From 5c5daa49b7af4a42ae5d91c20eb73abd166bda26 Mon Sep 17 00:00:00 2001
From: Jimbo <jimjam4real@gmail.com>
Date: Tue, 10 Sep 2024 14:45:28 -0400
Subject: [PATCH] Add photoprism properly

---
 flake.lock                         |  18 ++++++++---------
 nixos/hardware/machines/server.nix |   5 +++++
 nixos/server.nix                   |   1 +
 nixos/server/mariadb.nix           |  11 +++++++++--
 nixos/server/photoprism.nix        |  30 +++++++++++++++++++++++++++++
 nixos/server/wireguard.nix         |   4 ----
 secrets.nix                        | Bin 2175 -> 2174 bytes
 7 files changed, 54 insertions(+), 15 deletions(-)
 create mode 100644 nixos/server/photoprism.nix

diff --git a/flake.lock b/flake.lock
index 45532cb..6765d2f 100644
--- a/flake.lock
+++ b/flake.lock
@@ -167,11 +167,11 @@
     },
     "nixos-hardware": {
       "locked": {
-        "lastModified": 1725716377,
-        "narHash": "sha256-7NzW9O/cAw7iWzRfh7Oo/SuSudL4a1YTKS6yoh3tMck=",
+        "lastModified": 1725885300,
+        "narHash": "sha256-5RLEnou1/GJQl+Wd+Bxaj7QY7FFQ9wjnFq1VNEaxTmc=",
         "owner": "nixos",
         "repo": "nixos-hardware",
-        "rev": "04a1cda0c1725094a4db703cccbb956b7558f5a6",
+        "rev": "166dee4f88a7e3ba1b7a243edb1aca822f00680e",
         "type": "github"
       },
       "original": {
@@ -298,11 +298,11 @@
     },
     "nixpkgs_5": {
       "locked": {
-        "lastModified": 1725693463,
-        "narHash": "sha256-ZPzhebbWBOr0zRWW10FfqfbJlan3G96/h3uqhiFqmwg=",
+        "lastModified": 1725826545,
+        "narHash": "sha256-L64N1rpLlXdc94H+F6scnrbuEu+utC03cDDVvvJGOME=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "68e7dce0a6532e876980764167ad158174402c6f",
+        "rev": "f4c846aee8e1e29062aa8514d5e0ab270f4ec2f9",
         "type": "github"
       },
       "original": {
@@ -314,11 +314,11 @@
     },
     "nur": {
       "locked": {
-        "lastModified": 1725854666,
-        "narHash": "sha256-Peccz5solKBUlGtN5vfWHxbd0Mxks+feh1TU/A7hZTg=",
+        "lastModified": 1725914786,
+        "narHash": "sha256-IUEPseZohbNJi9eFFWUhTnkpceZLMj0B62TtCkLo2ZY=",
         "owner": "nix-community",
         "repo": "NUR",
-        "rev": "4448858f13f127db4c8055e2bf6fe6e1257ba8ea",
+        "rev": "b121603cbc4551eda8c055bae01d08e9ecedb529",
         "type": "github"
       },
       "original": {
diff --git a/nixos/hardware/machines/server.nix b/nixos/hardware/machines/server.nix
index b0c065d..cd9eb34 100644
--- a/nixos/hardware/machines/server.nix
+++ b/nixos/hardware/machines/server.nix
@@ -86,6 +86,11 @@
       fsType = "none";
       options = [ "bind" ];
     };
+    "/var/lib/private/photoprism/originals" = {
+      device = "/export/JimboNFS/Photos/Galleries";
+      fsType = "none";
+      options = [ "bind" ];
+    };
   };
   swapDevices = [
     { device = "/dev/disk/by-uuid/ec422cad-bf93-4b15-b989-2c807f1073a4"; }
diff --git a/nixos/server.nix b/nixos/server.nix
index 3cfb4c3..132a325 100644
--- a/nixos/server.nix
+++ b/nixos/server.nix
@@ -33,6 +33,7 @@
     ./server/nfs.nix
     ./server/nginx.nix
     ./server/owncast.nix
+    ./server/photoprism.nix
     #./server/pixelfed.nix
     ./server/minecraft
     ./server/vaultwarden.nix
diff --git a/nixos/server/mariadb.nix b/nixos/server/mariadb.nix
index fc4b8a1..8848e80 100644
--- a/nixos/server/mariadb.nix
+++ b/nixos/server/mariadb.nix
@@ -3,8 +3,9 @@
     enable = true;
     package = pkgs.mariadb;
     dataDir = "/var/lib/mysql";
-    initialDatabases = [
-      { name = "minecraft"; }
+    ensureDatabases = [
+      "minecraft"
+      "photoprism"
     ];
     ensureUsers = [
       {
@@ -13,6 +14,12 @@
           "minecraft.*" = "ALL PRIVILEGES";
         };
       }
+      {
+        name = "photoprism";
+        ensurePermissions = {
+          "photoprism.*" = "ALL PRIVILEGES";
+        };
+      }
     ];
   };
 }
diff --git a/nixos/server/photoprism.nix b/nixos/server/photoprism.nix
new file mode 100644
index 0000000..c66fc24
--- /dev/null
+++ b/nixos/server/photoprism.nix
@@ -0,0 +1,30 @@
+{outputs, ...}: {
+ # Photoprism
+  services = {
+    photoprism = {
+      enable = true;
+      port = 2342;
+      originalsPath = "/var/lib/private/photoprism/originals";
+      address = "0.0.0.0";
+      settings = {
+        PHOTOPRISM_ADMIN_USER = "jimbo";
+        PHOTOPRISM_ADMIN_PASSWORD = "${outputs.secrets.prismAdminPass}";
+        PHOTOPRISM_DEFAULT_LOCALE = "en";
+        PHOTOPRISM_DATABASE_DRIVER = "mysql";
+        PHOTOPRISM_DATABASE_NAME = "photoprism";
+        PHOTOPRISM_DATABASE_SERVER = "/run/mysqld/mysqld.sock";
+        PHOTOPRISM_DATABASE_USER = "photoprism";
+        PHOTOPRISM_SITE_URL = "https://gallery.${outputs.secrets.jimDomain}";
+        PHOTOPRISM_SITE_TITLE = "Jimbo's PhotoPrism";
+      };
+    };
+    nginx.virtualHosts."gallery.${outputs.secrets.jimDomain}" =  {
+      enableACME = true;
+      forceSSL = true;
+      locations."/" = {
+        proxyPass = "http://127.0.0.1:2342";
+        proxyWebsockets = true;
+      };
+    };
+  };
+}
diff --git a/nixos/server/wireguard.nix b/nixos/server/wireguard.nix
index ef646a4..4bad3e2 100644
--- a/nixos/server/wireguard.nix
+++ b/nixos/server/wireguard.nix
@@ -25,10 +25,6 @@ in {
             publicKey = outputs.secrets.wirePixel9Pub;
             allowedIPs = [ "10.100.0.2/32" ];
           }
-          { # Jimbo Pixel 4
-            publicKey = outputs.secrets.wirePixel4Pub;
-            allowedIPs = [ "10.100.0.3/32" ];
-          }
         ];
       };
     };
diff --git a/secrets.nix b/secrets.nix
index 7918850dd7d116b00ebd2e889c515332f82688cd..b2f7f352eec323930d0bcce12c4d27a376b8c6c3 100644
GIT binary patch
literal 2174
zcmV-^2!ZziM@dveQdv+`02Y4j0Gt4_>u`}&|7V^MUJno`0t!*#zuKP6o<Lg|F%db9
zYJPP)`#829ujZS(v3@(~W%ay+Vs|gYqTPL5bvKJew^bf^r>P5~HrtNO323VmuF62Z
z*=|d?+PcaedB&{|6%U_fCZbndskyak6$ZHi&J@fkxQ6%C`_*xCL^3*|ZPm&O+9bio
zp-QO3a_!}xd@+Z@A-2SuhACwLos*T51rb#DA>bv5n~t^V3Vb!`NI(^j`Lh-0C_U~u
z2+u!d`+Uh893%v`1yao_!BPZl-pA4}%O@>c)5RoSZ4TE01=V%Vs=><HOGJR-lEykO
zAl&kCm!v@dO^3cGX~c~>RBdivDOeN|s>}#FM_t3nyJF77YF17N<3QeZc$<hGf78t$
zNrr`f00c$4nhyMHTTqb;RyjiaS4#l?0Jn%*tq71$RKK|)L@jD-YbmbF6G{eBPCc<u
zU+pGit8E0x(d6k299}tf%02+xSY1zb|95hlYn12YXZ!CCTa=U{_h=&u5a?@YhO|i_
zc?l-IM=cD8)d_h-#glc&GtKw|Z^lh@lJ5KI594J=|0(W@FEuG=aXJNH%q%NgQ^>rm
zSyVf1_hy3`d~yJ~*)v_IIEG|2;uLh1E2mytNEh)iq`nHjf~*ZC8b@UgP$bm67BWzP
zWx0`(0iFflndo);)9%jRqcC^3J_rrR_9>|hydJuPp5T!WxB8Awk;LgajdcH|sZ#Xh
zEg$h$gSh{l8@mfvfohNRntS3mar7!QhT8mEtuZzsC)p=)FQy2DIQmRMZ1dORv?>4I
zPGSGtMhKgpBvzF6H4U^Pzt=A)Kys}pYQ<9|VHOCljU{W_6^5c8K}}l3qk#3J+7;lI
zAlwFHIOQs#3s}e}5#Yb&S7@5Q7q?wlEEibP$&1yBPl;IL#Q`!37~p8P$**BS4$Gy*
zN*9#jIBYYUti*%jGa4}~NuwDHAu<YC^l7&YLm(I0hqiAO_HkFihg$<nPa+4{LOwEp
z;(1U-C57kj(ux!3OT8J%z*YDWVegfzQZ22Eg#;uO=j0etP5@81q1xr0^e((>GN+=|
z`v^%MGpY@Dug16y?YA{nPu;!t^_tqf&qengfQ&z?RiORKe%TN8vyj<=J+CnR?zjKC
z0U(B8xnBUxu!OnkM9P0RZ-+P!OphF*=4<=IN~Nrc)H11SjmJk8ZiFt(0QW2vP9<|>
zG7<(roCyDRChM=1Ns`&fg~BnWBNw&9ppTA*PQvdzWHHRdTRF31B$Fwl@8v`-cfE)9
zj1*D{lo7oTgzqdlx%ZYSInSp{AAS&#Oa3HDv<V@5FZgur!Qi{QrNIqHIS#{R4gbHP
zEXy||>9rt-g}r+qkM}n0(eTtoWV}`{s9gC-HyDeQS6$t*4(8?yDCNos7-Dy!{c_HO
zhY%>}h2~xyT(ZW_wTqs#KW%==nBsy<M86YIjSXHBRN71rEVvO*l%bT@C@7dj+9m@@
z7Ia0FaA86?eTEE7cgdlZxXr;Ovx(S*q+lWbq<{~CW3rUMs!WaA5D$9AUXA=IffK@%
zw+MVH$5GG4LJOzZwzX?Je6AD|isN9bp_ozWeflFPR}asF1AnbUa1QG8QBslFh%m3c
z_V5<e5a<A`iL9}^nG9&XRN1UC0AOI4nGDJ;dOpG36w>HicdjynDZ^@mvx1cPYnj_F
zr0(KYz2Uh<G_fnVD3w5M!;j~c5E?)FL%{r{*1)<IsW)8FQej8h1XGXLo6A^wPn?Cd
zl<<{V&LrX9QQ=X%cN1Z~`M%rS7a_W?q;I}T8IEm|Xwqbc1ajYD&VVnk5o!`K87|4H
zV*%@=OAOTf>owfu@L&ZV+>hmKkyaJmvP;23)OufZC}t7hm?vev?4dh*9k*gQFxXM?
z<O_%l@`KqLxpKmb*oA?Dq)JSByRD6CEvk=7xvH;=^{I;XbrP}Z`2y#F6Fm7Bskiup
z6Es)BF7`hgm79UCUBZmZ5zgQJG8x?SSJN}17+%EmS(!7dB@23kr>0xiRixK-g-{*U
zbo>32g05b00#YnLiS-oLti0(G1{0k@0kZ%uEP&%Q0Z?XiIKXkFH~T0-5}US2@b93d
z@`adDr(-a)w_!B1GmKfHYSpIc8X_cY&=xlLB56SsABRA^zG!d#Fu-`O2-zE?u?`?p
zBti^>gtM7KbW15mNYG?qv=GUUR?#M8@V?Fx2!^hY{(>I{NVECr3WXHAOyx(vO}fpz
zvfGUty)#5)SL^a6{VgQf6dZW?K?G0R8riIcg|K^86bR7;*!W>C$Zt44r`G8(GBgrN
z?a!qC=x3_vKsI%&O+yq3sp8Y{_+RUHwYSo04uo=Hy@h2VUxY&xFhk0E7`5!#gJNyZ
zw0kybqW@zZHc%HMha^TaR;pSr!3Wsr@MfX1@wL$`8xF+{ibJGhduU<$F*(&kDI=qs
zH{&;y_afb&QoyfCFD?53$sKt_);Pee6$|^xKkCmtS@p}ceyb<^5DjcIMAC&W?J{A(
zss~6pW|I`@@(`tOHX0$_70>6%rc+u*=nqg<huk+`w@+Ze3es&pNw<I(8?oM9!=zb=
zUHAN1b;5+Oa9>95KJ2pH^bL!zsmeI@;>-OySAKJfTk7XiPzt!J5GzhFwIp`T-s{|%
zPtZ^akhKc}8R-QZNPKN=-1!tbB1)QcqsaI1xzGyjUt|m+PrD8xyn3lc>IV})YC9%>
zX&+2V@=C2(pT|CtqJG7qTkKX7!mqmk@j1_M!6#Lq(>rDN6wxKy<tV#Q3)^QE(k#X0
zD?rU5%O;(Id0yEU`88yZm64GRu%8AEtRwO$t8xWNr_m9AcOa$Zrd3R;^UzsbQj#nj
A&j0`b

literal 2175
zcmV-_2!QthM@dveQdv+`06m)@mrvn4YHmXt*wvS_GICYSO8ONn!uNIB1f;Md^ez#y
zRsC=U71MkuhXVps7m%jeyF0Mnh=qW}(!I^w@tl<I=M2B++0c^ZP%NT<LD>9~*jlX_
zzsNc;Jrx+<>iI6ZMafA#WGYD^YOjozmA}*t_a!HUz9d|q+wZ=qsbA>9R0Nrx-xQ?$
zri1jX@`Akm_;fF8Y*M~{lwcn_l^q10eNF6t$FtdVx~W+X;fi8)4k2MhgF?i0@@Ne$
zwjp3PMm-e$UEJh^iVVFP3(`CF68KM0j~yKw!9Y_a=pn<zesy$D8g@|PVWnUti)k_;
z$VjnvZrvvP@`xcC1VdqKwg+g6VH-%KylFPC3&=`0`v3%Thh&aGXN<z0f2!;FpPuSP
zLH<=|xYRc~3R#z-I8TEoQGk-){*jN(UB2aPxE_4eH9h`NLozAYBj&Zr&HRWB5pqH>
zCe@>_Oh?yJ#Bc#|hlzdz98ufbZg@r_@F5#jaeY_3=@v>ds9ohT7v{DK)aU4ABldqw
z6Y9uK!QFz^2JxSeh8ml_AYpBh!uy}eNfy?m8K_Iz-ijY`1w=Z=^e>T1ci*Iby-b%O
zEW<{z(pUc6<@G{4zj1_{sw5FZ+1P->R7CC7-<rPWvxg6@!8%KvxAe_05mdMaJwC+9
z-;fq9DaC8ONcvZc1{(ZQx14hY`9&yP1?WLr3NF!tN+*I|@hinL6YM_pC9i{R+{9cf
z#zdf2v~zbX6!e^y?-`V@!K;nQpMl%QhZQgI;L$9&1W2wdwI@F9u0m~dlFnFL(IhJ;
z+lbuRuftlriCLrEu`;G&I|z4<-Fj`qQrHq-5poo-&x4)wc&;oMhZ}?oUbp3Trv_^2
z-w!*B!O6tz@`e<cbjOFsqJDjn_S;_pr%SDKx(VMj5yZ7%qFm9(4+So!9l2O3ga3Q5
z*Q}y}q_q)`96Eq#N~l&?+rMNq)UDDFV?*1?PlpbS#5(6c^FAvkR3HM{;F%+X_OQYA
zfhoVDO$E$&Ql7b(1{I$3bFp1}7uj*=&d6BExVK(m*6n^l%<|%I9|gMOA{AsgomTWB
zMO7vkkWx@~O|{ITM^=Vd^QkLLjY6W-)PnKV?wsR@9wx7g5(D|wAJYoDbW`yierQo;
z44Ar*gp$IJLAD`8cxDnm?W(A?ll=X0H*}Wjej*53a{#X5-pP?J6oCn>42{{JOY$-+
zeJL?HVn|{o8W>M!VP(LV{a9seRk!UURk#$?jdBWdZ9;tp(di92I0(vq?Gv&r^Rbt3
zQWjhyk-E;euU2NvvupM@`0&WL*?N5c6I`j}ijDa)te)x0gvDSwt|pYUy;b?M>iTK0
z7J?Cij)v8p9yknHIogs$+ri;FqQN)|9x2OOW6DI5f|^t2)8yrMmxhie)DI}r$#-Ww
zE)i5blj9m!A(q=XcykliyS;(eX=7iZE$ryAg5p$vs6aQ>*J6_Z@19CMl!nwpV=^1B
zSqNr!>kW{QL}WXh&(|$eH6KNl4h;vq1qZS}N3xPQ82S~)A>|c<QE){5Nv4~lbe2y8
zlV(8Q^Ik3Tw7&<MU<}4sJD1L_30o-mnYw&zRBhF@Yo#byHFPi5LFsy>1dWweU|*@X
z>3BRSh=JLcz2?D|cUSUds(m2}^~%9JYf=clqzy#@A?lsuArn;f7)Q=|(luTGw%I!|
zo)jR5<9lkeQONL8i~0d|?xWop0+~-Jz>*%?QCG&PyGiSMwCL>ny0{(uU-6CuKhqQ0
zsVjyyd(Z^6T?5h2)vkbWmW2d5Q#B|saXa<mkbB7}sQar%C^PVv9{fI)Oijx>Tt6bw
zzekfhYmIZb$Sh$Ly>A@v#5{U+I=8;`{IGNmdYATb$XjSy_xu8zzo?4E`GYlX*(74g
z;<`QwSTN=LpJtn6N=PFqUkr3dMK(JXs;*T)w{mF4W80dA>v7VW;C4lC0nIk2UTc6r
zh{uZ;eL(IPIRdV4mhDxoQ!cpnjG!|~s<SgxovO=8Db<hY`fjmffx|6L4pS_nk5Dg+
zWT&}o#?^Sh!C>@1F79{4-{97bgFu(-F&lg3{T0ne{#}44IHeyeOHvXyQ3BNDIpK9O
z7z3OzrW=9Q?vS?m35fOD2dTGm{H;3mk-<O6+7$zV4Kz6y5)!G;B7bUFPHgq4+;+9y
z`gZ@LtvIhY%5!4j>|;~UdNAUc<gtXZRYXR9>5>6S%ST;oRZPBjMx_SkD{k$uG}()&
zM&_$Pn*<IUmZ+_yLwY>ufL<E$+xl)C;GYPeSagSd2X4X0_j5}<mozxln^q2O_WJaM
zxbfwdhIkBdJ_wbzT!@yRnuyS`y_7|vdNzs-BLKUieyHdC<7xe}9&6YutAw3Rj}ztz
zIeQ3M)z-6j_5V%Zo9O6}XaqX&xifd)$qbaPM~-|)17gKDzQeyfIeMw&A|1!@i@18x
zhJ--yzG>Oa4A)YCFZdn6!VYzYNY3$146ej1xv=8E-M+vEu|-({^?(CRMEsUG{)UDd
zF13Pd=L3iNtMdCP7`V||U@xco%urF5A-GwwAYX3`#$Zs8(QG9{f0^11cy}7u17`YU
zI9b`y@3ulyo?5GkqT6DB5isyP^GDMHr*&SU`;O|tdnQAzp7IJU3SGBtr>41ZtbNe7
z>pTk6PmHkT4i0TF-ChSEr+d(?L~nTa76&Xun@&01d+$0*9C0z(f2`S<zJ61k#Ly?$
zpn>?Bw~XogFh~E>i<{3&X9=uAs?u+^(;V<24f-|4=QleRe#*H3qv~@&CUvvG@JfC`
zROEnhce7abe!@=z<EA)*+f^eNx1B_v4T+w78n13$4a{f6D1!@&u-E8p(PR~IP`78S
BKb8Oh