services.photoprism: init

2024-10-23 05:39:05 +08:00 · 2023-10-04 11:06:37 +08:00 · 2023-10-04 11:06:37 +08:00 · 990a5cf0be
commit 990a5cf0be
parent 2cbe5945b7
8 changed files with 107 additions and 2 deletions
--- a/flake.nix
+++ b/flake.nix
@ -389,6 +389,7 @@
                vaultwarden.enable = true;
                meilisearch.ioLimitDevice = "/dev/mapper/root";
                beesd = { enable = false; instances.root = { device = "/"; hashTableSizeMB = 1024; }; };
+                photoprism.enable = true;
              };
            };})
          ];
--- a/modules/services/default.nix
+++ b/modules/services/default.nix
@ -22,6 +22,7 @@ inputs:
    ./beesd.nix
    ./snapper.nix
    ./mariadb.nix
+    ./photoprism.nix
  ];
  options.nixos.services = let inherit (inputs.lib) mkOption types; in
  {
--- a/modules/services/mariadb.nix
+++ b/modules/services/mariadb.nix
@ -27,6 +27,7 @@ inputs:
        mysql =
        {
          enable = true;
+          package = inputs.pkgs.mariadb;
          ensureDatabases = map (db: db.value.database) (attrsToList mariadb.instances);
          ensureUsers = map (db: { name = db.value.user; }) (attrsToList mariadb.instances);
        };
--- a/modules/services/nginx/applications/default.nix
+++ b/modules/services/nginx/applications/default.nix
@ -6,5 +6,6 @@ inputs:
    ./synapse.nix
    ./vaultwarden.nix
    ./element.nix
+    ./photoprism.nix
  ];
 }
--- a/modules/services/nginx/applications/photoprism.nix
+++ b/modules/services/nginx/applications/photoprism.nix
@ -0,0 +1,45 @@
+inputs:
+{
+  options.nixos.services.nginx.applications.photoprism.instances = let inherit (inputs.lib) mkOption types; in mkOption
+  {
+    type = types.attrsOf (types.submodule (submoduleInputs: { options =
+    {
+      hostname = mkOption { type = types.nonEmptyStr; default = submoduleInputs.config._module.args.name; };
+      upstream = mkOption
+      {
+        type = types.oneOf [ types.nonEmptyStr (types.submodule { options =
+        {
+          address = mkOption { type = types.nonEmptyStr; default = "127.0.0.1"; };
+          port = mkOption { type = types.ints.unsigned; default = 2342; };
+        };})];
+        default = "127.0.0.1:9726";
+      };
+    };}));
+    default = {};
+  };
+  config =
+    let
+      inherit (inputs.config.nixos.services.nginx.applications.photoprism) instances;
+      inherit (inputs.localLib) attrsToList;
+      inherit (builtins) map listToAttrs toString;
+    in
+    {
+      nixos.services.nginx.http = listToAttrs (map
+        (proxy: with proxy.value;
+        {
+          name = hostname;
+          value =
+          {
+            rewriteHttps = true;
+            locations."/".proxy =
+            {
+              upstream = if builtins.typeOf upstream == "string" then "http://${upstream}"
+                else "http://${upstream.address}:${toString upstream.port}";
+              websocket = true;
+              setHeaders.Host = hostname;
+            };
+          };
+        })
+        (attrsToList instances));
+    };
+}
--- a/modules/services/photoprism.nix
+++ b/modules/services/photoprism.nix
@ -0,0 +1,47 @@
+inputs:
+{
+  options.nixos.services.photoprism = let inherit (inputs.lib) mkOption types; in
+  {
+    enable = mkOption { type = types.bool; default = false; };
+    hostname = mkOption { type = types.str; default = "photoprism.chn.moe"; };
+    port = mkOption { type = types.ints.unsigned; default = 2342; };
+  };
+  config =
+    let
+      inherit (inputs.lib) mkIf;
+      inherit (inputs.config.nixos.services) photoprism;
+    in mkIf photoprism.enable
+    {
+      services.photoprism =
+      {
+        enable = true;
+        originalsPath = inputs.config.services.photoprism.storagePath + "/originals";
+        settings =
+        {
+          PHOTOPRISM_SITE_URL = "https://${photoprism.hostname}";
+          PHOTOPRISM_HTTP_PORT = "${toString photoprism.port}";
+          PHOTOPRISM_DISABLE_TLS = "true";
+          PHOTOPRISM_DETECT_NSFW = "true";
+          PHOTOPRISM_UPLOAD_NSFW = "true";
+          PHOTOPRISM_DATABASE_DRIVER = "mysql";
+          PHOTOPRISM_DATABASE_SERVER = "127.0.0.1:3306";
+        };
+      };
+      systemd.services.photoprism =
+      {
+        after = [ "mariadb.service" ];
+        requires = [ "mariadb.service" ];
+        serviceConfig.EnvironmentFile = inputs.config.sops.templates."photoprism/env".path; 
+      };
+      sops =
+      {
+        templates."photoprism/env".content = let placeholder = inputs.config.sops.placeholder; in
+        ''
+          PHOTOPRISM_ADMIN_PASSWORD=${placeholder."photoprism/adminPassword"}
+          PHOTOPRISM_DATABASE_PASSWORD=${placeholder."mariadb/photoprism"}
+        '';
+        secrets."photoprism/adminPassword" = {}; 
+      };
+      nixos.services.mariadb = { enable = true; instances.photoprism = {}; };
+    };
+}
--- a/modules/system/impermanence.nix
+++ b/modules/system/impermanence.nix
@ -69,6 +69,11 @@ inputs:
              if inputs.config.nixos.virtualization.kvmHost.enable then
                [{ directory = "/var/lib/libvirt/images"; mode = "0711"; }]
              else []
+            )
+            ++ (
+              if inputs.config.nixos.services.mariadb.enable then let user = inputs.config.users.users.mysql; in
+                [{ directory = "/var/lib/mysql"; user = user.name; group = user.group; mode = "0750"; }]
+              else []
            );
        };
      };
--- a/secrets/vps7.yaml
+++ b/secrets/vps7.yaml
@ -37,6 +37,10 @@ nebula:
    key: ENC[AES256_GCM,data:9o6EkfTWOU0KwnJsgHML4E7VOfzo3LHnlOkV8ubhi6aayXImC3lAaoPrqUI=,iv:KHprijN7z+4FIIW+D5klDM9a9VzMJ5xawPc7jJtbHmk=,tag:0DAmxoz8D5f38ndPbkNW+g==,type:str]
 vaultwarden:
    admin_token: ENC[AES256_GCM,data:muavuOY88Lm4rSEoCp4IIPp7Z+sqf36VwpnPgf+K6IwwFkUgYM1GO80ogReYWqqUM6ij1Yzl5D9ncUbq+aGTKQ==,iv:jA4MRJlz71CMmPnWjb2tGbbIoMkEsESUowhXDckKKMI=,tag:l0HaJmnU29YeFUxjOgN3Kg==,type:str]
+mariadb:
+    photoprism: ENC[AES256_GCM,data:TF1SZVFnvzyE+7vrHYYUS4Juqhbiw9QcJx7p3Xj88xyBFcTqS1YjzAKs/9GQ1PuzdBrt6hXm/XtJILHiuktnSg==,iv:sd9sQEuIePL6LzUYbFtmdecJ57sMrkF0coalBf8KFqQ=,tag:P/knaKYTJ+aXu4l6IixISA==,type:str]
+photoprism:
+    adminPassword: ENC[AES256_GCM,data:gB81joOfS8h05BNy2YmD/N0cpLPa/vAduDcQBeHiY/WkcnvqSXnXsOfnvbP74KQfoP4W35oFkfyGVPUBSB83tg==,iv:AkN2NoqMXVHQA9fHTTR7xbEapEqy/D61mHn7O23hyYk=,tag:WV+siDA3VnRkOYnP4Z9Qhw==,type:str]
 sops:
    kms: []
    gcp_kms: []
@ -61,8 +65,8 @@ sops:
            SnFHS1Z0SXUzTFdEd29KTy9DU3Y3R0UKfhh+rUmWDrf+UGjclP57dHipPLFoXSqy
            HdelmfV6q4/c7ppx2E+oZw3VNgoZCsrxxzYZfwxHJiZb+5vkE0D8iA==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2023-10-03T10:45:14Z"
-    mac: ENC[AES256_GCM,data:dTFsYradzzxlcm3nUApxLwEwUabACPe7J02WUHOEorMIV43QDYqn9tdvclTcfVD7As/b3Mfk+ZYYiAtIB40IiFJFUVk52e7IBOrg7nb724ZQBA2QAmYxk4I+I5lwXaX4zRIP/AiFcqOFcSVoHXJyFyQeuF/7HrXAQ4H2JsM2Vdo=,iv:01BALeMnxiAhgZRSLWJVNfUjbgMq2aSmNiKQ0dpT/KY=,tag:0d9Oa8eGazcsfb6e/0L/Mw==,type:str]
+    lastmodified: "2023-10-04T02:57:49Z"
+    mac: ENC[AES256_GCM,data:IMDUB1yP23qhDyP+erbw7TsS0hl9Fzu/SKjMFmt/8qzH5OoJ/qDVYEQGOMaWjsLVtUWM8rNn3UkSje0NT1psQOPg23PFXWSaP+OktV1dZ6uqJcZ53LGV5jMIPmSjD8q5R3DJixctYBnhozRtwJiNLLptSHBPK82YZtH3jEW9Sus=,iv:fkK0bhXZncQwMmTdcdqM65+yMOnBlwZpa+NQ5LW/uBk=,tag:aO881OMoch0GsIhiC4awTw==,type:str]
    pgp: []
    unencrypted_suffix: _unencrypted
    version: 3.7.3