nixos/photoprism: init module · pyrox.dev/nixpkgs@fb9e8b9

+8

nixos/doc/manual/from_md/release-notes/rl-2305.section.xml

··· 99 99 <link xlink:href="options.html#opt-services.ulogd.enable">services.ulogd</link>. 100 100 </para> 101 101 </listitem> 102 + <listitem> 103 + <para> 104 + <link xlink:href="https://photoprism.app/">photoprism</link>, 105 + a AI-Powered Photos App for the Decentralized Web. Available 106 + as 107 + <link xlink:href="options.html#opt-services.photoprism.enable">services.photoprism</link>. 108 + </para> 109 + </listitem> 102 110 </itemizedlist> 103 111 </section> 104 112 <section xml:id="sec-release-23.05-incompatibilities">

+2

nixos/doc/manual/release-notes/rl-2305.section.md

··· 34 34 35 35 - [ulogd](https://www.netfilter.org/projects/ulogd/index.html), a userspace logging daemon for netfilter/iptables related logging. Available as [services.ulogd](options.html#opt-services.ulogd.enable). 36 36 37 + - [photoprism](https://photoprism.app/), a AI-Powered Photos App for the Decentralized Web. Available as [services.photoprism](options.html#opt-services.photoprism.enable). 38 + 37 39 ## Backward Incompatibilities {#sec-release-23.05-incompatibilities} 38 40 39 41

+1

nixos/modules/module-list.nix

··· 1165 1165 ./services/web-apps/peertube.nix 1166 1166 ./services/web-apps/pgpkeyserver-lite.nix 1167 1167 ./services/web-apps/phylactery.nix 1168 + ./services/web-apps/photoprism.nix 1168 1169 ./services/web-apps/pict-rs.nix 1169 1170 ./services/web-apps/plantuml-server.nix 1170 1171 ./services/web-apps/plausible.nix

+155

nixos/modules/services/web-apps/photoprism.nix

··· 1 + { config, pkgs, lib, ... }: 2 + let 3 + cfg = config.services.photoprism; 4 + 5 + env = { 6 + PHOTOPRISM_ORIGINALS_PATH = cfg.originalsPath; 7 + PHOTOPRISM_STORAGE_PATH = cfg.storagePath; 8 + PHOTOPRISM_IMPORT_PATH = cfg.importPath; 9 + PHOTOPRISM_HTTP_HOST = cfg.address; 10 + PHOTOPRISM_HTTP_PORT = toString cfg.port; 11 + } // ( 12 + lib.mapAttrs (_: toString) cfg.settings 13 + ); 14 + 15 + manage = 16 + let 17 + setupEnv = lib.concatStringsSep "\n" (lib.mapAttrsToList (name: val: "export ${name}=${lib.escapeShellArg val}") env); 18 + in 19 + pkgs.writeShellScript "manage" '' 20 + ${setupEnv} 21 + exec ${cfg.package}/bin/photoprism "$@" 22 + ''; 23 + in 24 + { 25 + meta.maintainers = with lib.maintainers; [ stunkymonkey ]; 26 + 27 + options.services.photoprism = { 28 + 29 + enable = lib.mkEnableOption (lib.mdDoc "Photoprism web server"); 30 + 31 + passwordFile = lib.mkOption { 32 + type = lib.types.nullOr lib.types.path; 33 + default = null; 34 + description = lib.mdDoc '' 35 + Admin password file. 36 + ''; 37 + }; 38 + 39 + address = lib.mkOption { 40 + type = lib.types.str; 41 + default = "localhost"; 42 + description = lib.mdDoc '' 43 + Web interface address. 44 + ''; 45 + }; 46 + 47 + port = lib.mkOption { 48 + type = lib.types.port; 49 + default = 2342; 50 + description = lib.mdDoc '' 51 + Web interface port. 52 + ''; 53 + }; 54 + 55 + originalsPath = lib.mkOption { 56 + type = lib.types.path; 57 + default = null; 58 + example = "/data/photos"; 59 + description = lib.mdDoc '' 60 + Storage path of your original media files (photos and videos). 61 + ''; 62 + }; 63 + 64 + importPath = lib.mkOption { 65 + type = lib.types.str; 66 + default = "import"; 67 + description = lib.mdDoc '' 68 + Relative or absolute to the `originalsPath` from where the files should be imported. 69 + ''; 70 + }; 71 + 72 + storagePath = lib.mkOption { 73 + type = lib.types.path; 74 + default = "/var/lib/photoprism"; 75 + description = lib.mdDoc '' 76 + Location for sidecar, cache, and database files. 77 + ''; 78 + }; 79 + 80 + package = lib.mkPackageOptionMD pkgs "photoprism" { }; 81 + 82 + settings = lib.mkOption { 83 + type = lib.types.attrsOf lib.types.str; 84 + default = { }; 85 + description = lib.mdDoc '' 86 + See [the getting-started guide](https://docs.photoprism.app/getting-started/config-options/) for available options. 87 + ''; 88 + example = { 89 + PHOTOPRISM_DEFAULT_LOCALE = "de"; 90 + PHOTOPRISM_ADMIN_USER = "root"; 91 + }; 92 + }; 93 + }; 94 + 95 + config = lib.mkIf cfg.enable { 96 + systemd.services.photoprism = { 97 + description = "Photoprism server"; 98 + 99 + serviceConfig = { 100 + Restart = "on-failure"; 101 + User = "photoprism"; 102 + Group = "photoprism"; 103 + DynamicUser = true; 104 + StateDirectory = "photoprism"; 105 + WorkingDirectory = "/var/lib/photoprism"; 106 + RuntimeDirectory = "photoprism"; 107 + 108 + LoadCredential = lib.optionalString (cfg.passwordFile != null) 109 + "PHOTOPRISM_ADMIN_PASSWORD:${cfg.passwordFile}"; 110 + 111 + CapabilityBoundingSet = ""; 112 + LockPersonality = true; 113 + PrivateDevices = true; 114 + PrivateUsers = true; 115 + ProtectClock = true; 116 + ProtectControlGroups = true; 117 + ProtectHome = true; 118 + ProtectHostname = true; 119 + ProtectKernelLogs = true; 120 + ProtectKernelModules = true; 121 + ProtectKernelTunables = true; 122 + RestrictAddressFamilies = [ "AF_UNIX" "AF_INET" "AF_INET6" ]; 123 + RestrictNamespaces = true; 124 + RestrictRealtime = true; 125 + SystemCallArchitectures = "native"; 126 + SystemCallFilter = [ "@system-service" "~@privileged @setuid @keyring" ]; 127 + UMask = "0066"; 128 + } // lib.optionalAttrs (cfg.port < 1024) { 129 + AmbientCapabilities = [ "CAP_NET_BIND_SERVICE" ]; 130 + CapabilityBoundingSet = [ "CAP_NET_BIND_SERVICE" ]; 131 + }; 132 + 133 + wantedBy = [ "multi-user.target" ]; 134 + environment = env; 135 + 136 + # reminder: easier password configuration will come in https://github.com/photoprism/photoprism/pull/2302 137 + preStart = '' 138 + ln -sf ${manage} photoprism-manage 139 + 140 + ${lib.optionalString (cfg.passwordFile != null) '' 141 + export PHOTOPRISM_ADMIN_PASSWORD=$(cat "$CREDENTIALS_DIRECTORY/PHOTOPRISM_ADMIN_PASSWORD") 142 + ''} 143 + exec ${cfg.package}/bin/photoprism migrations run -f 144 + ''; 145 + 146 + script = '' 147 + ${lib.optionalString (cfg.passwordFile != null) '' 148 + export PHOTOPRISM_ADMIN_PASSWORD=$(cat "$CREDENTIALS_DIRECTORY/PHOTOPRISM_ADMIN_PASSWORD") 149 + ''} 150 + exec ${cfg.package}/bin/photoprism start 151 + ''; 152 + }; 153 + }; 154 + } 155 +