generate seafile_settings.py

2021-01-31 00:43:23 +01:00 · 2021-01-31 00:43:23 +01:00 · cb44156519
parent d3f1c04e72
commit cb44156519
1 changed files with 28 additions and 7 deletions
--- a/mod-seafile-server.nix
+++ b/mod-seafile-server.nix
@ -20,6 +20,22 @@ let
      timeout = 1200
      limit_request_line = 8190
    '';
+  seahubConfigFile = pkgs.writeText "seahub_settings.py"
+    ''
+      SECRET_KEY = #seckey#
+
+      DATABASES = {
+          'default': {
+              'ENGINE': 'django.db.backends.${if cfg.db.type == "mysql" then
+                "mysql" else abort "invalid db type"}',
+              'NAME': '${cfg.db.dbnameSeahub}',
+              'USER': '${cfg.db.user}',
+              'PASSWORD': '#dbpass#',
+              'HOST': '${cfg.db.host}',
+              'PORT': '${toString cfg.db.port}'
+          }
+      }
+    '';
  # fix permissions at start
 in
  {
@ -287,21 +303,26 @@ in
                cp ${ccnetConfigFile} ./conf/ccnet.conf
                cp ${seafileConfigFile} ./conf/seafile.conf
                cp ${gunicornConfigFile} ./conf/gunicorn.conf.py
+                cp ${seahubConfigFile} ./conf/seahub_settings.py
+
+                # seahub secret key
+                if [ ! -e .seahubSecret ]; then
+                    ${pkgs.seafile-server.pythonEnv}/bin/python ${pkgs.seafile-server}/seahub/tools/secret_key_generator.py > .seahubSecret
+                    chmod 400 .seahubSecret
+                fi
+                SEAHUB_SECRET="$(head -n1 .seahubSecret)"
+                # TODO: check for special characters needing to be escaped
+                sed -e "s,#seckey#,$SEAHUB_SECRET,g" -i ./conf/seahub_settings.py
+
                # replace placeholder secrets with real secret read from file
                #TODO: unset -x to prevent DBPASS from being leaked in journal
                ${if !(isNull cfg.db.passwordFile) then ''
                  DBPASS="$(head -n1 ${toString cfg.db.passwordFile})"
-                  sed -e "s,#dbpass#,$DBPASS,g" -i ./conf/seafile.conf ./conf/ccnet.conf
+                  sed -e "s,#dbpass#,$DBPASS,g" -i ./conf/seafile.conf ./conf/ccnet.conf ./conf/seahub_settings.py
                  ''
                  else ""
                }

-                # seahub secret key
-                if [ -e .seahubSecret ]; then
-                    ${pkgs.seafile-server.pythonEnv} ${pkgs.seafile-server}/seahub/tools/secret_key_generator.py > .seahubSecret
-                    chmod 400 .seahubSecret
-                fi
-
                
                # initialise db and other things needed at first run
                if [ -e .initialised ]; then