From 39e831c857d7446ad5dc3933b977f607a10b5f6b Mon Sep 17 00:00:00 2001 From: chaos Date: Mon, 16 Dec 2024 13:49:39 +0000 Subject: [PATCH] start work on photoprism --- .../containers/storage/profiles/users.nix | 2 +- hosts/hetzner-arm/hetzner-arm.nix | 13 +---------- hosts/hetzner-arm/profiles/photoprism.nix | 22 +++++++++++++++++++ hosts/hetzner-arm/profiles/restic.nix | 2 +- hosts/hetzner-arm/profiles/vaultwarden.nix | 14 ++++++------ 5 files changed, 32 insertions(+), 21 deletions(-) create mode 100644 hosts/hetzner-arm/profiles/photoprism.nix diff --git a/hosts/hetzner-arm/containers/storage/profiles/users.nix b/hosts/hetzner-arm/containers/storage/profiles/users.nix index ed3312a..26eb1dc 100644 --- a/hosts/hetzner-arm/containers/storage/profiles/users.nix +++ b/hosts/hetzner-arm/containers/storage/profiles/users.nix @@ -7,4 +7,4 @@ isNormalUser = true; extraGroups = ["storage"]; }; -} \ No newline at end of file +} diff --git a/hosts/hetzner-arm/hetzner-arm.nix b/hosts/hetzner-arm/hetzner-arm.nix index 1fdfbf2..0f746f9 100644 --- a/hosts/hetzner-arm/hetzner-arm.nix +++ b/hosts/hetzner-arm/hetzner-arm.nix @@ -29,6 +29,7 @@ in { vault restic vaultwarden + photoprism ]) ./hardware.nix @@ -39,19 +40,7 @@ in { nixpkgs.overlays = [ (_final: prev: { - # So we don't need to build all Vault - # when we already are using vault-bin on this server vault = prev.vault-bin; - - # Have no need for HW Accel, hoping it works with this - jellyfin-ffmpeg = prev.ffmpeg_6-headless; - - ffmpeg = prev.ffmpeg-headless; - ffmpeg_4 = prev.ffmpeg_4-headless; - ffmpeg_5 = prev.ffmpeg_5-headless; - ffmpeg_6 = prev.ffmpeg_6-headless; - ffmpeg_7 = prev.ffmpeg_7-headless; - mpd = prev.mpd-headless; }) ]; diff --git a/hosts/hetzner-arm/profiles/photoprism.nix b/hosts/hetzner-arm/profiles/photoprism.nix new file mode 100644 index 0000000..632d7b1 --- /dev/null +++ b/hosts/hetzner-arm/profiles/photoprism.nix @@ -0,0 +1,22 @@ +{...}: { + services.photoprism = { + enable = true; + }; + + services.nginx.virtualHosts."vault.owo.monster" = { + forceSSL = true; + enableACME = true; + locations = { + "/" = { + proxyPass = "http://127.0.0.1:8200"; + proxyWebsockets = true; + extraConfig = '' + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header Host $host; + proxy_buffering off; + proxy_http_version 1.1; + ''; + }; + }; + }; +} diff --git a/hosts/hetzner-arm/profiles/restic.nix b/hosts/hetzner-arm/profiles/restic.nix index 0410262..7f0ed95 100644 --- a/hosts/hetzner-arm/profiles/restic.nix +++ b/hosts/hetzner-arm/profiles/restic.nix @@ -24,7 +24,7 @@ in { machinectl shell mail /usr/bin/env restic-mail $@ '') - (pkgs.writeShellScriptBin "restic-backup-all" '' + (pkgs.writeShellScriptBin "restic-backup-all" '' ${concatStringsSep "\n" (forEach (attrNames config.services.restic.backups) ( name: "systemctl start restic-backups-${name}.service" ))} diff --git a/hosts/hetzner-arm/profiles/vaultwarden.nix b/hosts/hetzner-arm/profiles/vaultwarden.nix index 3a0a303..4e31044 100644 --- a/hosts/hetzner-arm/profiles/vaultwarden.nix +++ b/hosts/hetzner-arm/profiles/vaultwarden.nix @@ -1,13 +1,13 @@ {pkgs, ...}: { services.vaultwarden = { enable = true; - backupDir = "/var/backup/vaultwarden"; - config = { - DOMAIN = "https://vaultwarden.owo.monster"; - ROCKET_ADDRESS = "127.0.0.1"; - ROCKET_PORT = 8222; - SIGNUPS_ALLOWED = false; - }; + backupDir = "/var/backup/vaultwarden"; + config = { + DOMAIN = "https://vaultwarden.owo.monster"; + ROCKET_ADDRESS = "127.0.0.1"; + ROCKET_PORT = 8222; + SIGNUPS_ALLOWED = false; + }; }; services.nginx.virtualHosts."vaultwarden.owo.monster" = {