working on photoprism

2024-03-23 21:59:13 +01:00 · 2024-03-23 21:59:13 +01:00 · b97885d7c2
commit b97885d7c2
parent 7d73e16a5c
8 changed files with 596 additions and 607 deletions
--- a/.gitignore
+++ b/.gitignore
@ -121,6 +121,7 @@ celerybeat.pid

 # Environments
 .env
+.env_file
 .venv
 env/
 venv/
--- a/poetry.lock
+++ b/poetry.lock
--- a/pyproject.toml
+++ b/pyproject.toml
@ -8,7 +8,7 @@ readme = "README.md"

 [tool.poetry.dependencies]
 python = "^3.12"
-pyinfra = "^2.7"
+pyinfra = "^2.9"
 pyinfra-docker = "^2.1"


--- a/scripts/bw2secrets.py
+++ b/scripts/bw2secrets.py
@ -0,0 +1,15 @@
+#!/usr/bin/env python3
+import shutil
+
+
+def main() -> int:
+    if not (bw_path := shutil.which("bw")):
+        print("Bitwarden CLI `bw` executable not found in PATH")
+        return 1
+    # TODO: finish
+    print(bw_path)
+    return 0
+
+
+if __name__ == "__main__":
+    raise SystemExit(main())
--- a/services/jellyfin/docker-compose.yml
+++ b/services/jellyfin/docker-compose.yml
@ -25,7 +25,7 @@ services:
      labels:
        - traefik.enable=true
        - traefik.docker.network=traefik-net
-        - traefik.http.routers.ntfy.rule=Host(`${HOST}`)
-        - traefik.http.routers.ntfy.entrypoints=${ENTRYPOINTS:-websecure}
-        - traefik.http.routers.ntfy.tls.certresolver=le
-        - traefik.http.services.ntfy.loadbalancer.server.port=80
+        - traefik.http.routers.jellyfin.rule=Host(`${HOST}`)
+        - traefik.http.routers.jellyfin.entrypoints=${ENTRYPOINTS:-websecure}
+        - traefik.http.routers.jellyfin.tls.certresolver=le
+        - traefik.http.services.jellyfin.loadbalancer.server.port=80
--- a/services/photoprism/.env.example
+++ b/services/photoprism/.env.example
@ -0,0 +1,3 @@
+ENTRYPOINTS=
+HOST=
+MAIN_DIR=
--- a/services/photoprism/.env_file.example
+++ b/services/photoprism/.env_file.example
@ -0,0 +1,31 @@
+PHOTOPRISM_ADMIN_USER="admin"                 # admin login username
+PHOTOPRISM_ADMIN_PASSWORD="insecure"          # initial admin password (8-72 characters)
+PHOTOPRISM_AUTH_MODE="password"               # authentication mode (public, password)
+PHOTOPRISM_SITE_URL="https://localhost:2342/"  # server URL in the format "http(s)://domain.name(:port)/(path)"
+PHOTOPRISM_DISABLE_TLS="false"                # disables HTTPS/TLS even if the site URL starts with https:// and a certificate is available
+PHOTOPRISM_DEFAULT_TLS="true"                 # defaults to a self-signed HTTPS/TLS certificate if no other certificate is available
+PHOTOPRISM_ORIGINALS_LIMIT=5000               # file size limit for originals in MB (increase for high-res video)
+PHOTOPRISM_HTTP_COMPRESSION="gzip"            # improves transfer speed and bandwidth utilization (none or gzip)
+PHOTOPRISM_LOG_LEVEL="info"                   # log level=trace, debug, info, warning, error, fatal, or panic
+PHOTOPRISM_READONLY="false"                   # do not modify originals directory (reduced functionality)
+PHOTOPRISM_EXPERIMENTAL="false"               # enables experimental features
+PHOTOPRISM_DISABLE_CHOWN="false"              # disables updating storage permissions via chmod and chown on startup
+PHOTOPRISM_DISABLE_WEBDAV="false"             # disables built-in WebDAV server
+PHOTOPRISM_DISABLE_SETTINGS="false"           # disables settings UI and API
+PHOTOPRISM_DISABLE_TENSORFLOW="false"         # disables all features depending on TensorFlow
+PHOTOPRISM_DISABLE_FACES="false"              # disables face detection and recognition (requires TensorFlow)
+PHOTOPRISM_DISABLE_CLASSIFICATION="false"     # disables image classification (requires TensorFlow)
+PHOTOPRISM_DISABLE_VECTORS="false"            # disables vector graphics support
+PHOTOPRISM_DISABLE_RAW="false"                # disables indexing and conversion of RAW images
+PHOTOPRISM_RAW_PRESETS="false"                # enables applying user presets when converting RAW images (reduces performance)
+PHOTOPRISM_JPEG_QUALITY=85                    # a higher value increases the quality and file size of JPEG images and thumbnails (25-100)
+PHOTOPRISM_DETECT_NSFW="false"                # automatically flags photos as private that MAY be offensive (requires TensorFlow)
+PHOTOPRISM_UPLOAD_NSFW="true"                 # allows uploads that MAY be offensive (no effect without TensorFlow)
+PHOTOPRISM_DATABASE_DRIVER="mysql"            # use MariaDB 10.5+ or MySQL 8+ instead of SQLite for improved performance
+PHOTOPRISM_DATABASE_SERVER="mariadb:3306"     # MariaDB or MySQL database server (hostname:port)
+PHOTOPRISM_DATABASE_NAME="photoprism"         # MariaDB or MySQL database schema name
+PHOTOPRISM_DATABASE_USER="photoprism"         # MariaDB or MySQL database user name
+PHOTOPRISM_DATABASE_PASSWORD="insecure"       # MariaDB or MySQL database user password
+PHOTOPRISM_SITE_CAPTION="AI-Powered Photos App"
+PHOTOPRISM_SITE_DESCRIPTION=""                # meta site description
+PHOTOPRISM_SITE_AUTHOR=""                     # meta site author
--- a/services/photoprism/docker-compose.yml
+++ b/services/photoprism/docker-compose.yml
@ -1,38 +1,15 @@
-version: '3.5'
+volumes:
+  database-data:
+    name: database-data

-# Example Docker Compose config file for PhotoPrism (Linux / AMD64)
-#
-# Note:
-# - Running PhotoPrism on a server with less than 4 GB of swap space or setting a memory/swap limit can cause unexpected
-#   restarts ("crashes"), for example, when the indexer temporarily needs more memory to process large files.
-# - If you install PhotoPrism on a public server outside your home network, please always run it behind a secure
-#   HTTPS reverse proxy such as Traefik or Caddy. Your files and passwords will otherwise be transmitted
-#   in clear text and can be intercepted by anyone, including your provider, hackers, and governments:
-#   https://docs.photoprism.app/getting-started/proxies/traefik/
-#
-# Setup Guides:
-# - https://docs.photoprism.app/getting-started/docker-compose/
-# - https://docs.photoprism.app/getting-started/raspberry-pi/
-# - https://www.photoprism.app/kb/activation
-#
-# Troubleshooting Checklists:
-# - https://docs.photoprism.app/getting-started/troubleshooting/
-# - https://docs.photoprism.app/getting-started/troubleshooting/docker/
-# - https://docs.photoprism.app/getting-started/troubleshooting/mariadb/
-#
-# CLI Commands:
-# - https://docs.photoprism.app/getting-started/docker-compose/#command-line-interface
-#
-# All commands may have to be prefixed with "sudo" when not running as root.
-# This will point the home directory shortcut ~ to /root in volume mounts.
+networks:
+  traefik-net:
+    external: true
+    name: traefik-net

 services:
  photoprism:
-    ## Use photoprism/photoprism:preview for testing preview builds:
    image: photoprism/photoprism:latest
-    ## Don't enable automatic restarts until PhotoPrism has been properly configured and tested!
-    ## If the service gets stuck in a restart loop, this points to a memory, filesystem, network, or database issue:
-    ## https://docs.photoprism.app/getting-started/troubleshooting/#fatal-server-errors
    # restart: unless-stopped
    stop_grace_period: 10s
    depends_on:
@ -40,91 +17,35 @@ services:
    security_opt:
      - seccomp:unconfined
      - apparmor:unconfined
-    ## Server port mapping in the format "Host:Container". To use a different port, change the host port on
-    ## the left-hand side and keep the container port, e.g. "80:2342" (for HTTP) or "443:2342 (for HTTPS):
-    ports:
-      - "2342:2342"
-    ## Before you start the service, please check the following config options (and change them as needed):
-    ## https://docs.photoprism.app/getting-started/config-options/
-    environment:
-      PHOTOPRISM_ADMIN_USER: "admin"                 # admin login username
-      PHOTOPRISM_ADMIN_PASSWORD: "insecure"          # initial admin password (8-72 characters)
-      PHOTOPRISM_AUTH_MODE: "password"               # authentication mode (public, password)
-      PHOTOPRISM_SITE_URL: "http://localhost:2342/"  # server URL in the format "http(s)://domain.name(:port)/(path)"
-      PHOTOPRISM_DISABLE_TLS: "false"                # disables HTTPS/TLS even if the site URL starts with https:// and a certificate is available
-      PHOTOPRISM_DEFAULT_TLS: "true"                 # defaults to a self-signed HTTPS/TLS certificate if no other certificate is available
-      PHOTOPRISM_ORIGINALS_LIMIT: 5000               # file size limit for originals in MB (increase for high-res video)
-      PHOTOPRISM_HTTP_COMPRESSION: "gzip"            # improves transfer speed and bandwidth utilization (none or gzip)
-      PHOTOPRISM_LOG_LEVEL: "info"                   # log level: trace, debug, info, warning, error, fatal, or panic
-      PHOTOPRISM_READONLY: "false"                   # do not modify originals directory (reduced functionality)
-      PHOTOPRISM_EXPERIMENTAL: "false"               # enables experimental features
-      PHOTOPRISM_DISABLE_CHOWN: "false"              # disables updating storage permissions via chmod and chown on startup
-      PHOTOPRISM_DISABLE_WEBDAV: "false"             # disables built-in WebDAV server
-      PHOTOPRISM_DISABLE_SETTINGS: "false"           # disables settings UI and API
-      PHOTOPRISM_DISABLE_TENSORFLOW: "false"         # disables all features depending on TensorFlow
-      PHOTOPRISM_DISABLE_FACES: "false"              # disables face detection and recognition (requires TensorFlow)
-      PHOTOPRISM_DISABLE_CLASSIFICATION: "false"     # disables image classification (requires TensorFlow)
-      PHOTOPRISM_DISABLE_VECTORS: "false"            # disables vector graphics support
-      PHOTOPRISM_DISABLE_RAW: "false"                # disables indexing and conversion of RAW images
-      PHOTOPRISM_RAW_PRESETS: "false"                # enables applying user presets when converting RAW images (reduces performance)
-      PHOTOPRISM_JPEG_QUALITY: 85                    # a higher value increases the quality and file size of JPEG images and thumbnails (25-100)
-      PHOTOPRISM_DETECT_NSFW: "false"                # automatically flags photos as private that MAY be offensive (requires TensorFlow)
-      PHOTOPRISM_UPLOAD_NSFW: "true"                 # allows uploads that MAY be offensive (no effect without TensorFlow)
-      # PHOTOPRISM_DATABASE_DRIVER: "sqlite"         # SQLite is an embedded database that doesn't require a server
-      PHOTOPRISM_DATABASE_DRIVER: "mysql"            # use MariaDB 10.5+ or MySQL 8+ instead of SQLite for improved performance
-      PHOTOPRISM_DATABASE_SERVER: "mariadb:3306"     # MariaDB or MySQL database server (hostname:port)
-      PHOTOPRISM_DATABASE_NAME: "photoprism"         # MariaDB or MySQL database schema name
-      PHOTOPRISM_DATABASE_USER: "photoprism"         # MariaDB or MySQL database user name
-      PHOTOPRISM_DATABASE_PASSWORD: "insecure"       # MariaDB or MySQL database user password
-      PHOTOPRISM_SITE_CAPTION: "AI-Powered Photos App"
-      PHOTOPRISM_SITE_DESCRIPTION: ""                # meta site description
-      PHOTOPRISM_SITE_AUTHOR: ""                     # meta site author
-      ## Video Transcoding (https://docs.photoprism.app/getting-started/advanced/transcoding/):
-      # PHOTOPRISM_FFMPEG_ENCODER: "software"        # H.264/AVC encoder (software, intel, nvidia, apple, raspberry, or vaapi)
-      # PHOTOPRISM_FFMPEG_SIZE: "1920"               # video size limit in pixels (720-7680) (default: 3840)
-      # PHOTOPRISM_FFMPEG_BITRATE: "32"              # video bitrate limit in Mbit/s (default: 50)
-      ## Run/install on first startup (options: update https gpu tensorflow davfs clitools clean):
-      # PHOTOPRISM_INIT: "https gpu tensorflow"
-      ## Run as a non-root user after initialization (supported: 0, 33, 50-99, 500-600, and 900-1200):
-      # PHOTOPRISM_UID: 1000
-      # PHOTOPRISM_GID: 1000
-      # PHOTOPRISM_UMASK: 0000
-    ## Start as non-root user before initialization (supported: 0, 33, 50-99, 500-600, and 900-1200):
-    # user: "1000:1000"
-    ## Share hardware devices with FFmpeg and TensorFlow (optional):
-    # devices:
-    #  - "/dev/dri:/dev/dri"                         # Intel QSV
-    #  - "/dev/nvidia0:/dev/nvidia0"                 # Nvidia CUDA
-    #  - "/dev/nvidiactl:/dev/nvidiactl"
-    #  - "/dev/nvidia-modeset:/dev/nvidia-modeset"
-    #  - "/dev/nvidia-nvswitchctl:/dev/nvidia-nvswitchctl"
-    #  - "/dev/nvidia-uvm:/dev/nvidia-uvm"
-    #  - "/dev/nvidia-uvm-tools:/dev/nvidia-uvm-tools"
-    #  - "/dev/video11:/dev/video11"                 # Video4Linux Video Encode Device (h264_v4l2m2m)
-    working_dir: "/photoprism" # do not change or remove
-    ## Storage Folders: "~" is a shortcut for your home directory, "." for the current directory
+    env_file:
+      - .env_file
+    working_dir: "/photoprism"
    volumes:
-      # "/host/folder:/photoprism/folder"                # Example
-      - "~/Pictures:/photoprism/originals"               # Original media files (DO NOT REMOVE)
-      # - "/example/family:/photoprism/originals/family" # *Additional* media folders can be mounted like this
-      # - "~/Import:/photoprism/import"                  # *Optional* base folder from which files can be imported to originals
-      - "./storage:/photoprism/storage"                  # *Writable* storage folder for cache, database, and sidecar files (DO NOT REMOVE)
+      - ${MAIN_DIR}/originals:/photoprism/originals
+      - ${MAIN_DIR}/imports:/photoprism/import
+      - ${MAIN_DIR}/storage:/photoprism/storage
+    networks:
+      - traefik-net
+      - default
+    deploy:
+      labels:
+        - traefik.enable=true
+        - traefik.docker.network=traefik-net
+        - traefik.http.routers.photoprism.rule=Host(`${HOST}`)
+        - traefik.http.routers.photoprism.entrypoints=${ENTRYPOINTS:-websecure}
+        - traefik.http.routers.photoprism.tls.certresolver=le
+        - traefik.http.services.photoprism.loadbalancer.server.port=2342

-  ## Database Server (recommended)
-  ## see https://docs.photoprism.app/getting-started/faq/#should-i-use-sqlite-mariadb-or-mysql
  mariadb:
    image: mariadb:11
-    ## If MariaDB gets stuck in a restart loop, this points to a memory or filesystem issue:
-    ## https://docs.photoprism.app/getting-started/troubleshooting/#fatal-server-errors
    restart: unless-stopped
    stop_grace_period: 5s
-    security_opt: # see https://github.com/MariaDB/mariadb-docker/issues/434#issuecomment-1136151239
+    security_opt:
      - seccomp:unconfined
      - apparmor:unconfined
    command: --innodb-buffer-pool-size=512M --transaction-isolation=READ-COMMITTED --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci --max-connections=512 --innodb-rollback-on-timeout=OFF --innodb-lock-wait-timeout=120
-    ## Never store database files on an unreliable device such as a USB flash drive, an SD card, or a shared network folder:
    volumes:
-      - "./database:/var/lib/mysql" # DO NOT REMOVE
+      - database-data:/var/lib/mysql
    environment:
      MARIADB_AUTO_UPGRADE: "1"
      MARIADB_INITDB_SKIP_TZINFO: "1"