add seafile

2022-03-22 06:02:13 +03:00 · 2022-03-22 06:02:13 +03:00 · 6f2f0297a4
commit 6f2f0297a4
parent bdac8cdf7b
4 changed files with 127 additions and 0 deletions
--- a/machines/NixOS-CT/default.nix
+++ b/machines/NixOS-CT/default.nix
@ -10,6 +10,7 @@
    mailserver
    nginx
    roundcube
+    seafile
    vaultwarden
  ];

--- a/profiles/servers/mailserver.nix
+++ b/profiles/servers/mailserver.nix
@ -11,6 +11,10 @@ in {
    owner = "dovecot2:dovecot2";
    services = [ "dovecot2" ];
  };
+  secrets.mailserver-seafile = {
+    owner = "dovecot2:dovecot2";
+    services = [ "dovecot2" ];
+  };

  security.acme.certs."mail.ataraxiadev.com" = {
    webroot = "/var/lib/acme/acme-challenge";
@ -90,6 +94,8 @@ in {
    openFirewall = true;
    fqdn = "mail.ataraxiadev.com";
    domains = [ "ataraxiadev.com" ];
+    # hashedPassword:
+    # nsp apacheHttpd --run 'htpasswd -nbB "" "super secret password"' | cut -d: -f2
    loginAccounts = {
      "ataraxiadev@ataraxiadev.com" = {
        aliases =
@ -100,6 +106,10 @@ in {
        aliases = [ "vaultwarden" ];
        hashedPasswordFile = config.secrets.mailserver-vaultwarden.decrypted;
      };
+      "seafile@ataraxiadev.com" = {
+        aliases = [ "seafile" ];
+        hashedPasswordFile = config.secrets.mailserver-seafile.decrypted;
+      };
    };
    localDnsResolver = false;
    certificateScheme = 1;
--- a/profiles/servers/nginx.nix
+++ b/profiles/servers/nginx.nix
@ -16,6 +16,7 @@
          "startpage.ataraxiadev.com"
          "vw.ataraxiadev.com"
          "code.ataraxiadev.com"
+          "file.ataraxiadev.com"
          "webmail.ataraxiadev.com"
        ];
      };
@ -28,6 +29,7 @@
    recommendedOptimisation = true;
    recommendedGzipSettings = true;
    recommendedTlsSettings = true;
+    clientMaxBodySize = "250m";
    virtualHosts = let
      default = {
        useACMEHost = "ataraxiadev.com";
@ -120,6 +122,11 @@
          proxyPass = "http://localhost:6000";
        } // proxySettings // hardened;
      } // default;
+      "file.ataraxiadev.com" = {
+        locations."/" = {
+          proxyPass = "http://localhost:8088/";
+        } // proxySettings // hardened;
+      } // default;
      "webmail.ataraxiadev.com" = {
        locations."/" = {
          extraConfig = ''
--- a/profiles/servers/seafile.nix
+++ b/profiles/servers/seafile.nix
@ -0,0 +1,109 @@
+{ config, lib, pkgs, ... }:
+with config.users.users.alukard; with config.users.groups.${group}; {
+  secrets.db-pass = { };
+  secrets.seafile-admin-pass = { };
+
+  virtualisation.oci-containers.containers.seafile-server = {
+    autoStart = true;
+    dependsOn = [ "seafile-db" "memcached" "seafile-caddy" ];
+    environment = {
+      DB_HOST = "seafile-db";
+      TIME_ZONE = "Europe/Moscow";
+      HTTPS = "false";
+      SEAFILE_SERVER_HOSTNAME = "file.ataraxiadev.com";
+    };
+    environmentFiles = [
+      config.secrets.db-pass.decrypted
+    ];
+    extraOptions = [
+      "--network=seafile"
+    ];
+    image = "ggogel/seafile-server:9.0.4";
+    volumes = [ "/seafile/server-data:/shared" ];
+  };
+
+  virtualisation.oci-containers.containers.seahub = {
+    autoStart = true;
+    dependsOn = [ "seafile-server" "seahub-media" "seafile-caddy" ];
+    environment = {
+      SEAFILE_ADMIN_EMAIL = "admin@ataraxiadev.com";
+    };
+    environmentFiles = [
+      config.secrets.seafile-admin-pass.decrypted
+    ];
+    extraOptions = [
+      "--network=seafile"
+    ];
+    image = "ggogel/seahub:9.0.4";
+    volumes = [
+      "/seafile/server-data:/shared"
+    ];
+  };
+
+  virtualisation.oci-containers.containers.seahub-media = {
+    autoStart = true;
+    dependsOn = [ "seafile-caddy" ];
+    extraOptions = [
+      "--network=seafile"
+    ];
+    image = "ggogel/seahub-media:9.0.4";
+    volumes = [
+      "/seafile/server-data/seafile/seahub-data/avatars:/usr/share/caddy/media/avatars"
+      "/seafile/server-data/seafile/seahub-data/custom:/usr/share/caddy/media/custom"
+    ];
+  };
+
+  virtualisation.oci-containers.containers.seafile-db = {
+    autoStart = true;
+    environment = {
+      MYSQL_LOG_CONSOLE = "true";
+    };
+    environmentFiles = [
+      config.secrets.db-pass.decrypted
+    ];
+    extraOptions = [
+      "--network=seafile"
+    ];
+    image = "mariadb:10.7.1";
+    volumes = [
+      "/seafile/mariadb:/var/lib/mysql"
+    ];
+  };
+
+  virtualisation.oci-containers.containers.memcached = {
+    autoStart = true;
+    environment = {
+      MEMCACHED_CACHE_SIZE = "128";
+    };
+    extraOptions = [
+      "--network=seafile"
+    ];
+    image = "bitnami/memcached:1.6.14";
+  };
+
+  virtualisation.oci-containers.containers.seafile-caddy = {
+    autoStart = true;
+    extraOptions = [
+      "--network=seafile"
+    ];
+    ports = [ "127.0.0.1:8088:80" ];
+    image = "ggogel/seafile-caddy:1.0.6";
+  };
+
+  systemd.services.create-seafile-network = with config.virtualisation.oci-containers; {
+    serviceConfig.Type = "oneshot";
+    wantedBy = [
+      "${backend}-seafile-server.service"
+      "${backend}-seahub.service"
+      "${backend}-seahub-media.service"
+      "${backend}-seafile-db.service"
+      "${backend}-memcached.service"
+      "${backend}-seafile-caddy.service"
+    ];
+    script = ''
+      ${pkgs.docker}/bin/docker network inspect seafile || \
+        ${pkgs.docker}/bin/docker network create -d bridge seafile
+      exit 0
+    '';
+  };
+}