photoprism: added photoprism

2024-06-23 21:04:27 +07:00 · 2024-06-23 21:04:27 +07:00 · 87ce0ba7b8
parent f0cdeb41b6
commit 87ce0ba7b8
5 changed files with 61 additions and 0 deletions
--- a/options/services.nix
+++ b/options/services.nix
@ -16,5 +16,6 @@ in
    jellyfin.enable = mkEnableOption "jellyfin";
    rust-motd.enable = mkEnableOption "rust-motd";
    wireguard.enable = mkEnableOption "wireguard";
+    photoprism.enable = mkEnableOption "photoprism";
  };
 }
--- a/profiles/homeserver.nix
+++ b/profiles/homeserver.nix
@ -50,6 +50,7 @@
      jellyfin.enable = true;
      rust-motd.enable = true;
      wireguard.enable = true;
+      photoprism.enable = true;
    };
  };
 }
--- a/secrets/photoprism.yaml
+++ b/secrets/photoprism.yaml
@ -0,0 +1,22 @@
+photoprism:
+    admin_password: ENC[AES256_GCM,data:t1r/fwZkRFHgx9g=,iv:F2tzhjtkFL31sT2d8yEokBagkVVv+0EgNWKOUwUU1Xo=,tag:keya0UMf7XE0VMq8nax89Q==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1kruum2varzua7w5n6n52vhwyek2arc685rhcwt0u7k2jf5mecsjslkl9ll
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpZ25oYW9zcjFtU1FhT2gv
+            ODZ1WmJzRWRBR1h5cWxOV1U1UXhnbVcxTlFRCmVIWUlTTUFBdWp0OTgyOUFSZGFK
+            UTdGbzlvQ1VGZDJVWXBnaUFJREdUNkEKLS0tIG1KdCtXRWF5WVJ6ZnBNWlBnQjNS
+            eUJUaXd3NDNrWXZnOEk0NUhjTmY4UHcKJ9HEaQ6Ymh1SlzjLkWMe1YhxEC2kR3sF
+            Q93kWOv6AwOnnypa9Sa+WGRs27Tp5XAAv/6Kmv+gkGMjPrL/H/SDuw==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2024-06-23T13:54:19Z"
+    mac: ENC[AES256_GCM,data:MYyinNaNmDJiT03xTg6qAZwtjVuDUVXoMF7fI3taMEC5mef43PNdzTT7s/4j2ul223vhg0hYpZunNlOpYtbPgIEh8oV6DycUQqWnpahwCtg5PWgwexb0Je6J7tIno/NF/9qgce1KgLy8qlQa20x4F1Lg/ZvEK6OujoCuc+yMFzU=,iv:+uEhLGXf/97iHhKvsD7D6YlKcTAHYAItxxA8p5g74N0=,tag:Kf5xkiF1aJ758ro5o4KwAg==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.8.1
--- a/system/services/default.nix
+++ b/system/services/default.nix
@ -13,5 +13,6 @@
    ./stubby.nix
    ./syncthing.nix
    ./wireguard.nix
+    ./photoprism.nix
  ];
 }
--- a/system/services/photoprism.nix
+++ b/system/services/photoprism.nix
@ -0,0 +1,36 @@
+{ config, lib, ... }:
+let
+  cfg = config.profile.services.photoprism;
+  photoDir = "/nas/photos";
+  domain = "photos.tigor.web.id";
+  user = config.profile.user;
+  uid = toString user.uid;
+  gid = toString user.gid;
+  inherit (lib) mkIf;
+in
+{
+  config = mkIf cfg.enable {
+    system.activationScripts.photoprism = ''
+      mkdir -p ${photoDir}
+      chown ${uid}:${gid} ${photoDir}
+    '';
+
+    users.groups.${user.name}.members = [ "photoprism" ];
+
+    services.caddy.virtualHosts.${domain}.extraConfig = ''
+      reverse_proxy 0.0.0.0:${toString config.services.photoprism.port}
+    '';
+    sops.secrets."photoprism/admin_password" = {
+      sopsFile = ../../secrets/photoprism.yaml;
+    };
+    services.photoprism = {
+      enable = true;
+      port = 44999;
+      originalsPath = photoDir;
+      passwordFile = config.sops.secrets."photoprism/admin_password".path;
+      settings = {
+        PHOTOPRISM_ADMIN_USER = "hutasuhut";
+      };
+    };
+  };
+}