diff --git a/ansible_playbooks/vars/nomad_vars.sample.yml b/ansible_playbooks/vars/nomad_vars.sample.yml index 485e954..cbc8b70 100644 --- a/ansible_playbooks/vars/nomad_vars.sample.yml +++ b/ansible_playbooks/vars/nomad_vars.sample.yml @@ -116,6 +116,7 @@ nomad/jobs/photoprism: db_name: VALUE db_pass: VALUE db_user: VALUE + oidc_secret: VALUE nomad/jobs/postgres-server: superuser: VALUE superuser_pass: VALUE diff --git a/services/photoprism.tf b/services/photoprism.tf index f425092..2131ad7 100644 --- a/services/photoprism.tf +++ b/services/photoprism.tf @@ -2,7 +2,7 @@ module "photoprism_module" { source = "./service" name = "photoprism" - image = "photoprism/photoprism:240531" + image = "photoprism/photoprism:240711" image_pull_timeout = "10m" # constraints = [{ # attribute = "$${meta.hw_transcode.type}" @@ -37,9 +37,6 @@ module "photoprism_module" { ingress = true service_port = 2342 use_wesher = var.use_wesher - ingress_middlewares = [ - "authelia@nomad" - ] mysql_bootstrap = { enabled = true @@ -47,8 +44,6 @@ module "photoprism_module" { env = { PHOTOPRISM_DEBUG = true - # Make public since we added Authelia at the proxy level - PHOTOPRISM_AUTH_MODE = "public" # UI PHOTOPRISM_SITE_CAPTION = "AI-Powered Photos App" PHOTOPRISM_SITE_DESCRIPTION = "Fijolek home photos" @@ -66,6 +61,12 @@ module "photoprism_module" { PHOTOPRISM_UID = 500 PHOTOPRISM_GID = 100 PHOTOPRISM_UMASK = 0000 + # OIDC + PHOTOPRISM_OIDC_URI = "https://authelia.thefij.rocks" + PHOTOPRISM_OIDC_PROVIDER = "Authelia" + PHOTOPRISM_OIDC_REGISTER = true + PHOTOPRISM_OIDC_REDIRECT = false + PHOTOPRISM_OIDC_SCOPES = "openid email profile" } templates = [ @@ -79,6 +80,8 @@ module "photoprism_module" { PHOTOPRISM_DATABASE_USER={{ .db_user }} PHOTOPRISM_DATABASE_PASSWORD={{ .db_pass }} PHOTOPRISM_DATABASE_SERVER=127.0.0.1:3306 + PHOTOPRISM_OIDC_CLIENT=photoprism + PHOTOPRISM_OIDC_SECRET={{ .oidc_secret }} {{- end }} {{ if eq (env "meta.hw_transcode.type") "raspberry" -}} PHOTOPRISM_FFMPEG_ENCODER=raspberry