Add oidc to photoprism

ansible_playbooks/vars/nomad_vars.sample.yml

@@ -116,6 +116,7 @@ nomad/jobs/photoprism:
   db_name: VALUE
   db_pass: VALUE
   db_user: VALUE
+  oidc_secret: VALUE
 nomad/jobs/postgres-server:
   superuser: VALUE
   superuser_pass: VALUE

services/photoprism.tf

@@ -2,7 +2,7 @@ module "photoprism_module" {
   source = "./service"
 
   name               = "photoprism"
-  image              = "photoprism/photoprism:240531"
+  image              = "photoprism/photoprism:240711"
   image_pull_timeout = "10m"
   # constraints = [{
   #   attribute = "$${meta.hw_transcode.type}"
@@ -37,9 +37,6 @@ module "photoprism_module" {
   ingress      = true
   service_port = 2342
   use_wesher   = var.use_wesher
-  ingress_middlewares = [
-    "authelia@nomad"
-  ]
 
   mysql_bootstrap = {
     enabled = true
@@ -47,8 +44,6 @@ module "photoprism_module" {
 
   env = {
     PHOTOPRISM_DEBUG = true
-    # Make public since we added Authelia at the proxy level
-    PHOTOPRISM_AUTH_MODE = "public"
     # UI
     PHOTOPRISM_SITE_CAPTION     = "AI-Powered Photos App"
     PHOTOPRISM_SITE_DESCRIPTION = "Fijolek home photos"
@@ -66,6 +61,12 @@ module "photoprism_module" {
     PHOTOPRISM_UID   = 500
     PHOTOPRISM_GID   = 100
     PHOTOPRISM_UMASK = 0000
+    # OIDC
+    PHOTOPRISM_OIDC_URI      = "https://authelia.thefij.rocks"
+    PHOTOPRISM_OIDC_PROVIDER = "Authelia"
+    PHOTOPRISM_OIDC_REGISTER = true
+    PHOTOPRISM_OIDC_REDIRECT = false
+    PHOTOPRISM_OIDC_SCOPES   = "openid email profile"
   }
 
   templates = [
@@ -79,6 +80,8 @@ module "photoprism_module" {
       PHOTOPRISM_DATABASE_USER={{ .db_user }}
       PHOTOPRISM_DATABASE_PASSWORD={{ .db_pass }}
       PHOTOPRISM_DATABASE_SERVER=127.0.0.1:3306
+      PHOTOPRISM_OIDC_CLIENT=photoprism
+      PHOTOPRISM_OIDC_SECRET={{ .oidc_secret }}
       {{- end }}
       {{ if eq (env "meta.hw_transcode.type") "raspberry" -}}
       PHOTOPRISM_FFMPEG_ENCODER=raspberry