hyl.st / helm
nix config
2
fork

Configure Feed

Select the types of activity you want to include in your feed.

add photoprism

Anish Lakhwara a377eb2f 1461881c

+216
+1
flake.nix
··· 222 222 self.nixosModules.wallabag 223 223 self.nixosModules.gonic 224 224 self.nixosModules.ulogger-server 225 + self.nixosModules.photoprism 225 226 grasp.nixosModule 226 227 home-manager.nixosModules.home-manager 227 228 {
+51
hosts/profiles/photoprism/default.nix
··· 1 + { self, pkgs, config, lib, ... }: 2 + 3 + { 4 + services.postgresql = { 5 + enable = true; 6 + ensureDatabases = [ "photoprism" ]; 7 + ensureUsers = [{ 8 + name = "photoprism"; 9 + ensurePermissions = { 10 + "DATABASE photoprism" = "ALL PRIVILEGES"; 11 + }; 12 + }]; 13 + }; 14 + 15 + services.photoprism = { 16 + enable = true; 17 + port = 2342; 18 + originalsPath = "/var/lib/private/photoprism/originals"; 19 + address = "0.0.0.0"; 20 + settings = { 21 + PHOTOPRISM_ADMIN_USER = "admin"; 22 + PHOTOPRISM_ADMIN_PASSWORD = "..."; 23 + PHOTOPRISM_DEFAULT_LOCALE = "en"; 24 + PHOTOPRISM_DATABASE_DRIVER = "postgres"; 25 + PHOTOPRISM_DATABASE_NAME = "photoprism"; 26 + PHOTOPRISM_DATABASE_SERVER = "/run/postgresql/"; 27 + PHOTOPRISM_DATABASE_USER = "photoprism"; 28 + PHOTOPRISM_SITE_URL = "http://photos.mossnet.lan:2342"; 29 + PHOTOPRISM_SITE_TITLE = "mossnet photos"; 30 + }; 31 + }; 32 + 33 + services.nginx.virtualHosts."photos.mossnet.lan" = { 34 + enableACME = false; 35 + forceSSL = false; 36 + recommendedOptimisation = true; 37 + recommendedGzipSettings = true; 38 + recommendedProxySettings = true; 39 + clientMaxBodySize = "500m"; 40 + locations."/" = { 41 + proxyPass = "http://127.0.0.1:2342"; 42 + extraConfig = '' 43 + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 44 + proxy_buffering off; 45 + proxy_http_version 1.1; 46 + proxy_set_header Upgrade $http_upgrade; 47 + proxy_set_header Connection "upgrade"; 48 + ''; 49 + }; 50 + }; 51 + }
+1
modules/nixos/default.nix
··· 10 10 backup = import ./backup.nix; 11 11 ulogger-server = import ./ulogger.nix; 12 12 microbin = import ./microbin.nix; 13 + photoprism = import ./photoprism.nix; #TODO remove once updated to 23.05, stolen from nixpkgs anyway 13 14 }
+154
modules/nixos/photoprism.nix
··· 1 + { config, pkgs, lib, ... }: 2 + let 3 + cfg = config.services.photoprism; 4 + 5 + env = { 6 + PHOTOPRISM_ORIGINALS_PATH = cfg.originalsPath; 7 + PHOTOPRISM_STORAGE_PATH = cfg.storagePath; 8 + PHOTOPRISM_IMPORT_PATH = cfg.importPath; 9 + PHOTOPRISM_HTTP_HOST = cfg.address; 10 + PHOTOPRISM_HTTP_PORT = toString cfg.port; 11 + } // ( 12 + lib.mapAttrs (_: toString) cfg.settings 13 + ); 14 + 15 + manage = 16 + let 17 + setupEnv = lib.concatStringsSep "\n" (lib.mapAttrsToList (name: val: "export ${name}=${lib.escapeShellArg val}") env); 18 + in 19 + pkgs.writeShellScript "manage" '' 20 + ${setupEnv} 21 + exec ${cfg.package}/bin/photoprism "$@" 22 + ''; 23 + in 24 + { 25 + meta.maintainers = with lib.maintainers; [ stunkymonkey ]; 26 + 27 + options.services.photoprism = { 28 + 29 + enable = lib.mkEnableOption (lib.mdDoc "Photoprism web server"); 30 + 31 + passwordFile = lib.mkOption { 32 + type = lib.types.nullOr lib.types.path; 33 + default = null; 34 + description = lib.mdDoc '' 35 + Admin password file. 36 + ''; 37 + }; 38 + 39 + address = lib.mkOption { 40 + type = lib.types.str; 41 + default = "localhost"; 42 + description = lib.mdDoc '' 43 + Web interface address. 44 + ''; 45 + }; 46 + 47 + port = lib.mkOption { 48 + type = lib.types.port; 49 + default = 2342; 50 + description = lib.mdDoc '' 51 + Web interface port. 52 + ''; 53 + }; 54 + 55 + originalsPath = lib.mkOption { 56 + type = lib.types.path; 57 + default = null; 58 + example = "/data/photos"; 59 + description = lib.mdDoc '' 60 + Storage path of your original media files (photos and videos). 61 + ''; 62 + }; 63 + 64 + importPath = lib.mkOption { 65 + type = lib.types.str; 66 + default = "import"; 67 + description = lib.mdDoc '' 68 + Relative or absolute to the `originalsPath` from where the files should be imported. 69 + ''; 70 + }; 71 + 72 + storagePath = lib.mkOption { 73 + type = lib.types.path; 74 + default = "/var/lib/photoprism"; 75 + description = lib.mdDoc '' 76 + Location for sidecar, cache, and database files. 77 + ''; 78 + }; 79 + 80 + package = lib.mkPackageOptionMD pkgs "photoprism" { }; 81 + 82 + settings = lib.mkOption { 83 + type = lib.types.attrsOf lib.types.str; 84 + default = { }; 85 + description = lib.mdDoc '' 86 + See [the getting-started guide](https://docs.photoprism.app/getting-started/config-options/) for available options. 87 + ''; 88 + example = { 89 + PHOTOPRISM_DEFAULT_LOCALE = "de"; 90 + PHOTOPRISM_ADMIN_USER = "root"; 91 + }; 92 + }; 93 + }; 94 + 95 + config = lib.mkIf cfg.enable { 96 + systemd.services.photoprism = { 97 + description = "Photoprism server"; 98 + 99 + serviceConfig = { 100 + Restart = "on-failure"; 101 + User = "photoprism"; 102 + Group = "photoprism"; 103 + DynamicUser = true; 104 + StateDirectory = "photoprism"; 105 + WorkingDirectory = "/var/lib/photoprism"; 106 + RuntimeDirectory = "photoprism"; 107 + 108 + LoadCredential = lib.optionalString (cfg.passwordFile != null) 109 + "PHOTOPRISM_ADMIN_PASSWORD:${cfg.passwordFile}"; 110 + 111 + CapabilityBoundingSet = ""; 112 + LockPersonality = true; 113 + PrivateDevices = true; 114 + PrivateUsers = true; 115 + ProtectClock = true; 116 + ProtectControlGroups = true; 117 + ProtectHome = true; 118 + ProtectHostname = true; 119 + ProtectKernelLogs = true; 120 + ProtectKernelModules = true; 121 + ProtectKernelTunables = true; 122 + RestrictAddressFamilies = [ "AF_UNIX" "AF_INET" "AF_INET6" ]; 123 + RestrictNamespaces = true; 124 + RestrictRealtime = true; 125 + SystemCallArchitectures = "native"; 126 + SystemCallFilter = [ "@system-service" "~@privileged @setuid @keyring" ]; 127 + UMask = "0066"; 128 + } // lib.optionalAttrs (cfg.port < 1024) { 129 + AmbientCapabilities = [ "CAP_NET_BIND_SERVICE" ]; 130 + CapabilityBoundingSet = [ "CAP_NET_BIND_SERVICE" ]; 131 + }; 132 + 133 + wantedBy = [ "multi-user.target" ]; 134 + environment = env; 135 + 136 + # reminder: easier password configuration will come in https://github.com/photoprism/photoprism/pull/2302 137 + preStart = '' 138 + ln -sf ${manage} photoprism-manage 139 + 140 + ${lib.optionalString (cfg.passwordFile != null) '' 141 + export PHOTOPRISM_ADMIN_PASSWORD=$(cat "$CREDENTIALS_DIRECTORY/PHOTOPRISM_ADMIN_PASSWORD") 142 + ''} 143 + exec ${cfg.package}/bin/photoprism migrations run -f 144 + ''; 145 + 146 + script = '' 147 + ${lib.optionalString (cfg.passwordFile != null) '' 148 + export PHOTOPRISM_ADMIN_PASSWORD=$(cat "$CREDENTIALS_DIRECTORY/PHOTOPRISM_ADMIN_PASSWORD") 149 + ''} 150 + exec ${cfg.package}/bin/photoprism start 151 + ''; 152 + }; 153 + }; 154 + }
+8
secrets/photoprism.age
··· 1 + age-encryption.org/v1 2 + -> ssh-ed25519 K2vF/Q gbzVy3hrykVeOCwjPo6Ma8tTTemdtiRwAtX96cA2viE 3 + NFSztfWodmZ4TQFBMgx9e1U2ZO37Nt/MKJEYBBrICrA 4 + -> s.pLZ.|-grease %UVo!F YgUB rG`)8.@w 5 + pYerZHERVJx3dldU27I9vIxh5mizU4cW4F1QTRxk646K0abW7H6rqp6Qyr096fLF 6 + c9egbGKMJFNgWoXWaauMaGCAV2D8km5DHSWVoEMZVkskQSprSUWh 7 + --- SANH4pgKXob6sZ/jhnqkgXFC9QzVbI81HqxvwiayK2Y 8 + ��4��ݞ� ��L�H�j��[� Șp(l�l@�G����R�r�)P�0Q?�G���a�f������
+1
secrets/secrets.nix
··· 17 17 "box-wg.age".publicKeys = [ mossnet ]; 18 18 "wallabag-password.age".publicKeys = [ mossnet ]; 19 19 "wallabag-secret.age".publicKeys = [ mossnet ]; 20 + "photoprism.age".publicKeys = [ mossnet ]; 20 21 21 22 "borg-password.age".publicKeys = systemOnly; 22 23 "borg-key.age".publicKeys = systemOnly;