nixos-config/hosts/nuc/modules/seafile/default.nix

{ config, pkgs, ... }:
let
  domain = "seafile.${config.networking.domain}";
in
{
  services.seafile = {
    enable = true;
    adminEmail = "admin@rfive.de";
    initialAdminPassword = "unused garbage";
    ccnetSettings.General.SERVICE_URL = "https://${domain}";
    ccnetSettings.General.FILE_SERVER_ROOT = "https://${domain}/seafhttp";
    seafileSettings.fileserver.port = 8083;
    seahubExtraConf = ''
      ENABLE_OAUTH = True
      OAUTH_ENABLE_INSECURE_TRANSPORT = True

      OAUTH_CLIENT_ID = "seafile"
      with open('/var/lib/seafile/.oidcSecret') as f:
        OAUTH_CLIENT_SECRET = f.readline().rstrip()
      OAUTH_REDIRECT_URL = 'https://seafile.rfive.de/oauth/callback/'
 
      OAUTH_PROVIDER_DOMAIN   = 'seafile.rfive.de'
      OAUTH_AUTHORIZATION_URL = 'https://auth.rfive.de/application/o/authorize/'
      OAUTH_TOKEN_URL         = 'https://auth.rfive.de/application/o/token/'
      OAUTH_USER_INFO_URL     = 'https://auth.rfive.de/application/o/userinfo/'
      OAUTH_SCOPE = [ "openid", "profile", "email"]
      OAUTH_ATTRIBUTE_MAP = {
          "id":    (False, "not used"),
          "name":  (False, "full name"),
          "email": (True, "email"),
      }
    '';
  };
  services.nginx.virtualHosts."${domain}" = {
    locations."/" = {
      proxyPass = "http://unix:/run/seahub/gunicorn.sock";
    };
    locations."/seafhttp" = {
      proxyPass = "http://127.0.0.1:${toString config.services.seafile.seafileSettings.fileserver.port}";
      extraConfig = ''
        rewrite ^/seafhttp(.*)$ $1 break;
      '';
    };
    locations."/media" = {
      root = pkgs.seahub;
    };
    locations."/accounts/login" = {
      return = "301 /oauth/login";
    };
  };
}
seafile: init 2023-10-15 16:30:40 +02:00			`{ config, pkgs, ... }:`
			`let`
			`domain = "seafile.${config.networking.domain}";`
			`in`
			`{`
			`services.seafile = {`
			`enable = true;`
seafile: configure openid-connect 2024-04-27 20:59:10 +02:00			`adminEmail = "admin@rfive.de";`
seafile: init 2023-10-15 16:30:40 +02:00			`initialAdminPassword = "unused garbage";`
			`ccnetSettings.General.SERVICE_URL = "https://${domain}";`
			`ccnetSettings.General.FILE_SERVER_ROOT = "https://${domain}/seafhttp";`
matrix: add telegram bridge 2024-02-29 15:37:22 +01:00			`seafileSettings.fileserver.port = 8083;`
seafile: configure openid-connect 2024-04-27 20:59:10 +02:00			`seahubExtraConf = ''`
			`ENABLE_OAUTH = True`
			`OAUTH_ENABLE_INSECURE_TRANSPORT = True`

			`OAUTH_CLIENT_ID = "seafile"`
seafile: put secret on nuc 2024-04-30 15:02:46 +02:00			`with open('/var/lib/seafile/.oidcSecret') as f:`
seafile: configure openid-connect 2024-04-27 20:59:10 +02:00			`OAUTH_CLIENT_SECRET = f.readline().rstrip()`
			`OAUTH_REDIRECT_URL = 'https://seafile.rfive.de/oauth/callback/'`

			`OAUTH_PROVIDER_DOMAIN = 'seafile.rfive.de'`
seafile: configure authentik 2024-05-20 12:20:28 +02:00			`OAUTH_AUTHORIZATION_URL = 'https://auth.rfive.de/application/o/authorize/'`
			`OAUTH_TOKEN_URL = 'https://auth.rfive.de/application/o/token/'`
			`OAUTH_USER_INFO_URL = 'https://auth.rfive.de/application/o/userinfo/'`
seafile: configure openid-connect 2024-04-27 20:59:10 +02:00			`OAUTH_SCOPE = [ "openid", "profile", "email"]`
			`OAUTH_ATTRIBUTE_MAP = {`
			`"id": (False, "not used"),`
			`"name": (False, "full name"),`
			`"email": (True, "email"),`
			`}`
			`'';`
seafile: init 2023-10-15 16:30:40 +02:00			`};`
			`services.nginx.virtualHosts."${domain}" = {`
			`locations."/" = {`
			`proxyPass = "http://unix:/run/seahub/gunicorn.sock";`
			`};`
			`locations."/seafhttp" = {`
			`proxyPass = "http://127.0.0.1:${toString config.services.seafile.seafileSettings.fileserver.port}";`
			`extraConfig = ''`
			`rewrite ^/seafhttp(.*)$ $1 break;`
			`'';`
			`};`
			`locations."/media" = {`
			`root = pkgs.seahub;`
			`};`
seafile: configure openid-connect 2024-04-27 20:59:10 +02:00			`locations."/accounts/login" = {`
			`return = "301 /oauth/login";`
			`};`
seafile: init 2023-10-15 16:30:40 +02:00			`};`
			`}`