From ccaf5e5d342697feacd5f040107bf8c12491ab76 Mon Sep 17 00:00:00 2001 From: Greizgh Date: Wed, 16 Aug 2023 13:38:41 +0200 Subject: [PATCH 1/3] seafile-server: 9.0.6 -> 10.0.1 --- pkgs/servers/seafile-server/default.nix | 36 ++++++++++++++++++++----- 1 file changed, 29 insertions(+), 7 deletions(-) diff --git a/pkgs/servers/seafile-server/default.nix b/pkgs/servers/seafile-server/default.nix index e1c9d0b0858e..109484c467b4 100644 --- a/pkgs/servers/seafile-server/default.nix +++ b/pkgs/servers/seafile-server/default.nix @@ -1,6 +1,25 @@ -{ stdenv, lib, fetchFromGitHub, pkg-config, python3, autoreconfHook -, libuuid, sqlite, glib, libevent, libsearpc, openssl, fuse, libarchive, which -, vala, cmake, oniguruma, nixosTests }: +{ stdenv +, lib +, fetchFromGitHub +, pkg-config +, python3 +, autoreconfHook +, libuuid +, sqlite +, glib +, libevent +, libsearpc +, openssl +, fuse +, libarchive +, libjwt +, curl +, which +, vala +, cmake +, oniguruma +, nixosTests +}: let # seafile-server relies on a specific version of libevhtp. @@ -8,15 +27,16 @@ let libevhtp = import ./libevhtp.nix { inherit stdenv lib fetchFromGitHub cmake libevent; }; -in stdenv.mkDerivation rec { +in +stdenv.mkDerivation rec { pname = "seafile-server"; - version = "9.0.10"; + version = "10.0.1"; src = fetchFromGitHub { owner = "haiwen"; repo = "seafile-server"; - rev = "079a8b65a543bfbc48e7671c3dbbffe19fd02944"; # using a fixed revision because upstream may re-tag releases :/ - sha256 = "sha256-F1n4E6ajpri3CVM7B28UKoTV1oOLr5nTy6Lw0E5tCrc="; + rev = "db09baec1b88fc131bf4453a808ab63a3fc714c9"; # using a fixed revision because upstream may re-tag releases :/ + sha256 = "sha256-a5vtJcbnaYzq6/3xmhbWk23BZ+Wil/Tb/q22ML4bDqs="; }; nativeBuildInputs = [ autoreconfHook pkg-config ]; @@ -31,6 +51,8 @@ in stdenv.mkDerivation rec { python3 fuse libarchive + libjwt + curl which vala libevhtp From 89e379ace2b962dcdc4fbc5fa2c91633b8fddcd2 Mon Sep 17 00:00:00 2001 From: Greizgh Date: Wed, 16 Aug 2023 13:39:11 +0200 Subject: [PATCH 2/3] seahub: 9.0.10 -> 10.0.1 --- pkgs/applications/networking/seahub/default.nix | 15 ++++----------- 1 file changed, 4 insertions(+), 11 deletions(-) diff --git a/pkgs/applications/networking/seahub/default.nix b/pkgs/applications/networking/seahub/default.nix index 089eabf93d65..0e92e996aaa6 100644 --- a/pkgs/applications/networking/seahub/default.nix +++ b/pkgs/applications/networking/seahub/default.nix @@ -6,29 +6,22 @@ , nixosTests }: let - # Seahub 8.x.x does not support django-webpack-loader >=1.x.x python = python3.override { packageOverrides = self: super: { - django-webpack-loader = super.django-webpack-loader.overridePythonAttrs (old: rec { - version = "0.7.0"; - src = old.src.override { - inherit version; - hash = "sha256-ejyIIBqlRIH5OZRlYVy+e5rs6AgUlqbQKHt8uOIy9Ec="; - }; - }); + django = super.django_3; }; }; in python.pkgs.buildPythonApplication rec { pname = "seahub"; - version = "9.0.10"; + version = "10.0.1"; pyproject = false; src = fetchFromGitHub { owner = "haiwen"; repo = "seahub"; - rev = "5971bf25fe67d94ec4d9f53b785c15a098113620"; # using a fixed revision because upstream may re-tag releases :/ - sha256 = "sha256-7Exvm3EShb/1EqwA4wzWB9zCdv0P/ISmjKSoqtOMnqk="; + rev = "e8c02236c0eaca6dde009872745f089da4b77e6e"; # using a fixed revision because upstream may re-tag releases :/ + sha256 = "sha256-7JXWKEFqCsC+ZByhvyP8AmDpajT3hpgyYDNUqc3wXyg="; }; patches = [ From a312393f1432d5b39a7215ef8d847c13c007ede3 Mon Sep 17 00:00:00 2001 From: Greizgh Date: Wed, 16 Aug 2023 13:39:28 +0200 Subject: [PATCH 3/3] nixos/seafile: support 9.0 to 10.0 migration --- nixos/modules/services/networking/seafile.nix | 278 +++++++++--------- 1 file changed, 142 insertions(+), 136 deletions(-) diff --git a/nixos/modules/services/networking/seafile.nix b/nixos/modules/services/networking/seafile.nix index b07d51b9b49a..a4392e8d7d98 100644 --- a/nixos/modules/services/networking/seafile.nix +++ b/nixos/modules/services/networking/seafile.nix @@ -32,7 +32,8 @@ let dataDir = "${seafRoot}/data"; seahubDir = "${seafRoot}/seahub"; -in { +in +{ ###### Interface @@ -152,146 +153,151 @@ in { description = "Seafile components"; }; - systemd.services = let - securityOptions = { - ProtectHome = true; - PrivateUsers = true; - PrivateDevices = true; - ProtectClock = true; - ProtectHostname = true; - ProtectProc = "invisible"; - ProtectKernelModules = true; - ProtectKernelTunables = true; - ProtectKernelLogs = true; - ProtectControlGroups = true; - RestrictNamespaces = true; - LockPersonality = true; - RestrictRealtime = true; - RestrictSUIDSGID = true; - MemoryDenyWriteExecute = true; - SystemCallArchitectures = "native"; - RestrictAddressFamilies = [ "AF_UNIX" "AF_INET" ]; - }; - in { - seaf-server = { - description = "Seafile server"; - partOf = [ "seafile.target" ]; - after = [ "network.target" ]; - wantedBy = [ "seafile.target" ]; - restartTriggers = [ ccnetConf seafileConf ]; - path = [ pkgs.sqlite ]; - serviceConfig = securityOptions // { - User = "seafile"; - Group = "seafile"; - DynamicUser = true; - StateDirectory = "seafile"; - RuntimeDirectory = "seafile"; - LogsDirectory = "seafile"; - ConfigurationDirectory = "seafile"; - ExecStart = '' - ${cfg.seafilePackage}/bin/seaf-server \ - --foreground \ - -F /etc/seafile \ - -c ${ccnetDir} \ - -d ${dataDir} \ - -l /var/log/seafile/server.log \ - -P /run/seafile/server.pid \ - -p /run/seafile + systemd.services = + let + securityOptions = { + ProtectHome = true; + PrivateUsers = true; + PrivateDevices = true; + ProtectClock = true; + ProtectHostname = true; + ProtectProc = "invisible"; + ProtectKernelModules = true; + ProtectKernelTunables = true; + ProtectKernelLogs = true; + ProtectControlGroups = true; + RestrictNamespaces = true; + LockPersonality = true; + RestrictRealtime = true; + RestrictSUIDSGID = true; + MemoryDenyWriteExecute = true; + SystemCallArchitectures = "native"; + RestrictAddressFamilies = [ "AF_UNIX" "AF_INET" ]; + }; + in + { + seaf-server = { + description = "Seafile server"; + partOf = [ "seafile.target" ]; + after = [ "network.target" ]; + wantedBy = [ "seafile.target" ]; + restartTriggers = [ ccnetConf seafileConf ]; + path = [ pkgs.sqlite ]; + serviceConfig = securityOptions // { + User = "seafile"; + Group = "seafile"; + DynamicUser = true; + StateDirectory = "seafile"; + RuntimeDirectory = "seafile"; + LogsDirectory = "seafile"; + ConfigurationDirectory = "seafile"; + ExecStart = '' + ${cfg.seafilePackage}/bin/seaf-server \ + --foreground \ + -F /etc/seafile \ + -c ${ccnetDir} \ + -d ${dataDir} \ + -l /var/log/seafile/server.log \ + -P /run/seafile/server.pid \ + -p /run/seafile + ''; + }; + preStart = '' + if [ ! -f "${seafRoot}/server-setup" ]; then + mkdir -p ${dataDir}/library-template + mkdir -p ${ccnetDir}/{GroupMgr,misc,OrgMgr,PeerMgr} + sqlite3 ${ccnetDir}/GroupMgr/groupmgr.db ".read ${cfg.seafilePackage}/share/seafile/sql/sqlite/groupmgr.sql" + sqlite3 ${ccnetDir}/misc/config.db ".read ${cfg.seafilePackage}/share/seafile/sql/sqlite/config.sql" + sqlite3 ${ccnetDir}/OrgMgr/orgmgr.db ".read ${cfg.seafilePackage}/share/seafile/sql/sqlite/org.sql" + sqlite3 ${ccnetDir}/PeerMgr/usermgr.db ".read ${cfg.seafilePackage}/share/seafile/sql/sqlite/user.sql" + sqlite3 ${dataDir}/seafile.db ".read ${cfg.seafilePackage}/share/seafile/sql/sqlite/seafile.sql" + echo "${cfg.seafilePackage.version}-sqlite" > "${seafRoot}"/server-setup + fi + # checking for upgrades and handling them + installedMajor=$(cat "${seafRoot}/server-setup" | cut -d"-" -f1 | cut -d"." -f1) + installedMinor=$(cat "${seafRoot}/server-setup" | cut -d"-" -f1 | cut -d"." -f2) + pkgMajor=$(echo "${cfg.seafilePackage.version}" | cut -d"." -f1) + pkgMinor=$(echo "${cfg.seafilePackage.version}" | cut -d"." -f2) + + if [[ $installedMajor == $pkgMajor && $installedMinor == $pkgMinor ]]; then + : + elif [[ $installedMajor == 8 && $installedMinor == 0 && $pkgMajor == 9 && $pkgMinor == 0 ]]; then + # Upgrade from 8.0 to 9.0 + sqlite3 ${dataDir}/seafile.db ".read ${pkgs.seahub}/scripts/upgrade/sql/9.0.0/sqlite3/seafile.sql" + echo "${cfg.seafilePackage.version}-sqlite" > "${seafRoot}"/server-setup + elif [[ $installedMajor == 9 && $installedMinor == 0 && $pkgMajor == 10 && $pkgMinor == 0 ]]; then + # Upgrade from 9.0 to 10.0 + sqlite3 ${dataDir}/seafile.db ".read ${pkgs.seahub}/scripts/upgrade/sql/10.0.0/sqlite3/seafile.sql" + echo "${cfg.seafilePackage.version}-sqlite" > "${seafRoot}"/server-setup + else + echo "Unsupported upgrade" >&2 + exit 1 + fi ''; }; - preStart = '' - if [ ! -f "${seafRoot}/server-setup" ]; then - mkdir -p ${dataDir}/library-template - mkdir -p ${ccnetDir}/{GroupMgr,misc,OrgMgr,PeerMgr} - sqlite3 ${ccnetDir}/GroupMgr/groupmgr.db ".read ${cfg.seafilePackage}/share/seafile/sql/sqlite/groupmgr.sql" - sqlite3 ${ccnetDir}/misc/config.db ".read ${cfg.seafilePackage}/share/seafile/sql/sqlite/config.sql" - sqlite3 ${ccnetDir}/OrgMgr/orgmgr.db ".read ${cfg.seafilePackage}/share/seafile/sql/sqlite/org.sql" - sqlite3 ${ccnetDir}/PeerMgr/usermgr.db ".read ${cfg.seafilePackage}/share/seafile/sql/sqlite/user.sql" - sqlite3 ${dataDir}/seafile.db ".read ${cfg.seafilePackage}/share/seafile/sql/sqlite/seafile.sql" - echo "${cfg.seafilePackage.version}-sqlite" > "${seafRoot}"/server-setup - fi - # checking for upgrades and handling them - # WARNING: needs to be extended to actually handle major version migrations - installedMajor=$(cat "${seafRoot}/server-setup" | cut -d"-" -f1 | cut -d"." -f1) - installedMinor=$(cat "${seafRoot}/server-setup" | cut -d"-" -f1 | cut -d"." -f2) - pkgMajor=$(echo "${cfg.seafilePackage.version}" | cut -d"." -f1) - pkgMinor=$(echo "${cfg.seafilePackage.version}" | cut -d"." -f2) - if [[ $installedMajor == $pkgMajor && $installedMinor == $pkgMinor ]]; then - : - elif [[ $installedMajor == 8 && $installedMinor == 0 && $pkgMajor == 9 && $pkgMinor == 0 ]]; then - # Upgrade from 8.0 to 9.0 - sqlite3 ${dataDir}/seafile.db ".read ${pkgs.seahub}/scripts/upgrade/sql/9.0.0/sqlite3/seafile.sql" - echo "${cfg.seafilePackage.version}-sqlite" > "${seafRoot}"/server-setup - else - echo "Unsupported upgrade" >&2 - exit 1 - fi - ''; - }; - - seahub = { - description = "Seafile Server Web Frontend"; - wantedBy = [ "seafile.target" ]; - partOf = [ "seafile.target" ]; - after = [ "network.target" "seaf-server.service" ]; - requires = [ "seaf-server.service" ]; - restartTriggers = [ seahubSettings ]; - environment = { - PYTHONPATH = "${pkgs.seahub.pythonPath}:${pkgs.seahub}/thirdpart:${pkgs.seahub}"; - DJANGO_SETTINGS_MODULE = "seahub.settings"; - CCNET_CONF_DIR = ccnetDir; - SEAFILE_CONF_DIR = dataDir; - SEAFILE_CENTRAL_CONF_DIR = "/etc/seafile"; - SEAFILE_RPC_PIPE_PATH = "/run/seafile"; - SEAHUB_LOG_DIR = "/var/log/seafile"; - }; - serviceConfig = securityOptions // { - User = "seafile"; - Group = "seafile"; - DynamicUser = true; - RuntimeDirectory = "seahub"; - StateDirectory = "seafile"; - LogsDirectory = "seafile"; - ConfigurationDirectory = "seafile"; - ExecStart = '' - ${pkgs.seahub.python.pkgs.gunicorn}/bin/gunicorn seahub.wsgi:application \ - --name seahub \ - --workers ${toString cfg.workers} \ - --log-level=info \ - --preload \ - --timeout=1200 \ - --limit-request-line=8190 \ - --bind unix:/run/seahub/gunicorn.sock + seahub = { + description = "Seafile Server Web Frontend"; + wantedBy = [ "seafile.target" ]; + partOf = [ "seafile.target" ]; + after = [ "network.target" "seaf-server.service" ]; + requires = [ "seaf-server.service" ]; + restartTriggers = [ seahubSettings ]; + environment = { + PYTHONPATH = "${pkgs.seahub.pythonPath}:${pkgs.seahub}/thirdpart:${pkgs.seahub}"; + DJANGO_SETTINGS_MODULE = "seahub.settings"; + CCNET_CONF_DIR = ccnetDir; + SEAFILE_CONF_DIR = dataDir; + SEAFILE_CENTRAL_CONF_DIR = "/etc/seafile"; + SEAFILE_RPC_PIPE_PATH = "/run/seafile"; + SEAHUB_LOG_DIR = "/var/log/seafile"; + }; + serviceConfig = securityOptions // { + User = "seafile"; + Group = "seafile"; + DynamicUser = true; + RuntimeDirectory = "seahub"; + StateDirectory = "seafile"; + LogsDirectory = "seafile"; + ConfigurationDirectory = "seafile"; + ExecStart = '' + ${pkgs.seahub.python.pkgs.gunicorn}/bin/gunicorn seahub.wsgi:application \ + --name seahub \ + --workers ${toString cfg.workers} \ + --log-level=info \ + --preload \ + --timeout=1200 \ + --limit-request-line=8190 \ + --bind unix:/run/seahub/gunicorn.sock + ''; + }; + preStart = '' + mkdir -p ${seahubDir}/media + # Link all media except avatars + for m in `find ${pkgs.seahub}/media/ -maxdepth 1 -not -name "avatars"`; do + ln -sf $m ${seahubDir}/media/ + done + if [ ! -e "${seafRoot}/.seahubSecret" ]; then + ${pkgs.seahub.python}/bin/python ${pkgs.seahub}/tools/secret_key_generator.py > ${seafRoot}/.seahubSecret + chmod 400 ${seafRoot}/.seahubSecret + fi + if [ ! -f "${seafRoot}/seahub-setup" ]; then + # avatars directory should be writable + install -D -t ${seahubDir}/media/avatars/ ${pkgs.seahub}/media/avatars/default.png + install -D -t ${seahubDir}/media/avatars/groups ${pkgs.seahub}/media/avatars/groups/default.png + # init database + ${pkgs.seahub}/manage.py migrate + # create admin account + ${pkgs.expect}/bin/expect -c 'spawn ${pkgs.seahub}/manage.py createsuperuser --email=${cfg.adminEmail}; expect "Password: "; send "${cfg.initialAdminPassword}\r"; expect "Password (again): "; send "${cfg.initialAdminPassword}\r"; expect "Superuser created successfully."' + echo "${pkgs.seahub.version}-sqlite" > "${seafRoot}/seahub-setup" + fi + if [ $(cat "${seafRoot}/seahub-setup" | cut -d"-" -f1) != "${pkgs.seahub.version}" ]; then + # update database + ${pkgs.seahub}/manage.py migrate + echo "${pkgs.seahub.version}-sqlite" > "${seafRoot}/seahub-setup" + fi ''; }; - preStart = '' - mkdir -p ${seahubDir}/media - # Link all media except avatars - for m in `find ${pkgs.seahub}/media/ -maxdepth 1 -not -name "avatars"`; do - ln -sf $m ${seahubDir}/media/ - done - if [ ! -e "${seafRoot}/.seahubSecret" ]; then - ${pkgs.seahub.python}/bin/python ${pkgs.seahub}/tools/secret_key_generator.py > ${seafRoot}/.seahubSecret - chmod 400 ${seafRoot}/.seahubSecret - fi - if [ ! -f "${seafRoot}/seahub-setup" ]; then - # avatars directory should be writable - install -D -t ${seahubDir}/media/avatars/ ${pkgs.seahub}/media/avatars/default.png - install -D -t ${seahubDir}/media/avatars/groups ${pkgs.seahub}/media/avatars/groups/default.png - # init database - ${pkgs.seahub}/manage.py migrate - # create admin account - ${pkgs.expect}/bin/expect -c 'spawn ${pkgs.seahub}/manage.py createsuperuser --email=${cfg.adminEmail}; expect "Password: "; send "${cfg.initialAdminPassword}\r"; expect "Password (again): "; send "${cfg.initialAdminPassword}\r"; expect "Superuser created successfully."' - echo "${pkgs.seahub.version}-sqlite" > "${seafRoot}/seahub-setup" - fi - if [ $(cat "${seafRoot}/seahub-setup" | cut -d"-" -f1) != "${pkgs.seahub.version}" ]; then - # update database - ${pkgs.seahub}/manage.py migrate - echo "${pkgs.seahub.version}-sqlite" > "${seafRoot}/seahub-setup" - fi - ''; }; - }; }; }