2025-07-24 21:45:32 +00:00
5 changed files with 0 additions and 139 deletions
--- a/secrets/default.nix
+++ b/secrets/default.nix
@ -42,10 +42,5 @@ in {
      file = ./immich-oidc.age;
      owner = abstrServiceUser "immich";
    };
-    seafile-oidc = mkIf server {
-      file = ./seafile-oidc.age;
-      owner = abstrServiceUser "seafile";
-      mode = "400";
-    };
  };
 }
--- a/secrets/seafile-oidc.age
+++ b/secrets/seafile-oidc.age
@ -1,15 +0,0 @@
-age-encryption.org/v1
-> ssh-ed25519 GQzYWA N2jnATED5CQTDflLzW2wnIarM0nc8hTJAQ9G9Q5M+2U
-jV9R8GqaqQe4TeXa6mqhZGLWAVPoGpTHuh42tCnTwds
-> ssh-ed25519 MfR7VA VAlild/90Vofo0zXd42NapS1sHluYLPGP5lMC+JSIFo
-VdPZvpRpC0JA8ba+HI5F3lOuR8qZAlFZt8AQEytqOEs
-> ssh-ed25519 +cvRTg hW1dt51t+g4MOCPxwP2o7RuIpi16q0b7c5CA4EAxs3o
-UwDgBrgetix+6FuAowZaG6Aq+J1CDZdsjIn9v38g9I8
-> ssh-ed25519 WCPLrA QksEezxLik0zl+3YiDtM95LQqNeZKAHaqdlmKTOj0XY
-Thj7Gbkw5uti1pzMd0jZ2d4EzIY4QA7MJbC/gPdvIbo
-> ssh-ed25519 7/ziYw kffVPB2i78R1mlidzoBV15sDVeEWWt40bhrIgtm/Zws
-fFukgot++DcOQd8qrkzD6xh6zFhVnZNmqNF4i33vLLw
-> ssh-ed25519 VQy60Q 84xB7sxEOT3B8CUb7GZCsbJd69gy0yaBYjgrPN8xox0
-qE+5vjNdy67rZPc8QynIvLZzTqyoofMSMnFC3z7hoXQ
--- 7mWx4K+zrpZqGRcoLBWXF+Sod/EmnodV74lvYrc4+d4
-:ÑÔ('0v2ös‘¾£
_[Xöà½r±î77w´VÆ½ÆôjbÝ‰¤°‘H's+oCd¦X²¯ËªŠGW’™S~4·¨HA\ÓJ•‡MÂÍñx¸.¢¼ÛÏÈ45ÿ1Öê
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@ -22,5 +22,4 @@ in {
  "zitadel-key.age".publicKeys = keys;
  "forgejo-mailpass.age".publicKeys = keys;
  "immich-oidc.age".publicKeys = keys;
-  "seafile-oidc.age".publicKeys = keys;
 }
--- a/system/server/default.nix
+++ b/system/server/default.nix
@ -8,7 +8,6 @@
    ./index
    ./mail.nix
    ./matrix.nix
-    ./seafile.nix
    ./temp.nix
    ./zitadel.nix
  ];
--- a/system/server/seafile.nix
+++ b/system/server/seafile.nix
@ -1,117 +0,0 @@
-{
-  config,
-  inputs,
-  pkgs,
-  lib,
-  ...
-}: let
-  inherit (lib) mkIf mkForce;
-  cfg = config.niksos.server;
-
-  url = "files.jsw.tf";
-  httpsUrl = "https://" + url;
-  authUrl = config.services.zitadel.settings.ExternalDomain;
-  httpsAuthUrl = "https://" + authUrl;
-in {
-  config = mkIf cfg {
-    services.caddy.virtualHosts.${url}.extraConfig = ''
-           handle_path /seafhttp/* {
-      reverse_proxy * unix//run/seafile/server.sock
-           }
-           handle_path /* {
-      reverse_proxy * unix//run/seahub/gunicorn.sock
-           }
-    '';
-
-    services.seafile = {
-      enable = config.niksos.server;
-      seahubPackage = inputs.nixpkgs-stable.legacyPackages.${pkgs.system}.seahub;
-
-      adminEmail = "jsw@jsw.tf";
-      initialAdminPassword = "ChangeMeTheFuckNow!";
-
-      gc.enable = true;
-
-      ccnetSettings.General.SERVICE_URL = httpsUrl;
-      seahubExtraConf = ''
-        ALLOWED_HOSTS = ['.${url}']
-        CSRF_COOKIE_SECURE = True
-        CSRF_COOKIE_SAMESITE = 'Strict'
-        CSRF_TRUSTED_ORIGINS = ['${httpsUrl}']
-
-        SITE_NAME = "JSW Cloud"
-        SITE_TITLE = "JSW Cloud"
-
-        ENABLE_OAUTH = True
-        OAUTH_CREATE_UNKNOWN_USER = True
-        OAUTH_ACTIVATE_USER_AFTER_CREATION = True
-        OAUTH_ENABLE_INSECURE_TRANSPORT = False
-        OAUTH_CLIENT_ID = "329743411726844274"
-
-        with open("${config.age.secrets.seafile-oidc.path}") as f:
-          OAUTH_CLIENT_SECRET = f.read()
-
-        OAUTH_REDIRECT_URL = '${httpsUrl}/oauth/callback/'
-        OAUTH_PROVIDER = '${authUrl}'
-        OAUTH_AUTHORIZATION_URL = '${httpsAuthUrl}/oauth/v2/authorize/'
-        OAUTH_TOKEN_URL = '${httpsAuthUrl}/oauth/v2/token/'
-        OAUTH_USER_INFO_URL = '${httpsAuthUrl}/oidc/v1/userinfo/'
-        OAUTH_SCOPE = ["openid", "profile", "email"]
-        OAUTH_ATTRIBUTE_MAP = {
-            "sub": (True, "uid"),
-            "name": (True, "name"),
-            "email": (True, "contact_email")
-        }
-      '';
-      seafileSettings = {
-        quota.default = 30;
-        history.keep_days = 40;
-        library_trash.expire_days = 14;
-        fileserver = {
-          host = "unix:/run/seafile/server.sock";
-          web_token_expire_time = 14400; # 4 hours
-          max_download_dir_size = 100000; # 100gb max download size.
-        };
-      };
-    };
-
-    # environment.etc."seafile/seahub_settings.py" = {
-    #   text = mkForce null; # NOTE: If breaky, check https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/services/networking/seafile.nix#L22. Using hardcoded values instead of the ones in the module so if there changes, things might break.
-    #   source = config.age.secrets.seafile-seahubconf.path;
-    #   user = "seafile";
-    #   group = "seafile";
-    # };
-
-    #NOTE: Overwriting parts of services so that it uses a different root. When upgrading. Please check the following two things:
-    ## * If seafile still uses seafile_settings.py to store openid settings.systemd
-    ## * If the service scripts / settings have changed.systemd
-    ## * Better even, rewrite this entire part.
-    systemd.services = let
-      config-dir = "/run/seafile";
-      replaceSecretBin = lib.getExe pkgs.replace-secret;
-      seafRoot = "/var/lib/seafile";
-      ccnetDir = "${seafRoot}/ccnet";
-      sfCfg = config.services.seafile;
-    in {
-      seaf-server = {
-        # preStart = ''
-        #   umask 077
-        #   cp -f '/etc/seafile' '${config-dir}'
-        #   chmod u+w -R '${config-dir}'
-        #   ${replaceSecretBin} '${oidcSubstitute}' '${config.age.secrets.seafile-oidc.path}' '${config-dir}/seahub_settings.py'
-        # '';
-        # serviceConfig.ExecStart = mkForce ''
-        #   ${lib.getExe sfCfg.seahubPackage.seafile-server} \
-        #   --foreground \
-        #   -F '${config-dir} \
-        #   -c ${ccnetDir} \
-        #   -d ${sfCfg.dataDir} \
-        #   -l /var/log/seafile/server.log \
-        #   -P /run/seafile/server.pid \
-        #   -p /run/seafile
-        # '';
-      };
-      # seahub.environment.SEAFILE_CENTRAL_CONF_DIR = mkForce config-dir;
-    };
-  };
-}