From 87ce0ba7b8f24d155d083dc25490cd2cb0e6a4d3 Mon Sep 17 00:00:00 2001 From: Tigor Hutasuhut Date: Sun, 23 Jun 2024 21:04:27 +0700 Subject: [PATCH] photoprism: added photoprism --- options/services.nix | 1 + profiles/homeserver.nix | 1 + secrets/photoprism.yaml | 22 +++++++++++++++++++++ system/services/default.nix | 1 + system/services/photoprism.nix | 36 ++++++++++++++++++++++++++++++++++ 5 files changed, 61 insertions(+) create mode 100644 secrets/photoprism.yaml create mode 100644 system/services/photoprism.nix diff --git a/options/services.nix b/options/services.nix index 3800bcd..14100ce 100644 --- a/options/services.nix +++ b/options/services.nix @@ -16,5 +16,6 @@ in jellyfin.enable = mkEnableOption "jellyfin"; rust-motd.enable = mkEnableOption "rust-motd"; wireguard.enable = mkEnableOption "wireguard"; + photoprism.enable = mkEnableOption "photoprism"; }; } diff --git a/profiles/homeserver.nix b/profiles/homeserver.nix index e5a7606..44c9b0b 100644 --- a/profiles/homeserver.nix +++ b/profiles/homeserver.nix @@ -50,6 +50,7 @@ jellyfin.enable = true; rust-motd.enable = true; wireguard.enable = true; + photoprism.enable = true; }; }; } diff --git a/secrets/photoprism.yaml b/secrets/photoprism.yaml new file mode 100644 index 0000000..ed5997f --- /dev/null +++ b/secrets/photoprism.yaml @@ -0,0 +1,22 @@ +photoprism: + admin_password: ENC[AES256_GCM,data:t1r/fwZkRFHgx9g=,iv:F2tzhjtkFL31sT2d8yEokBagkVVv+0EgNWKOUwUU1Xo=,tag:keya0UMf7XE0VMq8nax89Q==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1kruum2varzua7w5n6n52vhwyek2arc685rhcwt0u7k2jf5mecsjslkl9ll + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpZ25oYW9zcjFtU1FhT2gv + ODZ1WmJzRWRBR1h5cWxOV1U1UXhnbVcxTlFRCmVIWUlTTUFBdWp0OTgyOUFSZGFK + UTdGbzlvQ1VGZDJVWXBnaUFJREdUNkEKLS0tIG1KdCtXRWF5WVJ6ZnBNWlBnQjNS + eUJUaXd3NDNrWXZnOEk0NUhjTmY4UHcKJ9HEaQ6Ymh1SlzjLkWMe1YhxEC2kR3sF + Q93kWOv6AwOnnypa9Sa+WGRs27Tp5XAAv/6Kmv+gkGMjPrL/H/SDuw== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-06-23T13:54:19Z" + mac: ENC[AES256_GCM,data:MYyinNaNmDJiT03xTg6qAZwtjVuDUVXoMF7fI3taMEC5mef43PNdzTT7s/4j2ul223vhg0hYpZunNlOpYtbPgIEh8oV6DycUQqWnpahwCtg5PWgwexb0Je6J7tIno/NF/9qgce1KgLy8qlQa20x4F1Lg/ZvEK6OujoCuc+yMFzU=,iv:+uEhLGXf/97iHhKvsD7D6YlKcTAHYAItxxA8p5g74N0=,tag:Kf5xkiF1aJ758ro5o4KwAg==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.8.1 diff --git a/system/services/default.nix b/system/services/default.nix index 0d7ca99..0a82fce 100644 --- a/system/services/default.nix +++ b/system/services/default.nix @@ -13,5 +13,6 @@ ./stubby.nix ./syncthing.nix ./wireguard.nix + ./photoprism.nix ]; } diff --git a/system/services/photoprism.nix b/system/services/photoprism.nix new file mode 100644 index 0000000..d5cacc5 --- /dev/null +++ b/system/services/photoprism.nix @@ -0,0 +1,36 @@ +{ config, lib, ... }: +let + cfg = config.profile.services.photoprism; + photoDir = "/nas/photos"; + domain = "photos.tigor.web.id"; + user = config.profile.user; + uid = toString user.uid; + gid = toString user.gid; + inherit (lib) mkIf; +in +{ + config = mkIf cfg.enable { + system.activationScripts.photoprism = '' + mkdir -p ${photoDir} + chown ${uid}:${gid} ${photoDir} + ''; + + users.groups.${user.name}.members = [ "photoprism" ]; + + services.caddy.virtualHosts.${domain}.extraConfig = '' + reverse_proxy 0.0.0.0:${toString config.services.photoprism.port} + ''; + sops.secrets."photoprism/admin_password" = { + sopsFile = ../../secrets/photoprism.yaml; + }; + services.photoprism = { + enable = true; + port = 44999; + originalsPath = photoDir; + passwordFile = config.sops.secrets."photoprism/admin_password".path; + settings = { + PHOTOPRISM_ADMIN_USER = "hutasuhut"; + }; + }; + }; +}