.DatabaseBackups]: 'Manage backups of the Immich database.',
   [ApiTag.Deprecated]: 'Deprecated endpoints that are planned for removal in the next major release.',
   [ApiTag.Download]: 'Endpoints for downloading assets or collections of assets.',
   [ApiTag.Duplicates]: 'Endpoints for managing and identifying duplicate assets.',

server/src/controllers/database-backup.controller.ts

@@ -0,0 +1,101 @@
+import { Body, Controller, Delete, Get, Next, Param, Post, Res, UploadedFile, UseInterceptors } from '@nestjs/common';
+import { FileInterceptor } from '@nestjs/platform-express';
+import { ApiBody, ApiConsumes, ApiTags } from '@nestjs/swagger';
+import { NextFunction, Response } from 'express';
+import { Endpoint, HistoryBuilder } from 'src/decorators';
+import {
+  DatabaseBackupDeleteDto,
+  DatabaseBackupListResponseDto,
+  DatabaseBackupUploadDto,
+} from 'src/dtos/database-backup.dto';
+import { ApiTag, ImmichCookie, Permission } from 'src/enum';
+import { Authenticated, FileResponse, GetLoginDetails } from 'src/middleware/auth.guard';
+import { LoggingRepository } from 'src/repositories/logging.repository';
+import { LoginDetails } from 'src/services/auth.service';
+import { DatabaseBackupService } from 'src/services/database-backup.service';
+import { MaintenanceService } from 'src/services/maintenance.service';
+import { sendFile } from 'src/utils/file';
+import { respondWithCookie } from 'src/utils/response';
+import { FilenameParamDto } from 'src/validation';
+
+@ApiTags(ApiTag.DatabaseBackups)
+@Controller('admin/database-backups')
+export class DatabaseBackupController {
+  constructor(
+    private logger: LoggingRepository,
+    private service: DatabaseBackupService,
+    private maintenanceService: MaintenanceService,
+  ) {}
+
+  @Get()
+  @Endpoint({
+    summary: 'List database backups',
+    description: 'Get the list of the successful and failed backups',
+    history: new HistoryBuilder().added('v2.5.0').alpha('v2.5.0'),
+  })
+  @Authenticated({ permission: Permission.Maintenance, admin: true })
+  listDatabaseBackups(): Promise<DatabaseBackupListResponseDto> {
+    return this.service.listBackups();
+  }
+
+  @Get(':filename')
+  @FileResponse()
+  @Endpoint({
+    summary: 'Download database backup',
+    description: 'Downloads the database backup file',
+    history: new HistoryBuilder().added('v2.5.0').alpha('v2.5.0'),
+  })
+  @Authenticated({ permission: Permission.BackupDownload, admin: true })
+  async downloadDatabaseBackup(
+    @Param() { filename }: FilenameParamDto,
+    @Res() res: Response,
+    @Next() next: NextFunction,
+  ): Promise<void> {
+    await sendFile(res, next, () => this.service.downloadBackup(filename), this.logger);
+  }
+
+  @Delete()
+  @Endpoint({
+    summary: 'Delete database backup',
+    description: 'Delete a backup by its filename',
+    history: new HistoryBuilder().added('v2.5.0').alpha('v2.5.0'),
+  })
+  @Authenticated({ permission: Permission.BackupDelete, admin: true })
+  async deleteDatabaseBackup(@Body() dto: DatabaseBackupDeleteDto): Promise<void> {
+    return this.service.deleteBackup(dto.backups);
+  }
+
+  @Post('start-restore')
+  @Endpoint({
+    summary: 'Start database backup restore flow',
+    description: 'Put Immich into maintenance mode to restore a backup (Immich must not be configured)',
+    history: new HistoryBuilder().added('v2.5.0').alpha('v2.5.0'),
+  })
+  async startDatabaseRestoreFlow(
+    @GetLoginDetails() loginDetails: LoginDetails,
+    @Res({ passthrough: true }) res: Response,
+  ): Promise<void> {
+    const { jwt } = await this.maintenanceService.startRestoreFlow();
+    return respondWithCookie(res, undefined, {
+      isSecure: loginDetails.isSecure,
+      values: [{ key: ImmichCookie.MaintenanceToken, value: jwt }],
+    });
+  }
+
+  @Post('upload')
+  @Authenticated({ permission: Permission.BackupUpload, admin: true })
+  @ApiConsumes('multipart/form-data')
+  @ApiBody({ description: 'Backup Upload', type: DatabaseBackupUploadDto })
+  @Endpoint({
+    summary: 'Upload database backup',
+    description: 'Uploads .sql/.sql.gz file to restore backup from',
+    history: new HistoryBuilder().added('v2.5.0').alpha('v2.5.0'),
+  })
+  @UseInterceptors(FileInterceptor('file'))
+  uploadDatabaseBackup(
+    @UploadedFile()
+    file: Express.Multer.File,
+  ): Promise<void> {
+    return this.service.uploadBackup(file);
+  }
+}

server/src/controllers/index.ts

@@ -6,6 +6,7 @@ import { AssetMediaController } from 'src/controllers/asset-media.controller';
 import { AssetController } from 'src/controllers/asset.controller';
 import { AuthAdminController } from 'src/controllers/auth-admin.controller';
 import { AuthController } from 'src/controllers/auth.controller';
+import { DatabaseBackupController } from 'src/controllers/database-backup.controller';
 import { DownloadController } from 'src/controllers/download.controller';
 import { DuplicateController } from 'src/controllers/duplicate.controller';
 import { FaceController } from 'src/controllers/face.controller';
@@ -46,6 +47,7 @@ export const controllers = [
   AssetMediaController,
   AuthController,
   AuthAdminController,
+  DatabaseBackupController,
   DownloadController,
   DuplicateController,
   FaceController,

server/src/controllers/maintenance.controller.ts

@@ -1,9 +1,15 @@
-import { BadRequestException, Body, Controller, Post, Res } from '@nestjs/common';
+import { BadRequestException, Body, Controller, Get, Post, Res } from '@nestjs/common';
 import { ApiTags } from '@nestjs/swagger';
 import { Response } from 'express';
 import { Endpoint, HistoryBuilder } from 'src/decorators';
 import { AuthDto } from 'src/dtos/auth.dto';
-import { MaintenanceAuthDto, MaintenanceLoginDto, SetMaintenanceModeDto } from 'src/dtos/maintenance.dto';
+import {
+  MaintenanceAuthDto,
+  MaintenanceDetectInstallResponseDto,
+  MaintenanceLoginDto,
+  MaintenanceStatusResponseDto,
+  SetMaintenanceModeDto,
+} from 'src/dtos/maintenance.dto';
 import { ApiTag, ImmichCookie, MaintenanceAction, Permission } from 'src/enum';
 import { Auth, Authenticated, GetLoginDetails } from 'src/middleware/auth.guard';
 import { LoginDetails } from 'src/services/auth.service';
@@ -15,6 +21,27 @@ import { respondWithCookie } from 'src/utils/response';
 export class MaintenanceController {
   constructor(private service: MaintenanceService) {}
 
+  @Get('status')
+  @Endpoint({
+    summary: 'Get maintenance mode status',
+    description: 'Fetch information about the currently running maintenance action.',
+    history: new HistoryBuilder().added('v2.5.0').alpha('v2.5.0'),
+  })
+  getMaintenanceStatus(): MaintenanceStatusResponseDto {
+    return this.service.getMaintenanceStatus();
+  }
+
+  @Get('detect-install')
+  @Endpoint({
+    summary: 'Detect existing install',
+    description: 'Collect integrity checks and other heuristics about local data.',
+    history: new HistoryBuilder().added('v2.5.0').alpha('v2.5.0'),
+  })
+  @Authenticated({ permission: Permission.Maintenance, admin: true })
+  detectPriorInstall(): Promise<MaintenanceDetectInstallResponseDto> {
+    return this.service.detectPriorInstall();
+  }
+
   @Post('login')
   @Endpoint({
     summary: 'Log into maintenance mode',
@@ -38,8 +65,8 @@ export class MaintenanceController {
     @GetLoginDetails() loginDetails: LoginDetails,
     @Res({ passthrough: true }) res: Response,
   ): Promise<void> {
-    if (dto.action === MaintenanceAction.Start) {
-      const { jwt } = await this.service.startMaintenance(auth.user.name);
+    if (dto.action !== MaintenanceAction.End) {
+      const { jwt } = await this.service.startMaintenance(dto, auth.user.name);
       return respondWithCookie(res, undefined, {
         isSecure: loginDetails.isSecure,
         values: [{ key: ImmichCookie.MaintenanceToken, value: jwt }],

server/src/cores/storage.core.ts

@@ -1,7 +1,15 @@
 import { randomUUID } from 'node:crypto';
 import { dirname, join, resolve } from 'node:path';
 import { StorageAsset } from 'src/database';
-import { AssetFileType, AssetPathType, ImageFormat, PathType, PersonPathType, StorageFolder } from 'src/enum';
+import {
+  AssetFileType,
+  AssetPathType,
+  ImageFormat,
+  PathType,
+  PersonPathType,
+  RawExtractedFormat,
+  StorageFolder,
+} from 'src/enum';
 import { AssetRepository } from 'src/repositories/asset.repository';
 import { ConfigRepository } from 'src/repositories/config.repository';
 import { CryptoRepository } from 'src/repositories/crypto.repository';
@@ -24,15 +32,6 @@ export interface MoveRequest {
   };
 }
 
-export type GeneratedImageType =
-  | AssetPathType.Preview
-  | AssetPathType.Thumbnail
-  | AssetPathType.FullSize
-  | AssetPathType.EditedPreview
-  | AssetPathType.EditedThumbnail
-  | AssetPathType.EditedFullSize;
-export type GeneratedAssetType = GeneratedImageType | AssetPathType.EncodedVideo;
-
 export type ThumbnailPathEntity = { id: string; ownerId: string };
 
 let instance: StorageCore | null;
@@ -111,8 +110,19 @@ export class StorageCore {
     return StorageCore.getNestedPath(StorageFolder.Thumbnails, person.ownerId, `${person.id}.jpeg`);
   }
 
-  static getImagePath(asset: ThumbnailPathEntity, type: GeneratedImageType, format: 'jpeg' | 'webp') {
-    return StorageCore.getNestedPath(StorageFolder.Thumbnails, asset.ownerId, `${asset.id}-${type}.${format}`);
+  static getImagePath(
+    asset: ThumbnailPathEntity,
+    {
+      fileType,
+      format,
+      isEdited,
+    }: { fileType: AssetFileType; format: ImageFormat | RawExtractedFormat; isEdited: boolean },
+  ) {
+    return StorageCore.getNestedPath(
+      StorageFolder.Thumbnails,
+      asset.ownerId,
+      `${asset.id}_${fileType}${isEdited ? '_edited' : ''}.${format}`,
+    );
   }
 
   static getEncodedVideoPath(asset: ThumbnailPathEntity) {
@@ -137,14 +147,14 @@ export class StorageCore {
     return normalizedPath.startsWith(normalizedAppMediaLocation);
   }
 
-  async moveAssetImage(asset: StorageAsset, pathType: GeneratedImageType, format: ImageFormat) {
+  async moveAssetImage(asset: StorageAsset, fileType: AssetFileType, format: ImageFormat) {
     const { id: entityId, files } = asset;
-    const oldFile = getAssetFile(files, pathType);
+    const oldFile = getAssetFile(files, fileType, { isEdited: false });
     return this.moveFile({
       entityId,
-      pathType,
+      pathType: fileType,
       oldPath: oldFile?.path || null,
-      newPath: StorageCore.getImagePath(asset, pathType, format),
+      newPath: StorageCore.getImagePath(asset, { fileType, format, isEdited: false }),
     });
   }
 
@@ -298,19 +308,19 @@ export class StorageCore {
       case AssetPathType.Original: {
         return this.assetRepository.update({ id, originalPath: newPath });
       }
-      case AssetPathType.FullSize: {
+      case AssetFileType.FullSize: {
         return this.assetRepository.upsertFile({ assetId: id, type: AssetFileType.FullSize, path: newPath });
       }
-      case AssetPathType.Preview: {
+      case AssetFileType.Preview: {
         return this.assetRepository.upsertFile({ assetId: id, type: AssetFileType.Preview, path: newPath });
       }
-      case AssetPathType.Thumbnail: {
+      case AssetFileType.Thumbnail: {
         return this.assetRepository.upsertFile({ assetId: id, type: AssetFileType.Thumbnail, path: newPath });
       }
       case AssetPathType.EncodedVideo: {
         return this.assetRepository.update({ id, encodedVideoPath: newPath });
       }
-      case AssetPathType.Sidecar: {
+      case AssetFileType.Sidecar: {
         return this.assetRepository.upsertFile({ assetId: id, type: AssetFileType.Sidecar, path: newPath });
       }
       case PersonPathType.Face: {

server/src/database.ts

@@ -39,6 +39,7 @@ export type AssetFile = {
   id: string;
   type: AssetFileType;
   path: string;
+  isEdited: boolean;
 };
 
 export type Library = {
@@ -344,7 +345,7 @@ export const columns = {
     'asset.width',
     'asset.height',
   ],
-  assetFiles: ['asset_file.id', 'asset_file.path', 'asset_file.type'],
+  assetFiles: ['asset_file.id', 'asset_file.path', 'asset_file.type', 'asset_file.isEdited'],
   authUser: ['user.id', 'user.name', 'user.email', 'user.isAdmin', 'user.quotaUsageInBytes', 'user.quotaSizeInBytes'],
   authApiKey: ['api_key.id', 'api_key.permissions'],
   authSession: ['session.id', 'session.updatedAt', 'session.pinExpiresAt', 'session.appVersion'],
@@ -457,6 +458,7 @@ export const columns = {
     'asset_exif.projectionType',
     'asset_exif.rating',
     'asset_exif.state',
+    'asset_exif.tags',
     'asset_exif.timeZone',
   ],
   plugin: [
@@ -480,4 +482,5 @@ export const lockableProperties = [
   'longitude',
   'rating',
   'timeZone',
+  'tags',
 ] as const;

server/src/dtos/database-backup.dto.ts

@@ -0,0 +1,21 @@
+import { ApiProperty } from '@nestjs/swagger';
+import { IsString } from 'class-validator';
+
+export class DatabaseBackupDto {
+  filename!: string;
+  filesize!: number;
+}
+
+export class DatabaseBackupListResponseDto {
+  backups!: DatabaseBackupDto[];
+}
+
+export class DatabaseBackupUploadDto {
+  @ApiProperty({ type: 'string', format: 'binary', required: false })
+  file?: any;
+}
+
+export class DatabaseBackupDeleteDto {
+  @IsString({ each: true })
+  backups!: string[];
+}

server/src/dtos/maintenance.dto.ts

@@ -1,9 +1,14 @@
-import { MaintenanceAction } from 'src/enum';
+import { ValidateIf } from 'class-validator';
+import { MaintenanceAction, StorageFolder } from 'src/enum';
 import { ValidateEnum, ValidateString } from 'src/validation';
 
 export class SetMaintenanceModeDto {
   @ValidateEnum({ enum: MaintenanceAction, name: 'MaintenanceAction' })
   action!: MaintenanceAction;
+
+  @ValidateIf((o) => o.action === MaintenanceAction.RestoreDatabase)
+  @ValidateString()
+  restoreBackupFilename?: string;
 }
 
 export class MaintenanceLoginDto {
@@ -14,3 +19,26 @@ export class MaintenanceLoginDto {
 export class MaintenanceAuthDto {
   username!: string;
 }
+
+export class MaintenanceStatusResponseDto {
+  active!: boolean;
+
+  @ValidateEnum({ enum: MaintenanceAction, name: 'MaintenanceAction' })
+  action!: MaintenanceAction;
+
+  progress?: number;
+  task?: string;
+  error?: string;
+}
+
+export class MaintenanceDetectInstallStorageFolderDto {
+  @ValidateEnum({ enum: StorageFolder, name: 'StorageFolder' })
+  folder!: StorageFolder;
+  readable!: boolean;
+  writable!: boolean;
+  files!: number;
+}
+
+export class MaintenanceDetectInstallResponseDto {
+  storage!: MaintenanceDetectInstallStorageFolderDto[];
+}

server/src/enum.ts

@@ -45,9 +45,6 @@ export enum AssetFileType {
   Preview = 'preview',
   Thumbnail = 'thumbnail',
   Sidecar = 'sidecar',
-  FullSizeEdited = 'fullsize_edited',
-  PreviewEdited = 'preview_edited',
-  ThumbnailEdited = 'thumbnail_edited',
 }
 
 export enum AlbumUserRole {
@@ -136,6 +133,11 @@ export enum Permission {
 
   ArchiveRead = 'archive.read',
 
+  BackupList = 'backup.list',
+  BackupDownload = 'backup.download',
+  BackupUpload = 'backup.upload',
+  BackupDelete = 'backup.delete',
+
   DuplicateRead = 'duplicate.read',
   DuplicateDelete = 'duplicate.delete',
 
@@ -364,14 +366,7 @@ export enum ManualJobName {
 
 export enum AssetPathType {
   Original = 'original',
-  FullSize = 'fullsize',
-  Preview = 'preview',
-  EditedFullSize = 'edited_fullsize',
-  EditedPreview = 'edited_preview',
-  EditedThumbnail = 'edited_thumbnail',
-  Thumbnail = 'thumbnail',
   EncodedVideo = 'encoded_video',
-  Sidecar = 'sidecar',
 }
 
 export enum PersonPathType {
@@ -382,7 +377,7 @@ export enum UserPathType {
   Profile = 'profile',
 }
 
-export type PathType = AssetPathType | PersonPathType | UserPathType;
+export type PathType = AssetFileType | AssetPathType | PersonPathType | UserPathType;
 
 export enum TranscodePolicy {
   All = 'all',
@@ -697,12 +692,15 @@ export enum DatabaseLock {
   MediaLocation = 700,
   GetSystemConfig = 69,
   BackupDatabase = 42,
+  MaintenanceOperation = 621,
   MemoryCreation = 777,
 }
 
 export enum MaintenanceAction {
   Start = 'start',
   End = 'end',
+  SelectDatabaseRestore = 'select_database_restore',
+  RestoreDatabase = 'restore_database',
 }
 
 export enum ExitCode {
@@ -849,6 +847,7 @@ export enum ApiTag {
   Authentication = 'Authentication',
   AuthenticationAdmin = 'Authentication (admin)',
   Assets = 'Assets',
+  DatabaseBackups = 'Database Backups (admin)',
   Deprecated = 'Deprecated',
   Download = 'Download',
   Duplicates = 'Duplicates',

server/src/main.ts

@@ -1,11 +1,11 @@
-import { Kysely } from 'kysely';
+import { Kysely, sql } from 'kysely';
 import { CommandFactory } from 'nest-commander';
 import { ChildProcess, fork } from 'node:child_process';
 import { dirname, join } from 'node:path';
 import { Worker } from 'node:worker_threads';
 import { PostgresError } from 'postgres';
 import { ImmichAdminModule } from 'src/app.module';
-import { ExitCode, ImmichWorker, LogLevel, SystemMetadataKey } from 'src/enum';
+import { DatabaseLock, ExitCode, ImmichWorker, LogLevel, SystemMetadataKey } from 'src/enum';
 import { ConfigRepository } from 'src/repositories/config.repository';
 import { SystemMetadataRepository } from 'src/repositories/system-metadata.repository';
 import { type DB } from 'src/schema';
@@ -35,19 +35,18 @@ class Workers {
     if (isMaintenanceMode) {
       this.startWorker(ImmichWorker.Maintenance);
     } else {
+      await this.waitForFreeLock();
+
       for (const worker of workers) {
         this.startWorker(worker);
       }
     }
   }
 
-  /**
-   * Initialise a short-lived Nest application to build configuration
-   * @returns System configuration
-   */
   private async isMaintenanceMode(): Promise<boolean> {
     const { database } = new ConfigRepository().getEnv();
-    const kysely = new Kysely<DB>(getKyselyConfig(database.config));
+    const { log: _, ...kyselyConfig } = getKyselyConfig(database.config);
+    const kysely = new Kysely<DB>(kyselyConfig);
     const systemMetadataRepository = new SystemMetadataRepository(kysely);
 
     try {
@@ -65,6 +64,32 @@ class Workers {
     }
   }
 
+  private async waitForFreeLock() {
+    const { database } = new ConfigRepository().getEnv();
+    const kysely = new Kysely<DB>(getKyselyConfig(database.config));
+
+    let locked = false;
+    while (!locked) {
+      locked = await kysely.connection().execute(async (conn) => {
+        const { rows } = await sql<{
+          pg_try_advisory_lock: boolean;
+        }>`SELECT pg_try_advisory_lock(${DatabaseLock.MaintenanceOperation})`.execute(conn);
+
+        const isLocked = rows[0].pg_try_advisory_lock;
+
+        if (isLocked) {
+          await sql`SELECT pg_advisory_unlock(${DatabaseLock.MaintenanceOperation})`.execute(conn);
+        }
+
+        return isLocked;
+      });
+
+      await new Promise((resolve) => setTimeout(resolve, 1000));
+    }
+
+    await kysely.destroy();
+  }
+
   /**
    * Start an individual worker
    * @param name Worker

server/src/maintenance/maintenance-health.repository.ts

@@ -0,0 +1,67 @@
+import { Injectable } from '@nestjs/common';
+import { fork } from 'node:child_process';
+import { dirname, join } from 'node:path';
+
+@Injectable()
+export class MaintenanceHealthRepository {
+  checkApiHealth(): Promise<void> {
+    return new Promise<void>((resolve, reject) => {
+      // eslint-disable-next-line unicorn/prefer-module
+      const basePath = dirname(__filename);
+      const workerFile = join(basePath, '..', 'workers', `api.js`);
+
+      const worker = fork(workerFile, [], {
+        execArgv: process.execArgv.filter((arg) => !arg.startsWith('--inspect')),
+        env: {
+          ...process.env,
+          IMMICH_HOST: '127.0.0.1',
+          IMMICH_PORT: '33001',
+        },
+        stdio: ['ignore', 'pipe', 'ignore', 'ipc'],
+      });
+
+      async function checkHealth() {
+        try {
+          const response = await fetch('http://127.0.0.1:33001/api/server/config');
+          const { isOnboarded } = await response.json();
+          if (isOnboarded) {
+            resolve();
+          } else {
+            reject(new Error('Server health check failed, no admin exists.'));
+          }
+        } catch (error) {
+          reject(error);
+        } finally {
+          if (worker.exitCode === null) {
+            worker.kill('SIGTERM');
+          }
+        }
+      }
+
+      let output = '',
+        alive = false;
+
+      worker.stdout?.on('data', (data) => {
+        if (alive) {
+          return;
+        }
+
+        output += data;
+
+        if (output.includes('Immich Server is listening')) {
+          alive = true;
+          void checkHealth();
+        }
+      });
+
+      worker.on('exit', reject);
+      worker.on('error', reject);
+
+      setTimeout(() => {
+        if (worker.exitCode === null) {
+          worker.kill('SIGTERM');
+        }
+      }, 20_000);
+    });
+  }
+}

server/src/maintenance/maintenance-websocket.repository.ts

@@ -7,17 +7,24 @@ import {
   WebSocketServer,
 } from '@nestjs/websockets';
 import { Server, Socket } from 'socket.io';
+import { MaintenanceAuthDto, MaintenanceStatusResponseDto } from 'src/dtos/maintenance.dto';
 import { AppRepository } from 'src/repositories/app.repository';
 import { AppRestartEvent, ArgsOf } from 'src/repositories/event.repository';
 import { LoggingRepository } from 'src/repositories/logging.repository';
 
-export const serverEvents = ['AppRestart'] as const;
-export type ServerEvents = (typeof serverEvents)[number];
-
-export interface ClientEventMap {
-  AppRestartV1: [AppRestartEvent];
+interface ServerEventMap {
+  AppRestart: [AppRestartEvent];
+  MaintenanceStatus: [MaintenanceStatusResponseDto];
 }
 
+interface ClientEventMap {
+  AppRestartV1: [AppRestartEvent];
+  MaintenanceStatusV1: [MaintenanceStatusResponseDto];
+}
+
+type AuthFn = (client: Socket) => Promise<MaintenanceAuthDto>;
+type StatusUpdateFn = (status: MaintenanceStatusResponseDto) => void;
+
 @WebSocketGateway({
   cors: true,
   path: '/api/socket.io',
@@ -25,8 +32,11 @@ export interface ClientEventMap {
 })
 @Injectable()
 export class MaintenanceWebsocketRepository implements OnGatewayConnection, OnGatewayDisconnect, OnGatewayInit {
+  private authFn?: AuthFn;
+  private statusUpdateFn?: StatusUpdateFn;
+
   @WebSocketServer()
-  private websocketServer?: Server;
+  private server?: Server;
 
   constructor(
     private logger: LoggingRepository,
@@ -35,10 +45,10 @@ export class MaintenanceWebsocketRepository implements OnGatewayConnection, OnGa
     this.logger.setContext(MaintenanceWebsocketRepository.name);
   }
 
-  afterInit(websocketServer: Server) {
+  afterInit(server: Server) {
     this.logger.log('Initialized websocket server');
-
-    websocketServer.on('AppRestart', (event: ArgsOf<'AppRestart'>, ack?: (ok: 'ok') => void) => {
+    server.on('MaintenanceStatus', (status) => this.statusUpdateFn?.(status));
+    server.on('AppRestart', (event: ArgsOf<'AppRestart'>, ack?: (ok: 'ok') => void) => {
       this.logger.log(`Restarting due to event... ${JSON.stringify(event)}`);
 
       ack?.('ok');
@@ -46,20 +56,40 @@ export class MaintenanceWebsocketRepository implements OnGatewayConnection, OnGa
     });
   }
 
+  clientSend<T extends keyof ClientEventMap>(event: T, room: string, ...data: ClientEventMap[T]) {
+    this.server?.to(room).emit(event, ...data);
+  }
+
   clientBroadcast<T extends keyof ClientEventMap>(event: T, ...data: ClientEventMap[T]) {
-    this.websocketServer?.emit(event, ...data);
+    this.server?.emit(event, ...data);
   }
 
-  serverSend<T extends ServerEvents>(event: T, ...args: ArgsOf<T>): void {
+  serverSend<T extends keyof ServerEventMap>(event: T, ...args: ServerEventMap[T]): void {
     this.logger.debug(`Server event: ${event} (send)`);
-    this.websocketServer?.serverSideEmit(event, ...args);
+    this.server?.serverSideEmit(event, ...args);
   }
 
-  handleConnection(client: Socket) {
-    this.logger.log(`Websocket Connect:    ${client.id}`);
+  async handleConnection(client: Socket) {
+    try {
+      await this.authFn!(client);
+      await client.join('private');
+      this.logger.log(`Websocket Connect:    ${client.id} (private)`);
+    } catch {
+      await client.join('public');
+      this.logger.log(`Websocket Connect:    ${client.id} (public)`);
+    }
   }
 
-  handleDisconnect(client: Socket) {
+  async handleDisconnect(client: Socket) {
     this.logger.log(`Websocket Disconnect: ${client.id}`);
+    await Promise.allSettled([client.leave('private'), client.leave('public')]);
+  }
+
+  setAuthFn(fn: (client: Socket) => Promise<MaintenanceAuthDto>) {
+    this.authFn = fn;
+  }
+
+  setStatusUpdateFn(fn: (status: MaintenanceStatusResponseDto) => void) {
+    this.statusUpdateFn = fn;
   }
 }

server/src/maintenance/maintenance-worker.controller.ts

@@ -1,23 +1,114 @@
-import { Body, Controller, Get, Post, Req, Res } from '@nestjs/common';
-import { Request, Response } from 'express';
-import { MaintenanceAuthDto, MaintenanceLoginDto, SetMaintenanceModeDto } from 'src/dtos/maintenance.dto';
-import { ServerConfigDto } from 'src/dtos/server.dto';
-import { ImmichCookie, MaintenanceAction } from 'src/enum';
+import {
+  Body,
+  Controller,
+  Delete,
+  Get,
+  Next,
+  Param,
+  Post,
+  Req,
+  Res,
+  UploadedFile,
+  UseInterceptors,
+} from '@nestjs/common';
+import { FileInterceptor } from '@nestjs/platform-express';
+import { NextFunction, Request, Response } from 'express';
+import {
+  MaintenanceAuthDto,
+  MaintenanceDetectInstallResponseDto,
+  MaintenanceLoginDto,
+  MaintenanceStatusResponseDto,
+  SetMaintenanceModeDto,
+} from 'src/dtos/maintenance.dto';
+import { ServerConfigDto, ServerVersionResponseDto } from 'src/dtos/server.dto';
+import { ImmichCookie } from 'src/enum';
 import { MaintenanceRoute } from 'src/maintenance/maintenance-auth.guard';
 import { MaintenanceWorkerService } from 'src/maintenance/maintenance-worker.service';
 import { GetLoginDetails } from 'src/middleware/auth.guard';
+import { LoggingRepository } from 'src/repositories/logging.repository';
 import { LoginDetails } from 'src/services/auth.service';
+import { sendFile } from 'src/utils/file';
 import { respondWithCookie } from 'src/utils/response';
+import { FilenameParamDto } from 'src/validation';
+
+import type { DatabaseBackupController as _DatabaseBackupController } from 'src/controllers/database-backup.controller';
+import type { ServerController as _ServerController } from 'src/controllers/server.controller';
+import { DatabaseBackupDeleteDto, DatabaseBackupListResponseDto } from 'src/dtos/database-backup.dto';
 
 @Controller()
 export class MaintenanceWorkerController {
-  constructor(private service: MaintenanceWorkerService) {}
+  constructor(
+    private logger: LoggingRepository,
+    private service: MaintenanceWorkerService,
+  ) {}
 
+  /**
+   * {@link _ServerController.getServerConfig }
+   */
   @Get('server/config')
-  getServerConfig(): Promise<ServerConfigDto> {
+  getServerConfig(): ServerConfigDto {
     return this.service.getSystemConfig();
   }
 
+  @Get('server/version')
+  getServerVersion(): ServerVersionResponseDto {
+    return this.service.getVersion();
+  }
+
+  /**
+   * {@link _DatabaseBackupController.listDatabaseBackups}
+   */
+  @Get('admin/database-backups')
+  @MaintenanceRoute()
+  listDatabaseBackups(): Promise<DatabaseBackupListResponseDto> {
+    return this.service.listBackups();
+  }
+
+  /**
+   * {@link _DatabaseBackupController.downloadDatabaseBackup}
+   */
+  @Get('admin/database-backups/:filename')
+  @MaintenanceRoute()
+  async downloadDatabaseBackup(
+    @Param() { filename }: FilenameParamDto,
+    @Res() res: Response,
+    @Next() next: NextFunction,
+  ) {
+    await sendFile(res, next, () => this.service.downloadBackup(filename), this.logger);
+  }
+
+  /**
+   * {@link _DatabaseBackupController.deleteDatabaseBackup}
+   */
+  @Delete('admin/database-backups')
+  @MaintenanceRoute()
+  async deleteDatabaseBackup(@Body() dto: DatabaseBackupDeleteDto): Promise<void> {
+    return this.service.deleteBackup(dto.backups);
+  }
+
+  /**
+   * {@link _DatabaseBackupController.uploadDatabaseBackup}
+   */
+  @Post('admin/database-backups/upload')
+  @MaintenanceRoute()
+  @UseInterceptors(FileInterceptor('file'))
+  uploadDatabaseBackup(
+    @UploadedFile()
+    file: Express.Multer.File,
+  ): Promise<void> {
+    return this.service.uploadBackup(file);
+  }
+
+  @Get('admin/maintenance/status')
+  maintenanceStatus(@Req() request: Request): Promise<MaintenanceStatusResponseDto> {
+    return this.service.status(request.cookies[ImmichCookie.MaintenanceToken]);
+  }
+
+  @Get('admin/maintenance/detect-install')
+  detectPriorInstall(): Promise<MaintenanceDetectInstallResponseDto> {
+    return this.service.detectPriorInstall();
+  }
+
   @Post('admin/maintenance/login')
   async maintenanceLogin(
     @Req() request: Request,
@@ -35,9 +126,7 @@ export class MaintenanceWorkerController {
 
   @Post('admin/maintenance')
   @MaintenanceRoute()
-  async setMaintenanceMode(@Body() dto: SetMaintenanceModeDto): Promise<void> {
-    if (dto.action === MaintenanceAction.End) {
-      await this.service.endMaintenance();
-    }
+  setMaintenanceMode(@Body() dto: SetMaintenanceModeDto): void {
+    void this.service.setAction(dto);
   }
 }

server/src/maintenance/maintenance-worker.service.spec.ts

@@ -1,25 +1,51 @@
-import { UnauthorizedException } from '@nestjs/common';
+import { BadRequestException, UnauthorizedException } from '@nestjs/common';
 import { SignJWT } from 'jose';
-import { SystemMetadataKey } from 'src/enum';
+import { DateTime } from 'luxon';
+import { PassThrough, Readable } from 'node:stream';
+import { StorageCore } from 'src/cores/storage.core';
+import { MaintenanceAction, StorageFolder, SystemMetadataKey } from 'src/enum';
+import { MaintenanceHealthRepository } from 'src/maintenance/maintenance-health.repository';
 import { MaintenanceWebsocketRepository } from 'src/maintenance/maintenance-websocket.repository';
 import { MaintenanceWorkerService } from 'src/maintenance/maintenance-worker.service';
-import { automock, getMocks, ServiceMocks } from 'test/utils';
+import { automock, AutoMocked, getMocks, mockDuplex, mockSpawn, ServiceMocks } from 'test/utils';
+
+function* mockData() {
+  yield '';
+}
 
 describe(MaintenanceWorkerService.name, () => {
   let sut: MaintenanceWorkerService;
   let mocks: ServiceMocks;
-  let maintenanceWorkerRepositoryMock: MaintenanceWebsocketRepository;
+  let maintenanceWebsocketRepositoryMock: AutoMocked<MaintenanceWebsocketRepository>;
+  let maintenanceHealthRepositoryMock: AutoMocked<MaintenanceHealthRepository>;
 
   beforeEach(() => {
     mocks = getMocks();
-    maintenanceWorkerRepositoryMock = automock(MaintenanceWebsocketRepository, { args: [mocks.logger], strict: false });
+    maintenanceWebsocketRepositoryMock = automock(MaintenanceWebsocketRepository, {
+      args: [mocks.logger],
+      strict: false,
+    });
+    maintenanceHealthRepositoryMock = automock(MaintenanceHealthRepository, {
+      args: [mocks.logger],
+      strict: false,
+    });
+
     sut = new MaintenanceWorkerService(
       mocks.logger as never,
       mocks.app,
       mocks.config,
       mocks.systemMetadata as never,
-      maintenanceWorkerRepositoryMock,
+      maintenanceWebsocketRepositoryMock,
+      maintenanceHealthRepositoryMock,
+      mocks.storage as never,
+      mocks.process,
+      mocks.database as never,
     );
+
+    sut.mock({
+      active: true,
+      action: MaintenanceAction.Start,
+    });
   });
 
   it('should work', () => {
@@ -27,14 +53,43 @@ describe(MaintenanceWorkerService.name, () => {
   });
 
   describe('getSystemConfig', () => {
-    it('should respond the server is in maintenance mode', async () => {
-      await expect(sut.getSystemConfig()).resolves.toMatchObject(
+    it('should respond the server is in maintenance mode', () => {
+      expect(sut.getSystemConfig()).toMatchObject(
         expect.objectContaining({
           maintenanceMode: true,
         }),
       );
 
-      expect(mocks.systemMetadata.get).toHaveBeenCalled();
+      expect(mocks.systemMetadata.get).toHaveBeenCalledTimes(0);
+    });
+  });
+
+  describe.skip('ssr');
+  describe.skip('detectMediaLocation');
+
+  describe('setStatus', () => {
+    it('should broadcast status', () => {
+      sut.setStatus({
+        active: true,
+        action: MaintenanceAction.Start,
+        task: 'abc',
+        error: 'def',
+      });
+
+      expect(maintenanceWebsocketRepositoryMock.serverSend).toHaveBeenCalled();
+      expect(maintenanceWebsocketRepositoryMock.clientSend).toHaveBeenCalledTimes(2);
+      expect(maintenanceWebsocketRepositoryMock.clientSend).toHaveBeenCalledWith('MaintenanceStatusV1', 'private', {
+        active: true,
+        action: 'start',
+        task: 'abc',
+        error: 'def',
+      });
+      expect(maintenanceWebsocketRepositoryMock.clientSend).toHaveBeenCalledWith('MaintenanceStatusV1', 'public', {
+        active: true,
+        action: 'start',
+        task: 'abc',
+        error: 'Something went wrong, see logs!',
+      });
     });
   });
 
@@ -42,7 +97,14 @@ describe(MaintenanceWorkerService.name, () => {
     const RE_LOGIN_URL = /https:\/\/my.immich.app\/maintenance\?token=([A-Za-z0-9-_]*\.[A-Za-z0-9-_]*\.[A-Za-z0-9-_]*)/;
 
     it('should log a valid login URL', async () => {
-      mocks.systemMetadata.get.mockResolvedValue({ isMaintenanceMode: true, secret: 'secret' });
+      mocks.systemMetadata.get.mockResolvedValue({
+        isMaintenanceMode: true,
+        secret: 'secret',
+        action: {
+          action: MaintenanceAction.Start,
+        },
+      });
+
       await expect(sut.logSecret()).resolves.toBeUndefined();
       expect(mocks.logger.log).toHaveBeenCalledWith(expect.stringMatching(RE_LOGIN_URL));
 
@@ -63,7 +125,13 @@ describe(MaintenanceWorkerService.name, () => {
     });
 
     it('should parse cookie properly', async () => {
-      mocks.systemMetadata.get.mockResolvedValue({ isMaintenanceMode: true, secret: 'secret' });
+      mocks.systemMetadata.get.mockResolvedValue({
+        isMaintenanceMode: true,
+        secret: 'secret',
+        action: {
+          action: MaintenanceAction.Start,
+        },
+      });
 
       await expect(
         sut.authenticate({
@@ -73,13 +141,102 @@ describe(MaintenanceWorkerService.name, () => {
     });
   });
 
+  describe('status', () => {
+    beforeEach(() => {
+      sut.mock({
+        active: true,
+        action: MaintenanceAction.Start,
+        error: 'secret value!',
+      });
+    });
+
+    it('generates private status', async () => {
+      const jwt = await new SignJWT({ _mockValue: true })
+        .setProtectedHeader({ alg: 'HS256' })
+        .setIssuedAt()
+        .setExpirationTime('4h')
+        .sign(new TextEncoder().encode('secret'));
+
+      await expect(sut.status(jwt)).resolves.toEqual(
+        expect.objectContaining({
+          error: 'secret value!',
+        }),
+      );
+    });
+
+    it('generates public status', async () => {
+      await expect(sut.status()).resolves.toEqual(
+        expect.objectContaining({
+          error: 'Something went wrong, see logs!',
+        }),
+      );
+    });
+  });
+
+  describe('detectPriorInstall', () => {
+    it('generate report about prior installation', async () => {
+      mocks.storage.readdir.mockResolvedValue(['.immich', 'file1', 'file2']);
+      mocks.storage.readFile.mockResolvedValue(undefined as never);
+      mocks.storage.overwriteFile.mockRejectedValue(undefined as never);
+
+      await expect(sut.detectPriorInstall()).resolves.toMatchInlineSnapshot(`
+        {
+          "storage": [
+            {
+              "files": 2,
+              "folder": "encoded-video",
+              "readable": true,
+              "writable": false,
+            },
+            {
+              "files": 2,
+              "folder": "library",
+              "readable": true,
+              "writable": false,
+            },
+            {
+              "files": 2,
+              "folder": "upload",
+              "readable": true,
+              "writable": false,
+            },
+            {
+              "files": 2,
+              "folder": "profile",
+              "readable": true,
+              "writable": false,
+            },
+            {
+              "files": 2,
+              "folder": "thumbs",
+              "readable": true,
+              "writable": false,
+            },
+            {
+              "files": 2,
+              "folder": "backups",
+              "readable": true,
+              "writable": false,
+            },
+          ],
+        }
+      `);
+    });
+  });
+
   describe('login', () => {
     it('should fail without token', async () => {
       await expect(sut.login()).rejects.toThrowError(new UnauthorizedException('Missing JWT Token'));
     });
 
     it('should fail with expired JWT', async () => {
-      mocks.systemMetadata.get.mockResolvedValue({ isMaintenanceMode: true, secret: 'secret' });
+      mocks.systemMetadata.get.mockResolvedValue({
+        isMaintenanceMode: true,
+        secret: 'secret',
+        action: {
+          action: MaintenanceAction.Start,
+        },
+      });
 
       const jwt = await new SignJWT({})
         .setProtectedHeader({ alg: 'HS256' })
@@ -91,7 +248,13 @@ describe(MaintenanceWorkerService.name, () => {
     });
 
     it('should succeed with valid JWT', async () => {
-      mocks.systemMetadata.get.mockResolvedValue({ isMaintenanceMode: true, secret: 'secret' });
+      mocks.systemMetadata.get.mockResolvedValue({
+        isMaintenanceMode: true,
+        secret: 'secret',
+        action: {
+          action: MaintenanceAction.Start,
+        },
+      });
 
       const jwt = await new SignJWT({ _mockValue: true })
         .setProtectedHeader({ alg: 'HS256' })
@@ -107,22 +270,275 @@ describe(MaintenanceWorkerService.name, () => {
     });
   });
 
-  describe('endMaintenance', () => {
+  describe.skip('setAction'); // just calls setStatus+runAction
+
+  /**
+   * Actions
+   */
+
+  describe('action: start', () => {
+    it('should not do anything', async () => {
+      await sut.runAction({
+        action: MaintenanceAction.Start,
+      });
+
+      expect(mocks.logger.log).toHaveBeenCalledTimes(0);
+    });
+  });
+
+  describe('action: end', () => {
     it('should set maintenance mode', async () => {
       mocks.systemMetadata.get.mockResolvedValue({ isMaintenanceMode: false });
-      await expect(sut.endMaintenance()).resolves.toBeUndefined();
+      await sut.runAction({
+        action: MaintenanceAction.End,
+      });
 
       expect(mocks.systemMetadata.set).toHaveBeenCalledWith(SystemMetadataKey.MaintenanceMode, {
         isMaintenanceMode: false,
       });
 
-      expect(maintenanceWorkerRepositoryMock.clientBroadcast).toHaveBeenCalledWith('AppRestartV1', {
+      expect(maintenanceWebsocketRepositoryMock.clientBroadcast).toHaveBeenCalledWith('AppRestartV1', {
         isMaintenanceMode: false,
       });
 
-      expect(maintenanceWorkerRepositoryMock.serverSend).toHaveBeenCalledWith('AppRestart', {
+      expect(maintenanceWebsocketRepositoryMock.serverSend).toHaveBeenCalledWith('AppRestart', {
         isMaintenanceMode: false,
       });
     });
   });
+
+  describe('action: restore database', () => {
+    beforeEach(() => {
+      mocks.database.tryLock.mockResolvedValueOnce(true);
+
+      mocks.storage.readdir.mockResolvedValue([]);
+      mocks.process.spawn.mockReturnValue(mockSpawn(0, 'data', ''));
+      mocks.process.spawnDuplexStream.mockImplementation(() => mockDuplex('command', 0, 'data', ''));
+      mocks.process.fork.mockImplementation(() => mockSpawn(0, 'Immich Server is listening', ''));
+      mocks.storage.rename.mockResolvedValue();
+      mocks.storage.unlink.mockResolvedValue();
+      mocks.storage.createPlainReadStream.mockReturnValue(Readable.from(mockData()));
+      mocks.storage.createWriteStream.mockReturnValue(new PassThrough());
+      mocks.storage.createGzip.mockReturnValue(new PassThrough());
+      mocks.storage.createGunzip.mockReturnValue(new PassThrough());
+    });
+
+    it('should update maintenance mode state', async () => {
+      await sut.runAction({
+        action: MaintenanceAction.RestoreDatabase,
+        restoreBackupFilename: 'filename',
+      });
+
+      expect(mocks.database.tryLock).toHaveBeenCalled();
+      expect(mocks.logger.log).toHaveBeenCalledWith('Running maintenance action restore_database');
+
+      expect(mocks.systemMetadata.set).toHaveBeenCalledWith(SystemMetadataKey.MaintenanceMode, {
+        isMaintenanceMode: true,
+        secret: 'secret',
+        action: {
+          action: 'start',
+        },
+      });
+    });
+
+    it('should fail to restore invalid backup', async () => {
+      await sut.runAction({
+        action: MaintenanceAction.RestoreDatabase,
+        restoreBackupFilename: 'filename',
+      });
+
+      expect(maintenanceWebsocketRepositoryMock.clientSend).toHaveBeenCalledWith('MaintenanceStatusV1', 'private', {
+        active: true,
+        action: MaintenanceAction.RestoreDatabase,
+        error: 'Error: Invalid backup file format!',
+        task: 'error',
+      });
+    });
+
+    it('should successfully run a backup', async () => {
+      await sut.runAction({
+        action: MaintenanceAction.RestoreDatabase,
+        restoreBackupFilename: 'development-filename.sql',
+      });
+
+      expect(maintenanceWebsocketRepositoryMock.clientSend).toHaveBeenCalledWith(
+        'MaintenanceStatusV1',
+        expect.any(String),
+        {
+          active: true,
+          action: MaintenanceAction.RestoreDatabase,
+          task: 'ready',
+          progress: expect.any(Number),
+        },
+      );
+
+      expect(maintenanceWebsocketRepositoryMock.clientSend).toHaveBeenLastCalledWith(
+        'MaintenanceStatusV1',
+        expect.any(String),
+        {
+          active: true,
+          action: 'end',
+        },
+      );
+
+      expect(maintenanceHealthRepositoryMock.checkApiHealth).toHaveBeenCalled();
+      expect(mocks.process.spawnDuplexStream).toHaveBeenCalledTimes(3);
+    });
+
+    it('should fail if backup creation fails', async () => {
+      mocks.process.spawnDuplexStream.mockReturnValueOnce(mockDuplex('pg_dump', 1, '', 'error'));
+
+      await sut.runAction({
+        action: MaintenanceAction.RestoreDatabase,
+        restoreBackupFilename: 'development-filename.sql',
+      });
+
+      expect(maintenanceWebsocketRepositoryMock.clientSend).toHaveBeenCalledWith('MaintenanceStatusV1', 'private', {
+        active: true,
+        action: MaintenanceAction.RestoreDatabase,
+        error: 'Error: pg_dump non-zero exit code (1)\nerror',
+        task: 'error',
+      });
+
+      expect(maintenanceWebsocketRepositoryMock.clientSend).toHaveBeenLastCalledWith(
+        'MaintenanceStatusV1',
+        expect.any(String),
+        expect.objectContaining({
+          task: 'error',
+        }),
+      );
+    });
+
+    it('should fail if restore itself fails', async () => {
+      mocks.process.spawnDuplexStream
+        .mockReturnValueOnce(mockDuplex('pg_dump', 0, 'data', ''))
+        .mockReturnValueOnce(mockDuplex('gzip', 0, 'data', ''))
+        .mockReturnValueOnce(mockDuplex('psql', 1, '', 'error'));
+
+      await sut.runAction({
+        action: MaintenanceAction.RestoreDatabase,
+        restoreBackupFilename: 'development-filename.sql',
+      });
+
+      expect(maintenanceWebsocketRepositoryMock.clientSend).toHaveBeenCalledWith('MaintenanceStatusV1', 'private', {
+        active: true,
+        action: MaintenanceAction.RestoreDatabase,
+        error: 'Error: psql non-zero exit code (1)\nerror',
+        task: 'error',
+      });
+
+      expect(maintenanceWebsocketRepositoryMock.clientSend).toHaveBeenLastCalledWith(
+        'MaintenanceStatusV1',
+        expect.any(String),
+        expect.objectContaining({
+          task: 'error',
+        }),
+      );
+    });
+
+    it('should rollback if database migrations fail', async () => {
+      mocks.database.runMigrations.mockRejectedValue(new Error('Migrations Error'));
+
+      await sut.runAction({
+        action: MaintenanceAction.RestoreDatabase,
+        restoreBackupFilename: 'development-filename.sql',
+      });
+
+      expect(maintenanceWebsocketRepositoryMock.clientSend).toHaveBeenCalledWith('MaintenanceStatusV1', 'private', {
+        active: true,
+        action: MaintenanceAction.RestoreDatabase,
+        error: 'Error: Migrations Error',
+        task: 'error',
+      });
+
+      expect(maintenanceHealthRepositoryMock.checkApiHealth).toHaveBeenCalledTimes(0);
+      expect(mocks.process.spawnDuplexStream).toHaveBeenCalledTimes(4);
+    });
+
+    it('should rollback if API healthcheck fails', async () => {
+      maintenanceHealthRepositoryMock.checkApiHealth.mockRejectedValue(new Error('Health Error'));
+
+      await sut.runAction({
+        action: MaintenanceAction.RestoreDatabase,
+        restoreBackupFilename: 'development-filename.sql',
+      });
+
+      expect(maintenanceWebsocketRepositoryMock.clientSend).toHaveBeenCalledWith('MaintenanceStatusV1', 'private', {
+        active: true,
+        action: MaintenanceAction.RestoreDatabase,
+        error: 'Error: Health Error',
+        task: 'error',
+      });
+
+      expect(maintenanceHealthRepositoryMock.checkApiHealth).toHaveBeenCalled();
+      expect(mocks.process.spawnDuplexStream).toHaveBeenCalledTimes(4);
+    });
+  });
+
+  /**
+   * Backups
+   */
+
+  describe('listBackups', () => {
+    it('should give us all backups', async () => {
+      mocks.storage.readdir.mockResolvedValue([
+        `immich-db-backup-${DateTime.fromISO('2025-07-25T11:02:16Z').toFormat("yyyyLLdd'T'HHmmss")}-v1.234.5-pg14.5.sql.gz.tmp`,
+        `immich-db-backup-${DateTime.fromISO('2025-07-27T11:01:16Z').toFormat("yyyyLLdd'T'HHmmss")}-v1.234.5-pg14.5.sql.gz`,
+        'immich-db-backup-1753789649000.sql.gz',
+        `immich-db-backup-${DateTime.fromISO('2025-07-29T11:01:16Z').toFormat("yyyyLLdd'T'HHmmss")}-v1.234.5-pg14.5.sql.gz`,
+      ]);
+      mocks.storage.stat.mockResolvedValue({ size: 1024 } as any);
+
+      await expect(sut.listBackups()).resolves.toMatchObject({
+        backups: [
+          { filename: 'immich-db-backup-20250729T110116-v1.234.5-pg14.5.sql.gz', filesize: 1024 },
+          { filename: 'immich-db-backup-20250727T110116-v1.234.5-pg14.5.sql.gz', filesize: 1024 },
+          { filename: 'immich-db-backup-1753789649000.sql.gz', filesize: 1024 },
+        ],
+      });
+    });
+  });
+
+  describe('deleteBackup', () => {
+    it('should reject invalid file names', async () => {
+      await expect(sut.deleteBackup(['filename'])).rejects.toThrowError(
+        new BadRequestException('Invalid backup name!'),
+      );
+    });
+
+    it('should unlink the target file', async () => {
+      await sut.deleteBackup(['filename.sql']);
+      expect(mocks.storage.unlink).toHaveBeenCalledTimes(1);
+      expect(mocks.storage.unlink).toHaveBeenCalledWith(
+        `${StorageCore.getBaseFolder(StorageFolder.Backups)}/filename.sql`,
+      );
+    });
+  });
+
+  describe('uploadBackup', () => {
+    it('should reject invalid file names', async () => {
+      await expect(sut.uploadBackup({ originalname: 'invalid backup' } as never)).rejects.toThrowError(
+        new BadRequestException('Invalid backup name!'),
+      );
+    });
+
+    it('should write file', async () => {
+      await sut.uploadBackup({ originalname: 'path.sql.gz', buffer: 'buffer' } as never);
+      expect(mocks.storage.createOrOverwriteFile).toBeCalledWith('/data/backups/uploaded-path.sql.gz', 'buffer');
+    });
+  });
+
+  describe('downloadBackup', () => {
+    it('should reject invalid file names', () => {
+      expect(() => sut.downloadBackup('invalid backup')).toThrowError(new BadRequestException('Invalid backup name!'));
+    });
+
+    it('should get backup path', () => {
+      expect(sut.downloadBackup('hello.sql.gz')).toEqual(
+        expect.objectContaining({
+          path: '/data/backups/hello.sql.gz',
+        }),
+      );
+    });
+  });
 });

server/src/maintenance/maintenance-worker.service.ts

@@ -4,19 +4,41 @@ import { NextFunction, Request, Response } from 'express';
 import { jwtVerify } from 'jose';
 import { readFileSync } from 'node:fs';
 import { IncomingHttpHeaders } from 'node:http';
-import { MaintenanceAuthDto } from 'src/dtos/maintenance.dto';
-import { ImmichCookie, SystemMetadataKey } from 'src/enum';
+import { serverVersion } from 'src/constants';
+import { StorageCore } from 'src/cores/storage.core';
+import {
+  MaintenanceAuthDto,
+  MaintenanceDetectInstallResponseDto,
+  MaintenanceStatusResponseDto,
+  SetMaintenanceModeDto,
+} from 'src/dtos/maintenance.dto';
+import { ServerConfigDto, ServerVersionResponseDto } from 'src/dtos/server.dto';
+import { DatabaseLock, ImmichCookie, MaintenanceAction, SystemMetadataKey } from 'src/enum';
+import { MaintenanceHealthRepository } from 'src/maintenance/maintenance-health.repository';
 import { MaintenanceWebsocketRepository } from 'src/maintenance/maintenance-websocket.repository';
 import { AppRepository } from 'src/repositories/app.repository';
 import { ConfigRepository } from 'src/repositories/config.repository';
+import { DatabaseRepository } from 'src/repositories/database.repository';
 import { LoggingRepository } from 'src/repositories/logging.repository';
+import { ProcessRepository } from 'src/repositories/process.repository';
+import { StorageRepository } from 'src/repositories/storage.repository';
 import { SystemMetadataRepository } from 'src/repositories/system-metadata.repository';
 import { type ApiService as _ApiService } from 'src/services/api.service';
 import { type BaseService as _BaseService } from 'src/services/base.service';
+import { type DatabaseBackupService as _DatabaseBackupService } from 'src/services/database-backup.service';
 import { type ServerService as _ServerService } from 'src/services/server.service';
+import { type VersionService as _VersionService } from 'src/services/version.service';
 import { MaintenanceModeState } from 'src/types';
 import { getConfig } from 'src/utils/config';
-import { createMaintenanceLoginUrl } from 'src/utils/maintenance';
+import {
+  deleteDatabaseBackup,
+  downloadDatabaseBackup,
+  listDatabaseBackups,
+  restoreDatabaseBackup,
+  uploadDatabaseBackup,
+} from 'src/utils/database-backups';
+import { ImmichFileResponse } from 'src/utils/file';
+import { createMaintenanceLoginUrl, detectPriorInstall } from 'src/utils/maintenance';
 import { getExternalDomain } from 'src/utils/misc';
 
 /**
@@ -24,16 +46,51 @@ import { getExternalDomain } from 'src/utils/misc';
  */
 @Injectable()
 export class MaintenanceWorkerService {
+  #secret: string | null = null;
+  #status: MaintenanceStatusResponseDto = {
+    active: true,
+    action: MaintenanceAction.Start,
+  };
+
   constructor(
     protected logger: LoggingRepository,
     private appRepository: AppRepository,
     private configRepository: ConfigRepository,
     private systemMetadataRepository: SystemMetadataRepository,
-    private maintenanceWorkerRepository: MaintenanceWebsocketRepository,
+    private maintenanceWebsocketRepository: MaintenanceWebsocketRepository,
+    private maintenanceHealthRepository: MaintenanceHealthRepository,
+    private storageRepository: StorageRepository,
+    private processRepository: ProcessRepository,
+    private databaseRepository: DatabaseRepository,
   ) {
     this.logger.setContext(this.constructor.name);
   }
 
+  mock(status: MaintenanceStatusResponseDto) {
+    this.#secret = 'secret';
+    this.#status = status;
+  }
+
+  async init() {
+    const state = (await this.systemMetadataRepository.get(
+      SystemMetadataKey.MaintenanceMode,
+    )) as MaintenanceModeState & { isMaintenanceMode: true };
+
+    this.#secret = state.secret;
+    this.#status = {
+      active: true,
+      action: state.action.action,
+    };
+
+    StorageCore.setMediaLocation(this.detectMediaLocation());
+
+    this.maintenanceWebsocketRepository.setAuthFn(async (client) => this.authenticate(client.request.headers));
+    this.maintenanceWebsocketRepository.setStatusUpdateFn((status) => (this.#status = status));
+
+    await this.logSecret();
+    void this.runAction(state.action);
+  }
+
   /**
    * {@link _BaseService.configRepos}
    */
@@ -55,22 +112,17 @@ export class MaintenanceWorkerService {
   /**
    * {@link _ServerService.getSystemConfig}
    */
-  async getSystemConfig() {
-    const config = await this.getConfig({ withCache: false });
-
+  getSystemConfig() {
     return {
-      loginPageMessage: config.server.loginPageMessage,
-      trashDays: config.trash.days,
-      userDeleteDelay: config.user.deleteDelay,
-      oauthButtonText: config.oauth.buttonText,
-      isInitialized: true,
-      isOnboarded: true,
-      externalDomain: config.server.externalDomain,
-      publicUsers: config.server.publicUsers,
-      mapDarkStyleUrl: config.map.darkStyle,
-      mapLightStyleUrl: config.map.lightStyle,
       maintenanceMode: true,
-    };
+    } as ServerConfigDto;
+  }
+
+  /**
+   * {@link _VersionService.getVersion}
+   */
+  getVersion() {
+    return ServerVersionResponseDto.fromSemVer(serverVersion);
   }
 
   /**
@@ -106,12 +158,99 @@ export class MaintenanceWorkerService {
     };
   }
 
-  private async secret(): Promise<string> {
-    const state = (await this.systemMetadataRepository.get(SystemMetadataKey.MaintenanceMode)) as {
-      secret: string;
-    };
+  /**
+   * {@link _StorageService.detectMediaLocation}
+   */
+  detectMediaLocation(): string {
+    const envData = this.configRepository.getEnv();
+    if (envData.storage.mediaLocation) {
+      return envData.storage.mediaLocation;
+    }
 
-    return state.secret;
+    const targets: string[] = [];
+    const candidates = ['/data', '/usr/src/app/upload'];
+
+    for (const candidate of candidates) {
+      const exists = this.storageRepository.existsSync(candidate);
+      if (exists) {
+        targets.push(candidate);
+      }
+    }
+
+    if (targets.length === 1) {
+      return targets[0];
+    }
+
+    return '/usr/src/app/upload';
+  }
+
+  /**
+   * {@link _DatabaseBackupService.listBackups}
+   */
+  async listBackups(): Promise<{ backups: { filename: string; filesize: number }[] }> {
+    const backups = await listDatabaseBackups(this.backupRepos);
+    return { backups };
+  }
+
+  /**
+   * {@link _DatabaseBackupService.deleteBackup}
+   */
+  async deleteBackup(files: string[]): Promise<void> {
+    return deleteDatabaseBackup(this.backupRepos, files);
+  }
+
+  /**
+   * {@link _DatabaseBackupService.uploadBackup}
+   */
+  async uploadBackup(file: Express.Multer.File): Promise<void> {
+    return uploadDatabaseBackup(this.backupRepos, file);
+  }
+
+  /**
+   * {@link _DatabaseBackupService.downloadBackup}
+   */
+  downloadBackup(fileName: string): ImmichFileResponse {
+    return downloadDatabaseBackup(fileName);
+  }
+
+  private get secret() {
+    if (!this.#secret) {
+      throw new Error('Secret is not initialised yet.');
+    }
+
+    return this.#secret;
+  }
+
+  private get backupRepos() {
+    return {
+      logger: this.logger,
+      storage: this.storageRepository,
+      config: this.configRepository,
+      process: this.processRepository,
+      database: this.databaseRepository,
+      health: this.maintenanceHealthRepository,
+    };
+  }
+
+  private getStatus(): MaintenanceStatusResponseDto {
+    return this.#status;
+  }
+
+  private getPublicStatus(): MaintenanceStatusResponseDto {
+    const state = structuredClone(this.#status);
+
+    if (state.error) {
+      state.error = 'Something went wrong, see logs!';
+    }
+
+    return state;
+  }
+
+  setStatus(status: MaintenanceStatusResponseDto): void {
+    this.#status = status;
+    this.maintenanceWebsocketRepository.serverSend('MaintenanceStatus', status);
+    this.maintenanceWebsocketRepository.clientSend('MaintenanceStatusV1', 'private', status);
+    this.maintenanceWebsocketRepository.clientSend('MaintenanceStatusV1', 'public', this.getPublicStatus());
   }
 
   async logSecret(): Promise<void> {
@@ -123,7 +262,7 @@ export class MaintenanceWorkerService {
       {
         username: 'immich-admin',
       },
-      await this.secret(),
+      this.secret,
     );
 
     this.logger.log(`\n\n🚧 Immich is in maintenance mode, you can log in using the following URL:\n${url}\n`);
@@ -134,28 +273,115 @@ export class MaintenanceWorkerService {
     return this.login(jwtToken);
   }
 
+  async status(potentiallyJwt?: string): Promise<MaintenanceStatusResponseDto> {
+    try {
+      await this.login(potentiallyJwt);
+      return this.getStatus();
+    } catch {
+      return this.getPublicStatus();
+    }
+  }
+
+  detectPriorInstall(): Promise<MaintenanceDetectInstallResponseDto> {
+    return detectPriorInstall(this.storageRepository);
+  }
+
   async login(jwt?: string): Promise<MaintenanceAuthDto> {
     if (!jwt) {
       throw new UnauthorizedException('Missing JWT Token');
     }
 
-    const secret = await this.secret();
-
     try {
-      const result = await jwtVerify<MaintenanceAuthDto>(jwt, new TextEncoder().encode(secret));
+      const result = await jwtVerify<MaintenanceAuthDto>(jwt, new TextEncoder().encode(this.secret));
       return result.payload;
     } catch {
       throw new UnauthorizedException('Invalid JWT Token');
     }
   }
 
-  async endMaintenance(): Promise<void> {
+  async setAction(action: SetMaintenanceModeDto) {
+    this.setStatus({
+      active: true,
+      action: action.action,
+    });
+
+    await this.runAction(action);
+  }
+
+  async runAction(action: SetMaintenanceModeDto) {
+    switch (action.action) {
+      case MaintenanceAction.Start: {
+        return;
+      }
+      case MaintenanceAction.End: {
+        return this.endMaintenance();
+      }
+      case MaintenanceAction.SelectDatabaseRestore: {
+        return;
+      }
+    }
+
+    const lock = await this.databaseRepository.tryLock(DatabaseLock.MaintenanceOperation);
+    if (!lock) {
+      return;
+    }
+
+    this.logger.log(`Running maintenance action ${action.action}`);
+
+    await this.systemMetadataRepository.set(SystemMetadataKey.MaintenanceMode, {
+      isMaintenanceMode: true,
+      secret: this.secret,
+      action: {
+        action: MaintenanceAction.Start,
+      },
+    });
+
+    try {
+      if (!action.restoreBackupFilename) {
+        throw new Error("Expected restoreBackupFilename but it's missing!");
+      }
+
+      await this.restoreBackup(action.restoreBackupFilename);
+    } catch (error) {
+      this.logger.error(`Encountered error running action: ${error}`);
+      this.setStatus({
+        active: true,
+        action: action.action,
+        task: 'error',
+        error: '' + error,
+      });
+    }
+  }
+
+  private async restoreBackup(filename: string): Promise<void> {
+    this.setStatus({
+      active: true,
+      action: MaintenanceAction.RestoreDatabase,
+      task: 'ready',
+      progress: 0,
+    });
+
+    await restoreDatabaseBackup(this.backupRepos, filename, (task, progress) =>
+      this.setStatus({
+        active: true,
+        action: MaintenanceAction.RestoreDatabase,
+        progress,
+        task,
+      }),
+    );
+
+    await this.setAction({
+      action: MaintenanceAction.End,
+    });
+  }
+
+  private async endMaintenance(): Promise<void> {
     const state: MaintenanceModeState = { isMaintenanceMode: false as const };
     await this.systemMetadataRepository.set(SystemMetadataKey.MaintenanceMode, state);
 
     // => corresponds to notification.service.ts#onAppRestart
-    this.maintenanceWorkerRepository.clientBroadcast('AppRestartV1', state);
-    this.maintenanceWorkerRepository.serverSend('AppRestart', state);
+    this.maintenanceWebsocketRepository.clientBroadcast('AppRestartV1', state);
+    this.maintenanceWebsocketRepository.serverSend('AppRestart', state);
     this.appRepository.exitApp();
   }
 }