From 96bb949ea8124f2aaab3076ce8233d1d2a8c9183 Mon Sep 17 00:00:00 2001 From: Menno van Leeuwen Date: Mon, 17 Mar 2025 10:58:41 +0100 Subject: [PATCH 01/23] feat: add httpie to global Ansible tasks --- config/ansible/tasks/global/global.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/config/ansible/tasks/global/global.yml b/config/ansible/tasks/global/global.yml index 0e33d9b..19004ce 100644 --- a/config/ansible/tasks/global/global.yml +++ b/config/ansible/tasks/global/global.yml @@ -35,6 +35,7 @@ - trash-cli - curl - wget + - httpie # Python is used for the dotfiles CLI tools - python3 - python3-pip From 9c3f54e7608aeabc77d10c01415bd930515fe8cd Mon Sep 17 00:00:00 2001 From: Menno van Leeuwen Date: Mon, 17 Mar 2025 11:12:05 +0100 Subject: [PATCH 02/23] chore: update flake.lock with latest nixpkgs revisions and hashes --- config/home-manager/flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/config/home-manager/flake.lock b/config/home-manager/flake.lock index 0e263de..a1337ec 100644 --- a/config/home-manager/flake.lock +++ b/config/home-manager/flake.lock @@ -23,11 +23,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1741862977, - "narHash": "sha256-prZ0M8vE/ghRGGZcflvxCu40ObKaB+ikn74/xQoNrGQ=", + "lastModified": 1742136038, + "narHash": "sha256-DDe16FJk18sadknQKKG/9FbwEro7A57tg9vB5kxZ8kY=", "owner": "nixos", "repo": "nixpkgs", - "rev": "cdd2ef009676ac92b715ff26630164bb88fec4e0", + "rev": "a1185f4064c18a5db37c5c84e5638c78b46e3341", "type": "github" }, "original": { @@ -39,11 +39,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1741851582, - "narHash": "sha256-cPfs8qMccim2RBgtKGF+x9IBCduRvd/N5F4nYpU0TVE=", + "lastModified": 1742069588, + "narHash": "sha256-C7jVfohcGzdZRF6DO+ybyG/sqpo1h6bZi9T56sxLy+k=", "owner": "nixos", "repo": "nixpkgs", - "rev": "6607cf789e541e7873d40d3a8f7815ea92204f32", + "rev": "c80f6a7e10b39afcc1894e02ef785b1ad0b0d7e5", "type": "github" }, "original": { From b5447dc0ec6b498de514a67a7ed8f59e63cda8fa Mon Sep 17 00:00:00 2001 From: Menno van Leeuwen Date: Mon, 17 Mar 2025 11:12:13 +0100 Subject: [PATCH 03/23] feat: add Syncthing service deployment and configuration --- config/ansible/tasks/servers/server.yml | 2 ++ .../services/syncthing/docker-compose.yml.j2 | 28 +++++++++++++++++++ .../servers/services/syncthing/syncthing.yml | 28 +++++++++++++++++++ 3 files changed, 58 insertions(+) create mode 100644 config/ansible/tasks/servers/services/syncthing/docker-compose.yml.j2 create mode 100644 config/ansible/tasks/servers/services/syncthing/syncthing.yml diff --git a/config/ansible/tasks/servers/server.yml b/config/ansible/tasks/servers/server.yml index 888b706..cf811fa 100644 --- a/config/ansible/tasks/servers/server.yml +++ b/config/ansible/tasks/servers/server.yml @@ -33,3 +33,5 @@ enabled: true - name: uptime-kuma enabled: true + - name: syncthing + enabled: true diff --git a/config/ansible/tasks/servers/services/syncthing/docker-compose.yml.j2 b/config/ansible/tasks/servers/services/syncthing/docker-compose.yml.j2 new file mode 100644 index 0000000..1c14339 --- /dev/null +++ b/config/ansible/tasks/servers/services/syncthing/docker-compose.yml.j2 @@ -0,0 +1,28 @@ +services: + syncthing: + image: syncthing/syncthing + environment: + - PUID=1000 + - PGID=100 + - TZ=Europe/Amsterdam + # Disable local discovery since server is not on local network + - STTRACE= + - STNODEFAULTFOLDER=true + - STNODEFAULTFOLDERROOT=true + - STNOUPGRADE=true + # Disable local discovery + - STGUIADDRESS=0.0.0.0:8384not on local network + - STLOCALANNOUNCEENABLED=false + - STGLOBALDISCOVERYENABLED=true + volumes: + - {{ syncthing_data_dir }}:/var/syncthing + ports: + - 8384:8384 # Web UI + - 22000:22000/tcp # TCP file transfers + - 22000:22000/udp # QUIC file transfers + restart: unless-stopped + healthcheck: + test: curl -fkLsS -m 2 127.0.0.1:8384/rest/noauth/health | grep -o --color=never OK || exit 1 + interval: 1m + timeout: 10s + retries: 3 diff --git a/config/ansible/tasks/servers/services/syncthing/syncthing.yml b/config/ansible/tasks/servers/services/syncthing/syncthing.yml new file mode 100644 index 0000000..451c84e --- /dev/null +++ b/config/ansible/tasks/servers/services/syncthing/syncthing.yml @@ -0,0 +1,28 @@ +--- +- name: Deploy Syncthing service + block: + - name: Set Syncthing directories + ansible.builtin.set_fact: + syncthing_service_dir: "{{ ansible_env.HOME }}/services/syncthing" + syncthing_data_dir: "/mnt/object_storage/services/syncthing" + + - name: Create Syncthing directory + ansible.builtin.file: + path: "{{ syncthing_service_dir }}" + state: directory + mode: "0755" + + - name: Deploy Syncthing docker-compose.yml + ansible.builtin.template: + src: docker-compose.yml.j2 + dest: "{{ syncthing_service_dir }}/docker-compose.yml" + mode: "0644" + register: syncthing_compose + + - name: Stop Syncthing service + ansible.builtin.command: docker compose -f "{{ syncthing_service_dir }}/docker-compose.yml" down --remove-orphans + when: syncthing_compose.changed + + - name: Start Syncthing service + ansible.builtin.command: docker compose -f "{{ syncthing_service_dir }}/docker-compose.yml" up -d + when: syncthing_compose.changed From b63506f809e4fcca164653ec5c4e787d722b2a95 Mon Sep 17 00:00:00 2001 From: Menno van Leeuwen Date: Mon, 17 Mar 2025 11:57:32 +0100 Subject: [PATCH 04/23] feat: replace Syncthing with Resilio Sync service deployment and configuration --- config/ansible/tasks/servers/server.yml | 2 +- .../resilio-sync/docker-compose.yml.j2 | 15 ++++++++++ .../services/resilio-sync/resilio-sync.yml | 28 +++++++++++++++++++ .../services/syncthing/docker-compose.yml.j2 | 28 ------------------- .../servers/services/syncthing/syncthing.yml | 28 ------------------- 5 files changed, 44 insertions(+), 57 deletions(-) create mode 100644 config/ansible/tasks/servers/services/resilio-sync/docker-compose.yml.j2 create mode 100644 config/ansible/tasks/servers/services/resilio-sync/resilio-sync.yml delete mode 100644 config/ansible/tasks/servers/services/syncthing/docker-compose.yml.j2 delete mode 100644 config/ansible/tasks/servers/services/syncthing/syncthing.yml diff --git a/config/ansible/tasks/servers/server.yml b/config/ansible/tasks/servers/server.yml index cf811fa..0401a94 100644 --- a/config/ansible/tasks/servers/server.yml +++ b/config/ansible/tasks/servers/server.yml @@ -33,5 +33,5 @@ enabled: true - name: uptime-kuma enabled: true - - name: syncthing + - name: resilio-sync enabled: true diff --git a/config/ansible/tasks/servers/services/resilio-sync/docker-compose.yml.j2 b/config/ansible/tasks/servers/services/resilio-sync/docker-compose.yml.j2 new file mode 100644 index 0000000..d87938b --- /dev/null +++ b/config/ansible/tasks/servers/services/resilio-sync/docker-compose.yml.j2 @@ -0,0 +1,15 @@ +services: + resilio-sync: + image: lscr.io/linuxserver/resilio-sync:latest + environment: + - PUID=1000 + - PGID=100 + - TZ=Europe/Amsterdam + volumes: + - {{ resilio_sync_data_dir }}/config:/config + - {{ resilio_sync_data_dir }}/downloads:/downloads + - {{ resilio_sync_data_dir }}/data:/sync + ports: + - 8888:8888 + - 55555:55555 + restart: unless-stopped diff --git a/config/ansible/tasks/servers/services/resilio-sync/resilio-sync.yml b/config/ansible/tasks/servers/services/resilio-sync/resilio-sync.yml new file mode 100644 index 0000000..42eddda --- /dev/null +++ b/config/ansible/tasks/servers/services/resilio-sync/resilio-sync.yml @@ -0,0 +1,28 @@ +--- +- name: Deploy Resilio Sync service + block: + - name: Set Resilio Sync directories + ansible.builtin.set_fact: + resilio_sync_service_dir: "{{ ansible_env.HOME }}/services/resilio_sync" + resilio_sync_data_dir: "/mnt/object_storage/services/resilio_sync" + + - name: Create Resilio Sync directory + ansible.builtin.file: + path: "{{ resilio_sync_service_dir }}" + state: directory + mode: "0755" + + - name: Deploy Resilio Sync docker-compose.yml + ansible.builtin.template: + src: docker-compose.yml.j2 + dest: "{{ resilio_sync_service_dir }}/docker-compose.yml" + mode: "0644" + register: resilio_sync_compose + + - name: Stop Resilio Sync service + ansible.builtin.command: docker compose -f "{{ resilio_sync_service_dir }}/docker-compose.yml" down --remove-orphans + when: resilio_sync_compose.changed + + - name: Start Resilio Sync service + ansible.builtin.command: docker compose -f "{{ resilio_sync_service_dir }}/docker-compose.yml" up -d + when: resilio_sync_compose.changed diff --git a/config/ansible/tasks/servers/services/syncthing/docker-compose.yml.j2 b/config/ansible/tasks/servers/services/syncthing/docker-compose.yml.j2 deleted file mode 100644 index 1c14339..0000000 --- a/config/ansible/tasks/servers/services/syncthing/docker-compose.yml.j2 +++ /dev/null @@ -1,28 +0,0 @@ -services: - syncthing: - image: syncthing/syncthing - environment: - - PUID=1000 - - PGID=100 - - TZ=Europe/Amsterdam - # Disable local discovery since server is not on local network - - STTRACE= - - STNODEFAULTFOLDER=true - - STNODEFAULTFOLDERROOT=true - - STNOUPGRADE=true - # Disable local discovery - - STGUIADDRESS=0.0.0.0:8384not on local network - - STLOCALANNOUNCEENABLED=false - - STGLOBALDISCOVERYENABLED=true - volumes: - - {{ syncthing_data_dir }}:/var/syncthing - ports: - - 8384:8384 # Web UI - - 22000:22000/tcp # TCP file transfers - - 22000:22000/udp # QUIC file transfers - restart: unless-stopped - healthcheck: - test: curl -fkLsS -m 2 127.0.0.1:8384/rest/noauth/health | grep -o --color=never OK || exit 1 - interval: 1m - timeout: 10s - retries: 3 diff --git a/config/ansible/tasks/servers/services/syncthing/syncthing.yml b/config/ansible/tasks/servers/services/syncthing/syncthing.yml deleted file mode 100644 index 451c84e..0000000 --- a/config/ansible/tasks/servers/services/syncthing/syncthing.yml +++ /dev/null @@ -1,28 +0,0 @@ ---- -- name: Deploy Syncthing service - block: - - name: Set Syncthing directories - ansible.builtin.set_fact: - syncthing_service_dir: "{{ ansible_env.HOME }}/services/syncthing" - syncthing_data_dir: "/mnt/object_storage/services/syncthing" - - - name: Create Syncthing directory - ansible.builtin.file: - path: "{{ syncthing_service_dir }}" - state: directory - mode: "0755" - - - name: Deploy Syncthing docker-compose.yml - ansible.builtin.template: - src: docker-compose.yml.j2 - dest: "{{ syncthing_service_dir }}/docker-compose.yml" - mode: "0644" - register: syncthing_compose - - - name: Stop Syncthing service - ansible.builtin.command: docker compose -f "{{ syncthing_service_dir }}/docker-compose.yml" down --remove-orphans - when: syncthing_compose.changed - - - name: Start Syncthing service - ansible.builtin.command: docker compose -f "{{ syncthing_service_dir }}/docker-compose.yml" up -d - when: syncthing_compose.changed From e3ce020572336608d1cf5a3c0e2c074b0b2941f6 Mon Sep 17 00:00:00 2001 From: Menno van Leeuwen Date: Mon, 17 Mar 2025 13:12:11 +0100 Subject: [PATCH 05/23] feat: replace Resilio Sync with Seafile service deployment and configuration --- config/ansible/tasks/servers/server.yml | 4 +- .../resilio-sync/docker-compose.yml.j2 | 15 ------ .../services/resilio-sync/resilio-sync.yml | 28 ----------- .../services/seafile/docker-compose.yml.j2 | 46 +++++++++++++++++++ .../servers/services/seafile/seafile.yml | 33 +++++++++++++ 5 files changed, 80 insertions(+), 46 deletions(-) delete mode 100644 config/ansible/tasks/servers/services/resilio-sync/docker-compose.yml.j2 delete mode 100644 config/ansible/tasks/servers/services/resilio-sync/resilio-sync.yml create mode 100644 config/ansible/tasks/servers/services/seafile/docker-compose.yml.j2 create mode 100644 config/ansible/tasks/servers/services/seafile/seafile.yml diff --git a/config/ansible/tasks/servers/server.yml b/config/ansible/tasks/servers/server.yml index 0401a94..cc1038b 100644 --- a/config/ansible/tasks/servers/server.yml +++ b/config/ansible/tasks/servers/server.yml @@ -29,9 +29,7 @@ enabled: false - name: jellyfin enabled: true - - name: jellyfin + - name: seafile enabled: true - name: uptime-kuma enabled: true - - name: resilio-sync - enabled: true diff --git a/config/ansible/tasks/servers/services/resilio-sync/docker-compose.yml.j2 b/config/ansible/tasks/servers/services/resilio-sync/docker-compose.yml.j2 deleted file mode 100644 index d87938b..0000000 --- a/config/ansible/tasks/servers/services/resilio-sync/docker-compose.yml.j2 +++ /dev/null @@ -1,15 +0,0 @@ -services: - resilio-sync: - image: lscr.io/linuxserver/resilio-sync:latest - environment: - - PUID=1000 - - PGID=100 - - TZ=Europe/Amsterdam - volumes: - - {{ resilio_sync_data_dir }}/config:/config - - {{ resilio_sync_data_dir }}/downloads:/downloads - - {{ resilio_sync_data_dir }}/data:/sync - ports: - - 8888:8888 - - 55555:55555 - restart: unless-stopped diff --git a/config/ansible/tasks/servers/services/resilio-sync/resilio-sync.yml b/config/ansible/tasks/servers/services/resilio-sync/resilio-sync.yml deleted file mode 100644 index 42eddda..0000000 --- a/config/ansible/tasks/servers/services/resilio-sync/resilio-sync.yml +++ /dev/null @@ -1,28 +0,0 @@ ---- -- name: Deploy Resilio Sync service - block: - - name: Set Resilio Sync directories - ansible.builtin.set_fact: - resilio_sync_service_dir: "{{ ansible_env.HOME }}/services/resilio_sync" - resilio_sync_data_dir: "/mnt/object_storage/services/resilio_sync" - - - name: Create Resilio Sync directory - ansible.builtin.file: - path: "{{ resilio_sync_service_dir }}" - state: directory - mode: "0755" - - - name: Deploy Resilio Sync docker-compose.yml - ansible.builtin.template: - src: docker-compose.yml.j2 - dest: "{{ resilio_sync_service_dir }}/docker-compose.yml" - mode: "0644" - register: resilio_sync_compose - - - name: Stop Resilio Sync service - ansible.builtin.command: docker compose -f "{{ resilio_sync_service_dir }}/docker-compose.yml" down --remove-orphans - when: resilio_sync_compose.changed - - - name: Start Resilio Sync service - ansible.builtin.command: docker compose -f "{{ resilio_sync_service_dir }}/docker-compose.yml" up -d - when: resilio_sync_compose.changed diff --git a/config/ansible/tasks/servers/services/seafile/docker-compose.yml.j2 b/config/ansible/tasks/servers/services/seafile/docker-compose.yml.j2 new file mode 100644 index 0000000..181630d --- /dev/null +++ b/config/ansible/tasks/servers/services/seafile/docker-compose.yml.j2 @@ -0,0 +1,46 @@ +services: + db: + image: mariadb:10.11 + container_name: seafile-mysql + environment: + - MYSQL_ROOT_PASSWORD={{ lookup('community.general.onepassword', 'bbzudwdo3byqs4pscd2wy7qsn4', vault='j7nmhqlsjmp2r6umly5t75hzb4', field='MYSQL_ROOT_PASSWORD') }} + - MYSQL_LOG_CONSOLE=true + - MARIADB_AUTO_UPGRADE=1 + volumes: + - {{ seafile_data_dir }}/db:/var/lib/mysql + networks: + - seafile-net + + memcached: + image: memcached:1.6.18 + container_name: seafile-memcached + entrypoint: memcached -m 256 + networks: + - seafile-net + + seafile: + image: seafileltd/seafile-mc:11.0-latest + ports: + - "8001:80" + volumes: + - {{ seafile_data_dir }}/shared:/shared + environment: + - DB_HOST=db + - DB_ROOT_PASSWD={{ lookup('community.general.onepassword', 'bbzudwdo3byqs4pscd2wy7qsn4', vault='j7nmhqlsjmp2r6umly5t75hzb4', field='MYSQL_ROOT_PASSWORD') }} + - TIME_ZONE=Europe/Amsterdam + - SEAFILE_ADMIN_EMAIL=menno@vleeuwen.me + - SEAFILE_ADMIN_PASSWORD=ohKp7nh6mPJJRHkt3Hhy + - SEAFILE_SERVER_LETSENCRYPT=false + - SEAFILE_SERVER_HOSTNAME=sf.mvl.sh:8001 + depends_on: + - db + - memcached + networks: + - seafile-net + - caddy_network + +networks: + caddy_network: + external: true + name: caddy_default + diff --git a/config/ansible/tasks/servers/services/seafile/seafile.yml b/config/ansible/tasks/servers/services/seafile/seafile.yml new file mode 100644 index 0000000..66201a5 --- /dev/null +++ b/config/ansible/tasks/servers/services/seafile/seafile.yml @@ -0,0 +1,33 @@ +--- +- name: Deploy Seafile service + block: + - name: Set Seafile directories + ansible.builtin.set_fact: + seafile_data_dir: "/mnt/object_storage/services/seafile" + seafile_service_dir: "{{ ansible_env.HOME }}/services/seafile" + + - name: Create Seafile directories + ansible.builtin.file: + path: "{{ seafile_dir }}" + state: directory + mode: "0755" + loop: + - "{{ seafile_data_dir }}" + - "{{ seafile_service_dir }}" + loop_control: + loop_var: seafile_dir + + - name: Deploy Seafile docker-compose.yml + ansible.builtin.template: + src: docker-compose.yml.j2 + dest: "{{ seafile_service_dir }}/docker-compose.yml" + mode: "0644" + register: seafile_compose + + - name: Stop Seafile service + ansible.builtin.command: docker compose -f "{{ seafile_service_dir }}/docker-compose.yml" down --remove-orphans + when: seafile_compose.changed or seafile_act_runner_config.changed + + - name: Start Seafile service + ansible.builtin.command: docker compose -f "{{ seafile_service_dir }}/docker-compose.yml" up -d + when: seafile_compose.changed or seafile_act_runner_config.changed From e1dec2213655cfb131c0969ace96fe06641bdbc9 Mon Sep 17 00:00:00 2001 From: Menno van Leeuwen Date: Mon, 17 Mar 2025 13:14:17 +0100 Subject: [PATCH 06/23] feat: update Seafile admin password retrieval method in docker-compose template --- .../tasks/servers/services/seafile/docker-compose.yml.j2 | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/config/ansible/tasks/servers/services/seafile/docker-compose.yml.j2 b/config/ansible/tasks/servers/services/seafile/docker-compose.yml.j2 index 181630d..c5cb8c1 100644 --- a/config/ansible/tasks/servers/services/seafile/docker-compose.yml.j2 +++ b/config/ansible/tasks/servers/services/seafile/docker-compose.yml.j2 @@ -29,7 +29,7 @@ services: - DB_ROOT_PASSWD={{ lookup('community.general.onepassword', 'bbzudwdo3byqs4pscd2wy7qsn4', vault='j7nmhqlsjmp2r6umly5t75hzb4', field='MYSQL_ROOT_PASSWORD') }} - TIME_ZONE=Europe/Amsterdam - SEAFILE_ADMIN_EMAIL=menno@vleeuwen.me - - SEAFILE_ADMIN_PASSWORD=ohKp7nh6mPJJRHkt3Hhy + - SEAFILE_ADMIN_PASSWORD={{ lookup('community.general.onepassword', 'bbzudwdo3byqs4pscd2wy7qsn4', vault='j7nmhqlsjmp2r6umly5t75hzb4', field='password') }} - SEAFILE_SERVER_LETSENCRYPT=false - SEAFILE_SERVER_HOSTNAME=sf.mvl.sh:8001 depends_on: @@ -40,6 +40,7 @@ services: - caddy_network networks: + seafile-net: caddy_network: external: true name: caddy_default From 9386a6d00cdeab2c4b32256e0e0876741adfdf7e Mon Sep 17 00:00:00 2001 From: Menno van Leeuwen Date: Mon, 17 Mar 2025 13:41:22 +0100 Subject: [PATCH 07/23] feat: add Seafile service deployment and configuration with Caddy integration --- .../tasks/servers/services/caddy/Caddyfile.j2 | 5 ++ .../tasks/servers/services/seafile/.env.j2 | 29 +++++++++ .../servers/services/seafile/caddy.yml.j2 | 26 ++++++++ .../services/seafile/docker-compose.yml.j2 | 63 ++++++++++++------- .../servers/services/seafile/seadoc.yml.j2 | 24 +++++++ .../servers/services/seafile/seafile.yml | 59 +++++++++++++++-- 6 files changed, 179 insertions(+), 27 deletions(-) create mode 100644 config/ansible/tasks/servers/services/seafile/.env.j2 create mode 100644 config/ansible/tasks/servers/services/seafile/caddy.yml.j2 create mode 100644 config/ansible/tasks/servers/services/seafile/seadoc.yml.j2 diff --git a/config/ansible/tasks/servers/services/caddy/Caddyfile.j2 b/config/ansible/tasks/servers/services/caddy/Caddyfile.j2 index 08cb303..b6480ba 100644 --- a/config/ansible/tasks/servers/services/caddy/Caddyfile.j2 +++ b/config/ansible/tasks/servers/services/caddy/Caddyfile.j2 @@ -22,3 +22,8 @@ status.vleeuwen.me status.mvl.sh { reverse_proxy uptime-kuma:3001 tls {{ caddy_email }} } + +sf.vleeuwen.me sf.mvl.sh { + reverse_proxy seafile:80 + tls {{ caddy_email }} +} diff --git a/config/ansible/tasks/servers/services/seafile/.env.j2 b/config/ansible/tasks/servers/services/seafile/.env.j2 new file mode 100644 index 0000000..b94983a --- /dev/null +++ b/config/ansible/tasks/servers/services/seafile/.env.j2 @@ -0,0 +1,29 @@ +SEAFILE_IMAGE={{ seafile_image | default('seafileltd/seafile-mc:12.0-latest') }} +SEAFILE_DB_IMAGE={{ seafile_db_image | default('mariadb:10.11') }} +SEAFILE_MEMCACHED_IMAGE={{ seafile_memcached_image | default('memcached:1.6.29') }} + +SEAFILE_VOLUME={{ seafile_volume | default('/opt/seafile-data') }} +SEAFILE_MYSQL_VOLUME={{ seafile_mysql_volume | default('/opt/seafile-mysql/db') }} + +SEAFILE_MYSQL_DB_HOST={{ seafile_mysql_db_host | default('db') }} +INIT_SEAFILE_MYSQL_ROOT_PASSWORD={{ seafile_mysql_root_password | default('ROOT_PASSWORD') }} +SEAFILE_MYSQL_DB_USER={{ seafile_mysql_db_user | default('seafile') }} +SEAFILE_MYSQL_DB_PASSWORD={{ seafile_mysql_db_password | default('PASSWORD') }} + +TIME_ZONE={{ time_zone | default('Europe/Amsterdam') }} + +JWT_PRIVATE_KEY={{ jwt_private_key | default('') }} + +SEAFILE_SERVER_HOSTNAME={{ seafile_server_hostname | default('sf.mvl.sh') }} +SEAFILE_SERVER_PROTOCOL={{ seafile_server_protocol | default('http') }} + +INIT_SEAFILE_ADMIN_EMAIL={{ seafile_admin_email | default('menno@vleeuwen.me') }} +INIT_SEAFILE_ADMIN_PASSWORD={{ seafile_admin_password | default('WIP123') }} + +SEADOC_IMAGE={{ seadoc_image | default('seafileltd/sdoc-server:1.0-latest') }} +SEADOC_VOLUME={{ seadoc_volume | default('/opt/seadoc-data') }} + +ENABLE_SEADOC={{ enable_seadoc | default('true') }} + +NOTIFICATION_SERVER_IMAGE={{ notification_server_image | default('seafileltd/notification-server:12.0-latest') }} +NOTIFICATION_SERVER_VOLUME={{ notification_server_volume | default('/opt/notification-data') }} diff --git a/config/ansible/tasks/servers/services/seafile/caddy.yml.j2 b/config/ansible/tasks/servers/services/seafile/caddy.yml.j2 new file mode 100644 index 0000000..2321ed1 --- /dev/null +++ b/config/ansible/tasks/servers/services/seafile/caddy.yml.j2 @@ -0,0 +1,26 @@ +services: + + caddy: + image: ${SEAFILE_CADDY_IMAGE:-lucaslorentz/caddy-docker-proxy:2.9-alpine} + restart: unless-stopped + container_name: seafile-caddy + ports: + - 80:80 + - 443:443 + environment: + - CADDY_INGRESS_NETWORKS=seafile-net + volumes: + - /var/run/docker.sock:/var/run/docker.sock + - ${SEAFILE_CADDY_VOLUME:-/opt/seafile-caddy}:/data/caddy + networks: + - seafile-net + healthcheck: + test: ["CMD-SHELL", "curl --fail http://localhost:2019/metrics || exit 1"] + start_period: 20s + interval: 20s + timeout: 5s + retries: 3 + +networks: + seafile-net: + name: seafile-net diff --git a/config/ansible/tasks/servers/services/seafile/docker-compose.yml.j2 b/config/ansible/tasks/servers/services/seafile/docker-compose.yml.j2 index c5cb8c1..c3b7a00 100644 --- a/config/ansible/tasks/servers/services/seafile/docker-compose.yml.j2 +++ b/config/ansible/tasks/servers/services/seafile/docker-compose.yml.j2 @@ -1,47 +1,68 @@ +version: '3.8' + services: db: - image: mariadb:10.11 + image: ${SEAFILE_DB_IMAGE} container_name: seafile-mysql environment: - - MYSQL_ROOT_PASSWORD={{ lookup('community.general.onepassword', 'bbzudwdo3byqs4pscd2wy7qsn4', vault='j7nmhqlsjmp2r6umly5t75hzb4', field='MYSQL_ROOT_PASSWORD') }} + - MYSQL_ROOT_PASSWORD=${INIT_SEAFILE_MYSQL_ROOT_PASSWORD} - MYSQL_LOG_CONSOLE=true - - MARIADB_AUTO_UPGRADE=1 volumes: - - {{ seafile_data_dir }}/db:/var/lib/mysql + - ${SEAFILE_MYSQL_VOLUME}:/var/lib/mysql networks: - seafile-net + - caddy_default + restart: unless-stopped memcached: - image: memcached:1.6.18 + image: ${SEAFILE_MEMCACHED_IMAGE} container_name: seafile-memcached entrypoint: memcached -m 256 networks: - seafile-net - + restart: unless-stopped + seafile: - image: seafileltd/seafile-mc:11.0-latest - ports: - - "8001:80" - volumes: - - {{ seafile_data_dir }}/shared:/shared + image: ${SEAFILE_IMAGE} + container_name: seafile environment: - - DB_HOST=db - - DB_ROOT_PASSWD={{ lookup('community.general.onepassword', 'bbzudwdo3byqs4pscd2wy7qsn4', vault='j7nmhqlsjmp2r6umly5t75hzb4', field='MYSQL_ROOT_PASSWORD') }} - - TIME_ZONE=Europe/Amsterdam - - SEAFILE_ADMIN_EMAIL=menno@vleeuwen.me - - SEAFILE_ADMIN_PASSWORD={{ lookup('community.general.onepassword', 'bbzudwdo3byqs4pscd2wy7qsn4', vault='j7nmhqlsjmp2r6umly5t75hzb4', field='password') }} + - DB_HOST=${SEAFILE_MYSQL_DB_HOST} + - DB_ROOT_PASSWD=${INIT_SEAFILE_MYSQL_ROOT_PASSWORD} + - TIME_ZONE=${TIME_ZONE} + - SEAFILE_ADMIN_EMAIL=${INIT_SEAFILE_ADMIN_EMAIL} + - SEAFILE_ADMIN_PASSWORD=${INIT_SEAFILE_ADMIN_PASSWORD} + - SEAFILE_SERVER_HOSTNAME=${SEAFILE_SERVER_HOSTNAME} - SEAFILE_SERVER_LETSENCRYPT=false - - SEAFILE_SERVER_HOSTNAME=sf.mvl.sh:8001 + - SEADRIVE_SERVER_LETSENCRYPT=false + - SEAFILE_SERVER_PROTOCOL=${SEAFILE_SERVER_PROTOCOL} + volumes: + - ${SEAFILE_VOLUME}:/shared + networks: + - seafile-net + - caddy_default + restart: unless-stopped depends_on: - db - memcached + + notification-server: + image: ${NOTIFICATION_SERVER_IMAGE} + container_name: notification-server + environment: + - DB_HOST=${SEAFILE_MYSQL_DB_HOST} + - DB_ROOT_PASSWD=${INIT_SEAFILE_MYSQL_ROOT_PASSWORD} + - TIME_ZONE=${TIME_ZONE} + volumes: + - ${NOTIFICATION_SERVER_VOLUME}:/shared + - ${SEAFILE_VOLUME}:/shared/seafile networks: - seafile-net - - caddy_network + depends_on: + - db + - seafile + restart: unless-stopped networks: seafile-net: - caddy_network: + caddy_default: external: true - name: caddy_default - diff --git a/config/ansible/tasks/servers/services/seafile/seadoc.yml.j2 b/config/ansible/tasks/servers/services/seafile/seadoc.yml.j2 new file mode 100644 index 0000000..129d735 --- /dev/null +++ b/config/ansible/tasks/servers/services/seafile/seadoc.yml.j2 @@ -0,0 +1,24 @@ +version: '3.8' + +services: + seadoc-server: + image: ${SEADOC_IMAGE} + container_name: seadoc-server + environment: + - DB_HOST=${SEAFILE_MYSQL_DB_HOST} + - DB_ROOT_PASSWD=${INIT_SEAFILE_MYSQL_ROOT_PASSWORD} + - TIME_ZONE=${TIME_ZONE} + - JWT_PRIVATE_KEY=${JWT_PRIVATE_KEY} + volumes: + - ${SEADOC_VOLUME}:/shared + - ${SEAFILE_VOLUME}:/shared/seafile + networks: + - seafile-net + depends_on: + - db + - seafile + restart: unless-stopped + +networks: + seafile-net: + name: seafile-net diff --git a/config/ansible/tasks/servers/services/seafile/seafile.yml b/config/ansible/tasks/servers/services/seafile/seafile.yml index 66201a5..98aa783 100644 --- a/config/ansible/tasks/servers/services/seafile/seafile.yml +++ b/config/ansible/tasks/servers/services/seafile/seafile.yml @@ -6,6 +6,40 @@ seafile_data_dir: "/mnt/object_storage/services/seafile" seafile_service_dir: "{{ ansible_env.HOME }}/services/seafile" + - name: Set Seafile configuration variables + ansible.builtin.set_fact: + # Docker images + seafile_image: "seafileltd/seafile-mc:12.0-latest" + seafile_db_image: "mariadb:10.11" + seafile_memcached_image: "memcached:1.6.29" + seadoc_image: "seafileltd/sdoc-server:1.0-latest" + notification_server_image: "seafileltd/notification-server:12.0-latest" + + # Volume paths + seafile_volume: "{{ seafile_data_dir }}/seafile-data" + seafile_mysql_volume: "{{ seafile_data_dir }}/seafile-mysql/db" + seadoc_volume: "{{ seafile_data_dir }}/seadoc-data" + notification_server_volume: "{{ seafile_data_dir }}/notification-data" + + # Database settings + seafile_mysql_db_host: "db" + seafile_mysql_root_password: "{{ lookup('community.general.onepassword', 'bbzudwdo3byqs4pscd2wy7qsn4', vault='j7nmhqlsjmp2r6umly5t75hzb4', field='MYSQL_ROOT_PASSWORD') }}" + seafile_mysql_db_user: "seafile" + seafile_mysql_db_password: "{{ lookup('community.general.onepassword', 'bbzudwdo3byqs4pscd2wy7qsn4', vault='j7nmhqlsjmp2r6umly5t75hzb4', field='MYSQL_PASSWORD') }}" + + # Server settings + time_zone: "Europe/Amsterdam" + jwt_private_key: "{{ lookup('community.general.onepassword', 'bbzudwdo3byqs4pscd2wy7qsn4', vault='j7nmhqlsjmp2r6umly5t75hzb4', field='jwt_private_key') }}" + seafile_server_hostname: "sf.mvl.sh" + seafile_server_protocol: "https" + + # Admin credentials + seafile_admin_email: "menno@vleeuwen.me" + seafile_admin_password: "{{ lookup('community.general.onepassword', 'bbzudwdo3byqs4pscd2wy7qsn4', vault='j7nmhqlsjmp2r6umly5t75hzb4', field='password') }}" + + # Features + enable_seadoc: "true" + - name: Create Seafile directories ansible.builtin.file: path: "{{ seafile_dir }}" @@ -17,17 +51,30 @@ loop_control: loop_var: seafile_dir - - name: Deploy Seafile docker-compose.yml + - name: Deploy Seafile configuration files ansible.builtin.template: - src: docker-compose.yml.j2 - dest: "{{ seafile_service_dir }}/docker-compose.yml" + src: "{{ item }}" + dest: "{{ seafile_service_dir }}/{{ item | replace('.j2', '') }}" mode: "0644" - register: seafile_compose + loop: + - docker-compose.yml.j2 + - seadoc.yml.j2 + - .env.j2 + register: seafile_configs + - name: Ensure containers are on the caddy network + ansible.builtin.command: docker network connect caddy_default seafile + register: connect_network + changed_when: connect_network.rc == 0 + failed_when: + - connect_network.rc != 0 + - "'already exists' not in connect_network.stderr" + when: seafile_configs.changed + - name: Stop Seafile service ansible.builtin.command: docker compose -f "{{ seafile_service_dir }}/docker-compose.yml" down --remove-orphans - when: seafile_compose.changed or seafile_act_runner_config.changed + when: seafile_configs.changed - name: Start Seafile service ansible.builtin.command: docker compose -f "{{ seafile_service_dir }}/docker-compose.yml" up -d - when: seafile_compose.changed or seafile_act_runner_config.changed + when: seafile_configs.changed From d96ba3152433d605f1bb0dfd64c54c93de9b39cc Mon Sep 17 00:00:00 2001 From: Menno van Leeuwen Date: Mon, 17 Mar 2025 13:43:19 +0100 Subject: [PATCH 08/23] feat: remove Caddy and Seadoc service configurations from Seafile deployment --- .../servers/services/seafile/caddy.yml.j2 | 26 ------------------- .../services/seafile/docker-compose.yml.j2 | 20 ++++++++++++-- .../servers/services/seafile/seadoc.yml.j2 | 24 ----------------- .../servers/services/seafile/seafile.yml | 3 +-- 4 files changed, 19 insertions(+), 54 deletions(-) delete mode 100644 config/ansible/tasks/servers/services/seafile/caddy.yml.j2 delete mode 100644 config/ansible/tasks/servers/services/seafile/seadoc.yml.j2 diff --git a/config/ansible/tasks/servers/services/seafile/caddy.yml.j2 b/config/ansible/tasks/servers/services/seafile/caddy.yml.j2 deleted file mode 100644 index 2321ed1..0000000 --- a/config/ansible/tasks/servers/services/seafile/caddy.yml.j2 +++ /dev/null @@ -1,26 +0,0 @@ -services: - - caddy: - image: ${SEAFILE_CADDY_IMAGE:-lucaslorentz/caddy-docker-proxy:2.9-alpine} - restart: unless-stopped - container_name: seafile-caddy - ports: - - 80:80 - - 443:443 - environment: - - CADDY_INGRESS_NETWORKS=seafile-net - volumes: - - /var/run/docker.sock:/var/run/docker.sock - - ${SEAFILE_CADDY_VOLUME:-/opt/seafile-caddy}:/data/caddy - networks: - - seafile-net - healthcheck: - test: ["CMD-SHELL", "curl --fail http://localhost:2019/metrics || exit 1"] - start_period: 20s - interval: 20s - timeout: 5s - retries: 3 - -networks: - seafile-net: - name: seafile-net diff --git a/config/ansible/tasks/servers/services/seafile/docker-compose.yml.j2 b/config/ansible/tasks/servers/services/seafile/docker-compose.yml.j2 index c3b7a00..0f465e9 100644 --- a/config/ansible/tasks/servers/services/seafile/docker-compose.yml.j2 +++ b/config/ansible/tasks/servers/services/seafile/docker-compose.yml.j2 @@ -1,5 +1,3 @@ -version: '3.8' - services: db: image: ${SEAFILE_DB_IMAGE} @@ -62,6 +60,24 @@ services: - seafile restart: unless-stopped + seadoc-server: + image: ${SEADOC_IMAGE} + container_name: seadoc-server + environment: + - DB_HOST=${SEAFILE_MYSQL_DB_HOST} + - DB_ROOT_PASSWD=${INIT_SEAFILE_MYSQL_ROOT_PASSWORD} + - TIME_ZONE=${TIME_ZONE} + - JWT_PRIVATE_KEY=${JWT_PRIVATE_KEY} + volumes: + - ${SEADOC_VOLUME}:/shared + - ${SEAFILE_VOLUME}:/shared/seafile + networks: + - seafile-net + depends_on: + - db + - seafile + restart: unless-stopped + networks: seafile-net: caddy_default: diff --git a/config/ansible/tasks/servers/services/seafile/seadoc.yml.j2 b/config/ansible/tasks/servers/services/seafile/seadoc.yml.j2 deleted file mode 100644 index 129d735..0000000 --- a/config/ansible/tasks/servers/services/seafile/seadoc.yml.j2 +++ /dev/null @@ -1,24 +0,0 @@ -version: '3.8' - -services: - seadoc-server: - image: ${SEADOC_IMAGE} - container_name: seadoc-server - environment: - - DB_HOST=${SEAFILE_MYSQL_DB_HOST} - - DB_ROOT_PASSWD=${INIT_SEAFILE_MYSQL_ROOT_PASSWORD} - - TIME_ZONE=${TIME_ZONE} - - JWT_PRIVATE_KEY=${JWT_PRIVATE_KEY} - volumes: - - ${SEADOC_VOLUME}:/shared - - ${SEAFILE_VOLUME}:/shared/seafile - networks: - - seafile-net - depends_on: - - db - - seafile - restart: unless-stopped - -networks: - seafile-net: - name: seafile-net diff --git a/config/ansible/tasks/servers/services/seafile/seafile.yml b/config/ansible/tasks/servers/services/seafile/seafile.yml index 98aa783..fc5a781 100644 --- a/config/ansible/tasks/servers/services/seafile/seafile.yml +++ b/config/ansible/tasks/servers/services/seafile/seafile.yml @@ -58,7 +58,6 @@ mode: "0644" loop: - docker-compose.yml.j2 - - seadoc.yml.j2 - .env.j2 register: seafile_configs @@ -70,7 +69,7 @@ - connect_network.rc != 0 - "'already exists' not in connect_network.stderr" when: seafile_configs.changed - + - name: Stop Seafile service ansible.builtin.command: docker compose -f "{{ seafile_service_dir }}/docker-compose.yml" down --remove-orphans when: seafile_configs.changed From 15117e23565d4d8fa07081903e427b6158def6bc Mon Sep 17 00:00:00 2001 From: Menno van Leeuwen Date: Mon, 17 Mar 2025 13:46:08 +0100 Subject: [PATCH 09/23] feat: update Caddy network configuration in Seafile docker-compose template --- .../tasks/servers/services/seafile/docker-compose.yml.j2 | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/config/ansible/tasks/servers/services/seafile/docker-compose.yml.j2 b/config/ansible/tasks/servers/services/seafile/docker-compose.yml.j2 index 0f465e9..7a23f73 100644 --- a/config/ansible/tasks/servers/services/seafile/docker-compose.yml.j2 +++ b/config/ansible/tasks/servers/services/seafile/docker-compose.yml.j2 @@ -80,5 +80,6 @@ services: networks: seafile-net: - caddy_default: + caddy_network: external: true + name: caddy_default From 3a5056aa003145b663300c82c5df8ea28806ac45 Mon Sep 17 00:00:00 2001 From: Menno van Leeuwen Date: Mon, 17 Mar 2025 13:46:45 +0100 Subject: [PATCH 10/23] feat: remove Caddy network connection task from Seafile Ansible playbook --- .../ansible/tasks/servers/services/seafile/seafile.yml | 9 --------- 1 file changed, 9 deletions(-) diff --git a/config/ansible/tasks/servers/services/seafile/seafile.yml b/config/ansible/tasks/servers/services/seafile/seafile.yml index fc5a781..8b13753 100644 --- a/config/ansible/tasks/servers/services/seafile/seafile.yml +++ b/config/ansible/tasks/servers/services/seafile/seafile.yml @@ -61,15 +61,6 @@ - .env.j2 register: seafile_configs - - name: Ensure containers are on the caddy network - ansible.builtin.command: docker network connect caddy_default seafile - register: connect_network - changed_when: connect_network.rc == 0 - failed_when: - - connect_network.rc != 0 - - "'already exists' not in connect_network.stderr" - when: seafile_configs.changed - - name: Stop Seafile service ansible.builtin.command: docker compose -f "{{ seafile_service_dir }}/docker-compose.yml" down --remove-orphans when: seafile_configs.changed From afd1e2d8a2df177cecb7852048b70d93a2ca2262 Mon Sep 17 00:00:00 2001 From: Menno van Leeuwen Date: Mon, 17 Mar 2025 13:47:38 +0100 Subject: [PATCH 11/23] feat: update Caddy network configuration in Seafile docker-compose template --- .../tasks/servers/services/seafile/docker-compose.yml.j2 | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/config/ansible/tasks/servers/services/seafile/docker-compose.yml.j2 b/config/ansible/tasks/servers/services/seafile/docker-compose.yml.j2 index 7a23f73..76f6a35 100644 --- a/config/ansible/tasks/servers/services/seafile/docker-compose.yml.j2 +++ b/config/ansible/tasks/servers/services/seafile/docker-compose.yml.j2 @@ -9,7 +9,6 @@ services: - ${SEAFILE_MYSQL_VOLUME}:/var/lib/mysql networks: - seafile-net - - caddy_default restart: unless-stopped memcached: @@ -37,7 +36,7 @@ services: - ${SEAFILE_VOLUME}:/shared networks: - seafile-net - - caddy_default + - caddy_network restart: unless-stopped depends_on: - db @@ -55,6 +54,7 @@ services: - ${SEAFILE_VOLUME}:/shared/seafile networks: - seafile-net + - caddy_network depends_on: - db - seafile @@ -73,6 +73,7 @@ services: - ${SEAFILE_VOLUME}:/shared/seafile networks: - seafile-net + - caddy_network depends_on: - db - seafile From 03734652cf595e8db407ad676bd88dd1a204572e Mon Sep 17 00:00:00 2001 From: Menno van Leeuwen Date: Mon, 17 Mar 2025 14:01:34 +0100 Subject: [PATCH 12/23] feat: add port mappings and log volume paths for Seafile service in Docker configuration --- .../tasks/servers/services/seafile/docker-compose.yml.j2 | 4 ++++ config/ansible/tasks/servers/services/seafile/seafile.yml | 3 +++ 2 files changed, 7 insertions(+) diff --git a/config/ansible/tasks/servers/services/seafile/docker-compose.yml.j2 b/config/ansible/tasks/servers/services/seafile/docker-compose.yml.j2 index 76f6a35..a5041fb 100644 --- a/config/ansible/tasks/servers/services/seafile/docker-compose.yml.j2 +++ b/config/ansible/tasks/servers/services/seafile/docker-compose.yml.j2 @@ -37,6 +37,10 @@ services: networks: - seafile-net - caddy_network + ports: + - 8001:80 + - 8082:8082 + - 8000:8000 restart: unless-stopped depends_on: - db diff --git a/config/ansible/tasks/servers/services/seafile/seafile.yml b/config/ansible/tasks/servers/services/seafile/seafile.yml index 8b13753..0431cfe 100644 --- a/config/ansible/tasks/servers/services/seafile/seafile.yml +++ b/config/ansible/tasks/servers/services/seafile/seafile.yml @@ -48,6 +48,9 @@ loop: - "{{ seafile_data_dir }}" - "{{ seafile_service_dir }}" + - "{{ notification_server_volume }}/logs" + - "{{ seafile_volume }}/logs" + - "{{ seadoc_volume }}/logs" loop_control: loop_var: seafile_dir From bea77808d93156b3266b75789bf9a7118395b9fc Mon Sep 17 00:00:00 2001 From: Menno van Leeuwen Date: Mon, 17 Mar 2025 14:06:54 +0100 Subject: [PATCH 13/23] feat: add env_file configuration for Seafile service in Docker Compose --- .../tasks/servers/services/seafile/docker-compose.yml.j2 | 2 ++ 1 file changed, 2 insertions(+) diff --git a/config/ansible/tasks/servers/services/seafile/docker-compose.yml.j2 b/config/ansible/tasks/servers/services/seafile/docker-compose.yml.j2 index a5041fb..10778bb 100644 --- a/config/ansible/tasks/servers/services/seafile/docker-compose.yml.j2 +++ b/config/ansible/tasks/servers/services/seafile/docker-compose.yml.j2 @@ -34,6 +34,8 @@ services: - SEAFILE_SERVER_PROTOCOL=${SEAFILE_SERVER_PROTOCOL} volumes: - ${SEAFILE_VOLUME}:/shared + env_file: + - {{seafile_service_dir }}/.env networks: - seafile-net - caddy_network From 2d0d8e2dc6c44a57f4814b01084be98075739742 Mon Sep 17 00:00:00 2001 From: Menno van Leeuwen Date: Mon, 17 Mar 2025 14:07:45 +0100 Subject: [PATCH 14/23] feat: add env_file configuration for Seafile services in Docker Compose --- .../tasks/servers/services/seafile/docker-compose.yml.j2 | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/config/ansible/tasks/servers/services/seafile/docker-compose.yml.j2 b/config/ansible/tasks/servers/services/seafile/docker-compose.yml.j2 index 10778bb..e8873b1 100644 --- a/config/ansible/tasks/servers/services/seafile/docker-compose.yml.j2 +++ b/config/ansible/tasks/servers/services/seafile/docker-compose.yml.j2 @@ -7,6 +7,8 @@ services: - MYSQL_LOG_CONSOLE=true volumes: - ${SEAFILE_MYSQL_VOLUME}:/var/lib/mysql + env_file: + - {{seafile_service_dir }}/.env networks: - seafile-net restart: unless-stopped @@ -55,6 +57,8 @@ services: - DB_HOST=${SEAFILE_MYSQL_DB_HOST} - DB_ROOT_PASSWD=${INIT_SEAFILE_MYSQL_ROOT_PASSWORD} - TIME_ZONE=${TIME_ZONE} + env_file: + - {{seafile_service_dir }}/.env volumes: - ${NOTIFICATION_SERVER_VOLUME}:/shared - ${SEAFILE_VOLUME}:/shared/seafile @@ -77,6 +81,8 @@ services: volumes: - ${SEADOC_VOLUME}:/shared - ${SEAFILE_VOLUME}:/shared/seafile + env_file: + - {{seafile_service_dir }}/.env networks: - seafile-net - caddy_network From ff6acb038ebaa99b27f28834ad4a301a80287b06 Mon Sep 17 00:00:00 2001 From: Menno van Leeuwen Date: Mon, 17 Mar 2025 14:19:30 +0100 Subject: [PATCH 15/23] feat: remove .env.j2 file and update docker-compose.yml.j2 to use inline environment variables --- .../tasks/servers/services/seafile/.env.j2 | 29 -------- .../services/seafile/docker-compose.yml.j2 | 67 +++++++++---------- .../servers/services/seafile/seafile.yml | 7 +- 3 files changed, 34 insertions(+), 69 deletions(-) delete mode 100644 config/ansible/tasks/servers/services/seafile/.env.j2 diff --git a/config/ansible/tasks/servers/services/seafile/.env.j2 b/config/ansible/tasks/servers/services/seafile/.env.j2 deleted file mode 100644 index b94983a..0000000 --- a/config/ansible/tasks/servers/services/seafile/.env.j2 +++ /dev/null @@ -1,29 +0,0 @@ -SEAFILE_IMAGE={{ seafile_image | default('seafileltd/seafile-mc:12.0-latest') }} -SEAFILE_DB_IMAGE={{ seafile_db_image | default('mariadb:10.11') }} -SEAFILE_MEMCACHED_IMAGE={{ seafile_memcached_image | default('memcached:1.6.29') }} - -SEAFILE_VOLUME={{ seafile_volume | default('/opt/seafile-data') }} -SEAFILE_MYSQL_VOLUME={{ seafile_mysql_volume | default('/opt/seafile-mysql/db') }} - -SEAFILE_MYSQL_DB_HOST={{ seafile_mysql_db_host | default('db') }} -INIT_SEAFILE_MYSQL_ROOT_PASSWORD={{ seafile_mysql_root_password | default('ROOT_PASSWORD') }} -SEAFILE_MYSQL_DB_USER={{ seafile_mysql_db_user | default('seafile') }} -SEAFILE_MYSQL_DB_PASSWORD={{ seafile_mysql_db_password | default('PASSWORD') }} - -TIME_ZONE={{ time_zone | default('Europe/Amsterdam') }} - -JWT_PRIVATE_KEY={{ jwt_private_key | default('') }} - -SEAFILE_SERVER_HOSTNAME={{ seafile_server_hostname | default('sf.mvl.sh') }} -SEAFILE_SERVER_PROTOCOL={{ seafile_server_protocol | default('http') }} - -INIT_SEAFILE_ADMIN_EMAIL={{ seafile_admin_email | default('menno@vleeuwen.me') }} -INIT_SEAFILE_ADMIN_PASSWORD={{ seafile_admin_password | default('WIP123') }} - -SEADOC_IMAGE={{ seadoc_image | default('seafileltd/sdoc-server:1.0-latest') }} -SEADOC_VOLUME={{ seadoc_volume | default('/opt/seadoc-data') }} - -ENABLE_SEADOC={{ enable_seadoc | default('true') }} - -NOTIFICATION_SERVER_IMAGE={{ notification_server_image | default('seafileltd/notification-server:12.0-latest') }} -NOTIFICATION_SERVER_VOLUME={{ notification_server_volume | default('/opt/notification-data') }} diff --git a/config/ansible/tasks/servers/services/seafile/docker-compose.yml.j2 b/config/ansible/tasks/servers/services/seafile/docker-compose.yml.j2 index e8873b1..af8b72b 100644 --- a/config/ansible/tasks/servers/services/seafile/docker-compose.yml.j2 +++ b/config/ansible/tasks/servers/services/seafile/docker-compose.yml.j2 @@ -1,20 +1,20 @@ services: db: - image: ${SEAFILE_DB_IMAGE} + image: {{ seafile_db_image | default('mariadb:10.11') }} container_name: seafile-mysql environment: - - MYSQL_ROOT_PASSWORD=${INIT_SEAFILE_MYSQL_ROOT_PASSWORD} - - MYSQL_LOG_CONSOLE=true + MYSQL_ROOT_PASSWORD: {{ seafile_mysql_root_password | default('ROOT_PASSWORD') }} + MYSQL_USER: {{ seafile_mysql_db_user | default('seafile') }} + MYSQL_PASSWORD: {{ seafile_mysql_db_password | default('PASSWORD') }} + MYSQL_DATABASE: {{ seafile_mysql_db_name | default('seafile') }} volumes: - - ${SEAFILE_MYSQL_VOLUME}:/var/lib/mysql - env_file: - - {{seafile_service_dir }}/.env + - {{ seafile_mysql_volume | default('/opt/seafile-mysql/db') }}:/var/lib/mysql networks: - seafile-net restart: unless-stopped memcached: - image: ${SEAFILE_MEMCACHED_IMAGE} + image: {{ seafile_memcached_image | default('memcached:1.6.29') }} container_name: seafile-memcached entrypoint: memcached -m 256 networks: @@ -22,22 +22,20 @@ services: restart: unless-stopped seafile: - image: ${SEAFILE_IMAGE} + image: {{ seafile_image | default('seafileltd/seafile-mc:12.0-latest') }} container_name: seafile environment: - - DB_HOST=${SEAFILE_MYSQL_DB_HOST} - - DB_ROOT_PASSWD=${INIT_SEAFILE_MYSQL_ROOT_PASSWORD} - - TIME_ZONE=${TIME_ZONE} - - SEAFILE_ADMIN_EMAIL=${INIT_SEAFILE_ADMIN_EMAIL} - - SEAFILE_ADMIN_PASSWORD=${INIT_SEAFILE_ADMIN_PASSWORD} - - SEAFILE_SERVER_HOSTNAME=${SEAFILE_SERVER_HOSTNAME} + - DB_HOST={{ seafile_mysql_db_host | default('db') }} + - DB_ROOT_PASSWD={{ seafile_mysql_root_password | default('ROOT_PASSWORD') }} + - TIME_ZONE={{ time_zone | default('Europe/Amsterdam') }} + - SEAFILE_ADMIN_EMAIL={{ seafile_admin_email | default('menno@vleeuwen.me') }} + - SEAFILE_ADMIN_PASSWORD={{ seafile_admin_password | default('WIP123') }} + - SEAFILE_SERVER_HOSTNAME={{ seafile_server_hostname | default('sf.mvl.sh') }} - SEAFILE_SERVER_LETSENCRYPT=false - SEADRIVE_SERVER_LETSENCRYPT=false - - SEAFILE_SERVER_PROTOCOL=${SEAFILE_SERVER_PROTOCOL} + - SEAFILE_SERVER_PROTOCOL={{ seafile_server_protocol | default('http') }} volumes: - - ${SEAFILE_VOLUME}:/shared - env_file: - - {{seafile_service_dir }}/.env + - {{ seafile_volume | default('/opt/seafile-data') }}:/shared networks: - seafile-net - caddy_network @@ -51,17 +49,15 @@ services: - memcached notification-server: - image: ${NOTIFICATION_SERVER_IMAGE} + image: {{ notification_server_image | default('seafileltd/notification-server:12.0-latest') }} container_name: notification-server environment: - - DB_HOST=${SEAFILE_MYSQL_DB_HOST} - - DB_ROOT_PASSWD=${INIT_SEAFILE_MYSQL_ROOT_PASSWORD} - - TIME_ZONE=${TIME_ZONE} - env_file: - - {{seafile_service_dir }}/.env + - DB_HOST={{ seafile_mysql_db_host | default('db') }} + - DB_ROOT_PASSWD={{ seafile_mysql_root_password | default('ROOT_PASSWORD') }} + - TIME_ZONE={{ time_zone | default('Europe/Amsterdam') }} volumes: - - ${NOTIFICATION_SERVER_VOLUME}:/shared - - ${SEAFILE_VOLUME}:/shared/seafile + - {{ notification_server_volume | default('/opt/notification-data') }}:/shared + - {{ seafile_volume | default('/opt/seafile-data') }}:/shared/seafile networks: - seafile-net - caddy_network @@ -71,18 +67,16 @@ services: restart: unless-stopped seadoc-server: - image: ${SEADOC_IMAGE} + image: {{ seadoc_image | default('seafileltd/sdoc-server:1.0-latest') }} container_name: seadoc-server environment: - - DB_HOST=${SEAFILE_MYSQL_DB_HOST} - - DB_ROOT_PASSWD=${INIT_SEAFILE_MYSQL_ROOT_PASSWORD} - - TIME_ZONE=${TIME_ZONE} - - JWT_PRIVATE_KEY=${JWT_PRIVATE_KEY} + - DB_HOST={{ seafile_mysql_db_host | default('db') }} + - DB_ROOT_PASSWD={{ seafile_mysql_root_password | default('ROOT_PASSWORD') }} + - TIME_ZONE={{ time_zone | default('Europe/Amsterdam') }} + - JWT_PRIVATE_KEY={{ jwt_private_key | default('') }} volumes: - - ${SEADOC_VOLUME}:/shared - - ${SEAFILE_VOLUME}:/shared/seafile - env_file: - - {{seafile_service_dir }}/.env + - {{ seadoc_volume | default('/opt/seadoc-data') }}:/shared + - {{ seafile_volume | default('/opt/seafile-data') }}:/shared/seafile networks: - seafile-net - caddy_network @@ -90,6 +84,9 @@ services: - db - seafile restart: unless-stopped + {% if enable_seadoc | default('true') != 'true' %} + profiles: ["disabled"] + {% endif %} networks: seafile-net: diff --git a/config/ansible/tasks/servers/services/seafile/seafile.yml b/config/ansible/tasks/servers/services/seafile/seafile.yml index 0431cfe..8b07514 100644 --- a/config/ansible/tasks/servers/services/seafile/seafile.yml +++ b/config/ansible/tasks/servers/services/seafile/seafile.yml @@ -56,12 +56,9 @@ - name: Deploy Seafile configuration files ansible.builtin.template: - src: "{{ item }}" - dest: "{{ seafile_service_dir }}/{{ item | replace('.j2', '') }}" + src: docker-compose.yml.j2 + dest: "{{ plex_service_dir }}/docker-compose.yml" mode: "0644" - loop: - - docker-compose.yml.j2 - - .env.j2 register: seafile_configs - name: Stop Seafile service From 34bf041506ab4d4ff987a5c215b093a109f6e9e1 Mon Sep 17 00:00:00 2001 From: Menno van Leeuwen Date: Mon, 17 Mar 2025 14:23:04 +0100 Subject: [PATCH 16/23] feat: update destination path for Seafile docker-compose configuration --- config/ansible/tasks/servers/services/seafile/seafile.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/ansible/tasks/servers/services/seafile/seafile.yml b/config/ansible/tasks/servers/services/seafile/seafile.yml index 8b07514..6f7302a 100644 --- a/config/ansible/tasks/servers/services/seafile/seafile.yml +++ b/config/ansible/tasks/servers/services/seafile/seafile.yml @@ -57,7 +57,7 @@ - name: Deploy Seafile configuration files ansible.builtin.template: src: docker-compose.yml.j2 - dest: "{{ plex_service_dir }}/docker-compose.yml" + dest: "{{ seafile_service_dir }}/docker-compose.yml" mode: "0644" register: seafile_configs From fc980903396435b20cf8a0690572d8dffa2f9c9f Mon Sep 17 00:00:00 2001 From: Menno van Leeuwen Date: Mon, 17 Mar 2025 14:29:27 +0100 Subject: [PATCH 17/23] feat: add JWT_PRIVATE_KEY environment variable to Seafile Docker Compose configuration --- .../tasks/servers/services/seafile/docker-compose.yml.j2 | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/config/ansible/tasks/servers/services/seafile/docker-compose.yml.j2 b/config/ansible/tasks/servers/services/seafile/docker-compose.yml.j2 index af8b72b..d7f505b 100644 --- a/config/ansible/tasks/servers/services/seafile/docker-compose.yml.j2 +++ b/config/ansible/tasks/servers/services/seafile/docker-compose.yml.j2 @@ -34,6 +34,7 @@ services: - SEAFILE_SERVER_LETSENCRYPT=false - SEADRIVE_SERVER_LETSENCRYPT=false - SEAFILE_SERVER_PROTOCOL={{ seafile_server_protocol | default('http') }} + - JWT_PRIVATE_KEY={{ jwt_private_key | default('') }} volumes: - {{ seafile_volume | default('/opt/seafile-data') }}:/shared networks: @@ -84,9 +85,6 @@ services: - db - seafile restart: unless-stopped - {% if enable_seadoc | default('true') != 'true' %} - profiles: ["disabled"] - {% endif %} networks: seafile-net: From 7f5f53c2c01bacbb90709da947dec27ce725ba1b Mon Sep 17 00:00:00 2001 From: Menno van Leeuwen Date: Mon, 17 Mar 2025 14:57:52 +0100 Subject: [PATCH 18/23] feat: simplify Caddyfile configuration by removing redundant server name --- config/ansible/tasks/servers/services/caddy/Caddyfile.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/ansible/tasks/servers/services/caddy/Caddyfile.j2 b/config/ansible/tasks/servers/services/caddy/Caddyfile.j2 index b6480ba..d15fcb4 100644 --- a/config/ansible/tasks/servers/services/caddy/Caddyfile.j2 +++ b/config/ansible/tasks/servers/services/caddy/Caddyfile.j2 @@ -23,7 +23,7 @@ status.vleeuwen.me status.mvl.sh { tls {{ caddy_email }} } -sf.vleeuwen.me sf.mvl.sh { +sf.mvl.sh { reverse_proxy seafile:80 tls {{ caddy_email }} } From a471b8bb4284acb2255588503b28431c71486177 Mon Sep 17 00:00:00 2001 From: Menno van Leeuwen Date: Mon, 17 Mar 2025 15:19:57 +0100 Subject: [PATCH 19/23] feat: enhance Seafile Docker Compose configuration with additional environment variables --- .../tasks/servers/services/seafile/docker-compose.yml.j2 | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/config/ansible/tasks/servers/services/seafile/docker-compose.yml.j2 b/config/ansible/tasks/servers/services/seafile/docker-compose.yml.j2 index d7f505b..69cba32 100644 --- a/config/ansible/tasks/servers/services/seafile/docker-compose.yml.j2 +++ b/config/ansible/tasks/servers/services/seafile/docker-compose.yml.j2 @@ -72,9 +72,14 @@ services: container_name: seadoc-server environment: - DB_HOST={{ seafile_mysql_db_host | default('db') }} + - DB_USER={{ seafile_mysql_db_user | default('seafile') }} + - DB_PORT=${SEAFILE_MYSQL_DB_PORT:-3306} - DB_ROOT_PASSWD={{ seafile_mysql_root_password | default('ROOT_PASSWORD') }} + - DB_PASSWORD={{ seafile_mysql_db_password | default('PASSWORD') }} + - DB_NAME={{ seafile_mysql_db_name | default('seafile') }} - TIME_ZONE={{ time_zone | default('Europe/Amsterdam') }} - JWT_PRIVATE_KEY={{ jwt_private_key | default('') }} + - SEAHUB_SERVICE_URL=https://sf.mvl.sh volumes: - {{ seadoc_volume | default('/opt/seadoc-data') }}:/shared - {{ seafile_volume | default('/opt/seafile-data') }}:/shared/seafile From 3f8fef87e180842fa690ceac51f774b7d79cb3ca Mon Sep 17 00:00:00 2001 From: Menno van Leeuwen Date: Mon, 17 Mar 2025 15:22:44 +0100 Subject: [PATCH 20/23] feat: enhance Caddyfile configuration with additional reverse proxy handling and upload size limit --- .../tasks/servers/services/caddy/Caddyfile.j2 | 35 +++++++++++++++++++ 1 file changed, 35 insertions(+) diff --git a/config/ansible/tasks/servers/services/caddy/Caddyfile.j2 b/config/ansible/tasks/servers/services/caddy/Caddyfile.j2 index d15fcb4..3db92c4 100644 --- a/config/ansible/tasks/servers/services/caddy/Caddyfile.j2 +++ b/config/ansible/tasks/servers/services/caddy/Caddyfile.j2 @@ -25,5 +25,40 @@ status.vleeuwen.me status.mvl.sh { sf.mvl.sh { reverse_proxy seafile:80 + + handle /sdoc-server/* { + uri strip_prefix /sdoc-server + reverse_proxy seafile:80 { + header_up Host {host} + header_up X-Real-IP {remote_host} + header_up X-Forwarded-For {remote_host} + header_up X-Forwarded-Host {host} + header_up X-Forwarded-Proto {scheme} + } + } + + handle /socket.io* { + reverse_proxy seafile:80 { + header_up Host {host} + header_up X-Real-IP {remote_host} + header_up X-Forwarded-For {remote_host} + header_up X-Forwarded-Proto {scheme} + header_up X-Forwarded-Host {host} + + transport http { + versions h1 h2c + } + } + } + + handle_path /* { + reverse_proxy seafile:80 + } + tls {{ caddy_email }} + + # Set maximum upload size + request_body { + max_size 100MB + } } From 00aaf83884a44a3099b93375a92f4a4311666e59 Mon Sep 17 00:00:00 2001 From: Menno van Leeuwen Date: Mon, 17 Mar 2025 15:23:32 +0100 Subject: [PATCH 21/23] feat: add Seadoc server URL and enable Seadoc in Seafile Docker Compose configuration --- .../tasks/servers/services/seafile/docker-compose.yml.j2 | 2 ++ 1 file changed, 2 insertions(+) diff --git a/config/ansible/tasks/servers/services/seafile/docker-compose.yml.j2 b/config/ansible/tasks/servers/services/seafile/docker-compose.yml.j2 index 69cba32..4aae85a 100644 --- a/config/ansible/tasks/servers/services/seafile/docker-compose.yml.j2 +++ b/config/ansible/tasks/servers/services/seafile/docker-compose.yml.j2 @@ -35,6 +35,8 @@ services: - SEADRIVE_SERVER_LETSENCRYPT=false - SEAFILE_SERVER_PROTOCOL={{ seafile_server_protocol | default('http') }} - JWT_PRIVATE_KEY={{ jwt_private_key | default('') }} + - SEADOC_SERVER_URL=https://sf.mvl.sh/sdoc-server + - ENABLE_SEADOC=true volumes: - {{ seafile_volume | default('/opt/seafile-data') }}:/shared networks: From 10c755775de6cee6b542d3ccf30b713a713540b9 Mon Sep 17 00:00:00 2001 From: Menno van Leeuwen Date: Mon, 17 Mar 2025 15:40:12 +0100 Subject: [PATCH 22/23] feat: remove Seadoc server configuration and replace with OnlyOffice in Docker Compose setup --- .../tasks/servers/services/caddy/Caddyfile.j2 | 40 +++---------------- .../services/seafile/docker-compose.yml.j2 | 29 +++++--------- .../servers/services/seafile/seafile.yml | 6 --- 3 files changed, 14 insertions(+), 61 deletions(-) diff --git a/config/ansible/tasks/servers/services/caddy/Caddyfile.j2 b/config/ansible/tasks/servers/services/caddy/Caddyfile.j2 index 3db92c4..3ee90b7 100644 --- a/config/ansible/tasks/servers/services/caddy/Caddyfile.j2 +++ b/config/ansible/tasks/servers/services/caddy/Caddyfile.j2 @@ -25,40 +25,10 @@ status.vleeuwen.me status.mvl.sh { sf.mvl.sh { reverse_proxy seafile:80 - - handle /sdoc-server/* { - uri strip_prefix /sdoc-server - reverse_proxy seafile:80 { - header_up Host {host} - header_up X-Real-IP {remote_host} - header_up X-Forwarded-For {remote_host} - header_up X-Forwarded-Host {host} - header_up X-Forwarded-Proto {scheme} - } - } - - handle /socket.io* { - reverse_proxy seafile:80 { - header_up Host {host} - header_up X-Real-IP {remote_host} - header_up X-Forwarded-For {remote_host} - header_up X-Forwarded-Proto {scheme} - header_up X-Forwarded-Host {host} - - transport http { - versions h1 h2c - } - } - } - - handle_path /* { - reverse_proxy seafile:80 - } - tls {{ caddy_email }} - - # Set maximum upload size - request_body { - max_size 100MB - } +} + +sf.mvl.sh:6233 { + reverse_proxy onlyoffice:6233 + tls {{ caddy_email }} } diff --git a/config/ansible/tasks/servers/services/seafile/docker-compose.yml.j2 b/config/ansible/tasks/servers/services/seafile/docker-compose.yml.j2 index 4aae85a..ea9a0fc 100644 --- a/config/ansible/tasks/servers/services/seafile/docker-compose.yml.j2 +++ b/config/ansible/tasks/servers/services/seafile/docker-compose.yml.j2 @@ -35,8 +35,7 @@ services: - SEADRIVE_SERVER_LETSENCRYPT=false - SEAFILE_SERVER_PROTOCOL={{ seafile_server_protocol | default('http') }} - JWT_PRIVATE_KEY={{ jwt_private_key | default('') }} - - SEADOC_SERVER_URL=https://sf.mvl.sh/sdoc-server - - ENABLE_SEADOC=true + - ENABLE_SEADOC=false volumes: - {{ seafile_volume | default('/opt/seafile-data') }}:/shared networks: @@ -69,29 +68,19 @@ services: - seafile restart: unless-stopped - seadoc-server: - image: {{ seadoc_image | default('seafileltd/sdoc-server:1.0-latest') }} - container_name: seadoc-server + onlyoffice: + image: onlyoffice/documentserver:8.3.1.1 + restart: unless-stopped environment: - - DB_HOST={{ seafile_mysql_db_host | default('db') }} - - DB_USER={{ seafile_mysql_db_user | default('seafile') }} - - DB_PORT=${SEAFILE_MYSQL_DB_PORT:-3306} - - DB_ROOT_PASSWD={{ seafile_mysql_root_password | default('ROOT_PASSWORD') }} - - DB_PASSWORD={{ seafile_mysql_db_password | default('PASSWORD') }} - - DB_NAME={{ seafile_mysql_db_name | default('seafile') }} - - TIME_ZONE={{ time_zone | default('Europe/Amsterdam') }} - - JWT_PRIVATE_KEY={{ jwt_private_key | default('') }} - - SEAHUB_SERVICE_URL=https://sf.mvl.sh + - JWT_ENABLED=true + - JWT_SECRET={{ jwt_private_key | default('') }} volumes: - - {{ seadoc_volume | default('/opt/seadoc-data') }}:/shared - - {{ seafile_volume | default('/opt/seafile-data') }}:/shared/seafile + - {{ seafile_data_dir }}/onlyoffice/logs:/var/log/onlyoffice + - {{ seafile_data_dir }}/onlyoffice/data:/var/www/onlyoffice/Data + - {{ seafile_data_dir }}/onlyoffice/lib:/var/lib/onlyoffice networks: - seafile-net - caddy_network - depends_on: - - db - - seafile - restart: unless-stopped networks: seafile-net: diff --git a/config/ansible/tasks/servers/services/seafile/seafile.yml b/config/ansible/tasks/servers/services/seafile/seafile.yml index 6f7302a..8b77af1 100644 --- a/config/ansible/tasks/servers/services/seafile/seafile.yml +++ b/config/ansible/tasks/servers/services/seafile/seafile.yml @@ -12,13 +12,11 @@ seafile_image: "seafileltd/seafile-mc:12.0-latest" seafile_db_image: "mariadb:10.11" seafile_memcached_image: "memcached:1.6.29" - seadoc_image: "seafileltd/sdoc-server:1.0-latest" notification_server_image: "seafileltd/notification-server:12.0-latest" # Volume paths seafile_volume: "{{ seafile_data_dir }}/seafile-data" seafile_mysql_volume: "{{ seafile_data_dir }}/seafile-mysql/db" - seadoc_volume: "{{ seafile_data_dir }}/seadoc-data" notification_server_volume: "{{ seafile_data_dir }}/notification-data" # Database settings @@ -37,9 +35,6 @@ seafile_admin_email: "menno@vleeuwen.me" seafile_admin_password: "{{ lookup('community.general.onepassword', 'bbzudwdo3byqs4pscd2wy7qsn4', vault='j7nmhqlsjmp2r6umly5t75hzb4', field='password') }}" - # Features - enable_seadoc: "true" - - name: Create Seafile directories ansible.builtin.file: path: "{{ seafile_dir }}" @@ -50,7 +45,6 @@ - "{{ seafile_service_dir }}" - "{{ notification_server_volume }}/logs" - "{{ seafile_volume }}/logs" - - "{{ seadoc_volume }}/logs" loop_control: loop_var: seafile_dir From 4c9fddee423ad0a3c1f16e0af6f9272e36c364c4 Mon Sep 17 00:00:00 2001 From: Menno van Leeuwen Date: Mon, 17 Mar 2025 15:54:49 +0100 Subject: [PATCH 23/23] feat: update Caddyfile for OnlyOffice reverse proxy and disable WOPI in Docker Compose --- config/ansible/tasks/servers/services/caddy/Caddyfile.j2 | 9 +++++++-- .../tasks/servers/services/seafile/docker-compose.yml.j2 | 1 + 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/config/ansible/tasks/servers/services/caddy/Caddyfile.j2 b/config/ansible/tasks/servers/services/caddy/Caddyfile.j2 index 3ee90b7..652fbb3 100644 --- a/config/ansible/tasks/servers/services/caddy/Caddyfile.j2 +++ b/config/ansible/tasks/servers/services/caddy/Caddyfile.j2 @@ -28,7 +28,12 @@ sf.mvl.sh { tls {{ caddy_email }} } -sf.mvl.sh:6233 { - reverse_proxy onlyoffice:6233 +of.mvl.sh { + reverse_proxy onlyoffice:80 { + header_up Host {host} + header_up X-Real-IP {remote} + header_up X-Forwarded-For {remote} + header_up X-Forwarded-Proto {scheme} + } tls {{ caddy_email }} } diff --git a/config/ansible/tasks/servers/services/seafile/docker-compose.yml.j2 b/config/ansible/tasks/servers/services/seafile/docker-compose.yml.j2 index ea9a0fc..77c7a27 100644 --- a/config/ansible/tasks/servers/services/seafile/docker-compose.yml.j2 +++ b/config/ansible/tasks/servers/services/seafile/docker-compose.yml.j2 @@ -74,6 +74,7 @@ services: environment: - JWT_ENABLED=true - JWT_SECRET={{ jwt_private_key | default('') }} + - WOPI_ENABLED=false volumes: - {{ seafile_data_dir }}/onlyoffice/logs:/var/log/onlyoffice - {{ seafile_data_dir }}/onlyoffice/data:/var/www/onlyoffice/Data