diff --git a/machines/NixOS-CT/default.nix b/machines/NixOS-CT/default.nix
index aa098b4..cb18b77 100644
--- a/machines/NixOS-CT/default.nix
+++ b/machines/NixOS-CT/default.nix
@@ -10,6 +10,7 @@
     mailserver
     nginx
     roundcube
+    seafile
     vaultwarden
   ];
 
diff --git a/profiles/servers/mailserver.nix b/profiles/servers/mailserver.nix
index ca9dbf8..65d2743 100644
--- a/profiles/servers/mailserver.nix
+++ b/profiles/servers/mailserver.nix
@@ -11,6 +11,10 @@ in {
     owner = "dovecot2:dovecot2";
     services = [ "dovecot2" ];
   };
+  secrets.mailserver-seafile = {
+    owner = "dovecot2:dovecot2";
+    services = [ "dovecot2" ];
+  };
 
   security.acme.certs."mail.ataraxiadev.com" = {
     webroot = "/var/lib/acme/acme-challenge";
@@ -90,6 +94,8 @@ in {
     openFirewall = true;
     fqdn = "mail.ataraxiadev.com";
     domains = [ "ataraxiadev.com" ];
+    # hashedPassword:
+    # nsp apacheHttpd --run 'htpasswd -nbB "" "super secret password"' | cut -d: -f2
     loginAccounts = {
       "ataraxiadev@ataraxiadev.com" = {
         aliases =
@@ -100,6 +106,10 @@ in {
         aliases = [ "vaultwarden" ];
         hashedPasswordFile = config.secrets.mailserver-vaultwarden.decrypted;
       };
+      "seafile@ataraxiadev.com" = {
+        aliases = [ "seafile" ];
+        hashedPasswordFile = config.secrets.mailserver-seafile.decrypted;
+      };
     };
     localDnsResolver = false;
     certificateScheme = 1;
diff --git a/profiles/servers/nginx.nix b/profiles/servers/nginx.nix
index 6c8d1ca..683182c 100644
--- a/profiles/servers/nginx.nix
+++ b/profiles/servers/nginx.nix
@@ -16,6 +16,7 @@
           "startpage.ataraxiadev.com"
           "vw.ataraxiadev.com"
           "code.ataraxiadev.com"
+          "file.ataraxiadev.com"
           "webmail.ataraxiadev.com"
         ];
       };
@@ -28,6 +29,7 @@
     recommendedOptimisation = true;
     recommendedGzipSettings = true;
     recommendedTlsSettings = true;
+    clientMaxBodySize = "250m";
     virtualHosts = let
       default = {
         useACMEHost = "ataraxiadev.com";
@@ -120,6 +122,11 @@
           proxyPass = "http://localhost:6000";
         } // proxySettings // hardened;
       } // default;
+      "file.ataraxiadev.com" = {
+        locations."/" = {
+          proxyPass = "http://localhost:8088/";
+        } // proxySettings // hardened;
+      } // default;
       "webmail.ataraxiadev.com" = {
         locations."/" = {
           extraConfig = ''
diff --git a/profiles/servers/seafile.nix b/profiles/servers/seafile.nix
new file mode 100644
index 0000000..3619891
--- /dev/null
+++ b/profiles/servers/seafile.nix
@@ -0,0 +1,109 @@
+{ config, lib, pkgs, ... }:
+with config.users.users.alukard; with config.users.groups.${group}; {
+  secrets.db-pass = { };
+  secrets.seafile-admin-pass = { };
+
+  virtualisation.oci-containers.containers.seafile-server = {
+    autoStart = true;
+    dependsOn = [ "seafile-db" "memcached" "seafile-caddy" ];
+    environment = {
+      DB_HOST = "seafile-db";
+      TIME_ZONE = "Europe/Moscow";
+      HTTPS = "false";
+      SEAFILE_SERVER_HOSTNAME = "file.ataraxiadev.com";
+    };
+    environmentFiles = [
+      config.secrets.db-pass.decrypted
+    ];
+    extraOptions = [
+      "--network=seafile"
+    ];
+    image = "ggogel/seafile-server:9.0.4";
+    volumes = [ "/seafile/server-data:/shared" ];
+  };
+
+  virtualisation.oci-containers.containers.seahub = {
+    autoStart = true;
+    dependsOn = [ "seafile-server" "seahub-media" "seafile-caddy" ];
+    environment = {
+      SEAFILE_ADMIN_EMAIL = "admin@ataraxiadev.com";
+    };
+    environmentFiles = [
+      config.secrets.seafile-admin-pass.decrypted
+    ];
+    extraOptions = [
+      "--network=seafile"
+    ];
+    image = "ggogel/seahub:9.0.4";
+    volumes = [
+      "/seafile/server-data:/shared"
+    ];
+  };
+
+  virtualisation.oci-containers.containers.seahub-media = {
+    autoStart = true;
+    dependsOn = [ "seafile-caddy" ];
+    extraOptions = [
+      "--network=seafile"
+    ];
+    image = "ggogel/seahub-media:9.0.4";
+    volumes = [
+      "/seafile/server-data/seafile/seahub-data/avatars:/usr/share/caddy/media/avatars"
+      "/seafile/server-data/seafile/seahub-data/custom:/usr/share/caddy/media/custom"
+    ];
+  };
+
+  virtualisation.oci-containers.containers.seafile-db = {
+    autoStart = true;
+    environment = {
+      MYSQL_LOG_CONSOLE = "true";
+    };
+    environmentFiles = [
+      config.secrets.db-pass.decrypted
+    ];
+    extraOptions = [
+      "--network=seafile"
+    ];
+    image = "mariadb:10.7.1";
+    volumes = [
+      "/seafile/mariadb:/var/lib/mysql"
+    ];
+  };
+
+  virtualisation.oci-containers.containers.memcached = {
+    autoStart = true;
+    environment = {
+      MEMCACHED_CACHE_SIZE = "128";
+    };
+    extraOptions = [
+      "--network=seafile"
+    ];
+    image = "bitnami/memcached:1.6.14";
+  };
+
+  virtualisation.oci-containers.containers.seafile-caddy = {
+    autoStart = true;
+    extraOptions = [
+      "--network=seafile"
+    ];
+    ports = [ "127.0.0.1:8088:80" ];
+    image = "ggogel/seafile-caddy:1.0.6";
+  };
+
+  systemd.services.create-seafile-network = with config.virtualisation.oci-containers; {
+    serviceConfig.Type = "oneshot";
+    wantedBy = [
+      "${backend}-seafile-server.service"
+      "${backend}-seahub.service"
+      "${backend}-seahub-media.service"
+      "${backend}-seafile-db.service"
+      "${backend}-memcached.service"
+      "${backend}-seafile-caddy.service"
+    ];
+    script = ''
+      ${pkgs.docker}/bin/docker network inspect seafile || \
+        ${pkgs.docker}/bin/docker network create -d bridge seafile
+      exit 0
+    '';
+  };
+}