summaryrefslogtreecommitdiffstats
path: root/makefu/2configs/home/photoprism.nix
blob: aaccd73502f5113bd8bff982e446e70e53fb2b7b (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
{ pkgs, lib, ...}:
# Start    | docker-compose up -d
# Stop     | docker-compose stop
# Update   | docker-compose pull
# Logs     | docker-compose logs --tail=25 -f
# Terminal | docker-compose exec photoprism bash
# Help     | docker-compose exec photoprism photoprism help
# Config   | docker-compose exec photoprism photoprism config
# Reset    | docker-compose exec photoprism photoprism reset
# Backup   | docker-compose exec photoprism photoprism backup -a -i
# Restore  | docker-compose exec photoprism photoprism restore -a -i
# Index    | docker-compose exec photoprism photoprism index
# Reindex  | docker-compose exec photoprism photoprism index -a
# Import   | docker-compose exec photoprism photoprism import
# -------------------------------------------------------------------
let
  port = "2347";
  photodir = "/media/cryptX/photos";
  statedir = "/var/lib/photoprism/appsrv";
  db-dir = "/var/lib/photoprism/mysql";
  internal-ip = "192.168.1.11";
  sec = import <secrets/photoprism.nix>;
in
{
  virtualisation.oci-containers.backend = "docker";

  services.nginx.virtualHosts."photos" = {
    serverAliases = [
              "photos.lan"
      "foto"  "foto.lan"
      "fotos" "fotos.lan"
    ];

    locations."/".proxyPass = "http://localhost:${port}";
    locations."/".proxyWebsockets = true;
    extraConfig = ''
      if ( $server_addr != "${internal-ip}" ) {
        return 403;
      }
    '';
  };

  systemd.services.workadventure-network = {
    enable = true;
    wantedBy = [ "multi-user.target" ];
    script = ''
      ${pkgs.docker}/bin/docker network create --driver bridge photoprism ||:
    '';
    after = [ "docker" ];
    before = [
      "docker-photoprism.service"
      "docker-mysql-photoprism.service"
    ];
  };


  virtualisation.oci-containers.containers.photoprism = {
    image = "photoprism/photoprism:preview";
    ports = ["${port}:${port}" ];
    volumes = [
      "${photodir}:/photoprism/originals"
      "${statedir}:/photoprism/storage"
    ];
    extraOptions = [
      "--security-opt" "seccomp=unconfined"
      "--security-opt" "apparmor=unconfined"
      "--network=photoprism"
    ];
    environment = {
      PHOTOPRISM_HTTP_PORT = port;                     # Built-in Web server port
      PHOTOPRISM_HTTP_COMPRESSION = "gzip";            # Improves transfer speed and bandwidth utilization (none or gzip)
      PHOTOPRISM_DEBUG = "false";                      # Run in debug mode (shows additional log messages)
      PHOTOPRISM_PUBLIC = "true";                      # No authentication required (disables password protection)
      PHOTOPRISM_READONLY = "false";                   # Don't modify originals directory (reduced functionality)
      PHOTOPRISM_EXPERIMENTAL = "true";                # Enables experimental features
      PHOTOPRISM_DISABLE_WEBDAV = "false";             # Disables built-in WebDAV server
      PHOTOPRISM_DISABLE_SETTINGS = "false";           # Disables Settings in Web UI
      PHOTOPRISM_DISABLE_TENSORFLOW = "false";         # Disables using TensorFlow for image classification
      PHOTOPRISM_DARKTABLE_PRESETS = "false";          # Enables Darktable presets and disables concurrent RAW conversion
      PHOTOPRISM_DETECT_NSFW = "false";                # Flag photos as private that MAY be offensive (requires TensorFlow)
      PHOTOPRISM_UPLOAD_NSFW = "true";                 # Allow uploads that MAY be offensive

      #PHOTOPRISM_DATABASE_DRIVER = "postgres";
      #PHOTOPRISM_DATABASE_SERVER = "postgres-prism:5432";
      #PHOTOPRISM_DATABASE_NAME = "photoprism";
      #PHOTOPRISM_DATABASE_USER = "photoprism";
      #PHOTOPRISM_DATABASE_PASSWORD = "photoprism";

      PHOTOPRISM_DATABASE_DRIVER= "mysql";           # Use MariaDB (or MySQL) instead of SQLite for improved performance
      PHOTOPRISM_DATABASE_SERVER= "mysql-photoprism:3306" ;   # MariaDB database server (hostname:port)
      PHOTOPRISM_DATABASE_NAME= "photoprism";        # MariaDB database schema name
      PHOTOPRISM_DATABASE_USER= sec.db.username;        # MariaDB database user name
      PHOTOPRISM_DATABASE_PASSWORD= sec.db.password;      # MariaDB database user password

      PHOTOPRISM_SITE_URL = "http://localhost:2342/";  # Public PhotoPrism URL
      PHOTOPRISM_SITE_TITLE = "PhotoPrism";
      PHOTOPRISM_SITE_CAPTION = "FeMi Fotos";
      PHOTOPRISM_SITE_DESCRIPTION = "Unsere Fotos";
      PHOTOPRISM_SITE_AUTHOR = "FeMi";

    };
  };

  virtualisation.oci-containers.containers.mysql-photoprism = {
    image = "mariadb:10.5";
    extraOptions = [
      "--security-opt" "seccomp=unconfined"
      "--security-opt" "apparmor=unconfined"
      "--network=photoprism"
    ];
    ports = [ "3306:3306" ]; # no need to expose the database
    #cmd = [ "mysqld"
    #  "--transaction-isolation=READ-COMMITTED"
    #  "--character-set-server=utf8mb4"
    #  "--collation-server=utf8mb4_unicode_ci"
    #  "--max-connections=512"
    #  "--innodb-rollback-on-timeout=OFF"
    #  "--innodb-lock-wait-timeout=50"
    #];
    volumes= [ "${db-dir}:/var/lib/mysql" ];
    environment = {
      MYSQL_ROOT_PASSWORD = "dickidibutt";
      MYSQL_DATABASE= "photoprism";
      MYSQL_USER = sec.db.username;
      MYSQL_PASSWORD = sec.db.password;
    };
  };
  #virtualisation.oci-containers.containers.postgres-prism = {
  #  image = "postgres:12-alpine";
  #  ports = [ "5432" ]; # no need to expose the database
  #  environment = {
  #    POSTGRES_DB = "photoprism";
  #    POSTGRES_USER = "photoprism";
  #    POSTGRES_PASSWORD = "photoprism";
  #  };
  #};

  systemd.services.photoprism.serviceConfig = {
    StandardOutput = lib.mkForce "journal";
    StandardError = lib.mkForce "journal";
  };
  systemd.services.mysql-photoprism.serviceConfig = {
    StandardOutput = lib.mkForce "journal";
    StandardError = lib.mkForce "journal";
  };
}