From a6ab36252a1fbe8c7a657e25ee117b94aed90f82 Mon Sep 17 00:00:00 2001 From: Jurn Wubben Date: Thu, 24 Jul 2025 23:34:42 +0200 Subject: [PATCH] Removal of seafile --- secrets/default.nix | 5 -- secrets/seafile-oidc.age | 15 ----- secrets/secrets.nix | 1 - system/server/default.nix | 1 - system/server/seafile.nix | 117 -------------------------------------- 5 files changed, 139 deletions(-) delete mode 100644 secrets/seafile-oidc.age delete mode 100644 system/server/seafile.nix diff --git a/secrets/default.nix b/secrets/default.nix index 319a835..b2ffdcc 100644 --- a/secrets/default.nix +++ b/secrets/default.nix @@ -42,10 +42,5 @@ in { file = ./immich-oidc.age; owner = abstrServiceUser "immich"; }; - seafile-oidc = mkIf server { - file = ./seafile-oidc.age; - owner = abstrServiceUser "seafile"; - mode = "400"; - }; }; } diff --git a/secrets/seafile-oidc.age b/secrets/seafile-oidc.age deleted file mode 100644 index 70db7a2..0000000 --- a/secrets/seafile-oidc.age +++ /dev/null @@ -1,15 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 GQzYWA N2jnATED5CQTDflLzW2wnIarM0nc8hTJAQ9G9Q5M+2U -jV9R8GqaqQe4TeXa6mqhZGLWAVPoGpTHuh42tCnTwds --> ssh-ed25519 MfR7VA VAlild/90Vofo0zXd42NapS1sHluYLPGP5lMC+JSIFo -VdPZvpRpC0JA8ba+HI5F3lOuR8qZAlFZt8AQEytqOEs --> ssh-ed25519 +cvRTg hW1dt51t+g4MOCPxwP2o7RuIpi16q0b7c5CA4EAxs3o -UwDgBrgetix+6FuAowZaG6Aq+J1CDZdsjIn9v38g9I8 --> ssh-ed25519 WCPLrA QksEezxLik0zl+3YiDtM95LQqNeZKAHaqdlmKTOj0XY -Thj7Gbkw5uti1pzMd0jZ2d4EzIY4QA7MJbC/gPdvIbo --> ssh-ed25519 7/ziYw kffVPB2i78R1mlidzoBV15sDVeEWWt40bhrIgtm/Zws -fFukgot++DcOQd8qrkzD6xh6zFhVnZNmqNF4i33vLLw --> ssh-ed25519 VQy60Q 84xB7sxEOT3B8CUb7GZCsbJd69gy0yaBYjgrPN8xox0 -qE+5vjNdy67rZPc8QynIvLZzTqyoofMSMnFC3z7hoXQ ---- 7mWx4K+zrpZqGRcoLBWXF+Sod/EmnodV74lvYrc4+d4 -:ÑÔ('0v2ös‘¾£ _[Xöà ½r±î77w´VƽÆôjb݉¤°‘H's+oCd¦X²¯ËªŠGW’™S~4·¨HA\ÓJ•‡MÂÍñx¸­.¢¼ÛÏÈ45ÿ1Öê \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix index d60c431..df90563 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -22,5 +22,4 @@ in { "zitadel-key.age".publicKeys = keys; "forgejo-mailpass.age".publicKeys = keys; "immich-oidc.age".publicKeys = keys; - "seafile-oidc.age".publicKeys = keys; } diff --git a/system/server/default.nix b/system/server/default.nix index 55ee537..c6ac1c8 100644 --- a/system/server/default.nix +++ b/system/server/default.nix @@ -8,7 +8,6 @@ ./index ./mail.nix ./matrix.nix - ./seafile.nix ./temp.nix ./zitadel.nix ]; diff --git a/system/server/seafile.nix b/system/server/seafile.nix deleted file mode 100644 index a8e4601..0000000 --- a/system/server/seafile.nix +++ /dev/null @@ -1,117 +0,0 @@ -{ - config, - inputs, - pkgs, - lib, - ... -}: let - inherit (lib) mkIf mkForce; - cfg = config.niksos.server; - - url = "files.jsw.tf"; - httpsUrl = "https://" + url; - authUrl = config.services.zitadel.settings.ExternalDomain; - httpsAuthUrl = "https://" + authUrl; -in { - config = mkIf cfg { - services.caddy.virtualHosts.${url}.extraConfig = '' - handle_path /seafhttp/* { - reverse_proxy * unix//run/seafile/server.sock - } - handle_path /* { - reverse_proxy * unix//run/seahub/gunicorn.sock - } - ''; - - services.seafile = { - enable = config.niksos.server; - seahubPackage = inputs.nixpkgs-stable.legacyPackages.${pkgs.system}.seahub; - - adminEmail = "jsw@jsw.tf"; - initialAdminPassword = "ChangeMeTheFuckNow!"; - - gc.enable = true; - - ccnetSettings.General.SERVICE_URL = httpsUrl; - seahubExtraConf = '' - ALLOWED_HOSTS = ['.${url}'] - CSRF_COOKIE_SECURE = True - CSRF_COOKIE_SAMESITE = 'Strict' - CSRF_TRUSTED_ORIGINS = ['${httpsUrl}'] - - SITE_NAME = "JSW Cloud" - SITE_TITLE = "JSW Cloud" - - ENABLE_OAUTH = True - OAUTH_CREATE_UNKNOWN_USER = True - OAUTH_ACTIVATE_USER_AFTER_CREATION = True - OAUTH_ENABLE_INSECURE_TRANSPORT = False - OAUTH_CLIENT_ID = "329743411726844274" - - with open("${config.age.secrets.seafile-oidc.path}") as f: - OAUTH_CLIENT_SECRET = f.read() - - OAUTH_REDIRECT_URL = '${httpsUrl}/oauth/callback/' - OAUTH_PROVIDER = '${authUrl}' - OAUTH_AUTHORIZATION_URL = '${httpsAuthUrl}/oauth/v2/authorize/' - OAUTH_TOKEN_URL = '${httpsAuthUrl}/oauth/v2/token/' - OAUTH_USER_INFO_URL = '${httpsAuthUrl}/oidc/v1/userinfo/' - OAUTH_SCOPE = ["openid", "profile", "email"] - OAUTH_ATTRIBUTE_MAP = { - "sub": (True, "uid"), - "name": (True, "name"), - "email": (True, "contact_email") - } - ''; - seafileSettings = { - quota.default = 30; - history.keep_days = 40; - library_trash.expire_days = 14; - fileserver = { - host = "unix:/run/seafile/server.sock"; - web_token_expire_time = 14400; # 4 hours - max_download_dir_size = 100000; # 100gb max download size. - }; - }; - }; - - # environment.etc."seafile/seahub_settings.py" = { - # text = mkForce null; # NOTE: If breaky, check https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/services/networking/seafile.nix#L22. Using hardcoded values instead of the ones in the module so if there changes, things might break. - # source = config.age.secrets.seafile-seahubconf.path; - # user = "seafile"; - # group = "seafile"; - # }; - - #NOTE: Overwriting parts of services so that it uses a different root. When upgrading. Please check the following two things: - ## * If seafile still uses seafile_settings.py to store openid settings.systemd - ## * If the service scripts / settings have changed.systemd - ## * Better even, rewrite this entire part. - systemd.services = let - config-dir = "/run/seafile"; - replaceSecretBin = lib.getExe pkgs.replace-secret; - seafRoot = "/var/lib/seafile"; - ccnetDir = "${seafRoot}/ccnet"; - sfCfg = config.services.seafile; - in { - seaf-server = { - # preStart = '' - # umask 077 - # cp -f '/etc/seafile' '${config-dir}' - # chmod u+w -R '${config-dir}' - # ${replaceSecretBin} '${oidcSubstitute}' '${config.age.secrets.seafile-oidc.path}' '${config-dir}/seahub_settings.py' - # ''; - # serviceConfig.ExecStart = mkForce '' - # ${lib.getExe sfCfg.seahubPackage.seafile-server} \ - # --foreground \ - # -F '${config-dir} \ - # -c ${ccnetDir} \ - # -d ${sfCfg.dataDir} \ - # -l /var/log/seafile/server.log \ - # -P /run/seafile/server.pid \ - # -p /run/seafile - # ''; - }; - # seahub.environment.SEAFILE_CENTRAL_CONF_DIR = mkForce config-dir; - }; - }; -}