nixos/jackflix: Add PhotoPrism

2024-05-06 00:57:52 +01:00 · 2024-05-06 00:57:52 +01:00 · c6d5705097
commit c6d5705097
parent 6eefe97764
6 changed files with 66 additions and 1 deletions
--- a/lib/constants.nix
+++ b/lib/constants.nix
@ -12,6 +12,7 @@ rec {
      atticd = 403;
      kea = 404;
      keepalived_script = 405;
+      photoprism = 406;
    };
    gids = {
      matrix-syncv3 = 400;
@ -20,6 +21,7 @@ rec {
      atticd = 403;
      kea = 404;
      keepalived_script = 405;
+      photoprism = 406;
    };
  };

--- a/nixos/boxes/colony/vms/shill/containers/jackflix/default.nix
+++ b/nixos/boxes/colony/vms/shill/containers/jackflix/default.nix
@ -1,6 +1,8 @@
 { lib, ... }:
 let
+  inherit (lib) concatStringsSep;
  inherit (lib.my) net;
+  inherit (lib.my.c) pubDomain;
  inherit (lib.my.c.colony) domain prefixes;
 in
 {
@ -35,6 +37,9 @@ in

          secrets = {
            key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPUv1ntVrZv5ripsKpcOAnyDQX2PHjowzyhqWK10Ml53";
+            files = {
+              "jackflix/photoprism-pass.txt" = {};
+            };
          };
        };

@ -50,10 +55,16 @@ in
              uid = uids.jellyseerr;
              group = "jellyseerr";
            };
+            photoprism = {
+              isSystemUser = true;
+              uid = uids.photoprism;
+              group = "photoprism";
+            };
          };
          groups = {
            media.gid = 2000;
            jellyseerr.gid = gids.jellyseerr;
+            photoprism.gid = gids.photoprism;
          };
        };

@ -76,6 +87,10 @@ in
              RootDirectoryStartOnly = lib.mkForce false;
              RootDirectory = lib.mkForce "";
            };
+            photoprism.serviceConfig = {
+              # Needs to be able to access its data
+              DynamicUser = mkForce false;
+            };
          };
        };

@ -117,6 +132,24 @@ in
          };

          jellyfin.enable = true;
+
+          photoprism = {
+            enable = true;
+            address = "[::]";
+            port = 2342;
+            originalsPath = "/mnt/media/photoprism/originals";
+            importPath = "/mnt/media/photoprism/import";
+            passwordFile = config.age.secrets."jackflix/photoprism-pass.txt".path;
+            settings = {
+              PHOTOPRISM_AUTH_MODE = "password";
+              PHOTOPRISM_ADMIN_USER = "dev";
+              PHOTOPRISM_APP_NAME = "/dev/player0 Photos";
+              PHOTOPRISM_SITE_URL = "https://photos.${pubDomain}/";
+              PHOTOPRISM_SITE_TITLE = "/dev/player0 Photos";
+              PHOTOPRISM_TRUSTED_PROXY = concatStringsSep "," (with prefixes.ctrs; [ v4 v6 ]);
+              PHOTOPRISM_DATABASE_DRIVER = "sqlite";
+            };
+          };
        };
      };
    };
--- a/nixos/boxes/colony/vms/shill/containers/jackflix/networking.nix
+++ b/nixos/boxes/colony/vms/shill/containers/jackflix/networking.nix
@ -37,7 +37,7 @@ in
                tcp dport ${toString transmissionPeerPort} accept
                iifname vpn return

-                tcp dport { 19999, 9091, 9117, 7878, 8989, 8096 } accept
+                tcp dport { 19999, 9091, 9117, 7878, 8989, 8096, 2342 } accept
                return
              }
              chain input {
--- a/nixos/boxes/colony/vms/shill/containers/middleman/vhosts.nix
+++ b/nixos/boxes/colony/vms/shill/containers/middleman/vhosts.nix
@ -388,6 +388,14 @@ in
        locations."/".proxyPass = "http://object-ctr.${domain}:8088";
        useACMEHost = pubDomain;
      };
+      "photos.${pubDomain}" = {
+        locations."/" = {
+          proxyPass = "http://jackflix-ctr.${domain}:2342";
+          proxyWebsockets = true;
+          extraConfig = proxyHeaders;
+        };
+        useACMEHost = pubDomain;
+      };
    };

    minio =
--- a/nixos/modules/tmproot.nix
+++ b/nixos/modules/tmproot.nix
@ -496,6 +496,16 @@ in
      (mkIf (config.services ? "wastebin" && config.services.wastebin.enable) {
        my.tmproot.persistence.config.directories = [ "/var/lib/private/wastebin" ];
      })
+      (mkIf config.services.photoprism.enable {
+        my.tmproot.persistence.config.directories = [
+          {
+            directory = config.services.photoprism.storagePath;
+            mode = "0750";
+            user = "photoprism";
+            group = "photoprism";
+          }
+        ];
+      })
    ]))
  ]);

--- a/secrets/jackflix/photoprism-pass.txt.age
+++ b/secrets/jackflix/photoprism-pass.txt.age
@ -0,0 +1,12 @@
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IGhNYTRudyBGWFZS
+Umg0Zm44TlY2djBaSUNuRGdRSTFob290aHJ2a0xnL2ZXSE9qUndNCnBJUVNUcEpF
+M3F6UUYzanlENmM1Wm11WHllRzVyc1hEemtpT010ZjdKcFUKLT4gWDI1NTE5IHJV
+KzdZUm5HUldPdlBHcFd1L2lEMy84ZVBqL1BoRUdlTjVMMjQ0U0dmMUUKeXFDejl5
+TW5sVkJoQzFZb0R5MStoOFJKbUluN3gvTXBmd2E0MmR1ZHgxTQotPiB9SC1ncmVh
+c2UgbyBKbWN2WE1kCjdESDIwMkN4NXpxU3A1cnJLamRoUUpSN2x6U2VPaEhNODdn
+c05uSHBOQ0Q0a2FpY2RQc1hvUFVMZlJqdm53WjAKRGlvN1JjUnd2RWp2ZzN0Z3pv
+RVozT1lueWZhck40T1VMMkd5TjZOclFhamU5NjgKLS0tIFcvemlDZ1B5d1h4cHJI
+ejNuRFRERk5vU1BKbzZkUEtKSlk3K2NxTzFUQ1EK8tR8pcagaUMue5Rjz2BLNbU4
+8SL2h7FsScBnIHka3122jwjgxviwH7T0YfgHpZCf+yLwVg==
+-----END AGE ENCRYPTED FILE-----