diff --git a/services/default.nix b/services/default.nix index e6d6ff3..c129d03 100644 --- a/services/default.nix +++ b/services/default.nix @@ -14,6 +14,7 @@ ./nextcloud.nix ./nginx.nix ./paperless.nix + ./photoprism.nix ./pipewire.nix ./postgresql-backup.nix ./postgresql.nix diff --git a/services/photoprism.nix b/services/photoprism.nix new file mode 100644 index 0000000..09d6e52 --- /dev/null +++ b/services/photoprism.nix @@ -0,0 +1,84 @@ +{ + config, + lib, + pkgs, + ... +}: let + inherit + (lib) + mkEnableOption + mkIf + mkOption + ; + + cfg = config.my.services.photoprism; + my = config.my; + + domain = config.networking.domain; + hostname = config.networking.hostName; + fqdn = "${hostname}.${domain}"; +in { + options.my.services.photoprism = let + inherit (lib) types; + in { + enable = mkEnableOption "Photoprism config"; + + home = mkOption { + type = types.str; + default = "/var/lib/photoprism"; + example = "/var/lib/photoprism"; + description = "Home for the photoprism service, where data will be stored"; + }; + + port = mkOption { + type = types.port; + default = 2342; + example = 8080; + description = "Internal port for Photoprism webapp"; + }; + }; + + config = mkIf cfg.enable { + users.users.photoprism = { + isSystemUser = true; + home = cfg.home; + createHome = true; + group = "photoprism"; + }; + users.groups.photoprism = {}; + + services.nginx.virtualHosts = { + "photoprism.${domain}" = { + forceSSL = true; + useACMEHost = fqdn; + + listen = [ + # FIXME: hardcoded tailscale IP + { + addr = "100.80.61.67"; + port = 443; + ssl = true; + } + { + addr = "100.80.61.67"; + port = 80; + ssl = false; + } + ]; + + locations."/" = { + proxyPass = "http://127.0.0.1:${toString cfg.port}"; + proxyWebsockets = true; + }; + }; + }; + + security.acme.certs.${fqdn}.extraDomainNames = ["photoprism.${domain}"]; + + my.services.restic-backup = mkIf cfg.enable { + paths = [ + cfg.home + ]; + }; + }; +}