diff --git a/mod-seafile-server.nix b/mod-seafile-server.nix index 70bed10..e056d5e 100644 --- a/mod-seafile-server.nix +++ b/mod-seafile-server.nix @@ -73,26 +73,57 @@ in description = "Group account under which the Seafile server runs."; }; + name = mkOption { + type = types.str; + default = "Seafile"; + description = "name of the Seafile instance, will show up in client and web interface"; + }; + domainName = mkOption { type = types.str; description = "full domain name of the seafile instance"; }; + + ccnetPort = mkOption { + type = types.int; + default = 10001; + description = "listening port for ccnet server"; + }; + + seafilePort = mkOption { + type = types.int; + default = 12001; + description = "listening port for Seafile server"; + }; + + seahubPort = mkOption { + type = types.int; + default = 443; + description = "listening http port for Seahub web interface"; + }; + + openFirewall = mkEnableOption { + default = true; + description = "whether to open up the firewall ports for ccnet, seafile-server and seahub"; + }; }; config = let directoriesToManage = [ cfg.storagePath ]; in - lib.mkIf cfg.enable { + mkIf cfg.enable { systemd = { # state directory permissions managed by systemd tmpfiles.rules = [ "d ${cfg.storagePath} 0750 ${cfg.user} ${cfg.group} -" + "d ${cfg.storagePath}/home 0710 ${cfg.user} ${cfg.group} -" ]; services.seafile-server = { + path = with pkgs; [ seafile-server.ccnet-server seafile-server.seafile-server-core ]; script = '' - ${pkgs.seafile-server.ccnet-server}/bin/ccnet-init + ./seafile-server/seafile-server-latest/bin/seafile-admin start ''; serviceConfig = { ExecStartPre = [ @@ -102,6 +133,19 @@ in ''}") ("${pkgs.writeShellScript "seafile-server-preStart-unprivileged" '' # stuff run as seafile user + + # ccnet-init must only be run once per installation, as it also generates stateful key and ID + # solution: invoke it once, use result as template + if [ ! -e ./conf/mykey.peer ]; then + ${pkgs.seafile-server.ccnet-server}/bin/ccnet-init -c ./conf -n 'TEMPLATENAME' -H 'TEMPLATEHOST' -P 'TEMPLATEPORT' + mv ./conf/ccnet.conf{,.template} + fi + # substitute actual config values to template and symlink config file + ${pkgs.gnused}/bin/sed -e 's|TEMPLATENAME|${cfg.name}|g; s|TEMPLATEHOST|${cfg.domainName}|; s|TEMPLATEPORT|${toString cfg.ccnetPort}|' ./conf/ccnet.conf.template > ./conf/ccnet.conf + + ln -s ${pkgs.seafile-server} seafile-server + #${pkgs.seafile-server.ccnet-server}/bin/ccnet-init -c ./ccnet -H "${cfg.domainName}" -P ${toString cfg.ccnetPort} -n "${cfg.name}" + ./seafile-server/seafile-server-latest/bin/seafile-admin setup ''}") ]; User = cfg.user; @@ -123,5 +167,7 @@ in isNormalUser = false; }; users.groups.${cfg.group}.members = [ cfg.user ]; + + networking.firewall.allowedTCPPorts = with cfg; if openFirewall then [ ccnetPort seafilePort seahubPort ] else []; }; } diff --git a/seafile-server/default.nix b/seafile-server/default.nix index dc26074..2288d2a 100644 --- a/seafile-server/default.nix +++ b/seafile-server/default.nix @@ -102,11 +102,11 @@ mkdir "$out" cd "$out" ln -s ${seahub} seahub - ln -s ${seafile-server-core} seaf-server + ln -s ${seafile-server-core} seafile-server-latest ''; meta = with lib; { maintainers = with maintainers; [ schmittlauch ]; license = licenses.free; # components with different free software licenses are combined }; - inherit ccnet-server; # for using the path in the NixOS module + inherit ccnet-server seafile-server-core; # for using the path in the NixOS module }