first draft of seafile-server module + test VM

test vm can be built using `NIXOS_CONFIG="$(pwd)/seafile-test.nix" nixos-rebuild build-vm --show-trace`
2019-10-09 00:55:35 +02:00 · 2019-10-09 00:55:35 +02:00 · 764edc371c
parent 2d8350f62a
commit 764edc371c
2 changed files with 147 additions and 0 deletions
--- a/mod-seafile-server.nix
+++ b/mod-seafile-server.nix
@ -0,0 +1,116 @@
+{ config, pkgs, lib, ...}:
+with lib;
+let
+  cfg = config.services.seafile-server;
+  # fix permissions at start
+in
+  {
+    options.services.seafile-server = {
+      enable = mkEnableOption "Seafile server";
+      storagePath = mkOption {
+        type = types.path;
+        default = "/srv/seafile";
+        description = "where to store uploaded file data";
+      };
+      autorun = mkOption {
+        type = types.bool;
+        default = true;
+        description = "enable the seafile-server service to get started automatically";
+      };
+      db = {
+        type = mkOption {
+          type = types.enum ["sqlite" "mysql"];
+          default = "sqlite";
+          description = "database backend type";
+        };
+        user = mkOption {
+          type = types.nullOr types.string;
+          default = "seafile";
+          description = "Database user name. Not required for sqlite.";
+        };
+        dbname = mkOption {
+          type = types.nullOr types.string;
+          default = "seafile";
+          description = "Database name. Not required for sqlite.";
+        };
+        password = mkOption {
+          type = types.nullOr types.string;
+          default = null;
+          description = ''
+            Database password. Use <literal>passwordFile</literal> to avoid this
+            being world-readable in the <literal>/nix/store</literal>.
+
+            Not required for sqlite.'';
+          };
+          passwordFile = mkOption {
+            type = types.nullOr types.str;
+            default = null;
+            description = ''
+              The full path to a file that contains the database password.
+            '';
+          };
+          host = mkOption {
+            type = types.nullOr types.str;
+            default = "localhost";
+            description = "Database host.";
+          };
+          dbport = mkOption {
+            type = with types; nullOr (either int str);
+            default = null;
+            description = "Database port. Not required for sqlite.";
+          };
+        };
+
+        user = mkOption {
+          type = types.str;
+          default = "seafile";
+          description = "User account under which the Seafile server runs.";
+        };
+
+        group = mkOption {
+          type = types.str;
+          default = "seafile";
+          description = "Group account under which the Seafile server runs.";
+        };
+
+        domainName = mkOption {
+          type = types.str;
+          description = "full domain name of the seafile instance";
+        };
+      };
+
+
+      config = let
+        directoriesToManage = [ cfg.storagePath ];
+      in
+      lib.mkIf cfg.enable {
+        systemd.services.seafile-server = {
+
+          serviceConfig = {
+            ExecStartPre = "+${pkgs.writeScript "seafile-server-preStart" ''
+              #!${pkgs.runtimeShell}
+              #set -ex
+                for DIR in ${escapeShellArgs directoriesToManage}; do
+                mkdir -p "$DIR"
+                chown ${cfg.user}:${cfg.group} "$DIR"
+                done;
+            ''}";
+            ExecStart = "${pkgs.seafile-server}/seafile-core/bin/seaf-server-init";
+            User = cfg.user;
+            Group = cfg.group;
+            Type = "oneshot";
+            WorkingDirectory = cfg.storagePath;
+          };
+          enable = cfg.autorun;
+          wantedBy = [ "multi-user.target" ];
+        };
+
+        users.users.${cfg.user} = {
+          home = cfg.storagePath;
+          group = cfg.group;
+          createHome = true;
+          isNormalUser = false;
+        };
+        users.groups.${cfg.group}.members = [ cfg.user ];
+      };
+    }
--- a/seafile-test.nix
+++ b/seafile-test.nix
@ -0,0 +1,31 @@
+{ config, pkgs, ...}:
+{
+  imports = [
+    <nixpkgs/nixos/modules/profiles/minimal.nix>
+    <nixpkgs/nixos/modules/profiles/qemu-guest.nix>
+    ./mod-seafile-server.nix
+  ];
+
+  nixpkgs.overlays = [
+    (import /home/spiollinux/nixconfigs/home/ov/seafile-overlay)
+    ];
+
+  i18n.consoleKeyMap = "de";
+  users.mutableUsers = false;
+  users.users.test = {
+    isNormalUser = true;
+    extraGroups = [ "wheel" ];
+    #hashedPassword = "$6$SZCzE/xB$Hr9sfsJ7xAcBCoptG39cxxQk8RZfldDjjGpSngOvn9Ufex5dHBEbdncXRZnfrGATsGcYPvLi7m4wIu.f8tY9B.";
+    password = "";
+    home = "/home/test";
+    createHome = true;
+  };
+
+  # Seafile
+  services.seafile-server = {
+    enable = true;
+    #autorun = false;
+    domainName = "localhost";
+  };
+
+}