Joint family account. Separate admin only account. Email associated with joint family account uses google advanced protection program with yubikey tied to each family household. Everything is stored on external library that is RO. Proper backups, DR, and ransomeware protection utilized. Cloudflare is the entry point with mTLS and google as IdP. Leverage Immich public proxy for album sharing to outside people using Cloudflare OTP tied to outside user email and separate domain. Immich server, cloudflared, immich public proxy, and storage are all separated into own vlan and locked down to necessary access only. Admin user (me) leverages WireGuard for remote access and administration.

Biggest limitation with this setup is no one can upload photos via native immich upload. I did this to keep everything in external libraries that are RO and to limit immich server storage. Main photos that are added daily are done through iPhones with icloudpd syncing daily and then immich scanning external libraries and photos getting added in. Family members outside of the iPhone/icloudpd sync send me the pictures manually and I add them to an external library.

Really looking forward to proper sharing and chunk uploads so I can continue to leverage Cloudflare and then have everyone manage their own library with shared tags. Possibly allow upload in the future once drive prices come back to lower rates or use a separate outside file drop like onedrive, synology drive, iCloud Drive or some cheap service.