diff --git a/host/corp/configuration.nix b/host/corp/configuration.nix index 01326b6..cd75dff 100644 --- a/host/corp/configuration.nix +++ b/host/corp/configuration.nix @@ -25,7 +25,6 @@ glitchtip.enable = true; element-web.enable = true; librechat.enable = true; - seafile.enable = true; synapse.enable = true; timecardbot.enable = true; vikunja.enable = true; diff --git a/modules/system/default.nix b/modules/system/default.nix index 9b17a5e..6de3c96 100644 --- a/modules/system/default.nix +++ b/modules/system/default.nix @@ -15,7 +15,6 @@ ./librechat.nix ./openssh.nix ./podman.nix - ./seafile.nix ./sillytavern.nix ./sudo.nix ./synapse.nix diff --git a/modules/system/seafile.nix b/modules/system/seafile.nix deleted file mode 100644 index 337b4e6..0000000 --- a/modules/system/seafile.nix +++ /dev/null @@ -1,101 +0,0 @@ -{ config, lib, pkgs, ... }: -with lib; -let - domain = "filez.gleipnir.technology"; - stripTabs = text: let - # Whether all lines start with a tab (or is empty) - shouldStripTab = lines: builtins.all (line: (line == "") || (pkgs.lib.strings.hasPrefix " " line)) lines; - # Strip a leading tab from all lines - stripTab = lines: builtins.map (line: pkgs.lib.strings.removePrefix " " line) lines; - # Strip tabs recursively until there are none - stripTabs = lines: if (shouldStripTab lines) then (stripTabs (stripTab lines)) else lines; - in - # Split into lines. Strip leading tabs. Concat back to string. - builtins.concatStringsSep "\n" (stripTabs (pkgs.lib.strings.splitString "\n" text)); -in { - options.myModules.seafile.enable = mkEnableOption "custom seafile configuration"; - config = mkIf config.myModules.seafile.enable { - services.caddy.virtualHosts."filez.gleipnir.technology".extraConfig = '' - handle /seafhttp* { - reverse_proxy unix//run/seafile/server.sock - } - handle { - reverse_proxy unix//run/seahub/gunicorn.sock - } - ''; - services.seafile = { - adminEmail = "eli@gleipnir.technology"; - ccnetSettings = { - General.SERVICE_URL = "https://${domain}"; - }; - enable = true; - gc = { - enable = true; - dates = [ "Sun 03:00:00" ]; - }; - initialAdminPassword = "change this later!"; - seafileSettings = { - fileserver = { - host = "unix:/run/seafile/server.sock"; - use_go_fileserver = "false"; - }; - # Enable weekly collection of freed blocks - history.keep_days = "14"; # Remove deleted files after 14 days - quota.default = "50"; # Amount of GB allotted to users - }; - seahubExtraConf = stripTabs('' - DEBUG = True - # Enable edit files through LibreOffice Online - ENABLE_OFFICE_WEB_APP_EDIT = True - - # types of files should be editable through LibreOffice Online - ENABLE_OFFICE_WEB_APP = True - OFFICE_SERVER_TYPE = 'CollaboraOffice' - OFFICE_WEB_APP_BASE_URL = 'https://collabora.gleipnir.technology/hosting/discovery' - OFFICE_WEB_APP_EDIT_FILE_EXTENSION = ('odp', 'ods', 'odt', 'xls', 'xlsb', 'xlsm', 'xlsx','ppsx', 'ppt', 'pptm', 'pptx', 'doc', 'docm', 'docx') - OFFICE_WEB_APP_FILE_EXTENSION = ('odp', 'ods', 'odt', 'xls', 'xlsb', 'xlsm', 'xlsx','ppsx', 'ppt', 'pptm', 'pptx', 'doc', 'docm', 'docx') - # Expiration of WOPI access token - # WOPI access token is a string used by Seafile to determine the file's - # identity and permissions when use LibreOffice Online view it online - # And for security reason, this token should expire after a set time period - WOPI_ACCESS_TOKEN_EXPIRATION = 24 * 60 * 60 # seconds - - - - ENABLE_OAUTH = True - - # If create new user when he/she logs in Seafile for the first time, defalut `True`. - OAUTH_CREATE_UNKNOWN_USER = True - - # If active new user when he/she logs in Seafile for the first time, defalut `True`. - OAUTH_ACTIVATE_USER_AFTER_CREATION = True - - # Usually OAuth works through SSL layer. If your server is not parametrized to allow HTTPS, some method will raise an "oauthlib.oauth2.rfc6749.errors.InsecureTransportError". Set this to `True` to avoid this error. - #OAUTH_ENABLE_INSECURE_TRANSPORT = True - - # Client id/secret generated by authorization server when you register your client application. - OAUTH_CLIENT_ID = "secret" - OAUTH_CLIENT_SECRET = "secret" - - # Callback url when user authentication succeeded. Note, the redirect url you input when you register your client application MUST be exactly the same as this value. - OAUTH_REDIRECT_URL = 'https://filez.gleipnir.technology/oauth/callback/' - - # The following should NOT be changed if you are using Github as OAuth provider. - OAUTH_PROVIDER_DOMAIN = 'gleipnir.technology' - OAUTH_PROVIDER = 'Authentik' - - OAUTH_AUTHORIZATION_URL = 'https://auth.gleipnir.technology/application/o/authorize/' - OAUTH_TOKEN_URL = 'https://auth.gleipnir.technology/application/o/token/' - OAUTH_USER_INFO_URL = 'https://auth.gleipnir.technology/application/o/userinfo/' - OAUTH_SCOPE = ["openid", "profile", "email"] - OAUTH_ATTRIBUTE_MAP = { - "id": (False, "not used"), - "name": (True, "name"), - "email": (True, "email"), - } - SEAHUB_DATA_ROOT = "/var/lib/seafile/seahub/data" - ''); - }; - }; -} - diff --git a/modules/system/vikunja.nix b/modules/system/vikunja.nix index 1f797d7..68ba637 100644 --- a/modules/system/vikunja.nix +++ b/modules/system/vikunja.nix @@ -7,10 +7,26 @@ with lib; services.caddy.virtualHosts."todo.gleipnir.technology".extraConfig = '' reverse_proxy http://127.0.0.1:10010 ''; + services.postgresql = { + authentication = pkgs.lib.mkOverride 10 '' + #type database DBuser auth-method + local all all trust + ''; + enable = true; + ensureDatabases = [ "vikunja" ]; + ensureUsers = [{ + ensureClauses.login = true; + ensureDBOwnership = true; + name = "vikunja"; + }]; + }; services.vikunja = { enable = true; frontendHostname = "todo.gleipnir.technology"; frontendScheme = "https"; + settings = { + service.interface = lib.mkForce "127.0.0.1:3456"; + }; }; sops.secrets.vikunja = { format = "yaml"; @@ -19,7 +35,7 @@ with lib; owner = "vikunja"; path = "/etc/vikunja/config.yaml"; restartUnits = [ "vikunja.service" ]; - sopsFile = ../../host/corp/secrets/vikunja.yaml; + sopsFile = ../../secrets/vikunja.yaml; }; users.groups.vikunja = {}; users.users.vikunja = {