brandon/oam
1
0
Fork 0
mirror of https://gitea.com/mcereda/oam.git synced 2026-02-08 21:34:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

chore(self-hosting): include photoprism and a generic article

Browse Source
This commit is contained in:
Michele Cereda
2024-05-26 18:45:12 +02:00
parent 46bff050bb
commit 56f5b1e87a
11 changed files with 279 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
.vscode/settings.json vendored
View File

@@ -218,6 +218,7 @@
"pandoc",
"passwordless",
"pebcak",
"photoprism",
"pihole",
"pinentry",
"pipx",

153
containers/photoprism/docker-compose.original.yml Normal file
View File

@@ -0,0 +1,153 @@
---
# Example Docker Compose config file for PhotoPrism (Linux / AMD64)
#
# Note:
# - Running PhotoPrism on a server with less than 4 GB of swap space or setting a memory/swap limit can cause unexpected
# restarts ("crashes"), for example, when the indexer temporarily needs more memory to process large files.
# - If you install PhotoPrism on a public server outside your home network, please always run it behind a secure
# HTTPS reverse proxy such as Traefik or Caddy. Your files and passwords will otherwise be transmitted
# in clear text and can be intercepted by anyone, including your provider, hackers, and governments:
# https://docs.photoprism.app/getting-started/proxies/traefik/
#
# Setup Guides:
# - https://docs.photoprism.app/getting-started/docker-compose/
# - https://docs.photoprism.app/getting-started/raspberry-pi/
# - https://www.photoprism.app/kb/activation
#
# Troubleshooting Checklists:
# - https://docs.photoprism.app/getting-started/troubleshooting/
# - https://docs.photoprism.app/getting-started/troubleshooting/docker/
# - https://docs.photoprism.app/getting-started/troubleshooting/mariadb/
#
# CLI Commands:
# - https://docs.photoprism.app/getting-started/docker-compose/#command-line-interface
#
# All commands may have to be prefixed with "sudo" when not running as root.
# This will point the home directory shortcut ~ to /root in volume mounts.
services:
photoprism:
## Use photoprism/photoprism:preview for testing preview builds:
image: photoprism/photoprism:latest
## Don't enable automatic restarts until PhotoPrism has been properly configured and tested!
## If the service gets stuck in a restart loop, this points to a memory, filesystem, network, or database issue:
## https://docs.photoprism.app/getting-started/troubleshooting/#fatal-server-errors
# restart: unless-stopped
stop_grace_period: 10s
depends_on:
- mariadb
security_opt:
- seccomp:unconfined
- apparmor:unconfined
## Server port mapping in the format "Host:Container". To use a different port, change the host port on
## the left-hand side and keep the container port, e.g. "80:2342" (for HTTP) or "443:2342 (for HTTPS):
ports:
- "2342:2342"
## Before you start the service, please check the following config options (and change them as needed):
## https://docs.photoprism.app/getting-started/config-options/
environment:
PHOTOPRISM_ADMIN_USER: "admin" # admin login username
PHOTOPRISM_ADMIN_PASSWORD: "insecure" # initial admin password (8-72 characters)
PHOTOPRISM_AUTH_MODE: "password" # authentication mode (public, password)
PHOTOPRISM_SITE_URL: "http://localhost:2342/" # server URL in the format "http(s)://domain.name(:port)/(path)"
PHOTOPRISM_DISABLE_TLS: "false" # disables HTTPS/TLS even if the site URL starts with https:// and a certificate is available
PHOTOPRISM_DEFAULT_TLS: "true" # defaults to a self-signed HTTPS/TLS certificate if no other certificate is available
PHOTOPRISM_ORIGINALS_LIMIT: 5000 # file size limit for originals in MB (increase for high-res video)
PHOTOPRISM_HTTP_COMPRESSION: "gzip" # improves transfer speed and bandwidth utilization (none or gzip)
PHOTOPRISM_LOG_LEVEL: "info" # log level: trace, debug, info, warning, error, fatal, or panic
PHOTOPRISM_READONLY: "false" # do not modify originals directory (reduced functionality)
PHOTOPRISM_EXPERIMENTAL: "false" # enables experimental features
PHOTOPRISM_DISABLE_CHOWN: "false" # disables updating storage permissions via chmod and chown on startup
PHOTOPRISM_DISABLE_WEBDAV: "false" # disables built-in WebDAV server
PHOTOPRISM_DISABLE_SETTINGS: "false" # disables settings UI and API
PHOTOPRISM_DISABLE_TENSORFLOW: "false" # disables all features depending on TensorFlow
PHOTOPRISM_DISABLE_FACES: "false" # disables face detection and recognition (requires TensorFlow)
PHOTOPRISM_DISABLE_CLASSIFICATION: "false" # disables image classification (requires TensorFlow)
PHOTOPRISM_DISABLE_VECTORS: "false" # disables vector graphics support
PHOTOPRISM_DISABLE_RAW: "false" # disables indexing and conversion of RAW images
PHOTOPRISM_RAW_PRESETS: "false" # enables applying user presets when converting RAW images (reduces performance)
PHOTOPRISM_SIDECAR_YAML: "true" # creates YAML sidecar files to back up picture metadata
PHOTOPRISM_BACKUP_ALBUMS: "true" # creates YAML files to back up album metadata
PHOTOPRISM_BACKUP_DATABASE: "true" # creates regular backups based on the configured schedule
PHOTOPRISM_BACKUP_SCHEDULE: "daily" # backup SCHEDULE in cron format (e.g. "0 12 * * *" for daily at noon) or at a random time (daily, weekly)
PHOTOPRISM_INDEX_SCHEDULE: "" # indexing SCHEDULE in cron format (e.g. "@every 3h" for every 3 hours; "" to disable)
PHOTOPRISM_AUTO_INDEX: 120 # delay before automatically indexing files in SECONDS when uploading via WebDAV (-1 to disable)
PHOTOPRISM_AUTO_IMPORT: 150 # delay before automatically importing files in SECONDS when uploading via WebDAV (-1 to disable)
PHOTOPRISM_DETECT_NSFW: "false" # automatically flags photos as private that MAY be offensive (requires TensorFlow)
PHOTOPRISM_UPLOAD_NSFW: "true" # allows uploads that MAY be offensive (no effect without TensorFlow)
# PHOTOPRISM_DATABASE_DRIVER: "sqlite" # SQLite is an embedded database that doesn't require a server
PHOTOPRISM_DATABASE_DRIVER: "mysql" # use MariaDB 10.5+ or MySQL 8+ instead of SQLite for improved performance
PHOTOPRISM_DATABASE_SERVER: "mariadb:3306" # MariaDB or MySQL database server (hostname:port)
PHOTOPRISM_DATABASE_NAME: "photoprism" # MariaDB or MySQL database schema name
PHOTOPRISM_DATABASE_USER: "photoprism" # MariaDB or MySQL database user name
PHOTOPRISM_DATABASE_PASSWORD: "insecure" # MariaDB or MySQL database user password
PHOTOPRISM_SITE_CAPTION: "AI-Powered Photos App"
PHOTOPRISM_SITE_DESCRIPTION: "" # meta site description
PHOTOPRISM_SITE_AUTHOR: "" # meta site author
## Video Transcoding (https://docs.photoprism.app/getting-started/advanced/transcoding/):
# PHOTOPRISM_FFMPEG_ENCODER: "software" # H.264/AVC encoder (software, intel, nvidia, apple, raspberry, or vaapi)
# PHOTOPRISM_FFMPEG_SIZE: "1920" # video size limit in pixels (720-7680) (default: 3840)
# PHOTOPRISM_FFMPEG_BITRATE: "32" # video bitrate limit in Mbit/s (default: 50)
## Run/install on first startup (options: update https gpu tensorflow davfs clitools clean):
# PHOTOPRISM_INIT: "https gpu tensorflow"
## Run as a non-root user after initialization (supported: 0, 33, 50-99, 500-600, and 900-1200):
# PHOTOPRISM_UID: 1000
# PHOTOPRISM_GID: 1000
# PHOTOPRISM_UMASK: 0000
## Start as non-root user before initialization (supported: 0, 33, 50-99, 500-600, and 900-1200):
# user: "1000:1000"
## Share hardware devices with FFmpeg and TensorFlow (optional):
# devices:
# - "/dev/dri:/dev/dri" # Intel QSV
# - "/dev/nvidia0:/dev/nvidia0" # Nvidia CUDA
# - "/dev/nvidiactl:/dev/nvidiactl"
# - "/dev/nvidia-modeset:/dev/nvidia-modeset"
# - "/dev/nvidia-nvswitchctl:/dev/nvidia-nvswitchctl"
# - "/dev/nvidia-uvm:/dev/nvidia-uvm"
# - "/dev/nvidia-uvm-tools:/dev/nvidia-uvm-tools"
# - "/dev/video11:/dev/video11" # Video4Linux Video Encode Device (h264_v4l2m2m)
working_dir: "/photoprism" # do not change or remove
## Storage Folders: "~" is a shortcut for your home directory, "." for the current directory
volumes:
# "/host/folder:/photoprism/folder" # Example
- "~/Pictures:/photoprism/originals" # Original media files (DO NOT REMOVE)
# - "/example/family:/photoprism/originals/family" # *Additional* media folders can be mounted like this
# - "~/Import:/photoprism/import" # *Optional* base folder from which files can be imported to originals
- "./storage:/photoprism/storage" # *Writable* storage folder for cache, database, and sidecar files (DO NOT REMOVE)
## MariaDB Database Server (recommended)
## see https://docs.photoprism.app/getting-started/faq/#should-i-use-sqlite-mariadb-or-mysql
mariadb:
image: mariadb:11
## If MariaDB gets stuck in a restart loop, this points to a memory or filesystem issue:
## https://docs.photoprism.app/getting-started/troubleshooting/#fatal-server-errors
restart: unless-stopped
stop_grace_period: 5s
security_opt: # see https://github.com/MariaDB/mariadb-docker/issues/434#issuecomment-1136151239
- seccomp:unconfined
- apparmor:unconfined
command: --innodb-buffer-pool-size=512M --transaction-isolation=READ-COMMITTED --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci --max-connections=512 --innodb-rollback-on-timeout=OFF --innodb-lock-wait-timeout=120
## Never store database files on an unreliable device such as a USB flash drive, an SD card, or a shared network folder:
volumes:
- "./database:/var/lib/mysql" # DO NOT REMOVE
environment:
MARIADB_AUTO_UPGRADE: "1"
MARIADB_INITDB_SKIP_TZINFO: "1"
MARIADB_DATABASE: "photoprism"
MARIADB_USER: "photoprism"
MARIADB_PASSWORD: "insecure"
MARIADB_ROOT_PASSWORD: "insecure"
## Watchtower upgrades services automatically (optional)
## see https://docs.photoprism.app/getting-started/updates/#watchtower
## activate via "COMPOSE_PROFILES=update docker compose up -d"
watchtower:
restart: unless-stopped
image: containrrr/watchtower
profiles: ["update"]
environment:
WATCHTOWER_CLEANUP: "true"
WATCHTOWER_POLL_INTERVAL: 7200 # checks for updates every two hours
volumes:
- "/var/run/docker.sock:/var/run/docker.sock"
- "~/.docker/config.json:/config.json" # optional, for authentication if you have a Docker Hub account

4
knowledge base/acronyms and abbreviations.md
View File

@@ -2,9 +2,9 @@
| Acronym | Expansion | Description |
| ------- | ------------------------------------------------------ | --------------------------------------------------------------------------------------------------- |
| ACME | [Automatic Certificate Management Environment] | Protocol to automate the issuance and renewal of certificates without human interaction |
| ACK | ACKnowledgement | |
| ACL | [Access Control List][acl] | |
| ACME | [Automatic Certificate Management Environment] | Protocol to automate the issuance and renewal of certificates without human interaction |
| AD | Active Directory | |
| ADR | [Architectural Decision Record][adr] | |
| APK | Alpine Package Keeper | Package manager used by Alpine Linux |
@@ -76,6 +76,7 @@
| ROM | Read-Only Memory | |
| RPM | Revolutions Per Minute | |
| RPM | RPM Package Manager | Package management system used by Linux distributions like Red Hat, (open)SuSE and Fedora |
| SaaSS | [Service as a Software Substitute] | Using a service as a substitute for running a copy of a program. |
| SAFE | Scaled Agile FramEwork | |
| SBOM | Software Bill Of Materials | See [SBOM at a Glance] |
| SIEM | [Security Information and Event Management)][siem] | |
@@ -148,4 +149,5 @@
[continuous delivery]: https://en.wikipedia.org/wiki/Continuous_delivery
[kiss principle is not that simple]: https://artero.dev/posts/kiss-principle-is-not-that-simple/
[sbom at a glance]: https://www.ntia.gov/sites/default/files/publications/sbom_at_a_glance_apr2021_0.pdf
[service as a software substitute]: https://www.gnu.org/philosophy/who-does-that-server-really-serve.html
[what is openid connect]: https://openid.net/developers/how-connect-works/

10
knowledge base/baikal.md
View File

@@ -1,9 +1,4 @@
# Title
Intro
<!-- Remove this line to uncomment if used
## Table of contents <!-- omit in toc -->
# Baikal
1. [TL;DR](#tldr)
1. [Further readings](#further-readings)
@@ -35,6 +30,7 @@ docker run --rm -p '80:80' 'ckulka/baikal:nginx'
- [Website]
- [Github]
- [Self-hosting]
### Sources
@@ -47,6 +43,8 @@ docker run --rm -p '80:80' 'ckulka/baikal:nginx'
<!-- In-article sections -->
<!-- Knowledge base -->
[self-hosting]: self-hosting.md
<!-- Files -->
<!-- Upstream -->
[github]: https://github.com/sabre-io/Baikal

3
knowledge base/caldav.md
View File

@@ -10,7 +10,7 @@
Implementations:
- [Radicale](https://radicale.org/)
- [Baikal](https://github.com/sabre-io/Baikal)
- [Baikal]
<!--
Reference
@@ -19,6 +19,7 @@ Implementations:
<!-- In-article sections -->
<!-- Knowledge base -->
[baikal]: baikal.md
[carddav]: carddav.md
[webdav]: webdav.md

3
knowledge base/carddav.md
View File

@@ -14,7 +14,7 @@ the form of [vCard]s.
Implementations:
- [Radicale](https://radicale.org/)
- [Baikal](https://github.com/sabre-io/Baikal)
- [Baikal]
<!--
Reference
@@ -23,6 +23,7 @@ Implementations:
<!-- In-article sections -->
<!-- Knowledge base -->
[baikal]: baikal.md
[caldav]: caldav.md
[vcard]: vcard.md
[webdav]: webdav.md

5
knowledge base/gitea.md
View File

@@ -102,6 +102,7 @@ When using Docker, make sure this port is published.
## Further readings
- [Self-hosting]
- [Website]
- [Compose file]
- [Git]
@@ -120,8 +121,8 @@ Alternatives:
═╬═Time══
-->
<!-- In-article sections -->
<!-- Knowledge base -->
[self-hosting]: self-hosting.md
[git]: git.md
[gitlab]: gitlab.md
@@ -132,5 +133,3 @@ Alternatives:
[configuration cheat sheet]: https://docs.gitea.com/administration/config-cheat-sheet
[https setup to encrypt connections to gitea]: https://docs.gitea.com/administration/https-setup
[website]: https://about.gitea.com/
<!-- Others -->

2
knowledge base/gitlab.md
View File

@@ -660,6 +660,7 @@ Solution: set the correct ownership with
## Further readings
- [Self-hosting]
- Gitlab's helm [chart]
- Gitlab's helm [chart]'s [global settings]
- [Command-line options]
@@ -714,6 +715,7 @@ Solution: set the correct ownership with
<!-- Knowledge base -->
[buildah]: buildah.md
[kaniko]: kubernetes/kaniko.placeholder
[self-hosting]: self-hosting.md
<!-- Files -->
<!-- Upstream -->

4
knowledge base/nextcloud.md
View File

@@ -90,6 +90,7 @@ To configure Nextcloud from `snap`:
## Further readings
- [Website]
- [Self-hosting]
- The docker version's [README][docker readme]
- The snap version's [README][snap readme]
- [How to install and configure Nextcloud on Ubuntu 18.04]
@@ -109,6 +110,9 @@ Providers:
═╬═Time══
-->
<!-- Knowledge base -->
[self-hosting]: self-hosting.md
<!-- Upstream -->
[how to check if redis is used in nc]: https://help.nextcloud.com/t/how-to-check-if-redis-is-used-in-nc/22268/2
[docker image]: https://hub.docker.com/_/nextcloud/

61
knowledge base/photoprism.md Normal file
View File

@@ -0,0 +1,61 @@
# PhotoPrism
Photos app for the decentralized web.
1. [TL;DR](#tldr)
1. [Further readings](#further-readings)
1. [Sources](#sources)
## TL;DR
<details>
<summary>Installation and configuration</summary>
<details style="margin: 1em 0 0 1em">
<summary>Docker compose (preferred)</summary>
[File example][docker-compose.yml]
```sh
wget 'https://dl.photoprism.app/docker/docker-compose.yml'
docker compose up -d
```
The installation example includes a pre-configured MariaDB database server.<br/>
SQLite database files will be created in the storage folder, should one remove it and provide no other database server
credentials.
| Volume | Description |
| ----------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `/photoprism/originals` | Contains one's original photo and video files |
| `/photoprism/storage` | Configuration, cache, thumbnail, and sidecar files.<br/>It **must** always be specified to avoid losing such files after restarts or upgrades.<br/>Never configure the storage folder to be inside the originals folder, unless the name starts with a `.` to indicate that it is hidden. |
| `/photoprism/import` | Optional folder from which files can be transferred to the `originals` folder in a structured way that avoids duplicates.<br/>Imported files receive a canonical filename and will be organized by year and month.<br/>Never configure the import folder to be inside the originals folder, as this will cause a loop by importing already indexed files. |
</details>
</details>
## Further readings
- [Self-hosting]
- [Website]
- [Github]
### Sources
- [Documentation]
<!--
Reference
═╬═Time══
-->
<!-- Knowledge base -->
[self-hosting]: self-hosting.md
<!-- Files -->
[docker-compose.yml]: /containers/photoprism/docker-compose.original.yml
<!-- Upstream -->
[documentation]: https://docs.photoprism.app/
[github]: https://github.com/photoprism/photoprism
[website]: https://www.photoprism.app/

45
knowledge base/self-hosting.md Normal file
View File

@@ -0,0 +1,45 @@
# Self-hosting
The _art_ of hosting and managing applications on one's own servers instead of consuming them from
[SaaSS][service as a software substitute] providers.
1. [Software](#software)
1. [Further readings](#further-readings)
1. [Sources](#sources)
## Software
| Name | Description | Alternatives |
| ---------------- | -------------------------- | --------------------------------- |
| [Baikal] | CalDAV and CardDAV server | [Radicale](https://radicale.org/) |
| [Gitea] | Git server | [Gitlab] |
| [Gitlab] | Git server | [Gitea] |
| [Home Assistant] | Home automation platform | |
| [NextCloud] | File sharing platform | [OwnCloud](https://owncloud.com/) |
| [Paperless-ngx] | Document management system | |
| [PhotoPrism] | Google Photos replacement | |
## Further readings
### Sources
- [awesome-selfhosted]<br/>
List of software network services and web applications which can be hosted privately.
<!--
Reference
═╬═Time══
-->
<!-- Knowledge base -->
[baikal]: baikal.md
[gitea]: gitea.md
[gitlab]: gitlab.md
[nextcloud]: nextcloud.md
[paperless-ngx]: paperless-ngx.md
[photoprism]: photoprism.md
<!-- Others -->
[awesome-selfhosted]: https://awesome-selfhosted.net/
[home assistant]: https://www.home-assistant.io/
[service as a software substitute]: https://www.gnu.org/philosophy/who-does-that-server-really-serve.html