From 5c5daa49b7af4a42ae5d91c20eb73abd166bda26 Mon Sep 17 00:00:00 2001
From: Jimbo <jimjam4real@gmail.com>
Date: Tue, 10 Sep 2024 14:45:28 -0400
Subject: [PATCH] Add photoprism properly

---
 flake.lock                         |  18 ++++++++---------
 nixos/hardware/machines/server.nix |   5 +++++
 nixos/server.nix                   |   1 +
 nixos/server/mariadb.nix           |  11 +++++++++--
 nixos/server/photoprism.nix        |  30 +++++++++++++++++++++++++++++
 nixos/server/wireguard.nix         |   4 ----
 secrets.nix                        | Bin 2175 -> 2174 bytes
 7 files changed, 54 insertions(+), 15 deletions(-)
 create mode 100644 nixos/server/photoprism.nix

diff --git a/flake.lock b/flake.lock
index 45532cb8..6765d2fe 100644
--- a/flake.lock
+++ b/flake.lock
@@ -167,11 +167,11 @@
     },
     "nixos-hardware": {
       "locked": {
-        "lastModified": 1725716377,
-        "narHash": "sha256-7NzW9O/cAw7iWzRfh7Oo/SuSudL4a1YTKS6yoh3tMck=",
+        "lastModified": 1725885300,
+        "narHash": "sha256-5RLEnou1/GJQl+Wd+Bxaj7QY7FFQ9wjnFq1VNEaxTmc=",
         "owner": "nixos",
         "repo": "nixos-hardware",
-        "rev": "04a1cda0c1725094a4db703cccbb956b7558f5a6",
+        "rev": "166dee4f88a7e3ba1b7a243edb1aca822f00680e",
         "type": "github"
       },
       "original": {
@@ -298,11 +298,11 @@
     },
     "nixpkgs_5": {
       "locked": {
-        "lastModified": 1725693463,
-        "narHash": "sha256-ZPzhebbWBOr0zRWW10FfqfbJlan3G96/h3uqhiFqmwg=",
+        "lastModified": 1725826545,
+        "narHash": "sha256-L64N1rpLlXdc94H+F6scnrbuEu+utC03cDDVvvJGOME=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "68e7dce0a6532e876980764167ad158174402c6f",
+        "rev": "f4c846aee8e1e29062aa8514d5e0ab270f4ec2f9",
         "type": "github"
       },
       "original": {
@@ -314,11 +314,11 @@
     },
     "nur": {
       "locked": {
-        "lastModified": 1725854666,
-        "narHash": "sha256-Peccz5solKBUlGtN5vfWHxbd0Mxks+feh1TU/A7hZTg=",
+        "lastModified": 1725914786,
+        "narHash": "sha256-IUEPseZohbNJi9eFFWUhTnkpceZLMj0B62TtCkLo2ZY=",
         "owner": "nix-community",
         "repo": "NUR",
-        "rev": "4448858f13f127db4c8055e2bf6fe6e1257ba8ea",
+        "rev": "b121603cbc4551eda8c055bae01d08e9ecedb529",
         "type": "github"
       },
       "original": {
diff --git a/nixos/hardware/machines/server.nix b/nixos/hardware/machines/server.nix
index b0c065d0..cd9eb346 100644
--- a/nixos/hardware/machines/server.nix
+++ b/nixos/hardware/machines/server.nix
@@ -86,6 +86,11 @@
       fsType = "none";
       options = [ "bind" ];
     };
+    "/var/lib/private/photoprism/originals" = {
+      device = "/export/JimboNFS/Photos/Galleries";
+      fsType = "none";
+      options = [ "bind" ];
+    };
   };
   swapDevices = [
     { device = "/dev/disk/by-uuid/ec422cad-bf93-4b15-b989-2c807f1073a4"; }
diff --git a/nixos/server.nix b/nixos/server.nix
index 3cfb4c3e..132a3254 100644
--- a/nixos/server.nix
+++ b/nixos/server.nix
@@ -33,6 +33,7 @@
     ./server/nfs.nix
     ./server/nginx.nix
     ./server/owncast.nix
+    ./server/photoprism.nix
     #./server/pixelfed.nix
     ./server/minecraft
     ./server/vaultwarden.nix
diff --git a/nixos/server/mariadb.nix b/nixos/server/mariadb.nix
index fc4b8a17..8848e802 100644
--- a/nixos/server/mariadb.nix
+++ b/nixos/server/mariadb.nix
@@ -3,8 +3,9 @@
     enable = true;
     package = pkgs.mariadb;
     dataDir = "/var/lib/mysql";
-    initialDatabases = [
-      { name = "minecraft"; }
+    ensureDatabases = [
+      "minecraft"
+      "photoprism"
     ];
     ensureUsers = [
       {
@@ -13,6 +14,12 @@
           "minecraft.*" = "ALL PRIVILEGES";
         };
       }
+      {
+        name = "photoprism";
+        ensurePermissions = {
+          "photoprism.*" = "ALL PRIVILEGES";
+        };
+      }
     ];
   };
 }
diff --git a/nixos/server/photoprism.nix b/nixos/server/photoprism.nix
new file mode 100644
index 00000000..c66fc245
--- /dev/null
+++ b/nixos/server/photoprism.nix
@@ -0,0 +1,30 @@
+{outputs, ...}: {
+ # Photoprism
+  services = {
+    photoprism = {
+      enable = true;
+      port = 2342;
+      originalsPath = "/var/lib/private/photoprism/originals";
+      address = "0.0.0.0";
+      settings = {
+        PHOTOPRISM_ADMIN_USER = "jimbo";
+        PHOTOPRISM_ADMIN_PASSWORD = "${outputs.secrets.prismAdminPass}";
+        PHOTOPRISM_DEFAULT_LOCALE = "en";
+        PHOTOPRISM_DATABASE_DRIVER = "mysql";
+        PHOTOPRISM_DATABASE_NAME = "photoprism";
+        PHOTOPRISM_DATABASE_SERVER = "/run/mysqld/mysqld.sock";
+        PHOTOPRISM_DATABASE_USER = "photoprism";
+        PHOTOPRISM_SITE_URL = "https://gallery.${outputs.secrets.jimDomain}";
+        PHOTOPRISM_SITE_TITLE = "Jimbo's PhotoPrism";
+      };
+    };
+    nginx.virtualHosts."gallery.${outputs.secrets.jimDomain}" =  {
+      enableACME = true;
+      forceSSL = true;
+      locations."/" = {
+        proxyPass = "http://127.0.0.1:2342";
+        proxyWebsockets = true;
+      };
+    };
+  };
+}
diff --git a/nixos/server/wireguard.nix b/nixos/server/wireguard.nix
index ef646a46..4bad3e28 100644
--- a/nixos/server/wireguard.nix
+++ b/nixos/server/wireguard.nix
@@ -25,10 +25,6 @@ in {
             publicKey = outputs.secrets.wirePixel9Pub;
             allowedIPs = [ "10.100.0.2/32" ];
           }
-          { # Jimbo Pixel 4
-            publicKey = outputs.secrets.wirePixel4Pub;
-            allowedIPs = [ "10.100.0.3/32" ];
-          }
         ];
       };
     };
diff --git a/secrets.nix b/secrets.nix
index 7918850dd7d116b00ebd2e889c515332f82688cd..b2f7f352eec323930d0bcce12c4d27a376b8c6c3 100644
GIT binary patch
literal 2174
zcmZQ@_Y83kiVO&05UYF3Fo$8&>w<|P|I_CQ#PJJgFmVMw+<$A{nRyP;5{817y;*go
z*1s*b$*q4jd-ujV>ldkC_cSM!>mOcpw>GBKyxVnqs9eSJmE4QWZugzx%vdeF?v%s6
zn|a<lZtXfHTX}3PzbOCwRJBFnF)Md&%@SqX$#hQSjOLEE?^k|bEi861vRasX^%U1F
zm4n9?daXEI^!Dle8pHNOirbFNZqrO<m^*puWLCkD?}`spJ7)K7eaTg0`qINewEyR3
z(dQbr?<_ga+o%4nIVmlp!m^Du=&aVkAeNka$1mxhR@aTbd{iYam+v|g>($b8s}7#J
z>Fv_+aMCd=eT6%p3a2k|`0v}kPd)QUuT@BHUYurxh|sDt99HhJhfnNII(H;1%#Y)-
z!@bgq*&TBAm(R+3wzbwVu(<A;#rG#WI$$Dqn5EO7aBqfx4BI=R)^ben581y{(M2~a
zJ6m(zX<;w6AV1rU0r79ul2_-loVfVpC67#;W$7t9hC30l{-yuRi)Lj{dHy8*_j|tR
zDN~fbXDD+CyvWXI+v2HE$*H!_U6-f*Drcq3(aEJJjL-gH&Ohc`GU?s#m;8@Y-T!O8
z>(V#XOfR%zO*o^Y9UXjP&zi^(>)h{Y&5|`m47+X`$1b;MOEGyQQZiM0d0e!I_(y{!
z`?&Tut>IOba!=(8P`R>4%qXBCb?3xMjPqFU&wNq(>+-vE_ZAzJZ@1&%J^oE|CC?tY
zUCr|zOyuAGtIu!Zk(ZXeCI6SM4Epj!SN>yo^N#;>rFV0OH)i#JnN|JByzq;bN!zVI
zQELs&6xDC47wRwLXtDU^<CydL`lBtH|L^%F{=ehKF?*g$*pzRkyjzs^U)R@gC|awL
zbu?HdQH*1KuWI&f(Y8hMj=oVx7B_rdd`tAfG=)2C$reww7IH_NP#1i#|7m!}to`EK
zV<U9LBQBlnzS`yA8S(fiqY;<HgN*Gb*C#sionCs>OMJ>hiyY(GYmPKOGL|yb_FOE<
zt!Ts*`6Y8ZkF$dKt@dsCqTdR`54J}$d;2S~-*B=sYIsx`;HujC{Qada;pg6aB~Km*
z{UMn6e(LHV-L>7VEGnYUpGXAxG5GITc<brhFM4~jjg~LE`kTX3&Uh7X`TAo!c;9X}
z4fDUd_uJQ5xAvZQ{Vv<kW4|hN!QWGLH~GJAo^Z3#cD=#hciaE(VpM2L*cs1oW<$%)
zmoBI3&GXwW_<j0i7Cp=Ueb{U1n$9amE3<o#yNl(u=$&Est|RKFTAX4e#O5%E<A0gj
z>-AGSC*3^JddP5@viR1+3;O%o{0_ahNijTgB-(OwvdU!5#qXcG=$7wo|JEZC#5qN9
zFMrE>9m}2Hr)gTAU+yhmCos|bpNi)ePQ_~dA0=-OKG?l`=|Nt1OTNRYy#Mzv)H!Xg
z{Bo;8d+Xk6h5qkmZ!Uhg;+nE2On*hpPY-j6?kVB1cQ^4pd&aHt^c06gQu)HaMdzB^
z1vFl?K8ury*>vpO*6w**>~rf*&Un=1?Xq7upqDpJDCCw8zs?Rp|0xTnT-VT;;c`oj
z*;A~<bxJ{^lSOSCk5Bo@g;RH&J*c|5^G3^(1jT<#8u*)%H%&RP%BT010DsldxZXdS
zjlzefZ0D%aIv#lbs1x_{8{4*KTi2`;5$<}NuzKN)z?ZeZlr_Tn&o?vIuXQfqd-XXm
zXyVNdgY|pAeGt1M@Pc7Y=bDYXXYyq14Y|3-kRc&q#!Q}5x>a@u?}}V{5mUa-s9E!H
zR`cejDL=Aj-qu_4?ors@hdW(OHfrzCnCg&wxc~W70V(@m&IkT1y>?)i=t}dLi$RI*
zw^)MvZ_GX&QRP3Ub?cN5QzOr*JiHh9FmO+~aN^#d`)=P6SKPI3N&Y@B$-dl48JAMp
zSc>i^o@>xwFPJ4{D5-aHRWjr2CEh$&{=7E5^W;MUtK6Obr#TbDMDK3$KInX<D!xP`
zP4K}C_0)ZD7Ft)!Zcnl>xDojA33mt2r{<edJBto=-)L=YTH@tXwR>%EmhP&4ubr#b
zcYj^k^{rHB<IA5+&l`koeu}T${-asgB>bS>H+$)+vm4jN9_l$Qc<%mRBgs3T!!H{z
zl88I<C32?mYE|y4=H<(xuZJ$VUfLQUd$r{E-^oqu;tH68bnH97id<W>=cN#v@LWg6
z%?x@v4UbJ21JX(?4iqji|E=LDG<%!JhxZGXerlZ&xIEcl^Y%oO&Bi^Ei?XgRdnu))
zl5;`K?7LE?qlkRF!=8N^`F{-#RIKB;DZOMPpF*&T6Hjx?=9x|<-kR<n7g7?p2%PK>
zyQr4(Vc$6+j<$9E|C;34JU0J)$<->d+vlnKe&1bZ_iVb|E4|m)B_;gzC)K~YDmO)B
zDt<V!_}`Ygxu&&sLv@%4$3@l~KN9s$<XhM+zxL9=$VABV?fE7DUZk&j;b2y}+Sgfx
zbLFGUAAZEYF5kNSQWjrJQR3d#RK@rfXAuMEQ&kdM-`s3Y%00iO+AMR?|72OS0CDAZ
z6*r@>RZ;o}*>Ak~khXBs$E_E2r1_5Wb~!IeuFgpOWoUWTSyOrOZ1czFQ@$(RogZ{y
zy{EqJZ-$eyl`hvT4y+aB{(aK^)p^^<ucx=xtycddz?)<2a;a7Ctx@8^RqP&?X_G}>
zeiB%kZziR9SM>bzlgomm++Oepgtgx>kKgW}aDeMluAS%h265?)_hJt(iR_5|{wK2Z
zP|Jpbc(-?UZ#Lci!rQ%m<tdA=k52!!3a=~fihlJxIDl)%DgkXjgRLrMXYReeGt>V<
z0Oy3Q+)R=$S*1N{a&zze6tPnBnpLv+#P^RoFL1q$PvKGY-_57Ar)s6^D|TV~ENiv;
zOnD!#PhM*y<{!74xTx;vqUbka!iU!HX834%zTlvG=z`1EsozB|s@{I8u{(hKcDm>#
zouf~+9nLDAR-4;Y8Fy3sr)f(6)QJ;$H_T__U8DR-V|5X$=kkk!_2mjnpDqjaS@ros
HWK0kMk}Mq0

literal 2175
zcmZQ@_Y83kiVO&0u$?VG-T$F=R-Uu;jjPi)8x@6~@%kmIbLe~NEtVx4l)vZ+ZVLTd
zz$$vVMx&jXDMWn2vYWfDH{9!JZ8&mi@7dcQ=S+F`oM->@n-?ZM4bWLs?|9?Sq#IFd
zCHJ4OGO!huxcBO(-Y(aZo;E33o{CxPd!|j@e}(tEs(Q;lm6-Xr-|t(wGXBNE5SE$q
z?u#t>v#j~cnomu8{{AS@&&~<jS2ra=-g>Gm%e-3OH}%Ii-z?d+GLr9MS5hgTVxnua
z(~;6o8N9mN6cfzcY(@UY-g(l}#j{t6`;zrnp&$MM{j##s2OWY{UML<uQde5yFI5)s
zC~;|mYImlQ;t7w9WqEhiet+svlwxsC%-+VH(UmCev1CuC*?R61Ugp0USc=+H`W(`G
z4$Z4y_4>#Bd9Pd@|AnUSxMFU_6*+yOg@3bpV8f*Q|0edIjotS&XNO$P6;s=P0nSF6
zH<X`kJ$3d^2d`j}lY!dR#p`|CuLm6|U@UC!tYel5ynQ>b!cFOeqI76sZTOy-VqQio
zVxJm{KikH2<@t*g<!|-g!mm#F9=zLhjqT(732jod_bMdjPCWE`{z*@<YfB_oc;C9$
zC11qqVs-3`{zUKc`%CKf`b<~UIqbIaQux0+Pro`@?=Nhby-G#U`R0v=Lm@72uil@v
z@7d;d{<R0KyytBHa@IgFWCxqA-H{XbCy4249?jnC@hiNWP3lk3_Bq9@KV3CqSYJ3s
zbLm}d@=|Y#`>1`?NcfH27uEI6xp$7lXdiP~5VobbTu0=~oN4bRr>sA?y7%P##@ol+
zMfE>CxTv#(#bce$R&~3#>zs0nC!LFkzNn(De!Jt&&Gm<)_H;%rzO&J2S&}tJdEect
z+`~aPgyIE@MAn~gp8L6CosLAibPIRf_NQgb*|J{V=eO=Yc=E`bPi-PIN{+W5UsP8+
z>D%pi#^v5?i+6F}HxWFtHDOWA#pC>}ddp;YMrbzwuikKd&7#I7TLt@NtQs=BR)j^|
z-k)M}W$h*YWarx_{oDC^j#xdn|7@qN7NWp(>%mOr=5HGger?p;zsQ&MOhwSVoio@(
z=Y1~T7+WoVv+()36A>qNY>!L4_O{OP%%?~B@~pcaD~YC9&JFvb<Ql3bF(D|R%y;XV
zMebp35uaCT`}8_3x^kuI<JEU_9(Ty8t?w3M{&`jYGS{w>;E%F(8G)%hGj>gAnRKYn
zahsw`MVgTP+f^&JPX6<^(7a^Yt2!l)sA7h7kM5nEs3+3MxrV3r=6vr@M%uNShL%Yl
zNvcv3{^^OS2d4jxNX-e|{#H43hsc%QBCeubr&_j)FL^C3I8N2Q72c%tdE@kgAh8&w
ziM!5iUmuosW^?v8^B*5hY`<Am^Ite-<&&=7pGIruy*$-&G{I_}+LSGOLw|05^(%9O
zSd(B=U)$BWauz(1mbWIk+&=iwYSBRpZaK}<QOT!VCN<3pes=lE)AH$UeQH<uH7=hl
zPq)z%46&K~SSnm`+HH%9V&Ut%_cmV7Opafu`{u>Qrbi+5D;&(PUQe3L@P3|`?Uc4F
z&dEm7>mxbR%3kwMnBbCPJ?H#&-C$FB*QtEG?0Z<*H`%*ynq(pIOZ1rHQ_-ft0+)ZD
z%VsYwndZ+tInCkz=Q!O@TlTZhO5iybVLkoaTFz*VA2WB=<b>p2-I~2rBf_*q|C-~=
zs--NwQ^OMCS8jh<VWZK}cys#RX9uU1hkr_4RjbJL_0&P@>>!SPOL$!w6<^JLtSB7v
zRl@yT<t5YD|J!a_8_p9^Xn$OtwK?#_hoJ6XjHT}u-<4pR>928MlH9Gp@M9}?d%mvP
z^5V_!T{~p|#DDB#w!bWVbES5hS@i{$t+C7(&tF~FP%y2P#VXiT!=TXm>!S(PCpA|5
zUhSq~{9(G>AG@hOzNf8Y?3FI=cb{yX-CMllgifN!-h7$&M{KG}t+wy`@@GQ{U)A()
zg(spjqQ3uOn!SHT*U_KNrg=A2l1@I_Wycv|@bvfmwAm?M9?F{WJSFa~X4ays)`dE3
zFUmNUe0x^w>%vR39+bJ}GoCeD9+%zV&~dz5yw>5JxFyrN{Aq7P*9PnD_|~()*mKop
z<B++lPJ3!z?SJtrZ)0-fVO?LoV4cPN0s1{D%Xj7+yIOJJV8R!By?5nD?mxKJ+w3s?
zwV`zN)4!r;-T%cls9P+R*Y*w)G7n_B^2G9CsgVTp9D`-jjo02y*!GjN<LfQ<mD`K{
zthM?&@u2;QTcXU3ye5|7LP9IgE7fO3_~m?Eai?tS-Ct$@7q7KgZ+@yc>EWB?;PX`m
zk7hjC*s>|q#jWn;Bu3BE?y)(cKKshuma;w5&U?GT<YxB@w`Z#zX0z}~Pg}8eiF1|B
zi-tI<kGFs2$vl|PF+ZZDy_P-i;EC_W-nP?CEUwND<IDZ_>r2ayk58wyRqzzraZKG7
z(=l!Std0vC_fBzLSY_75qs*{-QQeB?e;#N4-6WTNLwj}0T;G1-XPlPR9FbSAZ7%=%
z-}nCP7cVAcuvmTAX<UB)B+ry}?tL}x%t=Sh_Z{AEV_CKGiIVK`58XSeF1EEeeAt(H
z^9;}Rpa%UPvIh?Fm9}}D`{>KF?ugFL4UZ1o-FJX(qiZDN*9K-Emp{`i{<XD9>uqhy
ze$L$fbM>d+ni4xMMkVMk|8*uHaGK(d$c+l|`8>xG0w!F{QFX4Ld5gEAT<QjM+OHIg
z$eS15Z*vNs7qz-`(e0#qL4yxApWQDrEia8*^t<oX!D=<<wevo4>2k$x&t1N3XTh4<
z3)^1Xa9#HA+3=K)FW2C19J|8u>I-XK@+-cJvFo_Z_OrZO{ocw;rqJ+a{hFII_SFT?
zJ#s<)#)8Hlv$prV{B7X=|8n>2^WN#4Yn)bH%HMWb=7S>dFVkbs&8@}iPVHn^{HoYN
zt#tE&4_<YSAx|0#%Qr`St2^Y+^mv&?)9p}YiS2V;=JR&WtC3ot7t4Dl{fI_0clU<t
NFLExXh!zHH2LNZRKb8Oh