schmittlauch/nixos-seafile-overlay
1
0
Fork 0
Code Issues 7 Pull requests Releases Wiki Activity

Compare commits

base: schmittlauch:ce44d1916876fd3496381d7c11bf9a0710aa32e4
Branches Tags
schmittlauch:mainline
schmittlauch:python3
..
compare: schmittlauch:cb441565197d703ac4825b2b4f06fd57f93ecb46
Branches Tags
schmittlauch:mainline
schmittlauch:python3

2 commits
ce44d19168 ... cb44156519

Author SHA1 Message Date
Trolli Schmittlauch
cb44156519 generate seafile_settings.py 2021-01-31 01:18:47 +01:00
Trolli Schmittlauch
d3f1c04e72 generate gunicorn.conf.py 2021-01-30 23:09:53 +01:00
1 changed files with 45 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

53
mod-seafile-server.nix
View file

@ -6,6 +6,36 @@ let
(generators.toINI {} cfg.seafileSettings); (generators.toINI {} cfg.seafileSettings);
ccnetConfigFile = pkgs.writeText "ccnet.conf" ccnetConfigFile = pkgs.writeText "ccnet.conf"
(generators.toINI {} cfg.ccnetSettings); (generators.toINI {} cfg.ccnetSettings);
gunicornConfigFile = pkgs.writeText "gunicorn.conf.py"
''
import os
daemon = True
workers = 5
# default localhost:8000
bind = "127.0.0.1:8000"
# Pid
pids_dir = '${cfg.storagePath}/pids'
pidfile = os.path.join(pids_dir, 'seahub.pid')
# for file upload, we need a longer timeout value (default is only 30s, too short)
timeout = 1200
limit_request_line = 8190
'';
seahubConfigFile = pkgs.writeText "seahub_settings.py"
''
SECRET_KEY = #seckey#
DATABASES = {
'default': {
'ENGINE': 'django.db.backends.${if cfg.db.type == "mysql" then
"mysql" else abort "invalid db type"}',
'NAME': '${cfg.db.dbnameSeahub}',
'USER': '${cfg.db.user}',
'PASSWORD': '#dbpass#',
'HOST': '${cfg.db.host}',
'PORT': '${toString cfg.db.port}'
}
}
'';
# fix permissions at start # fix permissions at start
in in
{ {
@ -249,7 +279,7 @@ in
tmpfiles.rules = [ tmpfiles.rules = [
"d ${cfg.storagePath} 0750 ${cfg.user} ${cfg.group} -" "d ${cfg.storagePath} 0750 ${cfg.user} ${cfg.group} -"
"d ${cfg.storagePath}/conf 0700 ${cfg.user} ${cfg.group} -" "d ${cfg.storagePath}/conf 0700 ${cfg.user} ${cfg.group} -"
"d ${cfg.storagePath}/home 0710 ${cfg.user} ${cfg.group} -" "d ${cfg.storagePath}/pids 0710 ${cfg.user} ${cfg.group} -"
]; ];
services.seafile-server = { services.seafile-server = {
@ -272,20 +302,27 @@ in
# move config templates from nix store # move config templates from nix store
cp ${ccnetConfigFile} ./conf/ccnet.conf cp ${ccnetConfigFile} ./conf/ccnet.conf
cp ${seafileConfigFile} ./conf/seafile.conf cp ${seafileConfigFile} ./conf/seafile.conf
cp ${gunicornConfigFile} ./conf/gunicorn.conf.py
cp ${seahubConfigFile} ./conf/seahub_settings.py
# seahub secret key
if [ ! -e .seahubSecret ]; then
${pkgs.seafile-server.pythonEnv}/bin/python ${pkgs.seafile-server}/seahub/tools/secret_key_generator.py > .seahubSecret
chmod 400 .seahubSecret
fi
SEAHUB_SECRET="$(head -n1 .seahubSecret)"
# TODO: check for special characters needing to be escaped
sed -e "s,#seckey#,$SEAHUB_SECRET,g" -i ./conf/seahub_settings.py
# replace placeholder secrets with real secret read from file # replace placeholder secrets with real secret read from file
#TODO: unset -x to prevent DBPASS from being leaked in journal
${if !(isNull cfg.db.passwordFile) then '' ${if !(isNull cfg.db.passwordFile) then ''
DBPASS="$(head -n1 ${toString cfg.db.passwordFile})" DBPASS="$(head -n1 ${toString cfg.db.passwordFile})"
sed -e "s,#dbpass#,$DBPASS,g" -i ./conf/seafile.conf ./conf/ccnet.conf sed -e "s,#dbpass#,$DBPASS,g" -i ./conf/seafile.conf ./conf/ccnet.conf ./conf/seahub_settings.py
'' ''
else "" else ""
} }
# seahub secret key
if [ -e .seahubSecret ]; then
${pkgs.seafile-server.pythonEnv} ${pkgs.seafile-server}/seahub/tools/secret_key_generator.py > .seahubSecret
chmod 400 .seahubSecret
fi
# initialise db and other things needed at first run # initialise db and other things needed at first run
if [ -e .initialised ]; then if [ -e .initialised ]; then