servius/dotfiles
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
2966dc6fde455dad180a20db8e57762ec19a3e65
dotfiles/nixos/mirai/services/seafile.nix
uttarayan21 cdb7fbfe13 fix: Reorder authelia bypass policies
2025-07-30 16:51:48 +05:30

71 lines
2.4 KiB
Nix
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
{config, ...}: {
sops = {
secrets."nextcloud/adminpass".owner = config.users.users.caddy.name;
};
services = {
seafile = {
enable = true;
# group = config.services.caddy.group;
adminEmail = "admin@darksailor.dev";
initialAdminPassword = "foobar";
seahubExtraConf =
/*
python
*/
''
ENABLE_REMOTE_USER_AUTHENTICATION = True
# Optional, HTTP header, which is configured in your web server conf file,
# used for Seafile to get user's unique id, default value is 'HTTP_REMOTE_USER'.
REMOTE_USER_HEADER = "HTTP_REMOTE_USER"
# Optional, when the value of HTTP_REMOTE_USER is not a valid email address
# Seafile will build a email-like unique id from the value of 'REMOTE_USER_HEADER'
# and this domain, e.g. user1@example.com.
REMOTE_USER_DOMAIN = "darksailor.dev"
# Optional, whether to create new user in Seafile system, default value is True.
# If this setting is disabled, users doesn't preexist in the Seafile DB cannot login.
# The admin has to first import the users from external systems like LDAP.
REMOTE_USER_CREATE_UNKNOWN_USER = True
# Optional, whether to activate new user in Seafile system, default value is True.
# If this setting is disabled, user will be unable to login by default.
# the administrator needs to manually activate this user.
REMOTE_USER_ACTIVATE_USER_AFTER_CREATION = True
'';
ccnetSettings = {
General.SERVICE_URL = "https://cloud.darksailor.dev";
};
};
caddy = {
virtualHosts."cloud.darksailor.dev".extraConfig = ''
forward_auth localhost:5555 {
uri /api/authz/forward-auth
copy_headers Remote-User Remote-Groups Remote-Email Remote-Name
}
reverse_proxy unix//run/seahub/gunicorn.sock
'';
};
authelia = {
instances.darksailor = {
settings = {
access_control = {
rules = [
{
domain = "cloud.darksailor.dev";
policy = "bypass";
resources = [
"^/(api2|seafhttp)([/?].*)?$"
];
}
{
domain = "cloud.darksailor.dev";
policy = "one_factor";
}
];
};
};
};
};
};
}
Reference in New Issue View Git Blame Copy Permalink