diff --git a/mod-seafile-server.nix b/mod-seafile-server.nix index 18b274e..afed153 100644 --- a/mod-seafile-server.nix +++ b/mod-seafile-server.nix @@ -4,6 +4,8 @@ let cfg = config.services.seafile-server; seafileConfigFile = pkgs.writeText "seafile.conf" (generators.toINI {} cfg.seafileSettings); + ccnetConfigFile = pkgs.writeText "ccnet.conf" + (generators.toINI {} cfg.ccnetSettings); # fix permissions at start in { @@ -14,6 +16,13 @@ in default = "/srv/seafile"; description = "where to store uploaded file data"; }; + ccnetSettings = mkOption { + type = with types; attrsOf (attrsOf (oneOf [ bool int str ])); + default = {}; + description = '' + all possible ccnet.conf settings + ''; + }; seafileSettings = mkOption { type = with types; attrsOf (attrsOf (oneOf [ bool int str ])); default = {}; @@ -183,6 +192,25 @@ in directoriesToManage = [ cfg.storagePath ]; in mkIf cfg.enable { + services.seafile-server.ccnetSettings = { + # TODO: ID and NAME might be required + General.SERVICE_URL="http${if cfg.enableTLS then "s" else ""}://${cfg.domainName}:${toString cfg.externalPort}/"; + Database = mkMerge [ + { + ENGINE = cfg.db.type; + } + (mkIf (cfg.db.type == "mysql") { + HOST = cfg.db.host; + PORT = cfg.db.port; + USER = cfg.db.user; + CONNECTION_CHARSET = "utf8"; + DB = cfg.db.dbnameCcnet; + password = "#dbpass#"; + }) + ]; + + }; + services.seafile-server.seafileSettings = { library_trash.expire_days = cfg.trashExpirationTime; fileserver = { @@ -209,7 +237,7 @@ in port = cfg.db.port; user = cfg.db.user; connection_charset = "utf8"; - db_name = cfg.db.dbname; + db_name = cfg.db.dbnameSeafile; max_connections = 100; password = "#dbpass#"; }) @@ -220,7 +248,7 @@ in # state directory permissions managed by systemd tmpfiles.rules = [ "d ${cfg.storagePath} 0750 ${cfg.user} ${cfg.group} -" - "d ${cfg.storagePath}/conf 0750 ${cfg.user} ${cfg.group} -" + "d ${cfg.storagePath}/conf 0700 ${cfg.user} ${cfg.group} -" "d ${cfg.storagePath}/home 0710 ${cfg.user} ${cfg.group} -" ]; services.seafile-server = { @@ -237,38 +265,39 @@ in ''}") ("${pkgs.writeShellScript "seafile-server-preStart-unprivileged" '' # stuff run as seafile user - set -x - - # outside URL - SERVICE_URL="http${if cfg.enableTLS then "s" else ""}://${cfg.domainName}:${toString cfg.externalPort}" + set -ex # seafile.conf generation - # move seafile.conf template from nix store + # move config templates from nix store + cp ${ccnetConfigFile} ./conf/ccnet.conf cp ${seafileConfigFile} ./conf/seafile.conf # replace placeholder secrets with real secret read from file - ${if (isNull cfg.db.passwordFile) then '' + ${if !(isNull cfg.db.passwordFile) then '' DBPASS="$(head -n1 ${toString cfg.db.passwordFile})" - sed -e "s,#dbpass#,$DBPASS,g" -i ./conf/seafile.conf + sed -e "s,#dbpass#,$DBPASS,g" -i ./conf/seafile.conf ./conf/ccnet.conf '' else "" } + # seahub secret key + if [ -e .seahubSecret ]; then + ${pkgs.seafile-server.pythonEnv} ${pkgs.seafile-server}/seahub/tools/secret_key_generator.py > .seahubSecret + chmod 400 .seahubSecret + fi + - pwd - ln -sf ${pkgs.seafile-server} seafile-server - ${pkgs.seafile-server.pythonEnv}/bin/python seafile-server/setup-seafile-mysql.py auto \ - -n "${cfg.name}" \ - -i "${cfg.domainName}" \ - -p "${toString cfg.fileserverPort}" \ - -d "${cfg.storagePath}" \ - -o "${cfg.db.host}" \ - -t "${toString cfg.db.dbport}" \ - -u "${cfg.db.user}" \ - -w "$DBPASS" \ - -c "${cfg.db.dbnameCcnet}" \ - -s "${cfg.db.dbnameSeafile}" \ - -b "${cfg.db.dbnameSeahub}" + # initialise db and other things needed at first run + if [ -e .initialised ]; then + #TODO: db initialisation + + touch .initialised + fi + + ln -nsf ${pkgs.seafile-server} seafile-server + + # for determining update version mismatches + cp ${pkgs.seafile-server}/installed_version . ''}") ]; User = cfg.user;