Photoprism: Init

cfg/jobs/photoprism.run

@@ -0,0 +1,51 @@
+#!/bin/env bash
+# Upstream doc: https://docs.kanboard.org/v1/admin/installation/
+set -euxo pipefail
+
+IMAGE="ubuntu/24.04"
+DIST="${IMAGE%%/*}"
+VER="${IMAGE#*/}"
+VER="${VER%/*}"
+VER="${VER//./-}"
+UPSTREAM_VER="1.2409.15+240915-e1280b2fb"
+UPSTREAM_VER_DASH="${UPSTREAM_VER//./-}"
+UPSTREAM_NAME="photoprism"
+SERIAL="1benoitjpnet"
+CNAME="$UPSTREAM_NAME-$UPSTREAM_VER_DASH-$SERIAL-$DIST-$VER"
+ALIAS="$UPSTREAM_NAME-$UPSTREAM_VER-$SERIAL"
+
+
+cd "$WORKSPACE"
+incus launch images:$IMAGE "$CNAME" --quiet
+
+wait_network "$CNAME"
+
+incus exec "$CNAME" -- apt update
+incus exec "$CNAME" -- apt upgrade -y
+incus exec "$CNAME" -- apt install -y --no-install-recommends wget
+incus exec "$CNAME" -- wget -q "https://dl.photoprism.app/pkg/linux/deb/photoprism_${UPSTREAM_VER}_amd64.deb" -O /tmp/photoprism.deb
+incus exec "$CNAME" -- apt install -y /tmp/photoprism.deb syncthing
+incus exec "$CNAME" -- groupadd photoprism
+incus exec "$CNAME" -- useradd -g photoprism -d /opt/photoprism -s /bin/false photoprism
+incus exec "$CNAME" -- mkdir /opt/photoprism/
+incus exec "$CNAME" -- chown -R photoprism:photoprism /opt/photoprism
+incus exec "$CNAME" -- mysql -e "CREATE DATABASE photoprism;"
+incus exec "$CNAME" -- mysql -e "CREATE USER 'photoprism'@'localhost' IDENTIFIED WITH auth_socket;"
+incus exec "$CNAME" -- mysql -e "GRANT ALL PRIVILEGES ON photoprism.* TO 'photoprism'@'localhost';"
+incus exec "$CNAME" -- mysql -e "FLUSH PRIVILEGES;"
+
+incus file push "$WORKSPACE"/defaults.yaml \
+  "$CNAME"/etc/photoprism/
+incus file push "$WORKSPACE"/{syncthing,photoprism}.service \
+  "$CNAME"/etc/systemd/system/
+
+incus exec "$CNAME" -- systemctl daemon-reload
+incus exec "$CNAME" -- systemctl enable syncthing photoprism
+
+laminarc run incus_publish \
+  CNAME="$CNAME" \
+  UPSTREAM_NAME=$UPSTREAM_NAME \
+  UPSTREAM_VER=$UPSTREAM_VER \
+  IMAGE=$IMAGE \
+  SERIAL=$SERIAL \
+  ALIAS=$ALIAS

run/photoprism/workspace/defaults.yml

@@ -0,0 +1,28 @@
+ConfigPath: "/opt/photoprism/config"
+StoragePath: "/opt/photoprism/storage"
+OriginalsPath: "/opt/photoprism/originals"
+ImportPath: "/mnt"
+AdminUser: "admin"
+AdminPassword: "insecure"
+AuthMode: "password"
+DatabaseDriver: "mysql"
+DatabaseServer: "localhost"
+DatabaseName: "photoprism"
+DatabaseUser: "photoprism"
+HttpHost: "::"
+HttpPort: 2342
+HttpCompression: "gzip"
+DisableTLS: true
+DefaultTLS: false
+Experimental: false
+DisableWebDAV: false
+DisableSettings: false
+DisableTensorFlow: false
+DisableFaces: false
+DisableClassification: false
+DisableVectors: false
+DisableRaw: false
+RawPresets: false
+JpegQuality: 85
+DetectNSFW: false
+UploadNSFW: true

run/photoprism/workspace/photoprism.service

@@ -0,0 +1,16 @@
+[Unit]
+After=network.target network-online.target
+Description=Photoprism
+Documentation=https://docs.photoprism.app/
+Wants=network-online.target
+
+[Install]
+WantedBy=multi-user.target
+
+[Service]
+ExecStart=/usr/bin/photoprism start
+Type=simple
+Restart=always
+RestartSec=10
+WorkingDirectory=/opt/photoprism
+User=photoprism

run/photoprism/workspace/syncthing.service

@@ -0,0 +1,28 @@
+[Unit]
+Description=Syncthing - Open Source Continuous File Synchronization for photoprism
+Documentation=man:syncthing(1)
+After=network.target
+StartLimitIntervalSec=60
+StartLimitBurst=4
+
+[Service]
+User=photoprism
+ExecStart=/usr/bin/syncthing serve --no-browser --no-restart --logflags=0 --home /opt/photoprism/config/syncthing --no-default-folder --gui-address=":8384"
+Restart=on-failure
+RestartSec=1
+SuccessExitStatus=3 4
+RestartForceExitStatus=3 4
+
+# Hardening
+ProtectSystem=full
+PrivateTmp=true
+SystemCallArchitectures=native
+MemoryDenyWriteExecute=true
+NoNewPrivileges=true
+
+# Elevated permissions to sync ownership (disabled by default),
+# see https://docs.syncthing.net/advanced/folder-sync-ownership
+#AmbientCapabilities=CAP_CHOWN CAP_FOWNER
+
+[Install]
+WantedBy=multi-user.target