nixos-config/hosts/nuc/modules/seafile/default.nix

47 lines
1.5 KiB
Nix
Raw Normal View History

2023-10-15 16:30:40 +02:00
{ config, pkgs, ... }:
let
domain = "seafile.${config.networking.domain}";
in
{
services.seafile = {
enable = true;
2024-04-27 20:59:10 +02:00
adminEmail = "admin@rfive.de";
2023-10-15 16:30:40 +02:00
initialAdminPassword = "unused garbage";
ccnetSettings.General.SERVICE_URL = "https://${domain}";
ccnetSettings.General.FILE_SERVER_ROOT = "https://${domain}/seafhttp";
2024-02-29 15:37:22 +01:00
seafileSettings.fileserver.port = 8083;
2024-04-27 20:59:10 +02:00
seahubExtraConf = ''
ENABLE_OAUTH = True
OAUTH_ENABLE_INSECURE_TRANSPORT = True
OAUTH_CLIENT_ID = "seafile"
2024-04-30 15:02:46 +02:00
with open('/var/lib/seafile/.oidcSecret') as f:
2024-04-27 20:59:10 +02:00
OAUTH_CLIENT_SECRET = f.readline().rstrip()
OAUTH_REDIRECT_URL = 'https://seafile.rfive.de/oauth/callback/'
OAUTH_PROVIDER_DOMAIN = 'seafile.rfive.de'
2024-05-20 12:20:28 +02:00
OAUTH_AUTHORIZATION_URL = 'https://auth.rfive.de/application/o/authorize/'
OAUTH_TOKEN_URL = 'https://auth.rfive.de/application/o/token/'
OAUTH_USER_INFO_URL = 'https://auth.rfive.de/application/o/userinfo/'
2024-04-27 20:59:10 +02:00
OAUTH_SCOPE = [ "openid", "profile", "email"]
OAUTH_ATTRIBUTE_MAP = {
"id": (False, "not used"),
"name": (False, "full name"),
"email": (True, "email"),
}
'';
2023-10-15 16:30:40 +02:00
};
2024-05-21 18:44:04 +02:00
services.caddy.virtualHosts."${domain}".extraConfig = ''
redir /accounts/login /oauth/login
reverse_proxy unix//run/seahub/gunicorn.sock
route /media/* {
2024-05-23 09:25:08 +02:00
root * ${pkgs.seahub}
2024-05-21 18:44:04 +02:00
}
route /seafhttp/* {
uri strip_prefix /seafhttp
reverse_proxy 127.0.0.1:${toString config.services.seafile.seafileSettings.fileserver.port}
}
'';
2023-10-15 16:30:40 +02:00
}