nixos/jackflix: Add PhotoPrism

2024-05-06 00:57:52 +01:00
parent 6eefe97764
commit c6d5705097
6 changed files with 66 additions and 1 deletions
--- a/nixos/boxes/colony/vms/shill/containers/jackflix/default.nix
+++ b/nixos/boxes/colony/vms/shill/containers/jackflix/default.nix
@@ -1,6 +1,8 @@
 { lib, ... }:
 let
+  inherit (lib) concatStringsSep;
  inherit (lib.my) net;
+  inherit (lib.my.c) pubDomain;
  inherit (lib.my.c.colony) domain prefixes;
 in
 {
@@ -35,6 +37,9 @@ in

          secrets = {
            key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPUv1ntVrZv5ripsKpcOAnyDQX2PHjowzyhqWK10Ml53";
+            files = {
+              "jackflix/photoprism-pass.txt" = {};
+            };
          };
        };

@@ -50,10 +55,16 @@ in
              uid = uids.jellyseerr;
              group = "jellyseerr";
            };
+            photoprism = {
+              isSystemUser = true;
+              uid = uids.photoprism;
+              group = "photoprism";
+            };
          };
          groups = {
            media.gid = 2000;
            jellyseerr.gid = gids.jellyseerr;
+            photoprism.gid = gids.photoprism;
          };
        };

@@ -76,6 +87,10 @@ in
              RootDirectoryStartOnly = lib.mkForce false;
              RootDirectory = lib.mkForce "";
            };
+            photoprism.serviceConfig = {
+              # Needs to be able to access its data
+              DynamicUser = mkForce false;
+            };
          };
        };

@@ -117,6 +132,24 @@ in
          };

          jellyfin.enable = true;
+
+          photoprism = {
+            enable = true;
+            address = "[::]";
+            port = 2342;
+            originalsPath = "/mnt/media/photoprism/originals";
+            importPath = "/mnt/media/photoprism/import";
+            passwordFile = config.age.secrets."jackflix/photoprism-pass.txt".path;
+            settings = {
+              PHOTOPRISM_AUTH_MODE = "password";
+              PHOTOPRISM_ADMIN_USER = "dev";
+              PHOTOPRISM_APP_NAME = "/dev/player0 Photos";
+              PHOTOPRISM_SITE_URL = "https://photos.${pubDomain}/";
+              PHOTOPRISM_SITE_TITLE = "/dev/player0 Photos";
+              PHOTOPRISM_TRUSTED_PROXY = concatStringsSep "," (with prefixes.ctrs; [ v4 v6 ]);
+              PHOTOPRISM_DATABASE_DRIVER = "sqlite";
+            };
+          };
        };
      };
    };
--- a/nixos/boxes/colony/vms/shill/containers/jackflix/networking.nix
+++ b/nixos/boxes/colony/vms/shill/containers/jackflix/networking.nix
@@ -37,7 +37,7 @@ in
                tcp dport ${toString transmissionPeerPort} accept
                iifname vpn return

-                tcp dport { 19999, 9091, 9117, 7878, 8989, 8096 } accept
+                tcp dport { 19999, 9091, 9117, 7878, 8989, 8096, 2342 } accept
                return
              }
              chain input {
--- a/nixos/boxes/colony/vms/shill/containers/middleman/vhosts.nix
+++ b/nixos/boxes/colony/vms/shill/containers/middleman/vhosts.nix
@@ -388,6 +388,14 @@ in
        locations."/".proxyPass = "http://object-ctr.${domain}:8088";
        useACMEHost = pubDomain;
      };
+      "photos.${pubDomain}" = {
+        locations."/" = {
+          proxyPass = "http://jackflix-ctr.${domain}:2342";
+          proxyWebsockets = true;
+          extraConfig = proxyHeaders;
+        };
+        useACMEHost = pubDomain;
+      };
    };

    minio =