diff --git a/flake.nix b/flake.nix index cfad935..0307480 100644 --- a/flake.nix +++ b/flake.nix @@ -88,6 +88,7 @@ ./modules/vaultwarden.nix ./modules/hledger.nix ./modules/etesync.nix + ./modules/photoprism.nix # Host-specific config nixos-hardware.nixosModules.raspberry-pi-4 diff --git a/hosts/hermes/secrets/photoprism.age b/hosts/hermes/secrets/photoprism.age new file mode 100644 index 0000000..98297a0 Binary files /dev/null and b/hosts/hermes/secrets/photoprism.age differ diff --git a/hosts/hermes/secrets/secrets.nix b/hosts/hermes/secrets/secrets.nix index a3b5ae2..0885163 100644 --- a/hosts/hermes/secrets/secrets.nix +++ b/hosts/hermes/secrets/secrets.nix @@ -19,4 +19,5 @@ in "gandalf_mail.age".publicKeys = [ ageKey ]; "nginx.age".publicKeys = [ ageKey ]; "etebase.age".publicKeys = [ ageKey ]; + "photoprism.age".publicKeys = [ ageKey ]; } diff --git a/modules/photoprism.nix b/modules/photoprism.nix new file mode 100644 index 0000000..50a1d70 --- /dev/null +++ b/modules/photoprism.nix @@ -0,0 +1,45 @@ +{ ... }: +{ + systemd.tmpfiles.rules = [ + "f /run/agenix/photoprism 0770 photoprism photoprism -" + ]; + + services = { + photoprism = { + enable = true; + port = 2342; + address = "photo.bhankas.org"; + passwordFile = "/run/agenix/photoprism"; + settings = { + PHOTOPRISM_ADMIN_USER = "root"; + }; + }; + + nginx = { + enable = true; + virtualHosts = { + "photo.bhankas.org" = { + addSSL = true; + enableACME = true; + locations."/" = { + proxyPass = "http://127.0.0.1:2342"; + proxyWebsockets = false; + extraConfig = + "proxy_set_header Host $host;\n" + ; + }; + }; + }; + }; + }; + + security.acme = { + acceptTerms = true; + certs = { + "photo.bhankas.org" = { + email = "admin@bhankas.org"; + dnsResolver = "1.1.1.1:53"; + }; + }; + }; +}