mg/homeserver
1
0
Fork 0
Code Issues 1 Pull requests 3 Activity Actions

deploy photoprism (again) (#596)

Browse source 
Reviewed-on: #596
Co-authored-by: Michael Grote <michael.grote@posteo.de>
Co-committed-by: Michael Grote <michael.grote@posteo.de>
This commit is contained in:
Michael Grote 2023-11-09 16:57:43 +01:00 committed by mg
parent 41170511de
commit ccbc980198
10 changed files with 240 additions and 104 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
docker-compose/homer/assets/config.yml
View file

@ -73,6 +73,11 @@ services:
url: "https://audio.mgrote.net/mg" url: "https://audio.mgrote.net/mg"
target: "_blank" target: "_blank"
subtitle: "Audio-Streaming" subtitle: "Audio-Streaming"
- name: "Photoprism"
logo: "assets/icons/photoprism.svg"
url: "http://docker10.grote.lan:2342"
target: "_blank"
subtitle: "Bildersammlung"
- name: "Web" - name: "Web"
icon: "fas fa-cloud" icon: "fas fa-cloud"

88
docker-compose/photoprism/docker-compose.yml.j2 Normal file
View file

@ -0,0 +1,88 @@
version: '3.5'
# ------------------------------------------------------------------
# DOCKER COMPOSE COMMAND REFERENCE
# ------------------------------------------------------------------
# Start | docker-compose up -d
# Stop | docker-compose stop
# Update | docker-compose pull
# Logs | docker-compose logs --tail=25 -f
# Terminal | docker-compose exec photoprism bash
# Help | docker-compose exec photoprism photoprism help
# Config | docker-compose exec photoprism photoprism config
# Reset | docker-compose exec photoprism photoprism reset
# Backup | docker-compose exec photoprism photoprism backup -a -i
# Restore | docker-compose exec photoprism photoprism restore -a -i
# Index | docker-compose exec photoprism photoprism index
# Reindex | docker-compose exec photoprism photoprism index -a
# Import | docker-compose exec photoprism photoprism import
# -------------------------------------------------------------------
services:
photoprism:
# Use photoprism/photoprism:preview instead for testing preview builds:
image: photoprism/photoprism:latest
container_name: photoprism-frontend
restart: always
security_opt:
- seccomp:unconfined
- apparmor:unconfined
ports:
- 2342:2342
environment:
PHOTOPRISM_ADMIN_PASSWORD: "{{ lookup('keepass', 'photoprism_admin_password', 'password') }}"
PHOTOPRISM_HTTP_PORT: 2342
PHOTOPRISM_HTTP_COMPRESSION: "gzip" # none or gzip
PHOTOPRISM_DEBUG: "false"
PHOTOPRISM_PUBLIC: "false" # No authentication required (disables password protection)
PHOTOPRISM_READONLY: "true" # Don't modify originals directory (reduced functionality)
PHOTOPRISM_EXPERIMENTAL: "false"
PHOTOPRISM_DISABLE_WEBDAV: "true"
PHOTOPRISM_DISABLE_SETTINGS: "false"
PHOTOPRISM_DISABLE_TENSORFLOW: "false"
PHOTOPRISM_DARKTABLE_PRESETS: "false"
PHOTOPRISM_DETECT_NSFW: "true"
PHOTOPRISM_UPLOAD_NSFW: "true"
PHOTOPRISM_DATABASE_DRIVER: "mysql"
PHOTOPRISM_DATABASE_SERVER: "mariadb:3306"
PHOTOPRISM_DATABASE_NAME: "photoprism"
PHOTOPRISM_DATABASE_USER: "photoprism"
PHOTOPRISM_DATABASE_PASSWORD: "{{ lookup('keepass', 'photoprism_database_password', 'password') }}"
PHOTOPRISM_SITE_URL: "http://docker10.grote.lan:2342/"
PHOTOPRISM_SITE_TITLE: "PhotoPrism"
PHOTOPRISM_SITE_CAPTION: "Browse Your Life"
PHOTOPRISM_SITE_DESCRIPTION: ""
PHOTOPRISM_SITE_AUTHOR: "mgrote"
# You may optionally set a user / group id using environment variables if your Docker version or NAS does not
# support this natively (see next example):
UID: 5000
GID: 5000
# UMASK: 0000
# Uncomment and edit the following line to set a specific user / group id (native):
user: "5000:5000"
volumes:
- "/mnt/fileserver3_photoprism_bilder_ro:/photoprism/originals/:ro"
- "storage:/photoprism/storage"
labels:
com.centurylinklabs.watchtower.enable: true
com.centurylinklabs.watchtower.depends-on: photoprism-db
mariadb:
image: mariadb:10
container_name: photoprism-db
restart: always
security_opt:
- seccomp:unconfined
- apparmor:unconfined
command: mysqld --transaction-isolation=READ-COMMITTED --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci --max-connections=512 --innodb-rollback-on-timeout=OFF --innodb-lock-wait-timeout=50
volumes: # Don't remove permanent storage for index database files!
- "database:/var/lib/mysql"
environment:
MYSQL_ROOT_PASSWORD: {{ lookup('keepass', 'photoprism_mysql_root_password', 'password') }}
MYSQL_DATABASE: photoprism
MYSQL_USER: photoprism
MYSQL_PASSWORD: {{ lookup('keepass', 'photoprism_database_password', 'password') }}
labels:
com.centurylinklabs.watchtower.enable: false
volumes:
storage:
database:

103
group_vars/fileserver.yml
View file

@ -22,100 +22,9 @@ ufw_rules:
apt_packages_internet: apt_packages_internet:
- http://docker10.grote.lan:3344/bash-helper-scripts-mgrote-latest.deb - http://docker10.grote.lan:3344/bash-helper-scripts-mgrote-latest.deb
### mgrote.youtubedl ### mgrote.fileserver_smb
ytdl_dl_url: "https://github.com/yt-dlp/yt-dlp/releases/latest/download/yt-dlp" smb_workgroup: WORKGROUP
ytdl_timer: "Tue,Sat 03:00" smb_min_protocol: "SMB2"
ytdl_bin_path: /usr/local/bin/yt-dlp smb_client_min_protocol: "SMB2"
ytdl_active: true smb_client_max_protocol: "SMB3_11"
ytdl_video_urls: smb_enable_snapshots_dir: true
- https://www.youtube.com/c/KurzgesagtDE/videos # Kurzgesagt - Deutsch
- https://www.youtube.com/c/inanutshell/videos # Kurzgesagt - Englisch
- https://www.youtube.com/c/MartinSonneborn/videos #martin sonneborn
- https://www.youtube.com/c/100SekundenPhysik/videos #100 sekunden physik
- https://www.youtube.com/c/Handwerkskunst/videos #swr handwerkskunst kanal
- https://www.youtube.com/c/PracticalEngineeringChannel/videos # pracrical engineering
- https://www.youtube.com/channel/UC0vFIgkGrbmfxKVhZ2hgMeg/videos #gaby weber
- https://www.youtube.com/playlist?list=PLPM-eyPokAWNhhDNO4YzC5cGRwuI2ykwE # music
- https://www.youtube.com/playlist?list=PLPM-eyPokAWNnDxuyX131R5wkl8fzvu7D # lost and found
- https://www.youtube.com/playlist?list=PLPM-eyPokAWPmStfh37roJge-JuLfgma0 # lost and found 2
- https://www.youtube.com/playlist?list=PLcpuu5BzmasC7cI-B713EY3xdpWrLhDdH #Japan Day in the Life Series by Paolo fromTOKYO
- https://www.youtube.com/playlist?list=PLlQWnS27jXh9gX1kvMT1frhzvFnDgP_8M # arte die großen mythen
- https://www.youtube.com/playlist?list=PLrMX9ct-uNyOKfDG0WrRd6fQsB21MzorZ # JoBlo - Videos - WTF HAPPENED TO THIS MOVIE?!
- https://www.youtube.com/playlist?list=PLrMX9ct-uNyOt0Z-iqBGuyiZU9pFJyvD5 # JoBlo - Videos - THE MOVIE THAT ALMOST WAS
- https://www.youtube.com/playlist?list=PLrMX9ct-uNyMNMZgSkxRdNh2xa8GEZQn4 # JoBlo - Videos - WTF HAPPENED TO THIS CELEBRITY?!
- https://www.youtube.com/watch?v=TowKvEJcYDw&list=PLlQWnS27jXh9aEp7hl54xrk5CgiVbvMBy # arte - zu Tisch in...
- https://www.youtube.com/playlist?list=PLs4hTtftqnlAkiQNdWn6bbKUr-P1wuSm0 # jimmy kimmel mean tweets
- https://www.youtube.com/tomstantonengineering
- https://www.youtube.com/@liamcarps #englandvideos ironisch
ytdl_podcast_urls:
- https://sternengeschichten.podigee.io/feed/aac # Sternengeschichten
- https://feeds.br.de/radiowissen/feed.xml # BR2 RadioWissen
ytdl_video_output: "/shares_videos/Youtube/%(uploader)s/%(title)s-%(id)s.%(ext)s" # Videos werden jetzt IMMEr nach "Uploader/Name.ext" geschrieben
ytdl_podcast_output: "/shares_music/Podcasts/%(playlist)s/%(id)s.%(ext)s"
ytdl_video_log_output: "/shares_videos/Youtube/archive-youtube.log"
ytdl_podcast_log_output: "/shares_music/Podcasts/archive-podcast.log"
ytdl_youtube_username: "{{ lookup('keepass', 'youtubedl_youtube_login', 'username') }}"
ytdl_youtube_password: "{{ lookup('keepass', 'youtubedl_youtube_login', 'password') }}"
ytdl_conf_dir: "/etc/youtubedl" #ohne / am ende
ytdl_download_limit: "10000K"
### mgrote.smb_fileserver
smb_shares:
- name: 'videos'
path: '/shares_videos'
users_ro: 'kodi'
users_rw: 'michaelgrote win10'
- name: 'scans'
path: '/shares_scans'
users_ro: ' michaelgrote'
users_rw: 'brother_ads2700w'
- name: 'papa_backup'
path: '/shares_papa_backup'
users_ro: 'michaelgrote'
users_rw: 'win10'
- name: 'backup'
path: '/shares_backup'
users_ro: ''
users_rw: 'win10 michaelgrote'
- name: 'archiv'
path: '/shares_archiv'
users_ro: ''
users_rw: 'michaelgrote win10'
- name: 'hm'
path: '/shares_hm'
users_ro: ''
users_rw: 'michaelgrote win10'
- name: 'musik'
path: '/shares_music'
users_ro: 'navidrome kodi '
users_rw: 'win10 michaelgrote'
- name: 'tmp'
path: '/shares_tmp'
users_ro: 'win10'
users_rw: 'kodi win10 michaelgrote'
- name: 'bilder'
path: '/shares_bilder'
users_ro: 'photoprism'
users_rw: ' michaelgrote win10'
- name: 'proxmox'
path: '/shares_pve_backup'
users_ro: 'michaelgrote'
users_rw: 'pve win10'
- name: 'restic'
path: '/shares_restic'
users_ro: ''
users_rw: ' restic win10 michaelgrote'
- name: 'buecher'
path: '/shares_buecher'
users_ro: ''
users_rw: 'michaelgrote win10'
- name: 'programme'
path: '/shares_programme'
users_ro: ''
users_rw: 'michaelgrote win10'
- name: 'vm'
path: '/shares_vm'
users_ro: ''
users_rw: 'michaelgrote'

16
host_vars/docker10.grote.lan.yml
View file

@ -15,6 +15,20 @@ lvm_groups:
manage_lvm: true manage_lvm: true
pvresize_to_max: true pvresize_to_max: true
### mgrote_mount_cifs
cifs_mounts:
- name: bilder
type: cifs
state: present
dest: /mnt/fileserver3_photoprism_bilder_ro
src: //fileserver3.grote.lan/bilder
user: photoprism
password: "{{ lookup('keepass', 'fileserver_smb_user_photoprism', 'password') }}"
domain: grote.lan
uid: 5000
gid: 5000
extra_opts: ",ro" # komma am Anfang ist notwendig weil die Option hinten angehangen wird
### mgrote.restic ### mgrote.restic
restic_folders_to_backup: "/ /var/lib/docker /mnt/oci-registry" # --one-file-system ist gesetzt, also werden weitere Dateisysteme nicht eingeschlossen, es sei denn sie werden hier explizit angegeben restic_folders_to_backup: "/ /var/lib/docker /mnt/oci-registry" # --one-file-system ist gesetzt, also werden weitere Dateisysteme nicht eingeschlossen, es sei denn sie werden hier explizit angegeben
@ -57,6 +71,8 @@ compose_files:
- name: woodpecker - name: woodpecker
state: present state: present
network: traefik network: traefik
- name: photoprism
state: present
### oefenweb.ufw ### oefenweb.ufw
ufw_rules: ufw_rules:

118
host_vars/fileserver3.grote.lan.yml Normal file
View file

@ -0,0 +1,118 @@
---
### mgrote.youtubedl
ytdl_dl_url: "https://github.com/yt-dlp/yt-dlp/releases/latest/download/yt-dlp"
ytdl_timer: "Tue,Sat 03:00"
ytdl_bin_path: /usr/local/bin/yt-dlp
ytdl_active: true
ytdl_video_urls:
- https://www.youtube.com/c/KurzgesagtDE/videos # Kurzgesagt - Deutsch
- https://www.youtube.com/c/inanutshell/videos # Kurzgesagt - Englisch
- https://www.youtube.com/c/MartinSonneborn/videos #martin sonneborn
- https://www.youtube.com/c/100SekundenPhysik/videos #100 sekunden physik
- https://www.youtube.com/c/Handwerkskunst/videos #swr handwerkskunst kanal
- https://www.youtube.com/c/PracticalEngineeringChannel/videos # pracrical engineering
- https://www.youtube.com/channel/UC0vFIgkGrbmfxKVhZ2hgMeg/videos #gaby weber
- https://www.youtube.com/playlist?list=PLPM-eyPokAWNhhDNO4YzC5cGRwuI2ykwE # music
- https://www.youtube.com/playlist?list=PLPM-eyPokAWNnDxuyX131R5wkl8fzvu7D # lost and found
- https://www.youtube.com/playlist?list=PLPM-eyPokAWPmStfh37roJge-JuLfgma0 # lost and found 2
- https://www.youtube.com/playlist?list=PLcpuu5BzmasC7cI-B713EY3xdpWrLhDdH #Japan Day in the Life Series by Paolo fromTOKYO
- https://www.youtube.com/playlist?list=PLlQWnS27jXh9gX1kvMT1frhzvFnDgP_8M # arte die großen mythen
- https://www.youtube.com/playlist?list=PLrMX9ct-uNyOKfDG0WrRd6fQsB21MzorZ # JoBlo - Videos - WTF HAPPENED TO THIS MOVIE?!
- https://www.youtube.com/playlist?list=PLrMX9ct-uNyOt0Z-iqBGuyiZU9pFJyvD5 # JoBlo - Videos - THE MOVIE THAT ALMOST WAS
- https://www.youtube.com/playlist?list=PLrMX9ct-uNyMNMZgSkxRdNh2xa8GEZQn4 # JoBlo - Videos - WTF HAPPENED TO THIS CELEBRITY?!
- https://www.youtube.com/watch?v=TowKvEJcYDw&list=PLlQWnS27jXh9aEp7hl54xrk5CgiVbvMBy # arte - zu Tisch in...
- https://www.youtube.com/playlist?list=PLs4hTtftqnlAkiQNdWn6bbKUr-P1wuSm0 # jimmy kimmel mean tweets
- https://www.youtube.com/tomstantonengineering
- https://www.youtube.com/@liamcarps #englandvideos ironisch
ytdl_podcast_urls:
- https://sternengeschichten.podigee.io/feed/aac # Sternengeschichten
- https://feeds.br.de/radiowissen/feed.xml # BR2 RadioWissen
ytdl_video_output: "/shares_videos/Youtube/%(uploader)s/%(title)s-%(id)s.%(ext)s" # Videos werden jetzt IMMEr nach "Uploader/Name.ext" geschrieben
ytdl_podcast_output: "/shares_music/Podcasts/%(playlist)s/%(id)s.%(ext)s"
ytdl_video_log_output: "/shares_videos/Youtube/archive-youtube.log"
ytdl_podcast_log_output: "/shares_music/Podcasts/archive-podcast.log"
ytdl_youtube_username: "{{ lookup('keepass', 'youtubedl_youtube_login', 'username') }}"
ytdl_youtube_password: "{{ lookup('keepass', 'youtubedl_youtube_login', 'password') }}"
ytdl_conf_dir: "/etc/youtubedl" #ohne / am ende
ytdl_download_limit: "10000K"
### mgrote.fileserver_smb
smb_users:
- name: 'restic'
password: "{{ lookup('keepass', 'fileserver_smb_user_restic', 'password') }}"
- name: 'win10'
password: "{{ lookup('keepass', 'fileserver_smb_user_win10', 'password') }}"
- name: 'kodi'
password: "{{ lookup('keepass', 'fileserver_smb_user_kodi', 'password') }}"
- name: 'michaelgrote'
password: "{{ lookup('keepass', 'fileserver_smb_user_mg', 'password') }}"
- name: 'navidrome'
password: "{{ lookup('keepass', 'fileserver_smb_user_navidrome', 'password') }}"
- name: 'docker'
password: "{{ lookup('keepass', 'fileserver_smb_user_docker', 'password') }}"
- name: 'pve'
password: "{{ lookup('keepass', 'fileserver_smb_user_pve', 'password') }}"
- name: 'brother_ads2700w'
password: "{{ lookup('keepass', 'fileserver_smb_user_brother_ads2700w', 'password') }}"
- name: 'photoprism'
password: "{{ lookup('keepass', 'fileserver_smb_user_photoprism', 'password') }}"
smb_shares:
- name: 'videos'
path: '/shares_videos'
users_ro: 'kodi'
users_rw: 'michaelgrote win10'
- name: 'scans'
path: '/shares_scans'
users_ro: ' michaelgrote'
users_rw: 'brother_ads2700w'
- name: 'papa_backup'
path: '/shares_papa_backup'
users_ro: 'michaelgrote'
users_rw: 'win10'
- name: 'backup'
path: '/shares_backup'
users_ro: ''
users_rw: 'win10 michaelgrote'
- name: 'archiv'
path: '/shares_archiv'
users_ro: ''
users_rw: 'michaelgrote win10'
- name: 'hm'
path: '/shares_hm'
users_ro: ''
users_rw: 'michaelgrote win10'
- name: 'musik'
path: '/shares_music'
users_ro: 'navidrome kodi '
users_rw: 'win10 michaelgrote'
- name: 'tmp'
path: '/shares_tmp'
users_ro: 'win10'
users_rw: 'kodi win10 michaelgrote'
- name: 'bilder'
path: '/shares_bilder'
users_ro: 'photoprism'
users_rw: ' michaelgrote win10'
- name: 'proxmox'
path: '/shares_pve_backup'
users_ro: 'michaelgrote'
users_rw: 'pve win10'
- name: 'restic'
path: '/shares_restic'
users_ro: ''
users_rw: ' restic win10 michaelgrote'
- name: 'buecher'
path: '/shares_buecher'
users_ro: ''
users_rw: 'michaelgrote win10'
- name: 'programme'
path: '/shares_programme'
users_ro: ''
users_rw: 'michaelgrote win10'
- name: 'vm'
path: '/shares_vm'
users_ro: ''
users_rw: 'michaelgrote'

BIN
keepass_db.kdbx
View file

Binary file not shown.

1
playbooks/3_service/docker.yml
View file

@ -2,6 +2,7 @@
- hosts: docker - hosts: docker
roles: roles:
- { role: mgrote_systemd_resolved, tags: "dns", become: true } - { role: mgrote_systemd_resolved, tags: "dns", become: true }
- { role: mgrote_mount_cifs, tags: "cifs", become: true }
- { role: geerlingguy-ansible-role-pip, tags: "pip", become: true } - { role: geerlingguy-ansible-role-pip, tags: "pip", become: true }
- { role: geerlingguy-ansible-role-docker, tags: "docker", become: true } - { role: geerlingguy-ansible-role-docker, tags: "docker", become: true }
- { role: gantsign-ansible-role-ctop, tags: "ctop", become: true } - { role: gantsign-ansible-role-ctop, tags: "ctop", become: true }

1
roles/mgrote_mount_cifs/defaults/main.yml
View file

@ -10,3 +10,4 @@ cifs_mounts:
domain: grote.lan domain: grote.lan
uid: 1000 uid: 1000
gid: 1000 gid: 1000
# optional: extra_opts: ",ro" # komma am Anfang ist notwendig weil die Option hinten angehangen wird

5
roles/mgrote_mount_cifs/handlers/main.yml
View file

@ -1,5 +0,0 @@
---
- name: reboot
become: true
ansible.builtin.reboot:
reboot_timeout: 120

7
roles/mgrote_mount_cifs/tasks/main.yml
View file

@ -4,6 +4,7 @@
ansible.builtin.package: ansible.builtin.package:
name: cifs-utils name: cifs-utils
state: present state: present
when: cifs_mounts is defined
- name: create mount directory - name: create mount directory
become: true become: true
@ -13,6 +14,7 @@
mode: "0777" mode: "0777"
loop: "{{ cifs_mounts }}" loop: "{{ cifs_mounts }}"
no_log: true no_log: true
when: cifs_mounts is defined
- name: create credential-file - name: create credential-file
become: true become: true
@ -24,13 +26,14 @@
mode: '0400' mode: '0400'
loop: "{{ cifs_mounts }}" loop: "{{ cifs_mounts }}"
no_log: true no_log: true
when: cifs_mounts is defined
- name: mount cifs volumes - name: mount cifs volumes
become: true become: true
ansible.posix.mount: ansible.posix.mount:
src: "{{ item.src }}" src: "{{ item.src }}"
path: "{{ item.dest }}" path: "{{ item.dest }}"
opts: credentials=/root/.smb_passwords_{{ item.name }},domain={{ item.domain }},uid={{ item.uid | default('1000') }},gid={{ item.gid | default('1000') }}" opts: credentials=/root/.smb_passwords_{{ item.name }},domain={{ item.domain }},uid={{ item.uid | default('1000') }},gid={{ item.gid | default('1000') }}{{ item.extra_opts | default(omit) }}"
state: "{{ item.state }}" state: "{{ item.state }}"
fstype: "{{ item.type }}" fstype: "{{ item.type }}"
backup: true backup: true
@ -38,4 +41,4 @@
passno: "0" passno: "0"
loop: "{{ cifs_mounts }}" loop: "{{ cifs_mounts }}"
no_log: true no_log: true
notify: reboot when: cifs_mounts is defined