vleeuwenmenno/dotfiles
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: add Seafile service deployment and configuration with Caddy integration
Some checks failed
Ansible Lint Check / check-ansible (push) Failing after 17s
Details
Nix Format Check / check-format (push) Successful in 57s
Details
Python Lint Check / check-python (push) Failing after 13s
Details

Browse Source
This commit is contained in:
Menno van Leeuwen 2025-03-17 13:41:22 +01:00
parent e1dec22136
commit 9386a6d00c
Signed by: vleeuwenmenno
SSH Key Fingerprint: SHA256:OJFmjANpakwD3F2Rsws4GLtbdz1TJ5tkQF0RZmF0TRE
6 changed files with 179 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
config/ansible/tasks/servers/services/caddy/Caddyfile.j2
View File

@ -22,3 +22,8 @@ status.vleeuwen.me status.mvl.sh {
reverse_proxy uptime-kuma:3001 reverse_proxy uptime-kuma:3001
tls {{ caddy_email }} tls {{ caddy_email }}
} }
sf.vleeuwen.me sf.mvl.sh {
reverse_proxy seafile:80
tls {{ caddy_email }}
}

29
config/ansible/tasks/servers/services/seafile/.env.j2 Normal file
View File

@ -0,0 +1,29 @@
SEAFILE_IMAGE={{ seafile_image | default('seafileltd/seafile-mc:12.0-latest') }}
SEAFILE_DB_IMAGE={{ seafile_db_image | default('mariadb:10.11') }}
SEAFILE_MEMCACHED_IMAGE={{ seafile_memcached_image | default('memcached:1.6.29') }}
SEAFILE_VOLUME={{ seafile_volume | default('/opt/seafile-data') }}
SEAFILE_MYSQL_VOLUME={{ seafile_mysql_volume | default('/opt/seafile-mysql/db') }}
SEAFILE_MYSQL_DB_HOST={{ seafile_mysql_db_host | default('db') }}
INIT_SEAFILE_MYSQL_ROOT_PASSWORD={{ seafile_mysql_root_password | default('ROOT_PASSWORD') }}
SEAFILE_MYSQL_DB_USER={{ seafile_mysql_db_user | default('seafile') }}
SEAFILE_MYSQL_DB_PASSWORD={{ seafile_mysql_db_password | default('PASSWORD') }}
TIME_ZONE={{ time_zone | default('Europe/Amsterdam') }}
JWT_PRIVATE_KEY={{ jwt_private_key | default('') }}
SEAFILE_SERVER_HOSTNAME={{ seafile_server_hostname | default('sf.mvl.sh') }}
SEAFILE_SERVER_PROTOCOL={{ seafile_server_protocol | default('http') }}
INIT_SEAFILE_ADMIN_EMAIL={{ seafile_admin_email | default('menno@vleeuwen.me') }}
INIT_SEAFILE_ADMIN_PASSWORD={{ seafile_admin_password | default('WIP123') }}
SEADOC_IMAGE={{ seadoc_image | default('seafileltd/sdoc-server:1.0-latest') }}
SEADOC_VOLUME={{ seadoc_volume | default('/opt/seadoc-data') }}
ENABLE_SEADOC={{ enable_seadoc | default('true') }}
NOTIFICATION_SERVER_IMAGE={{ notification_server_image | default('seafileltd/notification-server:12.0-latest') }}
NOTIFICATION_SERVER_VOLUME={{ notification_server_volume | default('/opt/notification-data') }}

26
config/ansible/tasks/servers/services/seafile/caddy.yml.j2 Normal file
View File

@ -0,0 +1,26 @@
services:
caddy:
image: ${SEAFILE_CADDY_IMAGE:-lucaslorentz/caddy-docker-proxy:2.9-alpine}
restart: unless-stopped
container_name: seafile-caddy
ports:
- 80:80
- 443:443
environment:
- CADDY_INGRESS_NETWORKS=seafile-net
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ${SEAFILE_CADDY_VOLUME:-/opt/seafile-caddy}:/data/caddy
networks:
- seafile-net
healthcheck:
test: ["CMD-SHELL", "curl --fail http://localhost:2019/metrics || exit 1"]
start_period: 20s
interval: 20s
timeout: 5s
retries: 3
networks:
seafile-net:
name: seafile-net

63
config/ansible/tasks/servers/services/seafile/docker-compose.yml.j2
View File

@ -1,47 +1,68 @@
version: '3.8'
services: services:
db: db:
image: mariadb:10.11 image: ${SEAFILE_DB_IMAGE}
container_name: seafile-mysql container_name: seafile-mysql
environment: environment:
- MYSQL_ROOT_PASSWORD={{ lookup('community.general.onepassword', 'bbzudwdo3byqs4pscd2wy7qsn4', vault='j7nmhqlsjmp2r6umly5t75hzb4', field='MYSQL_ROOT_PASSWORD') }} - MYSQL_ROOT_PASSWORD=${INIT_SEAFILE_MYSQL_ROOT_PASSWORD}
- MYSQL_LOG_CONSOLE=true - MYSQL_LOG_CONSOLE=true
- MARIADB_AUTO_UPGRADE=1
volumes: volumes:
- {{ seafile_data_dir }}/db:/var/lib/mysql - ${SEAFILE_MYSQL_VOLUME}:/var/lib/mysql
networks: networks:
- seafile-net - seafile-net
- caddy_default
restart: unless-stopped
memcached: memcached:
image: memcached:1.6.18 image: ${SEAFILE_MEMCACHED_IMAGE}
container_name: seafile-memcached container_name: seafile-memcached
entrypoint: memcached -m 256 entrypoint: memcached -m 256
networks: networks:
- seafile-net - seafile-net
restart: unless-stopped
seafile: seafile:
image: seafileltd/seafile-mc:11.0-latest image: ${SEAFILE_IMAGE}
ports: container_name: seafile
- "8001:80"
volumes:
- {{ seafile_data_dir }}/shared:/shared
environment: environment:
- DB_HOST=db - DB_HOST=${SEAFILE_MYSQL_DB_HOST}
- DB_ROOT_PASSWD={{ lookup('community.general.onepassword', 'bbzudwdo3byqs4pscd2wy7qsn4', vault='j7nmhqlsjmp2r6umly5t75hzb4', field='MYSQL_ROOT_PASSWORD') }} - DB_ROOT_PASSWD=${INIT_SEAFILE_MYSQL_ROOT_PASSWORD}
- TIME_ZONE=Europe/Amsterdam - TIME_ZONE=${TIME_ZONE}
- SEAFILE_ADMIN_EMAIL=menno@vleeuwen.me - SEAFILE_ADMIN_EMAIL=${INIT_SEAFILE_ADMIN_EMAIL}
- SEAFILE_ADMIN_PASSWORD={{ lookup('community.general.onepassword', 'bbzudwdo3byqs4pscd2wy7qsn4', vault='j7nmhqlsjmp2r6umly5t75hzb4', field='password') }} - SEAFILE_ADMIN_PASSWORD=${INIT_SEAFILE_ADMIN_PASSWORD}
- SEAFILE_SERVER_HOSTNAME=${SEAFILE_SERVER_HOSTNAME}
- SEAFILE_SERVER_LETSENCRYPT=false - SEAFILE_SERVER_LETSENCRYPT=false
- SEAFILE_SERVER_HOSTNAME=sf.mvl.sh:8001 - SEADRIVE_SERVER_LETSENCRYPT=false
- SEAFILE_SERVER_PROTOCOL=${SEAFILE_SERVER_PROTOCOL}
volumes:
- ${SEAFILE_VOLUME}:/shared
networks:
- seafile-net
- caddy_default
restart: unless-stopped
depends_on: depends_on:
- db - db
- memcached - memcached
notification-server:
image: ${NOTIFICATION_SERVER_IMAGE}
container_name: notification-server
environment:
- DB_HOST=${SEAFILE_MYSQL_DB_HOST}
- DB_ROOT_PASSWD=${INIT_SEAFILE_MYSQL_ROOT_PASSWORD}
- TIME_ZONE=${TIME_ZONE}
volumes:
- ${NOTIFICATION_SERVER_VOLUME}:/shared
- ${SEAFILE_VOLUME}:/shared/seafile
networks: networks:
- seafile-net - seafile-net
- caddy_network depends_on:
- db
- seafile
restart: unless-stopped
networks: networks:
seafile-net: seafile-net:
caddy_network: caddy_default:
external: true external: true
name: caddy_default

24
config/ansible/tasks/servers/services/seafile/seadoc.yml.j2 Normal file
View File

@ -0,0 +1,24 @@
version: '3.8'
services:
seadoc-server:
image: ${SEADOC_IMAGE}
container_name: seadoc-server
environment:
- DB_HOST=${SEAFILE_MYSQL_DB_HOST}
- DB_ROOT_PASSWD=${INIT_SEAFILE_MYSQL_ROOT_PASSWORD}
- TIME_ZONE=${TIME_ZONE}
- JWT_PRIVATE_KEY=${JWT_PRIVATE_KEY}
volumes:
- ${SEADOC_VOLUME}:/shared
- ${SEAFILE_VOLUME}:/shared/seafile
networks:
- seafile-net
depends_on:
- db
- seafile
restart: unless-stopped
networks:
seafile-net:
name: seafile-net

59
config/ansible/tasks/servers/services/seafile/seafile.yml
View File

@ -6,6 +6,40 @@
seafile_data_dir: "/mnt/object_storage/services/seafile" seafile_data_dir: "/mnt/object_storage/services/seafile"
seafile_service_dir: "{{ ansible_env.HOME }}/services/seafile" seafile_service_dir: "{{ ansible_env.HOME }}/services/seafile"
- name: Set Seafile configuration variables
ansible.builtin.set_fact:
# Docker images
seafile_image: "seafileltd/seafile-mc:12.0-latest"
seafile_db_image: "mariadb:10.11"
seafile_memcached_image: "memcached:1.6.29"
seadoc_image: "seafileltd/sdoc-server:1.0-latest"
notification_server_image: "seafileltd/notification-server:12.0-latest"
# Volume paths
seafile_volume: "{{ seafile_data_dir }}/seafile-data"
seafile_mysql_volume: "{{ seafile_data_dir }}/seafile-mysql/db"
seadoc_volume: "{{ seafile_data_dir }}/seadoc-data"
notification_server_volume: "{{ seafile_data_dir }}/notification-data"
# Database settings
seafile_mysql_db_host: "db"
seafile_mysql_root_password: "{{ lookup('community.general.onepassword', 'bbzudwdo3byqs4pscd2wy7qsn4', vault='j7nmhqlsjmp2r6umly5t75hzb4', field='MYSQL_ROOT_PASSWORD') }}"
seafile_mysql_db_user: "seafile"
seafile_mysql_db_password: "{{ lookup('community.general.onepassword', 'bbzudwdo3byqs4pscd2wy7qsn4', vault='j7nmhqlsjmp2r6umly5t75hzb4', field='MYSQL_PASSWORD') }}"
# Server settings
time_zone: "Europe/Amsterdam"
jwt_private_key: "{{ lookup('community.general.onepassword', 'bbzudwdo3byqs4pscd2wy7qsn4', vault='j7nmhqlsjmp2r6umly5t75hzb4', field='jwt_private_key') }}"
seafile_server_hostname: "sf.mvl.sh"
seafile_server_protocol: "https"
# Admin credentials
seafile_admin_email: "menno@vleeuwen.me"
seafile_admin_password: "{{ lookup('community.general.onepassword', 'bbzudwdo3byqs4pscd2wy7qsn4', vault='j7nmhqlsjmp2r6umly5t75hzb4', field='password') }}"
# Features
enable_seadoc: "true"
- name: Create Seafile directories - name: Create Seafile directories
ansible.builtin.file: ansible.builtin.file:
path: "{{ seafile_dir }}" path: "{{ seafile_dir }}"
@ -17,17 +51,30 @@
loop_control: loop_control:
loop_var: seafile_dir loop_var: seafile_dir
- name: Deploy Seafile docker-compose.yml - name: Deploy Seafile configuration files
ansible.builtin.template: ansible.builtin.template:
src: docker-compose.yml.j2 src: "{{ item }}"
dest: "{{ seafile_service_dir }}/docker-compose.yml" dest: "{{ seafile_service_dir }}/{{ item | replace('.j2', '') }}"
mode: "0644" mode: "0644"
register: seafile_compose loop:
- docker-compose.yml.j2
- seadoc.yml.j2
- .env.j2
register: seafile_configs
- name: Ensure containers are on the caddy network
ansible.builtin.command: docker network connect caddy_default seafile
register: connect_network
changed_when: connect_network.rc == 0
failed_when:
- connect_network.rc != 0
- "'already exists' not in connect_network.stderr"
when: seafile_configs.changed
- name: Stop Seafile service - name: Stop Seafile service
ansible.builtin.command: docker compose -f "{{ seafile_service_dir }}/docker-compose.yml" down --remove-orphans ansible.builtin.command: docker compose -f "{{ seafile_service_dir }}/docker-compose.yml" down --remove-orphans
when: seafile_compose.changed or seafile_act_runner_config.changed when: seafile_configs.changed
- name: Start Seafile service - name: Start Seafile service
ansible.builtin.command: docker compose -f "{{ seafile_service_dir }}/docker-compose.yml" up -d ansible.builtin.command: docker compose -f "{{ seafile_service_dir }}/docker-compose.yml" up -d
when: seafile_compose.changed or seafile_act_runner_config.changed when: seafile_configs.changed