From fdcfeb524cbff3721ec7bd9efcb002e2c829f4b3 Mon Sep 17 00:00:00 2001 From: Rouven Seifert Date: Sun, 15 Oct 2023 16:30:40 +0200 Subject: [PATCH] seafile: init --- flake.lock | 6 +- flake.nix | 3 + .../falkenstein-1/modules/backup/default.nix | 23 +++--- hosts/nuc/default.nix | 1 + hosts/nuc/modules/backup/default.nix | 11 ++- hosts/nuc/modules/seafile/default.nix | 29 +++++++ hosts/thinkpad/modules/backup/default.nix | 53 ++++++------ overlays/default.nix | 81 +++++++++++++++++++ users/rouven/modules/helix/default.nix | 1 + users/rouven/modules/packages.nix | 3 + 10 files changed, 170 insertions(+), 41 deletions(-) create mode 100644 hosts/nuc/modules/seafile/default.nix diff --git a/flake.lock b/flake.lock index 9bd05db..74675bd 100644 --- a/flake.lock +++ b/flake.lock @@ -301,11 +301,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1696879762, - "narHash": "sha256-Ud6bH4DMcYHUDKavNMxAhcIpDGgHMyL/yaDEAVSImQY=", + "lastModified": 1697059129, + "narHash": "sha256-9NJcFF9CEYPvHJ5ckE8kvINvI84SZZ87PvqMbH6pro0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "f99e5f03cc0aa231ab5950a15ed02afec45ed51a", + "rev": "5e4c2ada4fcd54b99d56d7bd62f384511a7e2593", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index ae51d7e..6d6fc97 100644 --- a/flake.nix +++ b/flake.nix @@ -113,6 +113,9 @@ ./hosts/nuc ./shared sops-nix.nixosModules.sops + { + nixpkgs.overlays = [ self.overlays.default ]; + } ]; }; falkenstein-1 = nixpkgs.lib.nixosSystem { diff --git a/hosts/falkenstein-1/modules/backup/default.nix b/hosts/falkenstein-1/modules/backup/default.nix index d7af02d..b3adfda 100644 --- a/hosts/falkenstein-1/modules/backup/default.nix +++ b/hosts/falkenstein-1/modules/backup/default.nix @@ -5,17 +5,20 @@ services.borgmatic = { enable = true; settings = { - location = { - source_directories = [ - "/var/lib" - "/var/log" - "/root" - ]; + # fix failing check + location = null; + source_directories = [ + "/var/lib" + "/var/log" + "/root" + ]; - repositories = [ - "ssh://root@192.168.10.2/mnt/backup/falkenstein" - ]; - }; + repositories = [ + { + path = "ssh://root@192.168.10.2/mnt/backup/falkenstein"; + label = "nuc"; + } + ]; storage = { encryption_passcommand = "${pkgs.coreutils}/bin/cat ${config.sops.secrets."borg/passphrase".path}"; compression = "lz4"; diff --git a/hosts/nuc/default.nix b/hosts/nuc/default.nix index 21f4dd0..f45f17a 100644 --- a/hosts/nuc/default.nix +++ b/hosts/nuc/default.nix @@ -10,6 +10,7 @@ ./modules/backup ./modules/hydra ./modules/nextcloud + ./modules/seafile ./modules/uptime-kuma ./modules/vaultwarden ./modules/nginx diff --git a/hosts/nuc/modules/backup/default.nix b/hosts/nuc/modules/backup/default.nix index e4aa05b..ccf9685 100644 --- a/hosts/nuc/modules/backup/default.nix +++ b/hosts/nuc/modules/backup/default.nix @@ -12,13 +12,18 @@ services.borgmatic = { enable = true; settings = { - location.source_directories = [ + # fix failing check + location = null; + source_directories = [ "/var/lib" "/var/log" "/nix/persist" ]; - location.repositories = [ - "/mnt/backup/nuc" + repositories = [ + { + label = "nuc"; + path = "/mnt/backup/nuc"; + } ]; storage = { encryption_passcommand = "${pkgs.coreutils}/bin/cat ${config.sops.secrets."borg/passphrase".path}"; diff --git a/hosts/nuc/modules/seafile/default.nix b/hosts/nuc/modules/seafile/default.nix new file mode 100644 index 0000000..5676a07 --- /dev/null +++ b/hosts/nuc/modules/seafile/default.nix @@ -0,0 +1,29 @@ +{ config, pkgs, ... }: +let + domain = "seafile.${config.networking.domain}"; +in +{ + services.seafile = { + enable = true; + adminEmail = "rouven@rfive.de"; + initialAdminPassword = "unused garbage"; + ccnetSettings.General.SERVICE_URL = "https://${domain}"; + ccnetSettings.General.FILE_SERVER_ROOT = "https://${domain}/seafhttp"; + }; + services.nginx.virtualHosts."${domain}" = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://unix:/run/seahub/gunicorn.sock"; + }; + locations."/seafhttp" = { + proxyPass = "http://127.0.0.1:${toString config.services.seafile.seafileSettings.fileserver.port}"; + extraConfig = '' + rewrite ^/seafhttp(.*)$ $1 break; + ''; + }; + locations."/media" = { + root = pkgs.seahub; + }; + }; +} diff --git a/hosts/thinkpad/modules/backup/default.nix b/hosts/thinkpad/modules/backup/default.nix index aa70d7e..e34772b 100644 --- a/hosts/thinkpad/modules/backup/default.nix +++ b/hosts/thinkpad/modules/backup/default.nix @@ -5,32 +5,35 @@ services.borgmatic = { enable = true; settings = { - location = { - source_directories = [ - "/var/lib" - "/var/log" - "/nix/persist" - "/home" - "/etc/secureboot" - ]; + # fix failing check + location = null; + source_directories = [ + "/var/lib" + "/var/log" + "/nix/persist" + "/home" + "/etc/secureboot" + ]; - repositories = [ - "ssh://root@192.168.10.2/mnt/backup/thinkpad" - ]; - exclude_patterns = [ - "/home/*/.cache" - "/home/*/.zcomp*" - "/home/*/.zcomp*" - "/home/*/.gradle*" - "/home/*/.java*" - "/home/*/.m2*" - "/home/*/.wine*" - "/home/*/.mypy_cache*" - "/home/*/.local/share" - "/home/*/.local/share" - "/home/*/Linux/Isos" - ]; - }; + repositories = [ + { + label = "nuc"; + path = "ssh://root@192.168.10.2/mnt/backup/thinkpad"; + } + ]; + exclude_patterns = [ + "/home/*/.cache" + "/home/*/.zcomp*" + "/home/*/.zcomp*" + "/home/*/.gradle*" + "/home/*/.java*" + "/home/*/.m2*" + "/home/*/.wine*" + "/home/*/.mypy_cache*" + "/home/*/.local/share" + "/home/*/.local/share" + "/home/*/Linux/Isos" + ]; storage = { encryption_passcommand = "${pkgs.coreutils}/bin/cat ${config.sops.secrets."borg/passphrase".path}"; compression = "lz4"; diff --git a/overlays/default.nix b/overlays/default.nix index 3fa6e30..85342c1 100644 --- a/overlays/default.nix +++ b/overlays/default.nix @@ -1,8 +1,11 @@ _final: prev: let inherit (prev) callPackage; + inherit (prev) python3Packages; inherit (prev) fetchFromGitHub; + inherit (prev) fetchPypi; inherit (prev) fetchpatch; + inherit (prev) makeWrapper; in { wpa_supplicant_gui = prev.wpa_supplicant_gui.overrideAttrs @@ -44,4 +47,82 @@ in gnome-break-timer = callPackage ../pkgs/gnome-break-timer { }; jmri = callPackage ../pkgs/jmri { }; adguardian-term = callPackage ../pkgs/adguardian-term { }; + + # upstream package is broken and can't be fixed by overriding attrs. so I just completely redo it in here + seahub = (python3Packages.buildPythonApplication + rec { + pname = "seahub"; + version = "11.0.1"; + format = "other"; + src = fetchFromGitHub { + owner = "haiwen"; + repo = "seahub"; + rev = "v11.0.1-pro"; + sha256 = "sha256-dxMvbiAdECMZIf+HgA5P2gZYI9l+k+nhmdzfg90037A="; + }; + + + dontBuild = true; + + doCheck = false; # disabled because it requires a ccnet environment + + nativeBuildInputs = [ + makeWrapper + ]; + + propagatedBuildInputs = with python3Packages; [ + django + future + django-compressor + django-statici18n + django-webpack-loader + django-simple-captcha + django-picklefield + django-formtools + mysqlclient + pillow + python-dateutil + djangorestframework + openpyxl + requests + requests-oauthlib + chardet + pyjwt + pycryptodome + qrcode + pysearpc + seaserv + gunicorn + markdown + bleach + python-ldap + pyopenssl + (buildPythonPackage rec { + pname = "djangosaml2"; + version = "1.7.0"; + doCheck = false; + propagatedBuildInputs = [ + pysaml2 + django + defusedxml + ]; + src = fetchPypi { + inherit pname version; + sha256 = "sha256-WiMl2UvbOskLA5o5LXPrBF2VktlDnlBNdc42eZ62Fko="; + }; + }) + ]; + + installPhase = '' + cp -dr --no-preserve='ownership' . $out/ + wrapProgram $out/manage.py \ + --prefix PYTHONPATH : "$PYTHONPATH:$out/thirdpart:" + ''; + + passthru = rec { + python = prev.python3; + pythonPath = python.pkgs.makePythonPath propagatedBuildInputs; + }; + }); + } diff --git a/users/rouven/modules/helix/default.nix b/users/rouven/modules/helix/default.nix index 3e7582e..392db6e 100644 --- a/users/rouven/modules/helix/default.nix +++ b/users/rouven/modules/helix/default.nix @@ -21,6 +21,7 @@ pylint ])) clang-tools + nodePackages.typescript-language-server ]; programs.helix = { enable = true; diff --git a/users/rouven/modules/packages.nix b/users/rouven/modules/packages.nix index 0608060..e6ec11d 100644 --- a/users/rouven/modules/packages.nix +++ b/users/rouven/modules/packages.nix @@ -16,6 +16,8 @@ in pcmanfm xdg-utils # used for xdg-open tex + appimage-run + seafile-client # graphics evince # pdf viewer @@ -29,6 +31,7 @@ in # sound pavucontrol x32edit + spotify # bluetooth blueman