nixfiles/hosts/hetzner-arm/profiles/photoprism.nix

120 lines
3.2 KiB
Nix
Raw Normal View History

2024-12-16 15:09:36 +00:00
{
lib,
config,
pkgs,
...
}: let
2024-12-16 14:21:37 +00:00
inherit (config.services.secrets) secrets;
rclonePhotos = pkgs.writeShellScriptBin "rclone-photos" ''
${pkgs.rclone}/bin/rclone --config ${secrets.photos_rclone_config.path} "$@"
'';
mountPhotos = pkgs.writeShellScriptBin "mount-photos" ''
umount -flR /Photos || true
${rclonePhotos}/bin/rclone-photos mount Photos: /Photos \
--allow-other \
--uid=${toString config.users.users.photoprism.uid} \
--gid=${toString config.users.groups.photoprism.gid} \
--umask=666 \
--cache-dir=/PhotosCache \
2024-12-16 17:33:46 +00:00
--dir-cache-time=1h \
2024-12-16 14:21:37 +00:00
--vfs-cache-mode=full \
2024-12-16 14:27:55 +00:00
--vfs-cache-max-size=2g \
--vfs-cache-max-age=10m \
2024-12-16 14:21:37 +00:00
--log-level=INFO "$@"
'';
2024-12-16 15:51:33 +00:00
inherit (lib.modules) mkForce;
2024-12-16 14:21:37 +00:00
inherit (builtins) toFile;
in {
environment.systemPackages = with pkgs; [
rclone
rclonePhotos
fuse
fuse3
mountPhotos
2024-12-16 14:27:55 +00:00
util-linux
2024-12-16 15:09:36 +00:00
(let
cfg = config.services.photoprism;
env =
{
PHOTOPRISM_ORIGINALS_PATH = cfg.originalsPath;
PHOTOPRISM_STORAGE_PATH = cfg.storagePath;
PHOTOPRISM_IMPORT_PATH = cfg.importPath;
PHOTOPRISM_HTTP_HOST = cfg.address;
PHOTOPRISM_HTTP_PORT = toString cfg.port;
}
// (lib.mapAttrs (_: toString) cfg.settings);
in
2024-12-16 15:13:23 +00:00
pkgs.writeShellScriptBin "photoprism-manage" ''
2024-12-16 15:09:36 +00:00
set -o allexport
${lib.toShellVars env}
eval "$(${config.systemd.package}/bin/systemctl show -pUID,MainPID photoprism.service | ${pkgs.gnused}/bin/sed "s/UID/ServiceUID/")"
exec ${pkgs.util-linux}/bin/nsenter \
-t $MainPID -m -S $ServiceUID -G $ServiceUID --wdns=${cfg.storagePath} \
${cfg.package}/bin/photoprism "$@"
'')
2024-12-16 14:21:37 +00:00
];
systemd.tmpfiles.rules = [
2024-12-16 14:37:23 +00:00
"d /PhotosCache - photoprism photoprism"
"d /Photos - photoprism photoprism"
2024-12-16 14:21:37 +00:00
];
users.users.photoprism = {
isSystemUser = true;
uid = 1290;
group = "photoprism";
};
users.groups.photoprism.gid = 1290;
2024-12-16 13:49:39 +00:00
services.photoprism = {
enable = true;
2024-12-16 15:42:48 +00:00
originalsPath = "/Photos/originals";
2024-12-16 14:48:23 +00:00
settings = {
2024-12-16 14:47:50 +00:00
PHOTOPRISM_SITE_URL = "https://photoprism.owo.monster";
2024-12-16 15:42:48 +00:00
PHOTOPRISM_SITE_TITLE = "PhotoPrism";
PHOTOPRISM_SIDECAR_PATH = "/Photos/sidecar";
2024-12-16 16:11:45 +00:00
PHOTOPRISM_DISABLE_TENSORFLOW = "false";
2024-12-16 15:42:48 +00:00
PHOTOPRISM_DISABLE_PLACES = "true";
2024-12-16 15:11:16 +00:00
PHOTOPRISM_DETECT_NSFW = "false";
PHOTOPRISM_UPLOAD_NSFW = "true";
2024-12-16 15:28:51 +00:00
PHOTOPRISM_DISABLE_FACES = "true";
2024-12-16 16:11:45 +00:00
PHOTOPRISM_DISABLE_CLASSIFICATION = "false";
2024-12-16 14:47:50 +00:00
};
2024-12-16 13:49:39 +00:00
};
2024-12-16 15:42:48 +00:00
systemd.services.photoprism.serviceConfig = {
2024-12-16 15:51:33 +00:00
DynamicUser = mkForce false;
2024-12-16 15:42:48 +00:00
ReadWritePaths = [ "/Photos" ];
};
2024-12-16 14:40:52 +00:00
services.nginx.virtualHosts."photoprism.owo.monster" = {
2024-12-16 13:49:39 +00:00
forceSSL = true;
enableACME = true;
locations = {
"/" = {
2024-12-16 14:41:42 +00:00
proxyPass = "http://127.0.0.1:${toString config.services.photoprism.port}";
2024-12-16 13:49:39 +00:00
proxyWebsockets = true;
};
};
};
2024-12-16 14:21:37 +00:00
programs.fuse.userAllowOther = true;
systemd.services.photos-mount = {
wantedBy = ["photoprism.service"];
partOf = ["photoprism.service"];
path = with pkgs; [
fuse
fuse3
2024-12-16 14:27:55 +00:00
util-linux
2024-12-16 14:21:37 +00:00
];
serviceConfig.ExecStart = "${mountPhotos}/bin/mount-photos --syslog";
};
2024-12-16 15:09:36 +00:00
}