{lib, config, pkgs, ...}: let inherit (config.services.secrets) secrets; rclonePhotos = pkgs.writeShellScriptBin "rclone-photos" '' ${pkgs.rclone}/bin/rclone --config ${secrets.photos_rclone_config.path} "$@" ''; mountPhotos = pkgs.writeShellScriptBin "mount-photos" '' umount -flR /Photos || true ${rclonePhotos}/bin/rclone-photos mount Photos: /Photos \ --allow-other \ --uid=${toString config.users.users.photoprism.uid} \ --gid=${toString config.users.groups.photoprism.gid} \ --umask=666 \ --cache-dir=/PhotosCache \ --dir-cache-time=10m \ --vfs-cache-mode=full \ --vfs-cache-max-size=2g \ --vfs-cache-max-age=10m \ --log-level=INFO "$@" ''; inherit (lib.modules) mkMerge mkForce; inherit (builtins) toFile; in { environment.systemPackages = with pkgs; [ rclone rclonePhotos fuse fuse3 mountPhotos util-linux ]; systemd.tmpfiles.rules = [ "d /PhotosCache - photoprism photoprism" "d /Photos - photoprism photoprism" ]; users.users.photoprism = { isSystemUser = true; uid = 1290; group = "photoprism"; }; users.groups.photoprism.gid = 1290; services.photoprism = { enable = true; originalsPath = "/Photos"; config = { PHOTOPRISM_SITE_URL = "https://photoprism.owo.monster"; }; }; services.nginx.virtualHosts."photoprism.owo.monster" = { forceSSL = true; enableACME = true; locations = { "/" = { proxyPass = "http://127.0.0.1:${toString config.services.photoprism.port}"; proxyWebsockets = true; extraConfig = '' proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $host; proxy_buffering off; ''; }; }; }; programs.fuse.userAllowOther = true; systemd.services.photos-mount = { wantedBy = ["photoprism.service"]; partOf = ["photoprism.service"]; path = with pkgs; [ fuse fuse3 util-linux ]; serviceConfig.ExecStart = "${mountPhotos}/bin/mount-photos --syslog"; }; }