diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..845959d --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +**/.env \ No newline at end of file diff --git a/photoprism/.env.example b/photoprism/.env.example new file mode 100644 index 0000000..a55b20b --- /dev/null +++ b/photoprism/.env.example @@ -0,0 +1,7 @@ +TAILSCALE_OAUTH_KEY= +TAILSCALE_TAGS= +PHOTOPRISM_ADMIN_USER= +PHOTOPRISM_ADMIN_PASSWORD= +PHOTOPRISM_SITE_URL= +PHOTOPRISM_DATABASE_PASSWORD= +MARIADB_ROOT_PASSWORD= \ No newline at end of file diff --git a/photoprism/docker-compose.yml b/photoprism/docker-compose.yml new file mode 100644 index 0000000..5057a0e --- /dev/null +++ b/photoprism/docker-compose.yml @@ -0,0 +1,123 @@ +version: "3.4" + +services: + ts-photoprism: + image: tailscale/tailscale:latest + hostname: photoprism + environment: + - TS_AUTHKEY=${TAILSCALE_OAUTH_KEY} + - TS_EXTRA_ARGS=--advertise-tags=${TAILSCALE_TAGS} + - TS_STATE_DIR=/var/lib/tailscale + - TS_SERVE_CONFIG=/config/photoprism.json + volumes: + - ts-matrix-state:/var/lib/tailscale + - /dev/net/tun:/dev/net/tun + - ./ts-photoprism/config:/config + cap_add: + - net_admin + - sys_module + restart: unless-stopped + + photoprism-front: + image: photoprism/photoprism:arm64 + platform: "linux/arm64" + # restart: unless-stopped + stop_grace_period: 10s + depends_on: + - mariadb + security_opt: + - seccomp:unconfined + - apparmor:unconfined + ## - "2342:2342" + environment: + PHOTOPRISM_ADMIN_USER: ${PHOTOPRISM_ADMIN_USER} # admin login username + PHOTOPRISM_ADMIN_PASSWORD: "insecure" # initial admin password (8-72 characters) + PHOTOPRISM_AUTH_MODE: "password" # authentication mode (public, password) + PHOTOPRISM_SITE_URL: ${PHOTOPRISM_SITE_URL} # server URL in the format "http(s)://domain.name(:port)/(path)" + PHOTOPRISM_DISABLE_TLS: "false" # disables HTTPS/TLS even if the site URL starts with https:// and a certificate is available + PHOTOPRISM_DEFAULT_TLS: "true" # defaults to a self-signed HTTPS/TLS certificate if no other certificate is available + PHOTOPRISM_ORIGINALS_LIMIT: 5000 # file size limit for originals in MB (increase for high-res video) + PHOTOPRISM_HTTP_COMPRESSION: "none" # improves transfer speed and bandwidth utilization (none or gzip) + PHOTOPRISM_WORKERS: 2 # limits the number of indexing workers to reduce system load + PHOTOPRISM_LOG_LEVEL: "info" # log level: trace, debug, info, warning, error, fatal, or panic + PHOTOPRISM_READONLY: "false" # do not modify originals directory (reduced functionality) + PHOTOPRISM_EXPERIMENTAL: "false" # enables experimental features + PHOTOPRISM_DISABLE_CHOWN: "false" # disables updating storage permissions via chmod and chown on startup + PHOTOPRISM_DISABLE_WEBDAV: "false" # disables built-in WebDAV server + PHOTOPRISM_DISABLE_SETTINGS: "false" # disables Settings in Web UI + PHOTOPRISM_DISABLE_TENSORFLOW: "false" # disables all features depending on TensorFlow + PHOTOPRISM_DISABLE_FACES: "false" # disables face detection and recognition (requires TensorFlow) + PHOTOPRISM_DISABLE_CLASSIFICATION: "false" # disables image classification (requires TensorFlow) + PHOTOPRISM_DISABLE_VECTORS: "false" # disables vector graphics support + PHOTOPRISM_DISABLE_RAW: "false" # disables indexing and conversion of RAW images + PHOTOPRISM_RAW_PRESETS: "false" # enables applying user presets when converting RAW images (reduces performance) + PHOTOPRISM_JPEG_QUALITY: 85 # a higher value increases the quality and file size of JPEG images and thumbnails (25-100) + PHOTOPRISM_DETECT_NSFW: "true" # automatically flags photos as private that MAY be offensive (requires TensorFlow) + PHOTOPRISM_UPLOAD_NSFW: "true" # allow uploads that MAY be offensive + # PHOTOPRISM_DATABASE_DRIVER: "sqlite" # SQLite is an embedded database that doesn't require a server + PHOTOPRISM_DATABASE_DRIVER: "mysql" # use MariaDB 10.5+ or MySQL 8+ instead of SQLite for improved performance + PHOTOPRISM_DATABASE_SERVER: "mariadb:3306" # MariaDB or MySQL database server (hostname:port) + PHOTOPRISM_DATABASE_NAME: "photoprism" # MariaDB or MySQL database schema name + PHOTOPRISM_DATABASE_USER: "photoprism" # MariaDB or MySQL database user name + PHOTOPRISM_DATABASE_PASSWORD: ${PHOTOPRISM_DATABASE_PASSWORD} # MariaDB or MySQL database user password + PHOTOPRISM_SITE_CAPTION: "AI-Powered Photos App" + PHOTOPRISM_SITE_DESCRIPTION: "" # meta site description + PHOTOPRISM_SITE_AUTHOR: "" # meta site author + ## Video Transcoding (https://docs.photoprism.app/getting-started/advanced/transcoding/): + # PHOTOPRISM_FFMPEG_ENCODER: "software" # H.264/AVC encoder (software, intel, nvidia, apple, raspberry, or vaapi) + # PHOTOPRISM_FFMPEG_SIZE: "1920" # video size limit in pixels (720-7680) (default: 3840) + # PHOTOPRISM_FFMPEG_BITRATE: "32" # video bitrate limit in Mbit/s (default: 50) + ## Run/install on first startup (options: update, gpu, tensorflow, davfs, clean): + # PHOTOPRISM_INIT: "update clean" + ## Run as a non-root user after initialization (supported: 0, 33, 50-99, 500-600, and 900-1200): + # PHOTOPRISM_UID: 1000 + # PHOTOPRISM_GID: 1000 + # PHOTOPRISM_UMASK: 0000 + ## Share hardware devices with FFmpeg and TensorFlow (optional): + ## See: https://www.raspberrypi.com/documentation/accessories/camera.html#driver-differences-when-using-libcamera-or-the-legacy-stack + # devices: + # - "/dev/video11:/dev/video11" # Video4Linux Video Encode Device (h264_v4l2m2m) + working_dir: "/photoprism" # do not change or remove + ## Storage Folders: "~" is a shortcut for your home directory, "." for the current directory + volumes: + - "/data/originals:/photoprism/originals" # Original media files (DO NOT REMOVE) + - "/data/import:/photoprism/import" # *Optional* base folder from which files can be imported to originals + - "/data/storage:/photoprism/storage" # *Writable* storage folder for cache, database, and sidecar files (DO NOT REMOVE) + + ## MariaDB Database Server (recommended) + ## see https://docs.photoprism.app/getting-started/faq/#should-i-use-sqlite-mariadb-or-mysql + mariadb: + image: arm64v8/mariadb:11 # ARM64 IMAGE ONLY, DOES NOT WORK ON ARMv7, AMD or Intel + platform: "linux/arm64" + ## If MariaDB gets stuck in a restart loop, this points to a memory or filesystem issue: + ## https://docs.photoprism.app/getting-started/troubleshooting/#fatal-server-errors + restart: unless-stopped + stop_grace_period: 5s + security_opt: + - seccomp:unconfined + - apparmor:unconfined + command: --innodb-buffer-pool-size=256M --transaction-isolation=READ-COMMITTED --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci --max-connections=512 --innodb-rollback-on-timeout=OFF --innodb-lock-wait-timeout=120 + ## Never store database files on an unreliable device such as a USB flash drive, an SD card, or a shared network folder: + volumes: + - "/data/db:/var/lib/mysql" # DO NOT REMOVE + environment: + MARIADB_AUTO_UPGRADE: "1" + MARIADB_INITDB_SKIP_TZINFO: "1" + MARIADB_DATABASE: "photoprism" + MARIADB_USER: "photoprism" + MARIADB_PASSWORD: ${PHOTOPRISM_DATABASE_PASSWORD} + MARIADB_ROOT_PASSWORD: "insecure" + + watchtower: + restart: unless-stopped + image: containrrr/watchtower + environment: + WATCHTOWER_CLEANUP: "true" + WATCHTOWER_POLL_INTERVAL: 7200 # checks for updates every two hours + volumes: + - "/var/run/docker.sock:/var/run/docker.sock" + # - "~/.docker/config.json:/config.json" # optional, for authentication if you have a Docker Hub account + +volumes: + ts-photoprism-state: + driver: local \ No newline at end of file diff --git a/photoprism/ts-photoprism/photoprism.json b/photoprism/ts-photoprism/photoprism.json new file mode 100644 index 0000000..e2f5405 --- /dev/null +++ b/photoprism/ts-photoprism/photoprism.json @@ -0,0 +1,20 @@ +{ + "TCP": { + "443": { + "HTTPS": true + } + }, + "Web": { + "${TS_CERT_DOMAIN}:443": { + "Handlers": { + "/": { + "Proxy": "http://photprism-front:2342" + } + } + } + }, + "AllowFunnel": { + "${TS_CERT_DOMAIN}:443": true + } + } +