2019-10-09 00:55:35 +02:00
|
|
|
{ config, pkgs, lib, ...}:
|
|
|
|
|
with lib;
|
|
|
|
|
let
|
|
|
|
|
cfg = config.services.seafile-server;
|
2020-11-30 02:21:10 +01:00
|
|
|
seafileConfigFile = pkgs.writeText "seafile.conf"
|
|
|
|
|
(generators.toINI {} cfg.seafileSettings);
|
2021-01-30 00:49:58 +01:00
|
|
|
ccnetConfigFile = pkgs.writeText "ccnet.conf"
|
|
|
|
|
(generators.toINI {} cfg.ccnetSettings);
|
2021-01-30 23:09:53 +01:00
|
|
|
gunicornConfigFile = pkgs.writeText "gunicorn.conf.py"
|
|
|
|
|
''
|
|
|
|
|
import os
|
|
|
|
|
daemon = True
|
|
|
|
|
workers = 5
|
|
|
|
|
# default localhost:8000
|
|
|
|
|
bind = "127.0.0.1:8000"
|
|
|
|
|
# Pid
|
|
|
|
|
pids_dir = '${cfg.storagePath}/pids'
|
|
|
|
|
pidfile = os.path.join(pids_dir, 'seahub.pid')
|
|
|
|
|
# for file upload, we need a longer timeout value (default is only 30s, too short)
|
|
|
|
|
timeout = 1200
|
|
|
|
|
limit_request_line = 8190
|
|
|
|
|
'';
|
2021-01-31 00:43:23 +01:00
|
|
|
seahubConfigFile = pkgs.writeText "seahub_settings.py"
|
|
|
|
|
''
|
|
|
|
|
SECRET_KEY = #seckey#
|
|
|
|
|
|
|
|
|
|
DATABASES = {
|
|
|
|
|
'default': {
|
|
|
|
|
'ENGINE': 'django.db.backends.${if cfg.db.type == "mysql" then
|
|
|
|
|
"mysql" else abort "invalid db type"}',
|
|
|
|
|
'NAME': '${cfg.db.dbnameSeahub}',
|
|
|
|
|
'USER': '${cfg.db.user}',
|
|
|
|
|
'PASSWORD': '#dbpass#',
|
|
|
|
|
'HOST': '${cfg.db.host}',
|
|
|
|
|
'PORT': '${toString cfg.db.port}'
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
'';
|
2019-10-09 00:55:35 +02:00
|
|
|
# fix permissions at start
|
|
|
|
|
in
|
|
|
|
|
{
|
|
|
|
|
options.services.seafile-server = {
|
|
|
|
|
enable = mkEnableOption "Seafile server";
|
|
|
|
|
storagePath = mkOption {
|
|
|
|
|
type = types.path;
|
|
|
|
|
default = "/srv/seafile";
|
|
|
|
|
description = "where to store uploaded file data";
|
|
|
|
|
};
|
2021-01-30 00:49:58 +01:00
|
|
|
ccnetSettings = mkOption {
|
|
|
|
|
type = with types; attrsOf (attrsOf (oneOf [ bool int str ]));
|
|
|
|
|
default = {};
|
|
|
|
|
description = ''
|
|
|
|
|
all possible ccnet.conf settings
|
|
|
|
|
'';
|
|
|
|
|
};
|
2020-11-30 02:21:10 +01:00
|
|
|
seafileSettings = mkOption {
|
|
|
|
|
type = with types; attrsOf (attrsOf (oneOf [ bool int str ]));
|
|
|
|
|
default = {};
|
|
|
|
|
description = ''
|
|
|
|
|
all possible seafile.conf settings
|
|
|
|
|
'';
|
|
|
|
|
};
|
2019-10-09 00:55:35 +02:00
|
|
|
autorun = mkOption {
|
|
|
|
|
type = types.bool;
|
|
|
|
|
default = true;
|
|
|
|
|
description = "enable the seafile-server service to get started automatically";
|
|
|
|
|
};
|
|
|
|
|
db = {
|
|
|
|
|
type = mkOption {
|
|
|
|
|
type = types.enum ["sqlite" "mysql"];
|
|
|
|
|
default = "sqlite";
|
|
|
|
|
description = "database backend type";
|
|
|
|
|
};
|
|
|
|
|
user = mkOption {
|
2019-10-17 14:45:07 +02:00
|
|
|
type = types.nullOr types.str;
|
2019-10-09 00:55:35 +02:00
|
|
|
default = "seafile";
|
|
|
|
|
description = "Database user name. Not required for sqlite.";
|
|
|
|
|
};
|
2020-12-22 12:17:03 +01:00
|
|
|
dbnameSeafile = mkOption {
|
2019-10-17 14:45:07 +02:00
|
|
|
type = types.nullOr types.str;
|
2019-10-09 00:55:35 +02:00
|
|
|
default = "seafile";
|
2020-12-22 12:17:03 +01:00
|
|
|
description = "Database name for Seafile server. Not required for sqlite.";
|
|
|
|
|
};
|
|
|
|
|
dbnameCcnet = mkOption {
|
|
|
|
|
type = types.nullOr types.str;
|
|
|
|
|
default = "seafile";
|
|
|
|
|
description = "Database name for Ccnet server. Not required for sqlite.";
|
|
|
|
|
};
|
|
|
|
|
dbnameSeahub = mkOption {
|
|
|
|
|
type = types.nullOr types.str;
|
|
|
|
|
default = "seafile";
|
|
|
|
|
description = "Database name for Seahub web interface. Not required for sqlite.";
|
2019-10-09 00:55:35 +02:00
|
|
|
};
|
2020-11-30 02:21:10 +01:00
|
|
|
passwordFile = mkOption {
|
2021-01-30 00:59:25 +01:00
|
|
|
type = types.nullOr types.str;
|
|
|
|
|
default = null;
|
|
|
|
|
description = ''
|
|
|
|
|
The full path to a file that contains the database password.
|
|
|
|
|
Not required for sqlite.
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
host = mkOption {
|
|
|
|
|
type = types.nullOr types.str;
|
|
|
|
|
default = "localhost";
|
|
|
|
|
description = "Database host.";
|
|
|
|
|
};
|
|
|
|
|
port = mkOption {
|
|
|
|
|
type = with types; nullOr (either int str);
|
|
|
|
|
default = 3306;
|
|
|
|
|
description = "Database port. Not required for sqlite.";
|
2019-10-09 00:55:35 +02:00
|
|
|
};
|
2021-01-30 00:59:25 +01:00
|
|
|
};
|
2019-10-09 00:55:35 +02:00
|
|
|
|
|
|
|
|
user = mkOption {
|
|
|
|
|
type = types.str;
|
|
|
|
|
default = "seafile";
|
|
|
|
|
description = "User account under which the Seafile server runs.";
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
group = mkOption {
|
|
|
|
|
type = types.str;
|
|
|
|
|
default = "seafile";
|
|
|
|
|
description = "Group account under which the Seafile server runs.";
|
|
|
|
|
};
|
|
|
|
|
|
2020-12-22 12:17:03 +01:00
|
|
|
name = mkOption {
|
|
|
|
|
type = types.str;
|
|
|
|
|
default = "Seafile";
|
|
|
|
|
description = "name of the Seafile instance, will show up in client and web interface";
|
|
|
|
|
};
|
2019-10-16 17:31:52 +02:00
|
|
|
|
2019-10-09 00:55:35 +02:00
|
|
|
domainName = mkOption {
|
|
|
|
|
type = types.str;
|
|
|
|
|
description = "full domain name of the seafile instance";
|
|
|
|
|
};
|
2019-10-16 17:31:52 +02:00
|
|
|
|
2019-12-30 02:58:53 +01:00
|
|
|
# ccnetPort = mkOption {
|
|
|
|
|
# type = types.int;
|
|
|
|
|
# default = 10001;
|
|
|
|
|
# description = "listening port for ccnet server";
|
|
|
|
|
# };
|
2019-10-16 17:31:52 +02:00
|
|
|
|
|
|
|
|
seafilePort = mkOption {
|
|
|
|
|
type = types.int;
|
|
|
|
|
default = 12001;
|
|
|
|
|
description = "listening port for Seafile server";
|
|
|
|
|
};
|
|
|
|
|
|
2019-10-17 14:45:07 +02:00
|
|
|
fileserverPort = mkOption {
|
|
|
|
|
type = types.int;
|
|
|
|
|
default = 8082;
|
|
|
|
|
description = "listening port for Seafile's fileserver component";
|
|
|
|
|
};
|
|
|
|
|
|
2019-10-16 17:31:52 +02:00
|
|
|
seahubPort = mkOption {
|
|
|
|
|
type = types.int;
|
|
|
|
|
default = 443;
|
|
|
|
|
description = "listening http port for Seahub web interface";
|
|
|
|
|
};
|
|
|
|
|
|
2019-10-16 23:30:00 +02:00
|
|
|
externalPort = mkOption {
|
|
|
|
|
type = types.int;
|
|
|
|
|
default = 443;
|
|
|
|
|
description = "external port under which Seahub is reachable from the outside. Possibly the external port of a reverse proxy like nginx.";
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
enableTLS = mkEnableOption {
|
|
|
|
|
default = true;
|
|
|
|
|
description = "whether to use TLS and HTTPS for communication";
|
|
|
|
|
};
|
|
|
|
|
|
2019-10-16 17:31:52 +02:00
|
|
|
openFirewall = mkEnableOption {
|
|
|
|
|
default = true;
|
|
|
|
|
description = "whether to open up the firewall ports for ccnet, seafile-server and seahub";
|
|
|
|
|
};
|
2019-10-17 14:45:07 +02:00
|
|
|
|
|
|
|
|
defaultQuota = mkOption {
|
|
|
|
|
type = types.nullOr types.int;
|
|
|
|
|
default = null;
|
|
|
|
|
description = "default quota to be set per user, in GB";
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
trashExpirationTime = mkOption {
|
|
|
|
|
type = types.int;
|
|
|
|
|
default = 30;
|
|
|
|
|
description = "default time for automatic library trash cleanup";
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
fileRevisionHistoryDays = mkOption {
|
|
|
|
|
type = types.nullOr types.int;
|
|
|
|
|
default = null;
|
|
|
|
|
description = "default history length of file revisions to keep in days. <literal>null</literal> means keeping all revisions.";
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
fileserverBindAddress = mkOption {
|
|
|
|
|
type = types.str;
|
|
|
|
|
default = "0.0.0.0";
|
|
|
|
|
description = "bind address for fileserver, binds to all addresses by default";
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
fileserverWorkers = mkOption {
|
|
|
|
|
type = types.int;
|
|
|
|
|
default = 10;
|
|
|
|
|
description = "number of worker threads to server http requests";
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
fileserverIndexers = mkOption {
|
|
|
|
|
type = types.int;
|
|
|
|
|
default = 1;
|
|
|
|
|
description = "number of threads used to sequentially divide uploaded files into blocks for storage";
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
fileserverBlockSize = mkOption {
|
|
|
|
|
type = types.int;
|
|
|
|
|
default = 1;
|
|
|
|
|
description = "size of blocks that uploaded files are divided into, in MB";
|
|
|
|
|
};
|
2019-10-09 00:55:35 +02:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
config = let
|
|
|
|
|
directoriesToManage = [ cfg.storagePath ];
|
|
|
|
|
in
|
2019-10-16 17:31:52 +02:00
|
|
|
mkIf cfg.enable {
|
2021-01-30 00:49:58 +01:00
|
|
|
services.seafile-server.ccnetSettings = {
|
|
|
|
|
# TODO: ID and NAME might be required
|
|
|
|
|
General.SERVICE_URL="http${if cfg.enableTLS then "s" else ""}://${cfg.domainName}:${toString cfg.externalPort}/";
|
|
|
|
|
Database = mkMerge [
|
|
|
|
|
{
|
|
|
|
|
ENGINE = cfg.db.type;
|
|
|
|
|
}
|
|
|
|
|
(mkIf (cfg.db.type == "mysql") {
|
|
|
|
|
HOST = cfg.db.host;
|
|
|
|
|
PORT = cfg.db.port;
|
|
|
|
|
USER = cfg.db.user;
|
|
|
|
|
CONNECTION_CHARSET = "utf8";
|
|
|
|
|
DB = cfg.db.dbnameCcnet;
|
|
|
|
|
password = "#dbpass#";
|
|
|
|
|
})
|
|
|
|
|
];
|
|
|
|
|
|
|
|
|
|
};
|
|
|
|
|
|
2020-11-30 02:21:10 +01:00
|
|
|
services.seafile-server.seafileSettings = {
|
|
|
|
|
library_trash.expire_days = cfg.trashExpirationTime;
|
|
|
|
|
fileserver = {
|
|
|
|
|
host = cfg.fileserverBindAddress;
|
|
|
|
|
port = cfg.fileserverPort;
|
|
|
|
|
worker_threads = cfg.fileserverWorkers;
|
|
|
|
|
max_indexing_threads = cfg.fileserverIndexers;
|
|
|
|
|
fixed_block_size = cfg.fileserverBlockSize;
|
|
|
|
|
};
|
|
|
|
|
quota = mkIf (! isNull cfg.defaultQuota) {
|
|
|
|
|
default = cfg.defaultQuota;
|
|
|
|
|
};
|
|
|
|
|
history = mkIf (! isNull cfg.fileRevisionHistoryDays) {
|
|
|
|
|
keep_days = cfg.fileRevisionHistoryDays;
|
|
|
|
|
};
|
|
|
|
|
database = mkMerge [
|
|
|
|
|
{
|
|
|
|
|
type = cfg.db.type;
|
|
|
|
|
}
|
|
|
|
|
# while just using the cfg.db set directly might be possible and
|
|
|
|
|
# save lines of code, I prefer hand-picking options
|
|
|
|
|
(mkIf (cfg.db.type == "mysql") {
|
|
|
|
|
host = cfg.db.host;
|
|
|
|
|
port = cfg.db.port;
|
|
|
|
|
user = cfg.db.user;
|
|
|
|
|
connection_charset = "utf8";
|
2021-01-30 00:49:58 +01:00
|
|
|
db_name = cfg.db.dbnameSeafile;
|
2020-11-30 02:21:10 +01:00
|
|
|
max_connections = 100;
|
|
|
|
|
password = "#dbpass#";
|
|
|
|
|
})
|
|
|
|
|
];
|
|
|
|
|
};
|
|
|
|
|
|
2019-10-15 20:09:37 +02:00
|
|
|
systemd = {
|
|
|
|
|
# state directory permissions managed by systemd
|
|
|
|
|
tmpfiles.rules = [
|
|
|
|
|
"d ${cfg.storagePath} 0750 ${cfg.user} ${cfg.group} -"
|
2021-01-30 00:49:58 +01:00
|
|
|
"d ${cfg.storagePath}/conf 0700 ${cfg.user} ${cfg.group} -"
|
2021-01-30 23:09:53 +01:00
|
|
|
"d ${cfg.storagePath}/pids 0710 ${cfg.user} ${cfg.group} -"
|
2019-10-15 20:09:37 +02:00
|
|
|
];
|
|
|
|
|
services.seafile-server = {
|
2019-10-09 00:55:35 +02:00
|
|
|
|
2020-11-27 22:26:09 +01:00
|
|
|
path = with pkgs; [ seafile-server.seafile-server-core ];
|
2019-10-15 20:09:37 +02:00
|
|
|
script = ''
|
2019-10-16 17:31:52 +02:00
|
|
|
./seafile-server/seafile-server-latest/bin/seafile-admin start
|
2019-10-15 20:09:37 +02:00
|
|
|
'';
|
2019-10-09 00:55:35 +02:00
|
|
|
serviceConfig = {
|
2019-10-15 20:09:37 +02:00
|
|
|
ExecStartPre = [
|
|
|
|
|
("+${pkgs.writeScript "seafile-server-preStart-privileged" ''
|
|
|
|
|
#!${pkgs.runtimeShell}
|
|
|
|
|
# stuff run as root
|
|
|
|
|
''}")
|
|
|
|
|
("${pkgs.writeShellScript "seafile-server-preStart-unprivileged" ''
|
|
|
|
|
# stuff run as seafile user
|
2021-01-30 00:49:58 +01:00
|
|
|
set -ex
|
2019-10-16 23:30:00 +02:00
|
|
|
|
2019-10-17 14:45:07 +02:00
|
|
|
# seafile.conf generation
|
|
|
|
|
|
2021-01-30 00:49:58 +01:00
|
|
|
# move config templates from nix store
|
|
|
|
|
cp ${ccnetConfigFile} ./conf/ccnet.conf
|
2020-11-30 02:21:10 +01:00
|
|
|
cp ${seafileConfigFile} ./conf/seafile.conf
|
2021-01-30 23:09:53 +01:00
|
|
|
cp ${gunicornConfigFile} ./conf/gunicorn.conf.py
|
2021-01-31 00:43:23 +01:00
|
|
|
cp ${seahubConfigFile} ./conf/seahub_settings.py
|
|
|
|
|
|
|
|
|
|
# seahub secret key
|
|
|
|
|
if [ ! -e .seahubSecret ]; then
|
|
|
|
|
${pkgs.seafile-server.pythonEnv}/bin/python ${pkgs.seafile-server}/seahub/tools/secret_key_generator.py > .seahubSecret
|
|
|
|
|
chmod 400 .seahubSecret
|
|
|
|
|
fi
|
|
|
|
|
SEAHUB_SECRET="$(head -n1 .seahubSecret)"
|
|
|
|
|
# TODO: check for special characters needing to be escaped
|
|
|
|
|
sed -e "s,#seckey#,$SEAHUB_SECRET,g" -i ./conf/seahub_settings.py
|
|
|
|
|
|
2020-11-30 02:21:10 +01:00
|
|
|
# replace placeholder secrets with real secret read from file
|
2021-01-30 23:09:53 +01:00
|
|
|
#TODO: unset -x to prevent DBPASS from being leaked in journal
|
2021-01-30 00:49:58 +01:00
|
|
|
${if !(isNull cfg.db.passwordFile) then ''
|
2020-11-30 02:21:10 +01:00
|
|
|
DBPASS="$(head -n1 ${toString cfg.db.passwordFile})"
|
2021-01-31 00:43:23 +01:00
|
|
|
sed -e "s,#dbpass#,$DBPASS,g" -i ./conf/seafile.conf ./conf/ccnet.conf ./conf/seahub_settings.py
|
2020-11-30 02:21:10 +01:00
|
|
|
''
|
|
|
|
|
else ""
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2021-01-30 00:49:58 +01:00
|
|
|
# initialise db and other things needed at first run
|
|
|
|
|
if [ -e .initialised ]; then
|
|
|
|
|
#TODO: db initialisation
|
|
|
|
|
|
|
|
|
|
touch .initialised
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
ln -nsf ${pkgs.seafile-server} seafile-server
|
|
|
|
|
|
|
|
|
|
# for determining update version mismatches
|
|
|
|
|
cp ${pkgs.seafile-server}/installed_version .
|
2019-10-15 20:09:37 +02:00
|
|
|
''}")
|
|
|
|
|
];
|
2019-10-09 00:55:35 +02:00
|
|
|
User = cfg.user;
|
|
|
|
|
Group = cfg.group;
|
|
|
|
|
Type = "oneshot";
|
|
|
|
|
WorkingDirectory = cfg.storagePath;
|
|
|
|
|
};
|
|
|
|
|
enable = cfg.autorun;
|
|
|
|
|
wantedBy = [ "multi-user.target" ];
|
|
|
|
|
};
|
2019-10-15 20:09:37 +02:00
|
|
|
};
|
2019-10-09 00:55:35 +02:00
|
|
|
|
|
|
|
|
users.users.${cfg.user} = {
|
2019-10-15 20:09:37 +02:00
|
|
|
home = "${cfg.storagePath}/home";
|
2019-10-09 00:55:35 +02:00
|
|
|
group = cfg.group;
|
2019-10-15 20:09:37 +02:00
|
|
|
# don't make NixOS create the home directory as otherwise the permissions for /srv might be 0700,
|
|
|
|
|
# making it impossible to cd into the storagePath
|
|
|
|
|
createHome = false;
|
2019-10-09 00:55:35 +02:00
|
|
|
isNormalUser = false;
|
|
|
|
|
};
|
|
|
|
|
users.groups.${cfg.group}.members = [ cfg.user ];
|
2019-10-16 17:31:52 +02:00
|
|
|
|
2019-12-30 02:58:53 +01:00
|
|
|
# ToDo: make sure ccnet is reachable
|
|
|
|
|
networking.firewall.allowedTCPPorts = with cfg; if openFirewall then [ seafilePort fileserverPort ] else [];
|
2019-10-09 00:55:35 +02:00
|
|
|
};
|
|
|
|
|
}
|
