Update to 2021-12-01 19:13

roles/seafile/templates/admin.txt.j2

@@ -0,0 +1,4 @@
+{
+  "email": "{{ seafile_admin_email }}",
+  "password": "{{ seafile_admin_pass }}"
+}

roles/seafile/templates/ccnet.conf.j2

@@ -0,0 +1,49 @@
+[General]
+USER_NAME = {{ seafile_user }}
+ID = {{ seafile_ccnet_id }}
+NAME = seafile
+{% if seafile_version is version('9.0.0', '<') %}
+SERVICE_URL = {{ seafile_public_url }}
+{% endif %}
+
+[Database]
+ENGINE = mysql
+HOST = {{ seafile_db_server }}
+PORT = {{ seafile_db_port }}
+USER = {{ seafile_db_user }}
+PASSWD = {{ seafile_db_pass }}
+DB = {{ seafile_db_ccnet }}
+CONNECTION_CHARSET = utf8
+
+{% if seafile_ldap_auth is defined and seafile_ldap_auth %}
+[LDAP]
+HOST = {{ seafile_ldap_uri }}
+BASE = {{ seafile_ldap_base }}
+{% if seafile_ldap_bind_dn is defined and seafile_ldap_bind_pass is defined %}
+USER_DN = {{ seafile_ldap_bind_dn }}
+PASSWORD = {{ seafile_ldap_bind_pass }}
+{% endif %}
+LOGIN_ATTR = {{ seafile_ldap_login_attr }}
+FILTER = {{ seafile_ldap_filter }}
+
+{% if seafile_license is defined %}
+[LDAP_SYNC]
+ENABLE_USER_SYNC = true
+ENABLE_GROUP_SYNC = true
+{% if seafile_ldap_group_filter is defined %}
+GROUP_FILTER = {{ seafile_ldap_group_filter }}
+{% endif %}
+DEACTIVE_USER_IF_NOTFOUND = true
+SYNC_INTERVAL = 60
+USER_OBJECT_CLASS = person
+ENABLE_EXTRA_USER_INFO_SYNC = true
+FIRST_NAME_ATTR = givenName
+LAST_NAME_ATTR = sn
+DEPT_ATTR = department
+UID_ATTR = sAMAccountName
+CONTACT_EMAIL_ATTR = mail
+ACTIVATE_USER_WHEN_IMPORT = false
+ACTIVATE_AFTER_FIRST_LOGIN = True
+{% endif %}
+
+{% endif %}

roles/seafile/templates/clean_db.sh.j2

@@ -0,0 +1,10 @@
+#!/bin/sh
+
+set -eo pipefail
+
+PATH=/opt/seafile/bin:/bin:/usr/bin
+PYTHONPATH=/opt/seafile/lib64/python3.6/site-packages/
+PYTHON=/opt/seafile/bin/python
+cd {{ seafile_root_dir }}/seafile-server
+./seahub.sh python-env python3 seahub/manage.py clearsessions
+

roles/seafile/templates/filebeat.yml.j2

@@ -0,0 +1,8 @@
+- type: log
+  enabled: True
+  paths:
+    - {{ seafile_root_dir }}/logs/*.log
+    - {{ seafile_root_dir }}/logs/slow_logs/*.log
+  exclude_files:
+    - '\.[gx]z$'
+    - '\d+$'

roles/seafile/templates/gc.sh.j2

@@ -0,0 +1,9 @@
+#!/bin/sh
+
+{% if seafile_license is not defined %}
+/usr/bin/systemctl stop seafile seahub
+{% endif %}
+/usr/bin/systemd-cat /usr/bin/sudo -u {{ seafile_user }} {{ seafile_root_dir }}/seafile-server/seaf-gc.sh
+{% if seafile_license is not defined %}
+/usr/bin/systemctl start seafile seahub
+{% endif %}

roles/seafile/templates/gunicorn.conf.py.j2

@@ -0,0 +1,16 @@
+import os
+
+daemon = True
+workers = 5
+
+bind = "0.0.0.0:{{ seafile_seahub_port }}"
+
+pids_dir = '{{ seafile_root_dir }}/pids'
+pidfile = os.path.join(pids_dir, 'seahub.pid')
+
+logs_dir = '{{ seafile_root_dir }}/logs'
+errorlog = os.path.join(logs_dir, 'gunicorn_error.log')
+accesslog = os.path.join(logs_dir, 'gunicorn_access.log')
+
+timeout = 1200
+limit_request_line = 8190

roles/seafile/templates/logrotate.conf.j2

@@ -0,0 +1,23 @@
+{% for log in ['ccnet','controller','elasticsearch_deprecation','elasticsearch_index_indexing_slowlog','elasticsearch_index_search_slowlog','file_updates_sender','gunicorn_error','index','seafdav','seafile','seahub_email_sender','virus_scan'] %}
+{{ seafile_root_dir }}/logs/{{ log }}.log
+{% endfor %}
+{% for log in ['seafile_slow_rpc','seafile_slow_storage'] %}
+{{ seafile_root_dir }}/logs/slow_logs/{{ log }}.log
+{% endfor %}
+{
+  daily
+  rotate 365
+  compress
+  missingok
+  copytruncate
+  su seafile seafile
+}
+{{ seafile_root_dir }}/logs/seaf-fuse.log
+{
+  daily
+  rotate 365
+  compress
+  missingok
+  copytruncate
+  su root seafile
+}

roles/seafile/templates/perms.sh.j2

@@ -0,0 +1,5 @@
+#!/bin/bash
+
+chown -R seafile:seafile {{ seafile_root_dir }}/seafile-server/pro/elasticsearch/
+chown -R seafile:seafile {{ seafile_root_dir }}/seahub-data
+restorecon -R {{ seafile_root_dir }}/

roles/seafile/templates/post-backup.sh.j2

@@ -0,0 +1,7 @@
+#!/bin/bash -e
+
+# Delete database dumps
+rm -f {{ seafile_root_dir }}/backup/*
+
+# Umount fuse FS
+{{ seafile_root_dir }}/seafile-server/seaf-fuse.sh stop

roles/seafile/templates/pre-backup.sh.j2

@@ -0,0 +1,18 @@
+#!/bin/sh
+
+set -eo pipefail
+
+# Dump Databases
+for DB in {{ seafile_db_ccnet }} {{ seafile_db_seafile }} {{ seafile_db_seahub }}; do
+  /usr/bin/mysqldump \
+    --quick --single-transaction \
+{% if seafile_db_server not in ['127.0.0.1', 'localhost'] %}
+    --user={{ seafile_db_user }} \
+    --password={{ seafile_db_pass | quote }} \
+    --host={{ seafile_db_server }} \
+{% endif %}
+    --add-drop-table $DB | zstd -T0 -c > {{ seafile_root_dir }}/backup/$DB.sql.zst
+done
+
+# Mount fuse FS
+{{ seafile_root_dir }}/seafile-server/seaf-fuse.sh start {{ seafile_root_dir }}/fuse/

roles/seafile/templates/seafdav.conf.j2

@@ -0,0 +1,5 @@
+[WEBDAV]
+enabled = {{ seafile_webdav | ternary('true','false') }}
+port = {{ seafile_webdav_port }}
+fastcgi = false
+share_name = {{ (seafile_public_url == 'http://' + inventory_hostname + ':' + seafile_seahub_port | string) | ternary('/','/seafdav') }}

roles/seafile/templates/seafevents.conf.j2

@@ -0,0 +1,32 @@
+[DATABASE]
+type = mysql
+host = {{ seafile_db_server }}
+port = {{ seafile_db_port }}
+username = {{ seafile_db_user }}
+password = {{ seafile_db_pass }}
+name = {{ seafile_db_seahub }}
+
+[Syslog]
+enabled = true
+
+[AUDIT]
+enabled = true
+
+[STATISTICS]
+enabled = true
+
+[INDEX FILES]
+enabled = true
+interval = 10m
+index_office_pdf = true
+
+[OFFICE CONVERTER]
+enabled = true
+workers = 2
+max-pages = 200
+max-size = 20
+
+[SEAHUB EMAIL]
+enabled = true
+interval = 30m
+

roles/seafile/templates/seafile-clean-db.service.j2

@@ -0,0 +1,7 @@
+[Unit]
+Description=Seafile DB cleaner service
+
+[Service]
+Type=oneshot
+PrivateTmp=yes
+ExecStart={{ seafile_root_dir }}/bin/clean_db.sh

roles/seafile/templates/seafile-clean-db.timer.j2

@@ -0,0 +1,9 @@
+[Unit]
+Description=Seafile DB cleaner service
+
+[Timer]
+OnCalendar=daily
+Persistent=true
+
+[Install]
+WantedBy=timers.target

roles/seafile/templates/seafile-gc.service.j2

@@ -0,0 +1,7 @@
+[Unit]
+Description=Seafile Garbage Collect service
+
+[Service]
+Type=oneshot
+PrivateTmp=yes
+ExecStart={{ seafile_root_dir }}/bin/gc.sh

roles/seafile/templates/seafile-gc.timer.j2

@@ -0,0 +1,9 @@
+[Unit]
+Description=Seafile Garbage Collect service
+
+[Timer]
+OnCalendar=Sun *-*-* 03:10:00
+Persistent=true
+
+[Install]
+WantedBy=timers.target

roles/seafile/templates/seafile.conf.j2

@@ -0,0 +1,41 @@
+[general]
+enable_syslog = true
+
+[database]
+type = mysql
+host = {{ seafile_db_server }}
+port = {{ seafile_db_port }}
+user = {{ seafile_db_user }}
+password = {{ seafile_db_pass }}
+db_name = {{ seafile_db_seafile }}
+connection_charset = utf8
+
+[quota]
+{% if seafile_default_quota is defined %}
+default = {{ seafile_default_quota }}
+{% endif %}
+
+[history]
+{% if seafile_default_history is defined %}
+keep_days = {{ seafile_default_history }}
+{% endif %}
+
+[fileserver]
+port = {{ seafile_seafile_port }}
+{% if seafile_max_upload_size is defined %}
+max_upload_size = {{ seafile_max_upload_size }}
+{% endif %}
+{% if seafile_max_download_dir_size is defined %}
+max_download_dir_size = {{ seafile_max_download_dir_size }}
+{% endif %}
+web_token_expire_time = 7200
+{% if seafile_version is version('9.0.1', '>') %}
+use_go_fileserver = true
+{% endif %}
+
+{% if seafile_license is defined and seafile_scan_av == True %}
+[virus_scan]
+scan_command = {{ seafile_root_dir }}/seafile-server/clamdscan.sh
+virus_code = 1
+nonvirus_code = 0
+{% endif %}

roles/seafile/templates/seafile.service.j2

@@ -0,0 +1,24 @@
+[Unit]
+Description=Seafile
+After=network.target mariadb.service
+
+[Service]
+Type=forking
+Environment=PATH={{ seafile_root_dir }}/bin:/bin:/usr/bin
+Environment=PYTHONPATH={{ seafile_root_dir }}/lib64/python3.6/site-packages/
+Environment=PYTHON={{ seafile_root_dir }}/bin/python
+ExecStart={{ seafile_root_dir }}/seafile-server/seafile.sh start
+ExecStop={{ seafile_root_dir }}/seafile-server/seafile.sh stop
+User={{ seafile_user }}
+Group={{ seafile_group }}
+PrivateDevices=yes
+ProtectSystem=full
+ProtectHome=yes
+NoNewPrivileges=yes
+SyslogIdentifier=seafile
+StartLimitInterval=0
+RestartSec=5
+LimitNOFILE=65536
+
+[Install]
+WantedBy=multi-user.target

roles/seafile/templates/seahub.service.j2

@@ -0,0 +1,22 @@
+[Unit]
+Description=Seafile hub
+After=network.target seafile.service
+
+[Service]
+Type=forking
+Environment=PYTHONPATH={{ seafile_root_dir }}/lib64/python3.6/site-packages/
+Environment=PYTHON={{ seafile_root_dir }}/bin/python
+ExecStart={{ seafile_root_dir }}/seafile-server/seahub.sh start {{ seafile_seahub_port }}
+ExecStop={{ seafile_root_dir }}/seafile-server/seahub.sh stop
+User={{ seafile_user }}
+Group={{ seafile_group }}
+PrivateDevices=yes
+ProtectSystem=full
+ProtectHome=yes
+NoNewPrivileges=yes
+SyslogIdentifier=seahub
+StartLimitInterval=0
+RestartSec=5
+
+[Install]
+WantedBy=multi-user.target

roles/seafile/templates/seahub_settings.py.j2

@@ -0,0 +1,165 @@
+# -*- coding: utf-8 -*-
+
+{% if seafile_version is version('9.0.0', '>=') %}
+SERVICE_URL = '{{ seafile_public_url }}'
+{% endif %}
+
+SECRET_KEY = "{{ seafile_seahub_secret }}"
+
+DATABASES = {
+    'default': {
+        'ENGINE': 'django.db.backends.mysql',
+        'NAME': '{{ seafile_db_seahub }}',
+        'USER': '{{ seafile_db_user }}',
+        'PASSWORD': '{{ seafile_db_pass }}',
+        'HOST': '{{ seafile_db_server }}',
+        'PORT': '{{ seafile_db_port }}'
+    }
+}
+
+FILE_SERVER_ROOT = "{{ (seafile_public_url == 'http://' + inventory_hostname + ':' + seafile_seahub_port | string) | ternary('http://' + inventory_hostname + ':' + seafile_seafile_port | string,seafile_public_url+'/seafhttp') }}"
+
+THUMBNAIL_ROOT = "{{ seafile_data_dir }}/thumbnails"
+
+SEAHUB_DATA_ROOT = "{{ seafile_data_dir }}/seahub"
+
+{% if seafile_memcached_server is defined and seafile_memcached_server != 'none' %}
+CACHES = {
+    'default': {
+        'BACKEND': 'django_pylibmc.memcached.PyLibMCCache',
+        'LOCATION': '{{ seafile_memcached_server }}',
+    }
+}
+{% endif %}
+
+LOGGING = {
+    'version': 1,
+    'disable_existing_loggers': True,
+    'formatters': {
+        'verbose': {
+            'format': '%(process)-5d %(thread)d %(name)-50s %(levelname)-8s %(message)s'
+        },
+        'standard': {
+            'format': '%(asctime)s [%(levelname)s] %(name)s:%(lineno)s %(funcName)s %(message)s'
+        },
+        'simple': {
+            'format': '[%(asctime)s] %(name)s %(levelname)s %(message)s',
+            'datefmt': '%d/%b/%Y %H:%M:%S'
+        },
+    },
+    'filters': {
+        'require_debug_false': {
+            '()': 'django.utils.log.RequireDebugFalse',
+        },
+        'require_debug_true': {
+            '()': 'django.utils.log.RequireDebugTrue',
+        },
+    },
+    'handlers': {
+        'console': {
+            'filters': ['require_debug_true'],
+            'class': 'logging.StreamHandler',
+            'formatter': 'simple'
+        },
+        'syslog': {
+            'class': 'logging.handlers.SysLogHandler',
+            'address': '/dev/log',
+            'formatter': 'standard'
+        },
+    },
+    'loggers': {
+        # root logger
+        # All logs printed by Seahub and any third party libraries will be handled by this logger.
+        '': {
+            'handlers': ['console', 'syslog'],
+            'level': 'DEBUG', # Logs when log level is higher than info. Level can be any one of DEBUG, INFO, WARNING, ERROR, CRITICAL.
+            'disabled': False
+        },
+        # This logger recorded logs printed by Django Framework. For example, when you see 5xx page error, you should check the logs recorded by this logger.
+        'django.request': {
+            'handlers': ['console', 'syslog'],
+            'level': 'DEBUG',
+            'propagate': False,
+        },
+    },
+}
+
+EMAIL_USE_TLS = False
+EMAIL_HOST = 'localhost'
+EMAIL_HOST_USER = ''
+EMAIL_HOST_PASSWORD = ''
+EMAIL_PORT = 25
+DEFAULT_FROM_EMAIL = "seafile@{{ ansible_domain }}"
+SERVER_EMAIL = DEFAULT_FROM_EMAIL
+
+SHARE_LINK_PASSWORD_MIN_LENGTH = 4
+SHARE_LINK_EXPIRE_DAYS_DEFAULT = 7
+
+REPO_PASSWORD_MIN_LENGTH = 4
+
+ENABLE_REPO_SNAPSHOT_LABEL = True
+
+{% if seafile_oauth2_auth == True %}
+ENABLE_OAUTH = True
+OAUTH_ENABLE_INSECURE_TRANSPORT = True
+OAUTH_CLIENT_ID = "{{ seafile_oauth2_id }}"
+OAUTH_CLIENT_SECRET = "{{ seafile_oauth2_secret }}"
+OAUTH_REDIRECT_URL = "{{ seafile_oauth2_callback_url }}"
+OAUTH_PROVIDER_DOMAIN = "{{ seafile_oauth2_provider_domain }}"
+OAUTH_AUTHORIZATION_URL = "{{ seafile_oauth2_authorization_url }}"
+OAUTH_TOKEN_URL = "{{ seafile_oauth2_token_url }}"
+OAUTH_USER_INFO_URL = "{{ seafile_oauth2_user_info_url }}"
+OAUTH_SCOPE = ["openid", "profile", "email", ]
+OAUTH_ATTRIBUTE_MAP = {
+    "id": (False, "id"),
+    "email": (True, "email"),
+    "name": (False, "name"),
+}
+{% endif %}
+{% if seafile_header_auth == True %}
+ENABLE_REMOTE_USER_AUTHENTICATION = True
+REMOTE_USER_HEADER = '{{ seafile_header_auth_name }}'
+REMOTE_USER_DOMAIN = '{{ seafile_header_auth_domain }}'
+REMOTE_USER_PROTECTED_PATH = [
+{% for path in seafile_header_auth_protected_paths %}
+  '{{ path }}',
+{% endfor %}
+]
+REMOTE_USER_FORCE_LOGOUT_IF_NO_HEADER = {{ seafile_header_auth_force_logout | ternary('True','False') }}
+{% endif %}
+
+SESSION_EXPIRE_AT_BROWSER_CLOSE = True
+SESSION_COOKIE_AGE = {{ seafile_cookie_age }}
+
+SITE_NAME = '{{ seafile_site_name }}'
+SITE_TITLE = '{{ seafile_site_title }}'
+
+ENABLE_SYS_ADMIN_VIEW_REPO = True
+
+ENABLE_WIKI = True
+
+{% if seafile_oo_uri is defined %}
+ENABLE_ONLYOFFICE = True
+VERIFY_ONLYOFFICE_CERTIFICATE = True
+ONLYOFFICE_APIJS_URL = "{{ (seafile_oo_uri is search('api\.js$')) | ternary(seafile_oo_uri,seafile_oo_uri | regex_replace('/$','') + '/web-apps/apps/api/documents/api.js') }}"
+ONLYOFFICE_FILE_EXTENSION = ('doc', 'docx', 'ppt', 'pptx', 'xls', 'xlsx', 'odt', 'fodt', 'odp', 'fodp', 'ods', 'fods')
+ONLYOFFICE_EDIT_FILE_EXTENSION = ('docx', 'pptx', 'xlsx', 'odt', 'ods', 'odp')
+ONLYOFFICE_FORCE_SAVE = True
+{% if seafile_oo_secret is defined %}
+ONLYOFFICE_JWT_SECRET = '{{ seafile_oo_secret }}'
+{% endif %}
+{% endif %}
+
+{% if seafile_public_url is search '^https://' %}
+USE_X_FORWARDED_HOST = True
+SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
+{% endif %}
+
+{% if seafile_license is defined %}
+{% if seafile_scan_av %}
+ENABLE_UPLOAD_LINK_VIRUS_CHECK = True
+{% endif %}
+{% if system_admin_email is defined %}
+VIRUS_SCAN_NOTIFY_LIST = ['{{ system_admin_email }}']
+{% endif %}
+{% endif %}