2023-10-15 16:30:40 +02:00
|
|
|
{ config, pkgs, ... }:
|
|
|
|
let
|
|
|
|
domain = "seafile.${config.networking.domain}";
|
|
|
|
in
|
|
|
|
{
|
2024-04-27 20:59:10 +02:00
|
|
|
age.secrets."seafile/oidc-secret" = {
|
|
|
|
file = ../../../../secrets/nuc/seafile/oidc-secret.age;
|
|
|
|
mode = "0440";
|
|
|
|
group = "seafile";
|
|
|
|
};
|
2023-10-15 16:30:40 +02:00
|
|
|
services.seafile = {
|
|
|
|
enable = true;
|
2024-04-27 20:59:10 +02:00
|
|
|
adminEmail = "admin@rfive.de";
|
2023-10-15 16:30:40 +02:00
|
|
|
initialAdminPassword = "unused garbage";
|
|
|
|
ccnetSettings.General.SERVICE_URL = "https://${domain}";
|
|
|
|
ccnetSettings.General.FILE_SERVER_ROOT = "https://${domain}/seafhttp";
|
2024-02-29 15:37:22 +01:00
|
|
|
seafileSettings.fileserver.port = 8083;
|
2024-04-27 20:59:10 +02:00
|
|
|
seahubExtraConf = ''
|
|
|
|
ENABLE_OAUTH = True
|
|
|
|
OAUTH_ENABLE_INSECURE_TRANSPORT = True
|
|
|
|
|
|
|
|
OAUTH_CLIENT_ID = "seafile"
|
|
|
|
with open('${config.age.secrets."seafile/oidc-secret".path}') as f:
|
|
|
|
OAUTH_CLIENT_SECRET = f.readline().rstrip()
|
|
|
|
OAUTH_REDIRECT_URL = 'https://seafile.rfive.de/oauth/callback/'
|
|
|
|
|
|
|
|
OAUTH_PROVIDER_DOMAIN = 'seafile.rfive.de'
|
|
|
|
OAUTH_AUTHORIZATION_URL = 'https://auth.rfive.de/realms/master/protocol/openid-connect/auth'
|
|
|
|
OAUTH_TOKEN_URL = 'https://auth.rfive.de/realms/master/protocol/openid-connect/token'
|
|
|
|
OAUTH_USER_INFO_URL = 'https://auth.rfive.de/realms/master/protocol/openid-connect/userinfo'
|
|
|
|
OAUTH_SCOPE = [ "openid", "profile", "email"]
|
|
|
|
OAUTH_ATTRIBUTE_MAP = {
|
|
|
|
"id": (False, "not used"),
|
|
|
|
"name": (False, "full name"),
|
|
|
|
"email": (True, "email"),
|
|
|
|
}
|
|
|
|
'';
|
2023-10-15 16:30:40 +02:00
|
|
|
};
|
|
|
|
services.nginx.virtualHosts."${domain}" = {
|
|
|
|
locations."/" = {
|
|
|
|
proxyPass = "http://unix:/run/seahub/gunicorn.sock";
|
|
|
|
};
|
|
|
|
locations."/seafhttp" = {
|
|
|
|
proxyPass = "http://127.0.0.1:${toString config.services.seafile.seafileSettings.fileserver.port}";
|
|
|
|
extraConfig = ''
|
|
|
|
rewrite ^/seafhttp(.*)$ $1 break;
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
locations."/media" = {
|
|
|
|
root = pkgs.seahub;
|
|
|
|
};
|
2024-04-27 20:59:10 +02:00
|
|
|
locations."/accounts/login" = {
|
|
|
|
return = "301 /oauth/login";
|
|
|
|
};
|
2023-10-15 16:30:40 +02:00
|
|
|
};
|
|
|
|
}
|