diff --git a/0tests/data/secrets/photoprism.nix b/0tests/data/secrets/photoprism.nix new file mode 100644 index 0000000..17811ec --- /dev/null +++ b/0tests/data/secrets/photoprism.nix @@ -0,0 +1,4 @@ +{ + db.username = "photoprism"; + db.password = "photoprism"; +} diff --git a/2configs/home/photoprism.nix b/2configs/home/photoprism.nix new file mode 100644 index 0000000..aaccd73 --- /dev/null +++ b/2configs/home/photoprism.nix @@ -0,0 +1,146 @@ +{ pkgs, lib, ...}: +# Start | docker-compose up -d +# Stop | docker-compose stop +# Update | docker-compose pull +# Logs | docker-compose logs --tail=25 -f +# Terminal | docker-compose exec photoprism bash +# Help | docker-compose exec photoprism photoprism help +# Config | docker-compose exec photoprism photoprism config +# Reset | docker-compose exec photoprism photoprism reset +# Backup | docker-compose exec photoprism photoprism backup -a -i +# Restore | docker-compose exec photoprism photoprism restore -a -i +# Index | docker-compose exec photoprism photoprism index +# Reindex | docker-compose exec photoprism photoprism index -a +# Import | docker-compose exec photoprism photoprism import +# ------------------------------------------------------------------- +let + port = "2347"; + photodir = "/media/cryptX/photos"; + statedir = "/var/lib/photoprism/appsrv"; + db-dir = "/var/lib/photoprism/mysql"; + internal-ip = "192.168.1.11"; + sec = import ; +in +{ + virtualisation.oci-containers.backend = "docker"; + + services.nginx.virtualHosts."photos" = { + serverAliases = [ + "photos.lan" + "foto" "foto.lan" + "fotos" "fotos.lan" + ]; + + locations."/".proxyPass = "http://localhost:${port}"; + locations."/".proxyWebsockets = true; + extraConfig = '' + if ( $server_addr != "${internal-ip}" ) { + return 403; + } + ''; + }; + + systemd.services.workadventure-network = { + enable = true; + wantedBy = [ "multi-user.target" ]; + script = '' + ${pkgs.docker}/bin/docker network create --driver bridge photoprism ||: + ''; + after = [ "docker" ]; + before = [ + "docker-photoprism.service" + "docker-mysql-photoprism.service" + ]; + }; + + + virtualisation.oci-containers.containers.photoprism = { + image = "photoprism/photoprism:preview"; + ports = ["${port}:${port}" ]; + volumes = [ + "${photodir}:/photoprism/originals" + "${statedir}:/photoprism/storage" + ]; + extraOptions = [ + "--security-opt" "seccomp=unconfined" + "--security-opt" "apparmor=unconfined" + "--network=photoprism" + ]; + environment = { + PHOTOPRISM_HTTP_PORT = port; # Built-in Web server port + PHOTOPRISM_HTTP_COMPRESSION = "gzip"; # Improves transfer speed and bandwidth utilization (none or gzip) + PHOTOPRISM_DEBUG = "false"; # Run in debug mode (shows additional log messages) + PHOTOPRISM_PUBLIC = "true"; # No authentication required (disables password protection) + PHOTOPRISM_READONLY = "false"; # Don't modify originals directory (reduced functionality) + PHOTOPRISM_EXPERIMENTAL = "true"; # Enables experimental features + PHOTOPRISM_DISABLE_WEBDAV = "false"; # Disables built-in WebDAV server + PHOTOPRISM_DISABLE_SETTINGS = "false"; # Disables Settings in Web UI + PHOTOPRISM_DISABLE_TENSORFLOW = "false"; # Disables using TensorFlow for image classification + PHOTOPRISM_DARKTABLE_PRESETS = "false"; # Enables Darktable presets and disables concurrent RAW conversion + PHOTOPRISM_DETECT_NSFW = "false"; # Flag photos as private that MAY be offensive (requires TensorFlow) + PHOTOPRISM_UPLOAD_NSFW = "true"; # Allow uploads that MAY be offensive + + #PHOTOPRISM_DATABASE_DRIVER = "postgres"; + #PHOTOPRISM_DATABASE_SERVER = "postgres-prism:5432"; + #PHOTOPRISM_DATABASE_NAME = "photoprism"; + #PHOTOPRISM_DATABASE_USER = "photoprism"; + #PHOTOPRISM_DATABASE_PASSWORD = "photoprism"; + + PHOTOPRISM_DATABASE_DRIVER= "mysql"; # Use MariaDB (or MySQL) instead of SQLite for improved performance + PHOTOPRISM_DATABASE_SERVER= "mysql-photoprism:3306" ; # MariaDB database server (hostname:port) + PHOTOPRISM_DATABASE_NAME= "photoprism"; # MariaDB database schema name + PHOTOPRISM_DATABASE_USER= sec.db.username; # MariaDB database user name + PHOTOPRISM_DATABASE_PASSWORD= sec.db.password; # MariaDB database user password + + PHOTOPRISM_SITE_URL = "http://localhost:2342/"; # Public PhotoPrism URL + PHOTOPRISM_SITE_TITLE = "PhotoPrism"; + PHOTOPRISM_SITE_CAPTION = "FeMi Fotos"; + PHOTOPRISM_SITE_DESCRIPTION = "Unsere Fotos"; + PHOTOPRISM_SITE_AUTHOR = "FeMi"; + + }; + }; + + virtualisation.oci-containers.containers.mysql-photoprism = { + image = "mariadb:10.5"; + extraOptions = [ + "--security-opt" "seccomp=unconfined" + "--security-opt" "apparmor=unconfined" + "--network=photoprism" + ]; + ports = [ "3306:3306" ]; # no need to expose the database + #cmd = [ "mysqld" + # "--transaction-isolation=READ-COMMITTED" + # "--character-set-server=utf8mb4" + # "--collation-server=utf8mb4_unicode_ci" + # "--max-connections=512" + # "--innodb-rollback-on-timeout=OFF" + # "--innodb-lock-wait-timeout=50" + #]; + volumes= [ "${db-dir}:/var/lib/mysql" ]; + environment = { + MYSQL_ROOT_PASSWORD = "dickidibutt"; + MYSQL_DATABASE= "photoprism"; + MYSQL_USER = sec.db.username; + MYSQL_PASSWORD = sec.db.password; + }; + }; + #virtualisation.oci-containers.containers.postgres-prism = { + # image = "postgres:12-alpine"; + # ports = [ "5432" ]; # no need to expose the database + # environment = { + # POSTGRES_DB = "photoprism"; + # POSTGRES_USER = "photoprism"; + # POSTGRES_PASSWORD = "photoprism"; + # }; + #}; + + systemd.services.photoprism.serviceConfig = { + StandardOutput = lib.mkForce "journal"; + StandardError = lib.mkForce "journal"; + }; + systemd.services.mysql-photoprism.serviceConfig = { + StandardOutput = lib.mkForce "journal"; + StandardError = lib.mkForce "journal"; + }; +}