seafile: init

flake.lock

@@ -301,11 +301,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1696879762,
+        "lastModified": 1697059129,
-        "narHash": "sha256-Ud6bH4DMcYHUDKavNMxAhcIpDGgHMyL/yaDEAVSImQY=",
+        "narHash": "sha256-9NJcFF9CEYPvHJ5ckE8kvINvI84SZZ87PvqMbH6pro0=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "f99e5f03cc0aa231ab5950a15ed02afec45ed51a",
+        "rev": "5e4c2ada4fcd54b99d56d7bd62f384511a7e2593",
         "type": "github"
       },
       "original": {

flake.nix

@@ -113,6 +113,9 @@
             ./hosts/nuc
             ./shared
             sops-nix.nixosModules.sops
+            {
+              nixpkgs.overlays = [ self.overlays.default ];
+            }
           ];
         };
         falkenstein-1 = nixpkgs.lib.nixosSystem {

hosts/falkenstein-1/modules/backup/default.nix

@@ -5,17 +5,20 @@
   services.borgmatic = {
     enable = true;
     settings = {
-      location = {
+      # fix failing check
-        source_directories = [
+      location = null;
-          "/var/lib"
+      source_directories = [
-          "/var/log"
+        "/var/lib"
-          "/root"
+        "/var/log"
-        ];
+        "/root"
+      ];
 
-        repositories = [
+      repositories = [
-          "ssh://root@192.168.10.2/mnt/backup/falkenstein"
+        {
-        ];
+          path = "ssh://root@192.168.10.2/mnt/backup/falkenstein";
-      };
+          label = "nuc";
+        }
+      ];
       storage = {
         encryption_passcommand = "${pkgs.coreutils}/bin/cat ${config.sops.secrets."borg/passphrase".path}";
         compression = "lz4";

hosts/nuc/default.nix

@@ -10,6 +10,7 @@
       ./modules/backup
       ./modules/hydra
       ./modules/nextcloud
+      ./modules/seafile
       ./modules/uptime-kuma
       ./modules/vaultwarden
       ./modules/nginx

hosts/nuc/modules/backup/default.nix

@@ -12,13 +12,18 @@
   services.borgmatic = {
     enable = true;
     settings = {
-      location.source_directories = [
+      # fix failing check
+      location = null;
+      source_directories = [
         "/var/lib"
         "/var/log"
         "/nix/persist"
       ];
-      location.repositories = [
+      repositories = [
-        "/mnt/backup/nuc"
+        {
+          label = "nuc";
+          path = "/mnt/backup/nuc";
+        }
       ];
       storage = {
         encryption_passcommand = "${pkgs.coreutils}/bin/cat ${config.sops.secrets."borg/passphrase".path}";

hosts/nuc/modules/seafile/default.nix

@@ -0,0 +1,29 @@
+{ config, pkgs, ... }:
+let
+  domain = "seafile.${config.networking.domain}";
+in
+{
+  services.seafile = {
+    enable = true;
+    adminEmail = "rouven@rfive.de";
+    initialAdminPassword = "unused garbage";
+    ccnetSettings.General.SERVICE_URL = "https://${domain}";
+    ccnetSettings.General.FILE_SERVER_ROOT = "https://${domain}/seafhttp";
+  };
+  services.nginx.virtualHosts."${domain}" = {
+    enableACME = true;
+    forceSSL = true;
+    locations."/" = {
+      proxyPass = "http://unix:/run/seahub/gunicorn.sock";
+    };
+    locations."/seafhttp" = {
+      proxyPass = "http://127.0.0.1:${toString config.services.seafile.seafileSettings.fileserver.port}";
+      extraConfig = ''
+        rewrite ^/seafhttp(.*)$ $1 break;
+      '';
+    };
+    locations."/media" = {
+      root = pkgs.seahub;
+    };
+  };
+}

hosts/thinkpad/modules/backup/default.nix

@@ -5,32 +5,35 @@
   services.borgmatic = {
     enable = true;
     settings = {
-      location = {
+      # fix failing check
-        source_directories = [
+      location = null;
-          "/var/lib"
+      source_directories = [
-          "/var/log"
+        "/var/lib"
-          "/nix/persist"
+        "/var/log"
-          "/home"
+        "/nix/persist"
-          "/etc/secureboot"
+        "/home"
-        ];
+        "/etc/secureboot"
+      ];
 
-        repositories = [
+      repositories = [
-          "ssh://root@192.168.10.2/mnt/backup/thinkpad"
+        {
-        ];
+          label = "nuc";
-        exclude_patterns = [
+          path = "ssh://root@192.168.10.2/mnt/backup/thinkpad";
-          "/home/*/.cache"
+        }
-          "/home/*/.zcomp*"
+      ];
-          "/home/*/.zcomp*"
+      exclude_patterns = [
-          "/home/*/.gradle*"
+        "/home/*/.cache"
-          "/home/*/.java*"
+        "/home/*/.zcomp*"
-          "/home/*/.m2*"
+        "/home/*/.zcomp*"
-          "/home/*/.wine*"
+        "/home/*/.gradle*"
-          "/home/*/.mypy_cache*"
+        "/home/*/.java*"
-          "/home/*/.local/share"
+        "/home/*/.m2*"
-          "/home/*/.local/share"
+        "/home/*/.wine*"
-          "/home/*/Linux/Isos"
+        "/home/*/.mypy_cache*"
-        ];
+        "/home/*/.local/share"
-      };
+        "/home/*/.local/share"
+        "/home/*/Linux/Isos"
+      ];
       storage = {
         encryption_passcommand = "${pkgs.coreutils}/bin/cat ${config.sops.secrets."borg/passphrase".path}";
         compression = "lz4";

overlays/default.nix

@@ -1,8 +1,11 @@
 _final: prev:
 let
   inherit (prev) callPackage;
+  inherit (prev) python3Packages;
   inherit (prev) fetchFromGitHub;
+  inherit (prev) fetchPypi;
   inherit (prev) fetchpatch;
+  inherit (prev) makeWrapper;
 in
 {
   wpa_supplicant_gui = prev.wpa_supplicant_gui.overrideAttrs
@@ -44,4 +47,82 @@ in
   gnome-break-timer = callPackage ../pkgs/gnome-break-timer { };
   jmri = callPackage ../pkgs/jmri { };
   adguardian-term = callPackage ../pkgs/adguardian-term { };
+
+  # upstream package is broken and can't be fixed by overriding attrs. so I just completely redo it in here
+  seahub = (python3Packages.buildPythonApplication
+    rec {
+      pname = "seahub";
+      version = "11.0.1";
+      format = "other";
+      src = fetchFromGitHub {
+        owner = "haiwen";
+        repo = "seahub";
+        rev = "v11.0.1-pro";
+        sha256 = "sha256-dxMvbiAdECMZIf+HgA5P2gZYI9l+k+nhmdzfg90037A=";
+      };
+
+
+      dontBuild = true;
+
+      doCheck = false; # disabled because it requires a ccnet environment
+
+      nativeBuildInputs = [
+        makeWrapper
+      ];
+
+      propagatedBuildInputs = with python3Packages; [
+        django
+        future
+        django-compressor
+        django-statici18n
+        django-webpack-loader
+        django-simple-captcha
+        django-picklefield
+        django-formtools
+        mysqlclient
+        pillow
+        python-dateutil
+        djangorestframework
+        openpyxl
+        requests
+        requests-oauthlib
+        chardet
+        pyjwt
+        pycryptodome
+        qrcode
+        pysearpc
+        seaserv
+        gunicorn
+        markdown
+        bleach
+        python-ldap
+        pyopenssl
+        (buildPythonPackage rec {
+          pname = "djangosaml2";
+          version = "1.7.0";
+          doCheck = false;
+          propagatedBuildInputs = [
+            pysaml2
+            django
+            defusedxml
+          ];
+          src = fetchPypi {
+            inherit pname version;
+            sha256 = "sha256-WiMl2UvbOskLA5o5LXPrBF2VktlDnlBNdc42eZ62Fko=";
+          };
+        })
+      ];
+
+      installPhase = ''
+        cp -dr --no-preserve='ownership' . $out/
+        wrapProgram $out/manage.py \
+          --prefix PYTHONPATH : "$PYTHONPATH:$out/thirdpart:"
+      '';
+
+      passthru = rec {
+        python = prev.python3;
+        pythonPath = python.pkgs.makePythonPath propagatedBuildInputs;
+      };
+    });
+
 }

users/rouven/modules/helix/default.nix

@@ -21,6 +21,7 @@
       pylint
     ]))
     clang-tools
+    nodePackages.typescript-language-server
   ];
   programs.helix = {
     enable = true;

users/rouven/modules/packages.nix

@@ -16,6 +16,8 @@ in
     pcmanfm
     xdg-utils # used for xdg-open
     tex
+    appimage-run
+    seafile-client
 
     # graphics
     evince # pdf viewer
@@ -29,6 +31,7 @@ in
     # sound
     pavucontrol
     x32edit
+    spotify
 
     # bluetooth
     blueman