···
dataDir = "${seafRoot}/data";
seahubDir = "${seafRoot}/seahub";
···
description = "Seafile components";
150
-
systemd.services = let
151
-
securityOptions = {
152
-
ProtectHome = true;
153
-
PrivateUsers = true;
154
-
PrivateDevices = true;
155
-
ProtectClock = true;
156
-
ProtectHostname = true;
157
-
ProtectProc = "invisible";
158
-
ProtectKernelModules = true;
159
-
ProtectKernelTunables = true;
160
-
ProtectKernelLogs = true;
161
-
ProtectControlGroups = true;
162
-
RestrictNamespaces = true;
163
-
LockPersonality = true;
164
-
RestrictRealtime = true;
165
-
RestrictSUIDSGID = true;
166
-
MemoryDenyWriteExecute = true;
167
-
SystemCallArchitectures = "native";
168
-
RestrictAddressFamilies = [ "AF_UNIX" "AF_INET" ];
172
-
description = "Seafile server";
173
-
partOf = [ "seafile.target" ];
174
-
after = [ "network.target" ];
175
-
wantedBy = [ "seafile.target" ];
176
-
restartTriggers = [ ccnetConf seafileConf ];
177
-
path = [ pkgs.sqlite ];
178
-
serviceConfig = securityOptions // {
181
-
DynamicUser = true;
182
-
StateDirectory = "seafile";
183
-
RuntimeDirectory = "seafile";
184
-
LogsDirectory = "seafile";
185
-
ConfigurationDirectory = "seafile";
187
-
${cfg.seafilePackage}/bin/seaf-server \
192
-
-l /var/log/seafile/server.log \
193
-
-P /run/seafile/server.pid \
153
+
securityOptions = {
154
+
ProtectHome = true;
155
+
PrivateUsers = true;
156
+
PrivateDevices = true;
157
+
ProtectClock = true;
158
+
ProtectHostname = true;
159
+
ProtectProc = "invisible";
160
+
ProtectKernelModules = true;
161
+
ProtectKernelTunables = true;
162
+
ProtectKernelLogs = true;
163
+
ProtectControlGroups = true;
164
+
RestrictNamespaces = true;
165
+
LockPersonality = true;
166
+
RestrictRealtime = true;
167
+
RestrictSUIDSGID = true;
168
+
MemoryDenyWriteExecute = true;
169
+
SystemCallArchitectures = "native";
170
+
RestrictAddressFamilies = [ "AF_UNIX" "AF_INET" ];
198
-
if [ ! -f "${seafRoot}/server-setup" ]; then
199
-
mkdir -p ${dataDir}/library-template
200
-
mkdir -p ${ccnetDir}/{GroupMgr,misc,OrgMgr,PeerMgr}
201
-
sqlite3 ${ccnetDir}/GroupMgr/groupmgr.db ".read ${cfg.seafilePackage}/share/seafile/sql/sqlite/groupmgr.sql"
202
-
sqlite3 ${ccnetDir}/misc/config.db ".read ${cfg.seafilePackage}/share/seafile/sql/sqlite/config.sql"
203
-
sqlite3 ${ccnetDir}/OrgMgr/orgmgr.db ".read ${cfg.seafilePackage}/share/seafile/sql/sqlite/org.sql"
204
-
sqlite3 ${ccnetDir}/PeerMgr/usermgr.db ".read ${cfg.seafilePackage}/share/seafile/sql/sqlite/user.sql"
205
-
sqlite3 ${dataDir}/seafile.db ".read ${cfg.seafilePackage}/share/seafile/sql/sqlite/seafile.sql"
206
-
echo "${cfg.seafilePackage.version}-sqlite" > "${seafRoot}"/server-setup
208
-
# checking for upgrades and handling them
209
-
# WARNING: needs to be extended to actually handle major version migrations
210
-
installedMajor=$(cat "${seafRoot}/server-setup" | cut -d"-" -f1 | cut -d"." -f1)
211
-
installedMinor=$(cat "${seafRoot}/server-setup" | cut -d"-" -f1 | cut -d"." -f2)
212
-
pkgMajor=$(echo "${cfg.seafilePackage.version}" | cut -d"." -f1)
213
-
pkgMinor=$(echo "${cfg.seafilePackage.version}" | cut -d"." -f2)
215
-
if [[ $installedMajor == $pkgMajor && $installedMinor == $pkgMinor ]]; then
217
-
elif [[ $installedMajor == 8 && $installedMinor == 0 && $pkgMajor == 9 && $pkgMinor == 0 ]]; then
218
-
# Upgrade from 8.0 to 9.0
219
-
sqlite3 ${dataDir}/seafile.db ".read ${pkgs.seahub}/scripts/upgrade/sql/9.0.0/sqlite3/seafile.sql"
220
-
echo "${cfg.seafilePackage.version}-sqlite" > "${seafRoot}"/server-setup
222
-
echo "Unsupported upgrade" >&2
175
+
description = "Seafile server";
176
+
partOf = [ "seafile.target" ];
177
+
after = [ "network.target" ];
178
+
wantedBy = [ "seafile.target" ];
179
+
restartTriggers = [ ccnetConf seafileConf ];
180
+
path = [ pkgs.sqlite ];
181
+
serviceConfig = securityOptions // {
184
+
DynamicUser = true;
185
+
StateDirectory = "seafile";
186
+
RuntimeDirectory = "seafile";
187
+
LogsDirectory = "seafile";
188
+
ConfigurationDirectory = "seafile";
190
+
${cfg.seafilePackage}/bin/seaf-server \
195
+
-l /var/log/seafile/server.log \
196
+
-P /run/seafile/server.pid \
201
+
if [ ! -f "${seafRoot}/server-setup" ]; then
202
+
mkdir -p ${dataDir}/library-template
203
+
mkdir -p ${ccnetDir}/{GroupMgr,misc,OrgMgr,PeerMgr}
204
+
sqlite3 ${ccnetDir}/GroupMgr/groupmgr.db ".read ${cfg.seafilePackage}/share/seafile/sql/sqlite/groupmgr.sql"
205
+
sqlite3 ${ccnetDir}/misc/config.db ".read ${cfg.seafilePackage}/share/seafile/sql/sqlite/config.sql"
206
+
sqlite3 ${ccnetDir}/OrgMgr/orgmgr.db ".read ${cfg.seafilePackage}/share/seafile/sql/sqlite/org.sql"
207
+
sqlite3 ${ccnetDir}/PeerMgr/usermgr.db ".read ${cfg.seafilePackage}/share/seafile/sql/sqlite/user.sql"
208
+
sqlite3 ${dataDir}/seafile.db ".read ${cfg.seafilePackage}/share/seafile/sql/sqlite/seafile.sql"
209
+
echo "${cfg.seafilePackage.version}-sqlite" > "${seafRoot}"/server-setup
211
+
# checking for upgrades and handling them
212
+
installedMajor=$(cat "${seafRoot}/server-setup" | cut -d"-" -f1 | cut -d"." -f1)
213
+
installedMinor=$(cat "${seafRoot}/server-setup" | cut -d"-" -f1 | cut -d"." -f2)
214
+
pkgMajor=$(echo "${cfg.seafilePackage.version}" | cut -d"." -f1)
215
+
pkgMinor=$(echo "${cfg.seafilePackage.version}" | cut -d"." -f2)
229
-
description = "Seafile Server Web Frontend";
230
-
wantedBy = [ "seafile.target" ];
231
-
partOf = [ "seafile.target" ];
232
-
after = [ "network.target" "seaf-server.service" ];
233
-
requires = [ "seaf-server.service" ];
234
-
restartTriggers = [ seahubSettings ];
236
-
PYTHONPATH = "${pkgs.seahub.pythonPath}:${pkgs.seahub}/thirdpart:${pkgs.seahub}";
237
-
DJANGO_SETTINGS_MODULE = "seahub.settings";
238
-
CCNET_CONF_DIR = ccnetDir;
239
-
SEAFILE_CONF_DIR = dataDir;
240
-
SEAFILE_CENTRAL_CONF_DIR = "/etc/seafile";
241
-
SEAFILE_RPC_PIPE_PATH = "/run/seafile";
242
-
SEAHUB_LOG_DIR = "/var/log/seafile";
217
+
if [[ $installedMajor == $pkgMajor && $installedMinor == $pkgMinor ]]; then
219
+
elif [[ $installedMajor == 8 && $installedMinor == 0 && $pkgMajor == 9 && $pkgMinor == 0 ]]; then
220
+
# Upgrade from 8.0 to 9.0
221
+
sqlite3 ${dataDir}/seafile.db ".read ${pkgs.seahub}/scripts/upgrade/sql/9.0.0/sqlite3/seafile.sql"
222
+
echo "${cfg.seafilePackage.version}-sqlite" > "${seafRoot}"/server-setup
223
+
elif [[ $installedMajor == 9 && $installedMinor == 0 && $pkgMajor == 10 && $pkgMinor == 0 ]]; then
224
+
# Upgrade from 9.0 to 10.0
225
+
sqlite3 ${dataDir}/seafile.db ".read ${pkgs.seahub}/scripts/upgrade/sql/10.0.0/sqlite3/seafile.sql"
226
+
echo "${cfg.seafilePackage.version}-sqlite" > "${seafRoot}"/server-setup
228
+
echo "Unsupported upgrade" >&2
244
-
serviceConfig = securityOptions // {
247
-
DynamicUser = true;
248
-
RuntimeDirectory = "seahub";
249
-
StateDirectory = "seafile";
250
-
LogsDirectory = "seafile";
251
-
ConfigurationDirectory = "seafile";
253
-
${pkgs.seahub.python.pkgs.gunicorn}/bin/gunicorn seahub.wsgi:application \
255
-
--workers ${toString cfg.workers} \
259
-
--limit-request-line=8190 \
260
-
--bind unix:/run/seahub/gunicorn.sock
235
+
description = "Seafile Server Web Frontend";
236
+
wantedBy = [ "seafile.target" ];
237
+
partOf = [ "seafile.target" ];
238
+
after = [ "network.target" "seaf-server.service" ];
239
+
requires = [ "seaf-server.service" ];
240
+
restartTriggers = [ seahubSettings ];
242
+
PYTHONPATH = "${pkgs.seahub.pythonPath}:${pkgs.seahub}/thirdpart:${pkgs.seahub}";
243
+
DJANGO_SETTINGS_MODULE = "seahub.settings";
244
+
CCNET_CONF_DIR = ccnetDir;
245
+
SEAFILE_CONF_DIR = dataDir;
246
+
SEAFILE_CENTRAL_CONF_DIR = "/etc/seafile";
247
+
SEAFILE_RPC_PIPE_PATH = "/run/seafile";
248
+
SEAHUB_LOG_DIR = "/var/log/seafile";
250
+
serviceConfig = securityOptions // {
253
+
DynamicUser = true;
254
+
RuntimeDirectory = "seahub";
255
+
StateDirectory = "seafile";
256
+
LogsDirectory = "seafile";
257
+
ConfigurationDirectory = "seafile";
259
+
${pkgs.seahub.python.pkgs.gunicorn}/bin/gunicorn seahub.wsgi:application \
261
+
--workers ${toString cfg.workers} \
265
+
--limit-request-line=8190 \
266
+
--bind unix:/run/seahub/gunicorn.sock
270
+
mkdir -p ${seahubDir}/media
271
+
# Link all media except avatars
272
+
for m in `find ${pkgs.seahub}/media/ -maxdepth 1 -not -name "avatars"`; do
273
+
ln -sf $m ${seahubDir}/media/
275
+
if [ ! -e "${seafRoot}/.seahubSecret" ]; then
276
+
${pkgs.seahub.python}/bin/python ${pkgs.seahub}/tools/secret_key_generator.py > ${seafRoot}/.seahubSecret
277
+
chmod 400 ${seafRoot}/.seahubSecret
279
+
if [ ! -f "${seafRoot}/seahub-setup" ]; then
280
+
# avatars directory should be writable
281
+
install -D -t ${seahubDir}/media/avatars/ ${pkgs.seahub}/media/avatars/default.png
282
+
install -D -t ${seahubDir}/media/avatars/groups ${pkgs.seahub}/media/avatars/groups/default.png
284
+
${pkgs.seahub}/manage.py migrate
285
+
# create admin account
286
+
${pkgs.expect}/bin/expect -c 'spawn ${pkgs.seahub}/manage.py createsuperuser --email=${cfg.adminEmail}; expect "Password: "; send "${cfg.initialAdminPassword}\r"; expect "Password (again): "; send "${cfg.initialAdminPassword}\r"; expect "Superuser created successfully."'
287
+
echo "${pkgs.seahub.version}-sqlite" > "${seafRoot}/seahub-setup"
289
+
if [ $(cat "${seafRoot}/seahub-setup" | cut -d"-" -f1) != "${pkgs.seahub.version}" ]; then
291
+
${pkgs.seahub}/manage.py migrate
292
+
echo "${pkgs.seahub.version}-sqlite" > "${seafRoot}/seahub-setup"
264
-
mkdir -p ${seahubDir}/media
265
-
# Link all media except avatars
266
-
for m in `find ${pkgs.seahub}/media/ -maxdepth 1 -not -name "avatars"`; do
267
-
ln -sf $m ${seahubDir}/media/
269
-
if [ ! -e "${seafRoot}/.seahubSecret" ]; then
270
-
${pkgs.seahub.python}/bin/python ${pkgs.seahub}/tools/secret_key_generator.py > ${seafRoot}/.seahubSecret
271
-
chmod 400 ${seafRoot}/.seahubSecret
273
-
if [ ! -f "${seafRoot}/seahub-setup" ]; then
274
-
# avatars directory should be writable
275
-
install -D -t ${seahubDir}/media/avatars/ ${pkgs.seahub}/media/avatars/default.png
276
-
install -D -t ${seahubDir}/media/avatars/groups ${pkgs.seahub}/media/avatars/groups/default.png
278
-
${pkgs.seahub}/manage.py migrate
279
-
# create admin account
280
-
${pkgs.expect}/bin/expect -c 'spawn ${pkgs.seahub}/manage.py createsuperuser --email=${cfg.adminEmail}; expect "Password: "; send "${cfg.initialAdminPassword}\r"; expect "Password (again): "; send "${cfg.initialAdminPassword}\r"; expect "Superuser created successfully."'
281
-
echo "${pkgs.seahub.version}-sqlite" > "${seafRoot}/seahub-setup"
283
-
if [ $(cat "${seafRoot}/seahub-setup" | cut -d"-" -f1) != "${pkgs.seahub.version}" ]; then
285
-
${pkgs.seahub}/manage.py migrate
286
-
echo "${pkgs.seahub.version}-sqlite" > "${seafRoot}/seahub-setup"
pyrox.dev