From 56f5b1e87af5554b249e5958b745d619de9f7925 Mon Sep 17 00:00:00 2001 From: Michele Cereda Date: Sun, 26 May 2024 18:45:12 +0200 Subject: [PATCH] chore(self-hosting): include photoprism and a generic article --- .vscode/settings.json | 1 + .../photoprism/docker-compose.original.yml | 153 ++++++++++++++++++ knowledge base/acronyms and abbreviations.md | 4 +- knowledge base/baikal.md | 10 +- knowledge base/caldav.md | 3 +- knowledge base/carddav.md | 3 +- knowledge base/gitea.md | 5 +- knowledge base/gitlab.md | 2 + knowledge base/nextcloud.md | 4 + knowledge base/photoprism.md | 61 +++++++ knowledge base/self-hosting.md | 45 ++++++ 11 files changed, 279 insertions(+), 12 deletions(-) create mode 100644 containers/photoprism/docker-compose.original.yml create mode 100644 knowledge base/photoprism.md create mode 100644 knowledge base/self-hosting.md diff --git a/.vscode/settings.json b/.vscode/settings.json index f2d5584..5ca1338 100644 --- a/.vscode/settings.json +++ b/.vscode/settings.json @@ -218,6 +218,7 @@ "pandoc", "passwordless", "pebcak", + "photoprism", "pihole", "pinentry", "pipx", diff --git a/containers/photoprism/docker-compose.original.yml b/containers/photoprism/docker-compose.original.yml new file mode 100644 index 0000000..e557554 --- /dev/null +++ b/containers/photoprism/docker-compose.original.yml @@ -0,0 +1,153 @@ +--- +# Example Docker Compose config file for PhotoPrism (Linux / AMD64) +# +# Note: +# - Running PhotoPrism on a server with less than 4 GB of swap space or setting a memory/swap limit can cause unexpected +# restarts ("crashes"), for example, when the indexer temporarily needs more memory to process large files. +# - If you install PhotoPrism on a public server outside your home network, please always run it behind a secure +# HTTPS reverse proxy such as Traefik or Caddy. Your files and passwords will otherwise be transmitted +# in clear text and can be intercepted by anyone, including your provider, hackers, and governments: +# https://docs.photoprism.app/getting-started/proxies/traefik/ +# +# Setup Guides: +# - https://docs.photoprism.app/getting-started/docker-compose/ +# - https://docs.photoprism.app/getting-started/raspberry-pi/ +# - https://www.photoprism.app/kb/activation +# +# Troubleshooting Checklists: +# - https://docs.photoprism.app/getting-started/troubleshooting/ +# - https://docs.photoprism.app/getting-started/troubleshooting/docker/ +# - https://docs.photoprism.app/getting-started/troubleshooting/mariadb/ +# +# CLI Commands: +# - https://docs.photoprism.app/getting-started/docker-compose/#command-line-interface +# +# All commands may have to be prefixed with "sudo" when not running as root. +# This will point the home directory shortcut ~ to /root in volume mounts. + +services: + photoprism: + ## Use photoprism/photoprism:preview for testing preview builds: + image: photoprism/photoprism:latest + ## Don't enable automatic restarts until PhotoPrism has been properly configured and tested! + ## If the service gets stuck in a restart loop, this points to a memory, filesystem, network, or database issue: + ## https://docs.photoprism.app/getting-started/troubleshooting/#fatal-server-errors + # restart: unless-stopped + stop_grace_period: 10s + depends_on: + - mariadb + security_opt: + - seccomp:unconfined + - apparmor:unconfined + ## Server port mapping in the format "Host:Container". To use a different port, change the host port on + ## the left-hand side and keep the container port, e.g. "80:2342" (for HTTP) or "443:2342 (for HTTPS): + ports: + - "2342:2342" + ## Before you start the service, please check the following config options (and change them as needed): + ## https://docs.photoprism.app/getting-started/config-options/ + environment: + PHOTOPRISM_ADMIN_USER: "admin" # admin login username + PHOTOPRISM_ADMIN_PASSWORD: "insecure" # initial admin password (8-72 characters) + PHOTOPRISM_AUTH_MODE: "password" # authentication mode (public, password) + PHOTOPRISM_SITE_URL: "http://localhost:2342/" # server URL in the format "http(s)://domain.name(:port)/(path)" + PHOTOPRISM_DISABLE_TLS: "false" # disables HTTPS/TLS even if the site URL starts with https:// and a certificate is available + PHOTOPRISM_DEFAULT_TLS: "true" # defaults to a self-signed HTTPS/TLS certificate if no other certificate is available + PHOTOPRISM_ORIGINALS_LIMIT: 5000 # file size limit for originals in MB (increase for high-res video) + PHOTOPRISM_HTTP_COMPRESSION: "gzip" # improves transfer speed and bandwidth utilization (none or gzip) + PHOTOPRISM_LOG_LEVEL: "info" # log level: trace, debug, info, warning, error, fatal, or panic + PHOTOPRISM_READONLY: "false" # do not modify originals directory (reduced functionality) + PHOTOPRISM_EXPERIMENTAL: "false" # enables experimental features + PHOTOPRISM_DISABLE_CHOWN: "false" # disables updating storage permissions via chmod and chown on startup + PHOTOPRISM_DISABLE_WEBDAV: "false" # disables built-in WebDAV server + PHOTOPRISM_DISABLE_SETTINGS: "false" # disables settings UI and API + PHOTOPRISM_DISABLE_TENSORFLOW: "false" # disables all features depending on TensorFlow + PHOTOPRISM_DISABLE_FACES: "false" # disables face detection and recognition (requires TensorFlow) + PHOTOPRISM_DISABLE_CLASSIFICATION: "false" # disables image classification (requires TensorFlow) + PHOTOPRISM_DISABLE_VECTORS: "false" # disables vector graphics support + PHOTOPRISM_DISABLE_RAW: "false" # disables indexing and conversion of RAW images + PHOTOPRISM_RAW_PRESETS: "false" # enables applying user presets when converting RAW images (reduces performance) + PHOTOPRISM_SIDECAR_YAML: "true" # creates YAML sidecar files to back up picture metadata + PHOTOPRISM_BACKUP_ALBUMS: "true" # creates YAML files to back up album metadata + PHOTOPRISM_BACKUP_DATABASE: "true" # creates regular backups based on the configured schedule + PHOTOPRISM_BACKUP_SCHEDULE: "daily" # backup SCHEDULE in cron format (e.g. "0 12 * * *" for daily at noon) or at a random time (daily, weekly) + PHOTOPRISM_INDEX_SCHEDULE: "" # indexing SCHEDULE in cron format (e.g. "@every 3h" for every 3 hours; "" to disable) + PHOTOPRISM_AUTO_INDEX: 120 # delay before automatically indexing files in SECONDS when uploading via WebDAV (-1 to disable) + PHOTOPRISM_AUTO_IMPORT: 150 # delay before automatically importing files in SECONDS when uploading via WebDAV (-1 to disable) + PHOTOPRISM_DETECT_NSFW: "false" # automatically flags photos as private that MAY be offensive (requires TensorFlow) + PHOTOPRISM_UPLOAD_NSFW: "true" # allows uploads that MAY be offensive (no effect without TensorFlow) + # PHOTOPRISM_DATABASE_DRIVER: "sqlite" # SQLite is an embedded database that doesn't require a server + PHOTOPRISM_DATABASE_DRIVER: "mysql" # use MariaDB 10.5+ or MySQL 8+ instead of SQLite for improved performance + PHOTOPRISM_DATABASE_SERVER: "mariadb:3306" # MariaDB or MySQL database server (hostname:port) + PHOTOPRISM_DATABASE_NAME: "photoprism" # MariaDB or MySQL database schema name + PHOTOPRISM_DATABASE_USER: "photoprism" # MariaDB or MySQL database user name + PHOTOPRISM_DATABASE_PASSWORD: "insecure" # MariaDB or MySQL database user password + PHOTOPRISM_SITE_CAPTION: "AI-Powered Photos App" + PHOTOPRISM_SITE_DESCRIPTION: "" # meta site description + PHOTOPRISM_SITE_AUTHOR: "" # meta site author + ## Video Transcoding (https://docs.photoprism.app/getting-started/advanced/transcoding/): + # PHOTOPRISM_FFMPEG_ENCODER: "software" # H.264/AVC encoder (software, intel, nvidia, apple, raspberry, or vaapi) + # PHOTOPRISM_FFMPEG_SIZE: "1920" # video size limit in pixels (720-7680) (default: 3840) + # PHOTOPRISM_FFMPEG_BITRATE: "32" # video bitrate limit in Mbit/s (default: 50) + ## Run/install on first startup (options: update https gpu tensorflow davfs clitools clean): + # PHOTOPRISM_INIT: "https gpu tensorflow" + ## Run as a non-root user after initialization (supported: 0, 33, 50-99, 500-600, and 900-1200): + # PHOTOPRISM_UID: 1000 + # PHOTOPRISM_GID: 1000 + # PHOTOPRISM_UMASK: 0000 + ## Start as non-root user before initialization (supported: 0, 33, 50-99, 500-600, and 900-1200): + # user: "1000:1000" + ## Share hardware devices with FFmpeg and TensorFlow (optional): + # devices: + # - "/dev/dri:/dev/dri" # Intel QSV + # - "/dev/nvidia0:/dev/nvidia0" # Nvidia CUDA + # - "/dev/nvidiactl:/dev/nvidiactl" + # - "/dev/nvidia-modeset:/dev/nvidia-modeset" + # - "/dev/nvidia-nvswitchctl:/dev/nvidia-nvswitchctl" + # - "/dev/nvidia-uvm:/dev/nvidia-uvm" + # - "/dev/nvidia-uvm-tools:/dev/nvidia-uvm-tools" + # - "/dev/video11:/dev/video11" # Video4Linux Video Encode Device (h264_v4l2m2m) + working_dir: "/photoprism" # do not change or remove + ## Storage Folders: "~" is a shortcut for your home directory, "." for the current directory + volumes: + # "/host/folder:/photoprism/folder" # Example + - "~/Pictures:/photoprism/originals" # Original media files (DO NOT REMOVE) + # - "/example/family:/photoprism/originals/family" # *Additional* media folders can be mounted like this + # - "~/Import:/photoprism/import" # *Optional* base folder from which files can be imported to originals + - "./storage:/photoprism/storage" # *Writable* storage folder for cache, database, and sidecar files (DO NOT REMOVE) + + ## MariaDB Database Server (recommended) + ## see https://docs.photoprism.app/getting-started/faq/#should-i-use-sqlite-mariadb-or-mysql + mariadb: + image: mariadb:11 + ## If MariaDB gets stuck in a restart loop, this points to a memory or filesystem issue: + ## https://docs.photoprism.app/getting-started/troubleshooting/#fatal-server-errors + restart: unless-stopped + stop_grace_period: 5s + security_opt: # see https://github.com/MariaDB/mariadb-docker/issues/434#issuecomment-1136151239 + - seccomp:unconfined + - apparmor:unconfined + command: --innodb-buffer-pool-size=512M --transaction-isolation=READ-COMMITTED --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci --max-connections=512 --innodb-rollback-on-timeout=OFF --innodb-lock-wait-timeout=120 + ## Never store database files on an unreliable device such as a USB flash drive, an SD card, or a shared network folder: + volumes: + - "./database:/var/lib/mysql" # DO NOT REMOVE + environment: + MARIADB_AUTO_UPGRADE: "1" + MARIADB_INITDB_SKIP_TZINFO: "1" + MARIADB_DATABASE: "photoprism" + MARIADB_USER: "photoprism" + MARIADB_PASSWORD: "insecure" + MARIADB_ROOT_PASSWORD: "insecure" + + ## Watchtower upgrades services automatically (optional) + ## see https://docs.photoprism.app/getting-started/updates/#watchtower + ## activate via "COMPOSE_PROFILES=update docker compose up -d" + watchtower: + restart: unless-stopped + image: containrrr/watchtower + profiles: ["update"] + environment: + WATCHTOWER_CLEANUP: "true" + WATCHTOWER_POLL_INTERVAL: 7200 # checks for updates every two hours + volumes: + - "/var/run/docker.sock:/var/run/docker.sock" + - "~/.docker/config.json:/config.json" # optional, for authentication if you have a Docker Hub account diff --git a/knowledge base/acronyms and abbreviations.md b/knowledge base/acronyms and abbreviations.md index e2f6e59..e1a4e8a 100644 --- a/knowledge base/acronyms and abbreviations.md +++ b/knowledge base/acronyms and abbreviations.md @@ -2,9 +2,9 @@ | Acronym | Expansion | Description | | ------- | ------------------------------------------------------ | --------------------------------------------------------------------------------------------------- | -| ACME | [Automatic Certificate Management Environment] | Protocol to automate the issuance and renewal of certificates without human interaction | | ACK | ACKnowledgement | | | ACL | [Access Control List][acl] | | +| ACME | [Automatic Certificate Management Environment] | Protocol to automate the issuance and renewal of certificates without human interaction | | AD | Active Directory | | | ADR | [Architectural Decision Record][adr] | | | APK | Alpine Package Keeper | Package manager used by Alpine Linux | @@ -76,6 +76,7 @@ | ROM | Read-Only Memory | | | RPM | Revolutions Per Minute | | | RPM | RPM Package Manager | Package management system used by Linux distributions like Red Hat, (open)SuSE and Fedora | +| SaaSS | [Service as a Software Substitute] | Using a service as a substitute for running a copy of a program. | | SAFE | Scaled Agile FramEwork | | | SBOM | Software Bill Of Materials | See [SBOM at a Glance] | | SIEM | [Security Information and Event Management)][siem] | | @@ -148,4 +149,5 @@ [continuous delivery]: https://en.wikipedia.org/wiki/Continuous_delivery [kiss principle is not that simple]: https://artero.dev/posts/kiss-principle-is-not-that-simple/ [sbom at a glance]: https://www.ntia.gov/sites/default/files/publications/sbom_at_a_glance_apr2021_0.pdf +[service as a software substitute]: https://www.gnu.org/philosophy/who-does-that-server-really-serve.html [what is openid connect]: https://openid.net/developers/how-connect-works/ diff --git a/knowledge base/baikal.md b/knowledge base/baikal.md index b049ef9..e354e39 100644 --- a/knowledge base/baikal.md +++ b/knowledge base/baikal.md @@ -1,9 +1,4 @@ -# Title - -Intro - - +# Baikal 1. [TL;DR](#tldr) 1. [Further readings](#further-readings) @@ -35,6 +30,7 @@ docker run --rm -p '80:80' 'ckulka/baikal:nginx' - [Website] - [Github] +- [Self-hosting] ### Sources @@ -47,6 +43,8 @@ docker run --rm -p '80:80' 'ckulka/baikal:nginx' +[self-hosting]: self-hosting.md + [github]: https://github.com/sabre-io/Baikal diff --git a/knowledge base/caldav.md b/knowledge base/caldav.md index 744e10c..bc2be29 100644 --- a/knowledge base/caldav.md +++ b/knowledge base/caldav.md @@ -10,7 +10,7 @@ Implementations: - [Radicale](https://radicale.org/) -- [Baikal](https://github.com/sabre-io/Baikal) +- [Baikal] +[baikal]: baikal.md [carddav]: carddav.md [webdav]: webdav.md diff --git a/knowledge base/carddav.md b/knowledge base/carddav.md index 24b9477..d3cedaf 100644 --- a/knowledge base/carddav.md +++ b/knowledge base/carddav.md @@ -14,7 +14,7 @@ the form of [vCard]s. Implementations: - [Radicale](https://radicale.org/) -- [Baikal](https://github.com/sabre-io/Baikal) +- [Baikal] +[baikal]: baikal.md [caldav]: caldav.md [vcard]: vcard.md [webdav]: webdav.md diff --git a/knowledge base/gitea.md b/knowledge base/gitea.md index 2247e75..ba2eb97 100644 --- a/knowledge base/gitea.md +++ b/knowledge base/gitea.md @@ -102,6 +102,7 @@ When using Docker, make sure this port is published. ## Further readings +- [Self-hosting] - [Website] - [Compose file] - [Git] @@ -120,8 +121,8 @@ Alternatives: ═╬═Time══ --> - +[self-hosting]: self-hosting.md [git]: git.md [gitlab]: gitlab.md @@ -132,5 +133,3 @@ Alternatives: [configuration cheat sheet]: https://docs.gitea.com/administration/config-cheat-sheet [https setup to encrypt connections to gitea]: https://docs.gitea.com/administration/https-setup [website]: https://about.gitea.com/ - - diff --git a/knowledge base/gitlab.md b/knowledge base/gitlab.md index 87efa3c..da0ee64 100644 --- a/knowledge base/gitlab.md +++ b/knowledge base/gitlab.md @@ -660,6 +660,7 @@ Solution: set the correct ownership with ## Further readings +- [Self-hosting] - Gitlab's helm [chart] - Gitlab's helm [chart]'s [global settings] - [Command-line options] @@ -714,6 +715,7 @@ Solution: set the correct ownership with [buildah]: buildah.md [kaniko]: kubernetes/kaniko.placeholder +[self-hosting]: self-hosting.md diff --git a/knowledge base/nextcloud.md b/knowledge base/nextcloud.md index d61acef..6d53634 100644 --- a/knowledge base/nextcloud.md +++ b/knowledge base/nextcloud.md @@ -90,6 +90,7 @@ To configure Nextcloud from `snap`: ## Further readings - [Website] +- [Self-hosting] - The docker version's [README][docker readme] - The snap version's [README][snap readme] - [How to install and configure Nextcloud on Ubuntu 18.04] @@ -109,6 +110,9 @@ Providers: ═╬═Time══ --> + +[self-hosting]: self-hosting.md + [how to check if redis is used in nc]: https://help.nextcloud.com/t/how-to-check-if-redis-is-used-in-nc/22268/2 [docker image]: https://hub.docker.com/_/nextcloud/ diff --git a/knowledge base/photoprism.md b/knowledge base/photoprism.md new file mode 100644 index 0000000..458317d --- /dev/null +++ b/knowledge base/photoprism.md @@ -0,0 +1,61 @@ +# PhotoPrism + +Photos app for the decentralized web. + +1. [TL;DR](#tldr) +1. [Further readings](#further-readings) + 1. [Sources](#sources) + +## TL;DR + +
+ Installation and configuration + +
+ Docker compose (preferred) + +[File example][docker-compose.yml] + +```sh +wget 'https://dl.photoprism.app/docker/docker-compose.yml' +docker compose up -d +``` + +The installation example includes a pre-configured MariaDB database server.
+SQLite database files will be created in the storage folder, should one remove it and provide no other database server +credentials. + +| Volume | Description | +| ----------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| `/photoprism/originals` | Contains one's original photo and video files | +| `/photoprism/storage` | Configuration, cache, thumbnail, and sidecar files.
It **must** always be specified to avoid losing such files after restarts or upgrades.
Never configure the storage folder to be inside the originals folder, unless the name starts with a `.` to indicate that it is hidden. | +| `/photoprism/import` | Optional folder from which files can be transferred to the `originals` folder in a structured way that avoids duplicates.
Imported files receive a canonical filename and will be organized by year and month.
Never configure the import folder to be inside the originals folder, as this will cause a loop by importing already indexed files. | + +
+
+ +## Further readings + +- [Self-hosting] +- [Website] +- [Github] + +### Sources + +- [Documentation] + + + + +[self-hosting]: self-hosting.md + + +[docker-compose.yml]: /containers/photoprism/docker-compose.original.yml + + +[documentation]: https://docs.photoprism.app/ +[github]: https://github.com/photoprism/photoprism +[website]: https://www.photoprism.app/ diff --git a/knowledge base/self-hosting.md b/knowledge base/self-hosting.md new file mode 100644 index 0000000..d4d58e4 --- /dev/null +++ b/knowledge base/self-hosting.md @@ -0,0 +1,45 @@ +# Self-hosting + +The _art_ of hosting and managing applications on one's own servers instead of consuming them from +[SaaSS][service as a software substitute] providers. + +1. [Software](#software) +1. [Further readings](#further-readings) + 1. [Sources](#sources) + +## Software + +| Name | Description | Alternatives | +| ---------------- | -------------------------- | --------------------------------- | +| [Baikal] | CalDAV and CardDAV server | [Radicale](https://radicale.org/) | +| [Gitea] | Git server | [Gitlab] | +| [Gitlab] | Git server | [Gitea] | +| [Home Assistant] | Home automation platform | | +| [NextCloud] | File sharing platform | [OwnCloud](https://owncloud.com/) | +| [Paperless-ngx] | Document management system | | +| [PhotoPrism] | Google Photos replacement | | + +## Further readings + +### Sources + +- [awesome-selfhosted]
+ List of software network services and web applications which can be hosted privately. + + + + +[baikal]: baikal.md +[gitea]: gitea.md +[gitlab]: gitlab.md +[nextcloud]: nextcloud.md +[paperless-ngx]: paperless-ngx.md +[photoprism]: photoprism.md + + +[awesome-selfhosted]: https://awesome-selfhosted.net/ +[home assistant]: https://www.home-assistant.io/ +[service as a software substitute]: https://www.gnu.org/philosophy/who-does-that-server-really-serve.html