Compare commits
No commits in common. "cb441565197d703ac4825b2b4f06fd57f93ecb46" and "ce44d1916876fd3496381d7c11bf9a0710aa32e4" have entirely different histories.
cb44156519
...
ce44d19168
1 changed files with 8 additions and 45 deletions
|
|
@ -6,36 +6,6 @@ let
|
|||
(generators.toINI {} cfg.seafileSettings);
|
||||
ccnetConfigFile = pkgs.writeText "ccnet.conf"
|
||||
(generators.toINI {} cfg.ccnetSettings);
|
||||
gunicornConfigFile = pkgs.writeText "gunicorn.conf.py"
|
||||
''
|
||||
import os
|
||||
daemon = True
|
||||
workers = 5
|
||||
# default localhost:8000
|
||||
bind = "127.0.0.1:8000"
|
||||
# Pid
|
||||
pids_dir = '${cfg.storagePath}/pids'
|
||||
pidfile = os.path.join(pids_dir, 'seahub.pid')
|
||||
# for file upload, we need a longer timeout value (default is only 30s, too short)
|
||||
timeout = 1200
|
||||
limit_request_line = 8190
|
||||
'';
|
||||
seahubConfigFile = pkgs.writeText "seahub_settings.py"
|
||||
''
|
||||
SECRET_KEY = #seckey#
|
||||
|
||||
DATABASES = {
|
||||
'default': {
|
||||
'ENGINE': 'django.db.backends.${if cfg.db.type == "mysql" then
|
||||
"mysql" else abort "invalid db type"}',
|
||||
'NAME': '${cfg.db.dbnameSeahub}',
|
||||
'USER': '${cfg.db.user}',
|
||||
'PASSWORD': '#dbpass#',
|
||||
'HOST': '${cfg.db.host}',
|
||||
'PORT': '${toString cfg.db.port}'
|
||||
}
|
||||
}
|
||||
'';
|
||||
# fix permissions at start
|
||||
in
|
||||
{
|
||||
|
|
@ -279,7 +249,7 @@ in
|
|||
tmpfiles.rules = [
|
||||
"d ${cfg.storagePath} 0750 ${cfg.user} ${cfg.group} -"
|
||||
"d ${cfg.storagePath}/conf 0700 ${cfg.user} ${cfg.group} -"
|
||||
"d ${cfg.storagePath}/pids 0710 ${cfg.user} ${cfg.group} -"
|
||||
"d ${cfg.storagePath}/home 0710 ${cfg.user} ${cfg.group} -"
|
||||
];
|
||||
services.seafile-server = {
|
||||
|
||||
|
|
@ -302,27 +272,20 @@ in
|
|||
# move config templates from nix store
|
||||
cp ${ccnetConfigFile} ./conf/ccnet.conf
|
||||
cp ${seafileConfigFile} ./conf/seafile.conf
|
||||
cp ${gunicornConfigFile} ./conf/gunicorn.conf.py
|
||||
cp ${seahubConfigFile} ./conf/seahub_settings.py
|
||||
|
||||
# seahub secret key
|
||||
if [ ! -e .seahubSecret ]; then
|
||||
${pkgs.seafile-server.pythonEnv}/bin/python ${pkgs.seafile-server}/seahub/tools/secret_key_generator.py > .seahubSecret
|
||||
chmod 400 .seahubSecret
|
||||
fi
|
||||
SEAHUB_SECRET="$(head -n1 .seahubSecret)"
|
||||
# TODO: check for special characters needing to be escaped
|
||||
sed -e "s,#seckey#,$SEAHUB_SECRET,g" -i ./conf/seahub_settings.py
|
||||
|
||||
# replace placeholder secrets with real secret read from file
|
||||
#TODO: unset -x to prevent DBPASS from being leaked in journal
|
||||
${if !(isNull cfg.db.passwordFile) then ''
|
||||
DBPASS="$(head -n1 ${toString cfg.db.passwordFile})"
|
||||
sed -e "s,#dbpass#,$DBPASS,g" -i ./conf/seafile.conf ./conf/ccnet.conf ./conf/seahub_settings.py
|
||||
sed -e "s,#dbpass#,$DBPASS,g" -i ./conf/seafile.conf ./conf/ccnet.conf
|
||||
''
|
||||
else ""
|
||||
}
|
||||
|
||||
# seahub secret key
|
||||
if [ -e .seahubSecret ]; then
|
||||
${pkgs.seafile-server.pythonEnv} ${pkgs.seafile-server}/seahub/tools/secret_key_generator.py > .seahubSecret
|
||||
chmod 400 .seahubSecret
|
||||
fi
|
||||
|
||||
|
||||
# initialise db and other things needed at first run
|
||||
if [ -e .initialised ]; then
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue