Add Seafile app with optional SeaDoc#4993
Conversation
…n, fix custom-storage paths
mreid-tt
changed the title
- Rename MariaDB vars: db -> mariadb_container, db_image -> mariadb_image - Run Caddy as non-root with NET_BIND_SERVICE, enable healthcheck - Use db_user/db_name consts instead of hardcoded values - Fix redis dependency: service_started -> service_healthy - Add additional_storage question with full host_path/ix_volume/cifs/nfs support - Add Labels Configuration group and question - Add acl_entries + acl blocks to all storage questions - Add notes_body const with post-install credentials note - Remove inconsistent auto_permissions from db_data/redis_data - Fix Memory label to (in MB), trim README to 3 lines - Fix redis run_as_context description - Normalize host_ips in test values, ensure trailing newlines
- User enters bare hostname (no port), port appended automatically - Only appends :port when non-standard (not 80/443) - Also feeds into SeaDoc URL and extra_hosts - Add TCP healthcheck to seadoc container
- seadoc always runs on the same server behind Caddy - No need for user-configurable seadoc_server_url override - Match upstream behavior of always auto-constructing the URL
|
Hey @stavros-k, hope you’re doing well. If there are any recommended changes or suggested next steps, please let me know. I’m very eager to help get this into the catalog. |
| {% set caddy = tpl.add_container(values.consts.caddy_container_name, "caddy_image") %} | ||
| {% do caddy.add_network(seafile_net) %} | ||
| {% do caddy.set_user(values.run_as.user, values.run_as.group) %} | ||
| {% do caddy.add_caps(["NET_BIND_SERVICE"]) %} |
There was a problem hiding this comment.
The caddy file that seafile docs suggest is just an example. Users can and probably will want to customize it by a lot.
Also if they have already a reverse proxy in their network, they probably dont want another one.
If seafile is added, it wont be with caddy.
Still this is a very quick review, I have not checked anything else, but this is a blocker.
There was a problem hiding this comment.
Thanks for the quick review, appreciate you taking the time.
You raise a good point about Caddy. My understanding is that the upstream uses it for path-based routing to SeaDoc (/sdoc-server/), and without it I'm not sure how SeaDoc would be reachable within the isolated network of a TrueNAS app. But I may be missing something.
FWIW, I noticed Windmill in the community train also bundles Caddy, so there's some precedent, though I don't know if that's considered a different scenario.
If you think there's a cleaner approach that avoids bundling Caddy, I'm happy to follow your guidance. Otherwise, if Caddy is a hard no, we can drop SeaDoc from the app and keep it simpler. Let me know what you'd prefer.
There was a problem hiding this comment.
@mreid-tt as I see SeaDoc does not have to be /sdoc-server/
you can configure it as SEADOC_SERVER_URL without /sdoc-server/
There was a problem hiding this comment.
@mreid-tt if you want I can share my test custom app yaml for truenas with seafile without Caddy
There was a problem hiding this comment.
Hey @stavros-k, just following up to see if you've had a chance to complete your review of this PR. I was also wondering if you've had an opportunity to consider my response and the question I raised. Please let me know if there's any additional information I can provide.
3 participants
App Addition
AI
Description
Adds Seafile to the community train.
Seafile is an open source cloud storage system with privacy preservation and teamwork features. This package includes:
seafileltd/seafile-mc:13.0-latest) with MariaDB and Rediscaddy:2-alpine) with optional TrueNAS certificate support for HTTPSseafileltd/sdoc-server:2.0-latest) for collaborative document editingApp Information
Testing
Tested locally with:
All tests passed successfully (render and deployment).
Icons and Screenshots
Please upload the following to the CDN:
Special Notes
my_initas PID 1, which requires root. The container runs as root; the init system drops privileges for seafile processes internally.SETUID/SETGIDcapabilities for nginx worker processes. Applied viacap_addsince the library defaults tocap_drop: [ALL].enable_seadocis true, the sdoc-server container is deployed alongside seafile.caddy:2-alpinewith a static Caddyfile injected via Docker configs (notcaddy-docker-proxy, avoiding Docker socket dependency).Checklist