deploy photoprism (again) (#596)

Reviewed-on: #596 Co-authored-by: Michael Grote <michael.grote@posteo.de> Co-committed-by: Michael Grote <michael.grote@posteo.de>
2023-11-09 16:57:43 +01:00 · 2023-11-09 16:57:43 +01:00 · ccbc980198
parent 41170511de
commit ccbc980198
10 changed files with 240 additions and 104 deletions
--- a/docker-compose/homer/assets/config.yml
+++ b/docker-compose/homer/assets/config.yml
@ -73,6 +73,11 @@ services:
        url: "https://audio.mgrote.net/mg"
        target: "_blank"
        subtitle: "Audio-Streaming"
+      - name: "Photoprism"
+        logo: "assets/icons/photoprism.svg"
+        url: "http://docker10.grote.lan:2342"
+        target: "_blank"
+        subtitle: "Bildersammlung"

  - name: "Web"
    icon: "fas fa-cloud"
--- a/docker-compose/photoprism/docker-compose.yml.j2
+++ b/docker-compose/photoprism/docker-compose.yml.j2
@ -0,0 +1,88 @@
+version: '3.5'
+# ------------------------------------------------------------------
+# DOCKER COMPOSE COMMAND REFERENCE
+# ------------------------------------------------------------------
+# Start    | docker-compose up -d
+# Stop     | docker-compose stop
+# Update   | docker-compose pull
+# Logs     | docker-compose logs --tail=25 -f
+# Terminal | docker-compose exec photoprism bash
+# Help     | docker-compose exec photoprism photoprism help
+# Config   | docker-compose exec photoprism photoprism config
+# Reset    | docker-compose exec photoprism photoprism reset
+# Backup   | docker-compose exec photoprism photoprism backup -a -i
+# Restore  | docker-compose exec photoprism photoprism restore -a -i
+# Index    | docker-compose exec photoprism photoprism index
+# Reindex  | docker-compose exec photoprism photoprism index -a
+# Import   | docker-compose exec photoprism photoprism import
+# -------------------------------------------------------------------
+services:
+  photoprism:
+    # Use photoprism/photoprism:preview instead for testing preview builds:
+    image: photoprism/photoprism:latest
+    container_name: photoprism-frontend
+    restart: always
+    security_opt:
+      - seccomp:unconfined
+      - apparmor:unconfined
+    ports:
+      - 2342:2342
+    environment:
+      PHOTOPRISM_ADMIN_PASSWORD: "{{ lookup('keepass', 'photoprism_admin_password', 'password') }}"
+      PHOTOPRISM_HTTP_PORT: 2342
+      PHOTOPRISM_HTTP_COMPRESSION: "gzip" # none or gzip
+      PHOTOPRISM_DEBUG: "false"
+      PHOTOPRISM_PUBLIC: "false" # No authentication required (disables password protection)
+      PHOTOPRISM_READONLY: "true" # Don't modify originals directory (reduced functionality)
+      PHOTOPRISM_EXPERIMENTAL: "false"
+      PHOTOPRISM_DISABLE_WEBDAV: "true"
+      PHOTOPRISM_DISABLE_SETTINGS: "false"
+      PHOTOPRISM_DISABLE_TENSORFLOW: "false"
+      PHOTOPRISM_DARKTABLE_PRESETS: "false"
+      PHOTOPRISM_DETECT_NSFW: "true"
+      PHOTOPRISM_UPLOAD_NSFW: "true"
+      PHOTOPRISM_DATABASE_DRIVER: "mysql"
+      PHOTOPRISM_DATABASE_SERVER: "mariadb:3306"
+      PHOTOPRISM_DATABASE_NAME: "photoprism"
+      PHOTOPRISM_DATABASE_USER: "photoprism"
+      PHOTOPRISM_DATABASE_PASSWORD: "{{ lookup('keepass', 'photoprism_database_password', 'password') }}"
+      PHOTOPRISM_SITE_URL: "http://docker10.grote.lan:2342/"
+      PHOTOPRISM_SITE_TITLE: "PhotoPrism"
+      PHOTOPRISM_SITE_CAPTION: "Browse Your Life"
+      PHOTOPRISM_SITE_DESCRIPTION: ""
+      PHOTOPRISM_SITE_AUTHOR: "mgrote"
+      # You may optionally set a user / group id using environment variables if your Docker version or NAS does not
+      # support this natively (see next example):
+      UID: 5000
+      GID: 5000
+      # UMASK: 0000
+    # Uncomment and edit the following line to set a specific user / group id (native):
+    user: "5000:5000"
+    volumes:
+      - "/mnt/fileserver3_photoprism_bilder_ro:/photoprism/originals/:ro"
+      - "storage:/photoprism/storage"
+    labels:
+      com.centurylinklabs.watchtower.enable: true
+      com.centurylinklabs.watchtower.depends-on: photoprism-db
+
+  mariadb:
+    image: mariadb:10
+    container_name: photoprism-db
+    restart: always
+    security_opt:
+      - seccomp:unconfined
+      - apparmor:unconfined
+    command: mysqld --transaction-isolation=READ-COMMITTED --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci --max-connections=512 --innodb-rollback-on-timeout=OFF --innodb-lock-wait-timeout=50
+    volumes: # Don't remove permanent storage for index database files!
+      - "database:/var/lib/mysql"
+    environment:
+      MYSQL_ROOT_PASSWORD: {{ lookup('keepass', 'photoprism_mysql_root_password', 'password') }}
+      MYSQL_DATABASE: photoprism
+      MYSQL_USER: photoprism
+      MYSQL_PASSWORD: {{ lookup('keepass', 'photoprism_database_password', 'password') }}
+    labels:
+      com.centurylinklabs.watchtower.enable: false
+
+volumes:
+  storage:
+  database:
--- a/group_vars/fileserver.yml
+++ b/group_vars/fileserver.yml
@ -22,100 +22,9 @@ ufw_rules:
 apt_packages_internet:
  - http://docker10.grote.lan:3344/bash-helper-scripts-mgrote-latest.deb

-### mgrote.youtubedl
-ytdl_dl_url: "https://github.com/yt-dlp/yt-dlp/releases/latest/download/yt-dlp"
-ytdl_timer: "Tue,Sat 03:00"
-ytdl_bin_path: /usr/local/bin/yt-dlp
-ytdl_active: true
-ytdl_video_urls:
-  - https://www.youtube.com/c/KurzgesagtDE/videos # Kurzgesagt - Deutsch
-  - https://www.youtube.com/c/inanutshell/videos # Kurzgesagt - Englisch
-  - https://www.youtube.com/c/MartinSonneborn/videos #martin sonneborn
-  - https://www.youtube.com/c/100SekundenPhysik/videos #100 sekunden physik
-  - https://www.youtube.com/c/Handwerkskunst/videos #swr handwerkskunst kanal
-  - https://www.youtube.com/c/PracticalEngineeringChannel/videos # pracrical engineering
-  - https://www.youtube.com/channel/UC0vFIgkGrbmfxKVhZ2hgMeg/videos #gaby weber
-  - https://www.youtube.com/playlist?list=PLPM-eyPokAWNhhDNO4YzC5cGRwuI2ykwE # music
-  - https://www.youtube.com/playlist?list=PLPM-eyPokAWNnDxuyX131R5wkl8fzvu7D # lost and found
-  - https://www.youtube.com/playlist?list=PLPM-eyPokAWPmStfh37roJge-JuLfgma0 # lost and found 2
-  - https://www.youtube.com/playlist?list=PLcpuu5BzmasC7cI-B713EY3xdpWrLhDdH #Japan Day in the Life Series by Paolo fromTOKYO
-  - https://www.youtube.com/playlist?list=PLlQWnS27jXh9gX1kvMT1frhzvFnDgP_8M # arte die großen mythen
-  - https://www.youtube.com/playlist?list=PLrMX9ct-uNyOKfDG0WrRd6fQsB21MzorZ # JoBlo - Videos - WTF HAPPENED TO THIS MOVIE?!
-  - https://www.youtube.com/playlist?list=PLrMX9ct-uNyOt0Z-iqBGuyiZU9pFJyvD5 # JoBlo - Videos - THE MOVIE THAT ALMOST WAS
-  - https://www.youtube.com/playlist?list=PLrMX9ct-uNyMNMZgSkxRdNh2xa8GEZQn4 # JoBlo - Videos - WTF HAPPENED TO THIS CELEBRITY?!
-  - https://www.youtube.com/watch?v=TowKvEJcYDw&list=PLlQWnS27jXh9aEp7hl54xrk5CgiVbvMBy # arte - zu Tisch in...
-  - https://www.youtube.com/playlist?list=PLs4hTtftqnlAkiQNdWn6bbKUr-P1wuSm0 # jimmy kimmel mean tweets
-  - https://www.youtube.com/tomstantonengineering
-  - https://www.youtube.com/@liamcarps #englandvideos ironisch
-ytdl_podcast_urls:
-  - https://sternengeschichten.podigee.io/feed/aac # Sternengeschichten
-  - https://feeds.br.de/radiowissen/feed.xml # BR2 RadioWissen
-
-ytdl_video_output: "/shares_videos/Youtube/%(uploader)s/%(title)s-%(id)s.%(ext)s" # Videos werden jetzt IMMEr nach "Uploader/Name.ext" geschrieben
-
-ytdl_podcast_output: "/shares_music/Podcasts/%(playlist)s/%(id)s.%(ext)s"
-ytdl_video_log_output: "/shares_videos/Youtube/archive-youtube.log"
-ytdl_podcast_log_output: "/shares_music/Podcasts/archive-podcast.log"
-ytdl_youtube_username: "{{ lookup('keepass', 'youtubedl_youtube_login', 'username') }}"
-ytdl_youtube_password: "{{ lookup('keepass', 'youtubedl_youtube_login', 'password') }}"
-ytdl_conf_dir: "/etc/youtubedl" #ohne / am ende
-ytdl_download_limit: "10000K"
-
-### mgrote.smb_fileserver
-smb_shares:
-  - name: 'videos'
-    path: '/shares_videos'
-    users_ro: 'kodi'
-    users_rw: 'michaelgrote win10'
-  - name: 'scans'
-    path: '/shares_scans'
-    users_ro: ' michaelgrote'
-    users_rw: 'brother_ads2700w'
-  - name: 'papa_backup'
-    path: '/shares_papa_backup'
-    users_ro: 'michaelgrote'
-    users_rw: 'win10'
-  - name: 'backup'
-    path: '/shares_backup'
-    users_ro: ''
-    users_rw: 'win10 michaelgrote'
-  - name: 'archiv'
-    path: '/shares_archiv'
-    users_ro: ''
-    users_rw: 'michaelgrote win10'
-  - name: 'hm'
-    path: '/shares_hm'
-    users_ro: ''
-    users_rw: 'michaelgrote win10'
-  - name: 'musik'
-    path: '/shares_music'
-    users_ro: 'navidrome kodi  '
-    users_rw: 'win10 michaelgrote'
-  - name: 'tmp'
-    path: '/shares_tmp'
-    users_ro: 'win10'
-    users_rw: 'kodi win10 michaelgrote'
-  - name: 'bilder'
-    path: '/shares_bilder'
-    users_ro: 'photoprism'
-    users_rw: ' michaelgrote win10'
-  - name: 'proxmox'
-    path: '/shares_pve_backup'
-    users_ro: 'michaelgrote'
-    users_rw: 'pve win10'
-  - name: 'restic'
-    path: '/shares_restic'
-    users_ro: ''
-    users_rw: ' restic win10 michaelgrote'
-  - name: 'buecher'
-    path: '/shares_buecher'
-    users_ro: ''
-    users_rw: 'michaelgrote win10'
-  - name: 'programme'
-    path: '/shares_programme'
-    users_ro: ''
-    users_rw: 'michaelgrote win10'
-  - name: 'vm'
-    path: '/shares_vm'
-    users_ro: ''
-    users_rw: 'michaelgrote'
+### mgrote.fileserver_smb
+smb_workgroup: WORKGROUP
+smb_min_protocol: "SMB2"
+smb_client_min_protocol: "SMB2"
+smb_client_max_protocol: "SMB3_11"
+smb_enable_snapshots_dir: true
--- a/host_vars/docker10.grote.lan.yml
+++ b/host_vars/docker10.grote.lan.yml
@ -15,6 +15,20 @@ lvm_groups:
 manage_lvm: true
 pvresize_to_max: true

+### mgrote_mount_cifs
+cifs_mounts:
+  - name: bilder
+    type: cifs
+    state: present
+    dest: /mnt/fileserver3_photoprism_bilder_ro
+    src: //fileserver3.grote.lan/bilder
+    user: photoprism
+    password: "{{ lookup('keepass', 'fileserver_smb_user_photoprism', 'password') }}"
+    domain: grote.lan
+    uid: 5000
+    gid: 5000
+    extra_opts: ",ro" # komma am Anfang ist notwendig weil die Option hinten angehangen wird
+
 ### mgrote.restic
 restic_folders_to_backup: "/ /var/lib/docker /mnt/oci-registry" # --one-file-system ist gesetzt, also werden weitere Dateisysteme nicht eingeschlossen, es sei denn sie werden hier explizit angegeben

@ -57,6 +71,8 @@ compose_files:
  - name: woodpecker
    state: present
    network: traefik
+  - name: photoprism
+    state: present

 ### oefenweb.ufw
 ufw_rules:
--- a/host_vars/fileserver3.grote.lan.yml
+++ b/host_vars/fileserver3.grote.lan.yml
@ -0,0 +1,118 @@
+---
+### mgrote.youtubedl
+ytdl_dl_url: "https://github.com/yt-dlp/yt-dlp/releases/latest/download/yt-dlp"
+ytdl_timer: "Tue,Sat 03:00"
+ytdl_bin_path: /usr/local/bin/yt-dlp
+ytdl_active: true
+ytdl_video_urls:
+  - https://www.youtube.com/c/KurzgesagtDE/videos # Kurzgesagt - Deutsch
+  - https://www.youtube.com/c/inanutshell/videos # Kurzgesagt - Englisch
+  - https://www.youtube.com/c/MartinSonneborn/videos #martin sonneborn
+  - https://www.youtube.com/c/100SekundenPhysik/videos #100 sekunden physik
+  - https://www.youtube.com/c/Handwerkskunst/videos #swr handwerkskunst kanal
+  - https://www.youtube.com/c/PracticalEngineeringChannel/videos # pracrical engineering
+  - https://www.youtube.com/channel/UC0vFIgkGrbmfxKVhZ2hgMeg/videos #gaby weber
+  - https://www.youtube.com/playlist?list=PLPM-eyPokAWNhhDNO4YzC5cGRwuI2ykwE # music
+  - https://www.youtube.com/playlist?list=PLPM-eyPokAWNnDxuyX131R5wkl8fzvu7D # lost and found
+  - https://www.youtube.com/playlist?list=PLPM-eyPokAWPmStfh37roJge-JuLfgma0 # lost and found 2
+  - https://www.youtube.com/playlist?list=PLcpuu5BzmasC7cI-B713EY3xdpWrLhDdH #Japan Day in the Life Series by Paolo fromTOKYO
+  - https://www.youtube.com/playlist?list=PLlQWnS27jXh9gX1kvMT1frhzvFnDgP_8M # arte die großen mythen
+  - https://www.youtube.com/playlist?list=PLrMX9ct-uNyOKfDG0WrRd6fQsB21MzorZ # JoBlo - Videos - WTF HAPPENED TO THIS MOVIE?!
+  - https://www.youtube.com/playlist?list=PLrMX9ct-uNyOt0Z-iqBGuyiZU9pFJyvD5 # JoBlo - Videos - THE MOVIE THAT ALMOST WAS
+  - https://www.youtube.com/playlist?list=PLrMX9ct-uNyMNMZgSkxRdNh2xa8GEZQn4 # JoBlo - Videos - WTF HAPPENED TO THIS CELEBRITY?!
+  - https://www.youtube.com/watch?v=TowKvEJcYDw&list=PLlQWnS27jXh9aEp7hl54xrk5CgiVbvMBy # arte - zu Tisch in...
+  - https://www.youtube.com/playlist?list=PLs4hTtftqnlAkiQNdWn6bbKUr-P1wuSm0 # jimmy kimmel mean tweets
+  - https://www.youtube.com/tomstantonengineering
+  - https://www.youtube.com/@liamcarps #englandvideos ironisch
+ytdl_podcast_urls:
+  - https://sternengeschichten.podigee.io/feed/aac # Sternengeschichten
+  - https://feeds.br.de/radiowissen/feed.xml # BR2 RadioWissen
+
+ytdl_video_output: "/shares_videos/Youtube/%(uploader)s/%(title)s-%(id)s.%(ext)s" # Videos werden jetzt IMMEr nach "Uploader/Name.ext" geschrieben
+
+ytdl_podcast_output: "/shares_music/Podcasts/%(playlist)s/%(id)s.%(ext)s"
+ytdl_video_log_output: "/shares_videos/Youtube/archive-youtube.log"
+ytdl_podcast_log_output: "/shares_music/Podcasts/archive-podcast.log"
+ytdl_youtube_username: "{{ lookup('keepass', 'youtubedl_youtube_login', 'username') }}"
+ytdl_youtube_password: "{{ lookup('keepass', 'youtubedl_youtube_login', 'password') }}"
+ytdl_conf_dir: "/etc/youtubedl" #ohne / am ende
+ytdl_download_limit: "10000K"
+
+### mgrote.fileserver_smb
+smb_users:
+  - name: 'restic'
+    password: "{{ lookup('keepass', 'fileserver_smb_user_restic', 'password') }}"
+  - name: 'win10'
+    password: "{{ lookup('keepass', 'fileserver_smb_user_win10', 'password') }}"
+  - name: 'kodi'
+    password: "{{ lookup('keepass', 'fileserver_smb_user_kodi', 'password') }}"
+  - name: 'michaelgrote'
+    password: "{{ lookup('keepass', 'fileserver_smb_user_mg', 'password') }}"
+  - name: 'navidrome'
+    password: "{{ lookup('keepass', 'fileserver_smb_user_navidrome', 'password') }}"
+  - name: 'docker'
+    password: "{{ lookup('keepass', 'fileserver_smb_user_docker', 'password') }}"
+  - name: 'pve'
+    password: "{{ lookup('keepass', 'fileserver_smb_user_pve', 'password') }}"
+  - name: 'brother_ads2700w'
+    password: "{{ lookup('keepass', 'fileserver_smb_user_brother_ads2700w', 'password') }}"
+  - name: 'photoprism'
+    password: "{{ lookup('keepass', 'fileserver_smb_user_photoprism', 'password') }}"
+
+smb_shares:
+  - name: 'videos'
+    path: '/shares_videos'
+    users_ro: 'kodi'
+    users_rw: 'michaelgrote win10'
+  - name: 'scans'
+    path: '/shares_scans'
+    users_ro: ' michaelgrote'
+    users_rw: 'brother_ads2700w'
+  - name: 'papa_backup'
+    path: '/shares_papa_backup'
+    users_ro: 'michaelgrote'
+    users_rw: 'win10'
+  - name: 'backup'
+    path: '/shares_backup'
+    users_ro: ''
+    users_rw: 'win10 michaelgrote'
+  - name: 'archiv'
+    path: '/shares_archiv'
+    users_ro: ''
+    users_rw: 'michaelgrote win10'
+  - name: 'hm'
+    path: '/shares_hm'
+    users_ro: ''
+    users_rw: 'michaelgrote win10'
+  - name: 'musik'
+    path: '/shares_music'
+    users_ro: 'navidrome kodi  '
+    users_rw: 'win10 michaelgrote'
+  - name: 'tmp'
+    path: '/shares_tmp'
+    users_ro: 'win10'
+    users_rw: 'kodi win10 michaelgrote'
+  - name: 'bilder'
+    path: '/shares_bilder'
+    users_ro: 'photoprism'
+    users_rw: ' michaelgrote win10'
+  - name: 'proxmox'
+    path: '/shares_pve_backup'
+    users_ro: 'michaelgrote'
+    users_rw: 'pve win10'
+  - name: 'restic'
+    path: '/shares_restic'
+    users_ro: ''
+    users_rw: ' restic win10 michaelgrote'
+  - name: 'buecher'
+    path: '/shares_buecher'
+    users_ro: ''
+    users_rw: 'michaelgrote win10'
+  - name: 'programme'
+    path: '/shares_programme'
+    users_ro: ''
+    users_rw: 'michaelgrote win10'
+  - name: 'vm'
+    path: '/shares_vm'
+    users_ro: ''
+    users_rw: 'michaelgrote'
--- a/keepass_db.kdbx
+++ b/keepass_db.kdbx
--- a/playbooks/3_service/docker.yml
+++ b/playbooks/3_service/docker.yml
@ -2,6 +2,7 @@
 - hosts: docker
  roles:
    - { role: mgrote_systemd_resolved, tags: "dns", become: true }
+    - { role: mgrote_mount_cifs, tags: "cifs", become: true }
    - { role: geerlingguy-ansible-role-pip, tags: "pip", become: true }
    - { role: geerlingguy-ansible-role-docker, tags: "docker", become: true }
    - { role: gantsign-ansible-role-ctop, tags: "ctop", become: true }
--- a/roles/mgrote_mount_cifs/defaults/main.yml
+++ b/roles/mgrote_mount_cifs/defaults/main.yml
@ -10,3 +10,4 @@ cifs_mounts:
    domain: grote.lan
    uid: 1000
    gid: 1000
+    # optional: extra_opts: ",ro" # komma am Anfang ist notwendig weil die Option hinten angehangen wird
--- a/roles/mgrote_mount_cifs/handlers/main.yml
+++ b/roles/mgrote_mount_cifs/handlers/main.yml
@ -1,5 +0,0 @@
---
- name: reboot
-  become: true
-  ansible.builtin.reboot:
-    reboot_timeout: 120
--- a/roles/mgrote_mount_cifs/tasks/main.yml
+++ b/roles/mgrote_mount_cifs/tasks/main.yml
@ -4,6 +4,7 @@
  ansible.builtin.package:
    name: cifs-utils
    state: present
+  when: cifs_mounts is defined

 - name: create mount directory
  become: true
@ -13,6 +14,7 @@
    mode: "0777"
  loop: "{{ cifs_mounts }}"
  no_log: true
+  when: cifs_mounts is defined

 - name: create credential-file
  become: true
@ -24,13 +26,14 @@
    mode: '0400'
  loop: "{{ cifs_mounts }}"
  no_log: true
+  when: cifs_mounts is defined

 - name: mount cifs volumes
  become: true
  ansible.posix.mount:
    src: "{{ item.src }}"
    path: "{{ item.dest }}"
-    opts: credentials=/root/.smb_passwords_{{ item.name }},domain={{ item.domain }},uid={{ item.uid | default('1000') }},gid={{ item.gid | default('1000') }}"
+    opts: credentials=/root/.smb_passwords_{{ item.name }},domain={{ item.domain }},uid={{ item.uid | default('1000') }},gid={{ item.gid | default('1000') }}{{ item.extra_opts | default(omit) }}"
    state: "{{ item.state }}"
    fstype: "{{ item.type }}"
    backup: true
@ -38,4 +41,4 @@
    passno: "0"
  loop: "{{ cifs_mounts }}"
  no_log: true
-  notify: reboot
+  when: cifs_mounts is defined