AtaraxiaDev/nixos-config
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

add seafile

Browse Source
This commit is contained in:
Dmitriy Kholkin 2022-03-22 06:02:13 +03:00
parent bdac8cdf7b
commit 6f2f0297a4
4 changed files with 127 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
machines/NixOS-CT/default.nix
View File

@ -10,6 +10,7 @@
mailserver mailserver
nginx nginx
roundcube roundcube
seafile
vaultwarden vaultwarden
]; ];

10
profiles/servers/mailserver.nix
View File

@ -11,6 +11,10 @@ in {
owner = "dovecot2:dovecot2"; owner = "dovecot2:dovecot2";
services = [ "dovecot2" ]; services = [ "dovecot2" ];
}; };
secrets.mailserver-seafile = {
owner = "dovecot2:dovecot2";
services = [ "dovecot2" ];
};
security.acme.certs."mail.ataraxiadev.com" = { security.acme.certs."mail.ataraxiadev.com" = {
webroot = "/var/lib/acme/acme-challenge"; webroot = "/var/lib/acme/acme-challenge";
@ -90,6 +94,8 @@ in {
openFirewall = true; openFirewall = true;
fqdn = "mail.ataraxiadev.com"; fqdn = "mail.ataraxiadev.com";
domains = [ "ataraxiadev.com" ]; domains = [ "ataraxiadev.com" ];
# hashedPassword:
# nsp apacheHttpd --run 'htpasswd -nbB "" "super secret password"' | cut -d: -f2
loginAccounts = { loginAccounts = {
"ataraxiadev@ataraxiadev.com" = { "ataraxiadev@ataraxiadev.com" = {
aliases = aliases =
@ -100,6 +106,10 @@ in {
aliases = [ "vaultwarden" ]; aliases = [ "vaultwarden" ];
hashedPasswordFile = config.secrets.mailserver-vaultwarden.decrypted; hashedPasswordFile = config.secrets.mailserver-vaultwarden.decrypted;
}; };
"seafile@ataraxiadev.com" = {
aliases = [ "seafile" ];
hashedPasswordFile = config.secrets.mailserver-seafile.decrypted;
};
}; };
localDnsResolver = false; localDnsResolver = false;
certificateScheme = 1; certificateScheme = 1;

7
profiles/servers/nginx.nix
View File

@ -16,6 +16,7 @@
"startpage.ataraxiadev.com" "startpage.ataraxiadev.com"
"vw.ataraxiadev.com" "vw.ataraxiadev.com"
"code.ataraxiadev.com" "code.ataraxiadev.com"
"file.ataraxiadev.com"
"webmail.ataraxiadev.com" "webmail.ataraxiadev.com"
]; ];
}; };
@ -28,6 +29,7 @@
recommendedOptimisation = true; recommendedOptimisation = true;
recommendedGzipSettings = true; recommendedGzipSettings = true;
recommendedTlsSettings = true; recommendedTlsSettings = true;
clientMaxBodySize = "250m";
virtualHosts = let virtualHosts = let
default = { default = {
useACMEHost = "ataraxiadev.com"; useACMEHost = "ataraxiadev.com";
@ -120,6 +122,11 @@
proxyPass = "http://localhost:6000"; proxyPass = "http://localhost:6000";
} // proxySettings // hardened; } // proxySettings // hardened;
} // default; } // default;
"file.ataraxiadev.com" = {
locations."/" = {
proxyPass = "http://localhost:8088/";
} // proxySettings // hardened;
} // default;
"webmail.ataraxiadev.com" = { "webmail.ataraxiadev.com" = {
locations."/" = { locations."/" = {
extraConfig = '' extraConfig = ''

109
profiles/servers/seafile.nix Normal file
View File

@ -0,0 +1,109 @@
{ config, lib, pkgs, ... }:
with config.users.users.alukard; with config.users.groups.${group}; {
secrets.db-pass = { };
secrets.seafile-admin-pass = { };
virtualisation.oci-containers.containers.seafile-server = {
autoStart = true;
dependsOn = [ "seafile-db" "memcached" "seafile-caddy" ];
environment = {
DB_HOST = "seafile-db";
TIME_ZONE = "Europe/Moscow";
HTTPS = "false";
SEAFILE_SERVER_HOSTNAME = "file.ataraxiadev.com";
};
environmentFiles = [
config.secrets.db-pass.decrypted
];
extraOptions = [
"--network=seafile"
];
image = "ggogel/seafile-server:9.0.4";
volumes = [ "/seafile/server-data:/shared" ];
};
virtualisation.oci-containers.containers.seahub = {
autoStart = true;
dependsOn = [ "seafile-server" "seahub-media" "seafile-caddy" ];
environment = {
SEAFILE_ADMIN_EMAIL = "admin@ataraxiadev.com";
};
environmentFiles = [
config.secrets.seafile-admin-pass.decrypted
];
extraOptions = [
"--network=seafile"
];
image = "ggogel/seahub:9.0.4";
volumes = [
"/seafile/server-data:/shared"
];
};
virtualisation.oci-containers.containers.seahub-media = {
autoStart = true;
dependsOn = [ "seafile-caddy" ];
extraOptions = [
"--network=seafile"
];
image = "ggogel/seahub-media:9.0.4";
volumes = [
"/seafile/server-data/seafile/seahub-data/avatars:/usr/share/caddy/media/avatars"
"/seafile/server-data/seafile/seahub-data/custom:/usr/share/caddy/media/custom"
];
};
virtualisation.oci-containers.containers.seafile-db = {
autoStart = true;
environment = {
MYSQL_LOG_CONSOLE = "true";
};
environmentFiles = [
config.secrets.db-pass.decrypted
];
extraOptions = [
"--network=seafile"
];
image = "mariadb:10.7.1";
volumes = [
"/seafile/mariadb:/var/lib/mysql"
];
};
virtualisation.oci-containers.containers.memcached = {
autoStart = true;
environment = {
MEMCACHED_CACHE_SIZE = "128";
};
extraOptions = [
"--network=seafile"
];
image = "bitnami/memcached:1.6.14";
};
virtualisation.oci-containers.containers.seafile-caddy = {
autoStart = true;
extraOptions = [
"--network=seafile"
];
ports = [ "127.0.0.1:8088:80" ];
image = "ggogel/seafile-caddy:1.0.6";
};
systemd.services.create-seafile-network = with config.virtualisation.oci-containers; {
serviceConfig.Type = "oneshot";
wantedBy = [
"${backend}-seafile-server.service"
"${backend}-seahub.service"
"${backend}-seahub-media.service"
"${backend}-seafile-db.service"
"${backend}-memcached.service"
"${backend}-seafile-caddy.service"
];
script = ''
${pkgs.docker}/bin/docker network inspect seafile || \
${pkgs.docker}/bin/docker network create -d bridge seafile
exit 0
'';
};
}