Remove seafile

I like Cloudreve well enough, and didn't like Seafile much

host/corp/configuration.nix

@@ -25,7 +25,6 @@
 		glitchtip.enable = true;
 		element-web.enable = true;
 		librechat.enable = true;
-		seafile.enable = true;
 		synapse.enable = true;
 		timecardbot.enable = true;
 		vikunja.enable = true;

modules/system/default.nix

@@ -15,7 +15,6 @@
 		./librechat.nix
 		./openssh.nix
 		./podman.nix
-		./seafile.nix
 		./sillytavern.nix
 		./sudo.nix
 		./synapse.nix

modules/system/seafile.nix

@@ -1,101 +0,0 @@
-{ config, lib, pkgs, ... }:
-with lib;
-let
-	domain = "filez.gleipnir.technology";
-	stripTabs = text: let
-		# Whether all lines start with a tab (or is empty)
-		shouldStripTab = lines: builtins.all (line: (line == "") || (pkgs.lib.strings.hasPrefix "	" line)) lines;
-		# Strip a leading tab from all lines
-		stripTab = lines: builtins.map (line: pkgs.lib.strings.removePrefix "	" line) lines;
-		# Strip tabs recursively until there are none
-		stripTabs = lines: if (shouldStripTab lines) then (stripTabs (stripTab lines)) else lines;
-	in
-		# Split into lines. Strip leading tabs. Concat back to string.
-		builtins.concatStringsSep "\n" (stripTabs (pkgs.lib.strings.splitString "\n" text));
-in {
-	options.myModules.seafile.enable = mkEnableOption "custom seafile configuration";
-	config = mkIf config.myModules.seafile.enable {
-		services.caddy.virtualHosts."filez.gleipnir.technology".extraConfig = ''
-			handle /seafhttp* {
-				reverse_proxy unix//run/seafile/server.sock
-			}
-			handle {
-				reverse_proxy unix//run/seahub/gunicorn.sock
-			}
-		'';
-		services.seafile = {
-			adminEmail = "eli@gleipnir.technology";
-			ccnetSettings = {
-				General.SERVICE_URL = "https://${domain}";
-			};
-			enable = true;
-				gc = {
-					enable = true;
-					dates = [ "Sun 03:00:00" ];
-				};
-			initialAdminPassword = "change this later!";
-			seafileSettings = {
-				fileserver = {
-					host = "unix:/run/seafile/server.sock";
-					use_go_fileserver = "false";
-				};
-				# Enable weekly collection of freed blocks
-				history.keep_days = "14"; # Remove deleted files after 14 days
-				quota.default = "50"; # Amount of GB allotted to users
-			};
-			seahubExtraConf = stripTabs(''
-				DEBUG = True
-				# Enable edit files through LibreOffice Online
-				ENABLE_OFFICE_WEB_APP_EDIT = True
-				
-				# types of files should be editable through LibreOffice Online
-				ENABLE_OFFICE_WEB_APP = True
-				OFFICE_SERVER_TYPE = 'CollaboraOffice'
-				OFFICE_WEB_APP_BASE_URL = 'https://collabora.gleipnir.technology/hosting/discovery'
-				OFFICE_WEB_APP_EDIT_FILE_EXTENSION = ('odp', 'ods', 'odt', 'xls', 'xlsb', 'xlsm', 'xlsx','ppsx', 'ppt', 'pptm', 'pptx', 'doc', 'docm', 'docx')
-				OFFICE_WEB_APP_FILE_EXTENSION = ('odp', 'ods', 'odt', 'xls', 'xlsb', 'xlsm', 'xlsx','ppsx', 'ppt', 'pptm', 'pptx', 'doc', 'docm', 'docx')
-				# Expiration of WOPI access token
-				# WOPI access token is a string used by Seafile to determine the file's
-				# identity and permissions when use LibreOffice Online view it online
-				# And for security reason, this token should expire after a set time period
-				WOPI_ACCESS_TOKEN_EXPIRATION = 24 * 60 * 60	 # seconds
-
-
-
-				ENABLE_OAUTH = True
-
-				# If create new user when he/she logs in Seafile for the first time, defalut `True`.
-				OAUTH_CREATE_UNKNOWN_USER = True
-				
-				# If active new user when he/she logs in Seafile for the first time, defalut `True`.
-				OAUTH_ACTIVATE_USER_AFTER_CREATION = True
-				
-				# Usually OAuth works through SSL layer. If your server is not parametrized to allow HTTPS, some method will raise an "oauthlib.oauth2.rfc6749.errors.InsecureTransportError". Set this to `True` to avoid this error.
-				#OAUTH_ENABLE_INSECURE_TRANSPORT = True
-				
-				# Client id/secret generated by authorization server when you register your client application.
-				OAUTH_CLIENT_ID = "secret"
-				OAUTH_CLIENT_SECRET = "secret"
-				
-				# Callback url when user authentication succeeded. Note, the redirect url you input when you register your client application MUST be exactly the same as this value.
-				OAUTH_REDIRECT_URL = 'https://filez.gleipnir.technology/oauth/callback/'
-				
-				# The following should NOT be changed if you are using Github as OAuth provider.
-				OAUTH_PROVIDER_DOMAIN = 'gleipnir.technology' 
-				OAUTH_PROVIDER = 'Authentik'
-				
-				OAUTH_AUTHORIZATION_URL = 'https://auth.gleipnir.technology/application/o/authorize/'
-				OAUTH_TOKEN_URL = 'https://auth.gleipnir.technology/application/o/token/'
-				OAUTH_USER_INFO_URL = 'https://auth.gleipnir.technology/application/o/userinfo/'
-				OAUTH_SCOPE = ["openid", "profile", "email"]
-				OAUTH_ATTRIBUTE_MAP = {
-						"id": (False, "not used"),
-						"name": (True, "name"),
-						"email": (True, "email"),
-				}
-				SEAHUB_DATA_ROOT = "/var/lib/seafile/seahub/data"
-			'');	
-		};
-	};
-}
-		

modules/system/vikunja.nix

@@ -7,10 +7,26 @@ with lib;
 		services.caddy.virtualHosts."todo.gleipnir.technology".extraConfig = ''
 			reverse_proxy http://127.0.0.1:10010
 		'';
+		services.postgresql = {
+			authentication = pkgs.lib.mkOverride 10 ''
+				#type database DBuser auth-method
+				local all      all    trust
+			'';
+			enable = true;
+			ensureDatabases = [ "vikunja" ];
+			ensureUsers = [{
+				ensureClauses.login = true;
+				ensureDBOwnership = true;
+				name = "vikunja";
+			}];
+		};
 		services.vikunja = {
 			enable = true;
 			frontendHostname = "todo.gleipnir.technology";
 			frontendScheme = "https";
+			settings = {
+				service.interface = lib.mkForce "127.0.0.1:3456";
+			};
 		};
 		sops.secrets.vikunja = {
 			format = "yaml";
@@ -19,7 +35,7 @@ with lib;
 			owner = "vikunja";
 			path = "/etc/vikunja/config.yaml";
 			restartUnits = [ "vikunja.service" ];
-			sopsFile = ../../host/corp/secrets/vikunja.yaml;
+			sopsFile = ../../secrets/vikunja.yaml;
 		};
 		users.groups.vikunja = {};
 		users.users.vikunja = {