diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 03cbfccd34b5d269ca7383b534d0c28df5b515da..889e30a65ee1816450f2288ef60323a2dc5af894 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -17,4 +17,5 @@ include:
- /quassel/pipeline.yml
- /restic/pipeline.yml
- /rtorrent/pipeline.yml
+- /seafile/pipeline.yml
- /wg-access-server/pipeline.yml
diff --git a/seafile/Chart.yaml b/seafile/Chart.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..f70707a03b74ec5a3fb39347774866a6ca027f50
--- /dev/null
+++ b/seafile/Chart.yaml
@@ -0,0 +1,6 @@
+apiVersion: v2
+name: seafile
+description: Helm Chart for seafile
+type: application
+version: 0.1.0
+appVersion: "66c35794"
diff --git a/seafile/pipeline.yml b/seafile/pipeline.yml
new file mode 100644
index 0000000000000000000000000000000000000000..07273d81cd48978b7ae0e65bda25c81076858674
--- /dev/null
+++ b/seafile/pipeline.yml
@@ -0,0 +1,16 @@
+lint-seafile:
+ stage: lint
+ script:
+ - helm lint seafile
+
+release-seafile:
+ stage: release
+ needs:
+ - lint-seafile
+ rules:
+ - if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH'
+ script:
+ - apk add --no-cache git
+ - helm plugin install https://github.com/chartmuseum/helm-push.git
+ - helm repo add --username gitlab-ci-token --password $CI_JOB_TOKEN repo ${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/helm/stable
+ - helm cm-push seafile repo
diff --git a/seafile/templates/_helpers.tpl b/seafile/templates/_helpers.tpl
new file mode 100644
index 0000000000000000000000000000000000000000..6305ba9c6adac79a2fa4d9d14e922014f7339537
--- /dev/null
+++ b/seafile/templates/_helpers.tpl
@@ -0,0 +1,56 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "seafile-helm.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "seafile-helm.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "seafile-helm.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "seafile-helm.labels" -}}
+helm.sh/chart: {{ include "seafile-helm.chart" . }}
+{{ include "seafile-helm.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "seafile-helm.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "seafile-helm.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+
+{{- define "seafile-helm.sslPath" -}}
+/certs
+{{- end }}
diff --git a/seafile/templates/deployment.yaml b/seafile/templates/deployment.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..471f7cf0c18e4843c6c467f27104fed190043b3d
--- /dev/null
+++ b/seafile/templates/deployment.yaml
@@ -0,0 +1,122 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ include "seafile-helm.fullname" . }}
+ labels:
+ {{- include "seafile-helm.labels" . | nindent 4 }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ selector:
+ matchLabels:
+ {{- include "seafile-helm.selectorLabels" . | nindent 6 }}
+ template:
+ metadata:
+ {{- with .Values.podAnnotations }}
+ annotations:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ labels:
+ {{- include "seafile-helm.selectorLabels" . | nindent 8 }}
+ spec:
+ {{- with .Values.imagePullSecrets }}
+ imagePullSecrets:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ securityContext:
+ {{- toYaml .Values.podSecurityContext | nindent 8 }}
+ volumes:
+ - name: seafile
+ {{- .Values.volumes.seafile | nindent 10 }}
+ - name: seahub
+ {{- .Values.volumes.seahub | nindent 10 }}
+ - name: config
+ secret:
+ secretName: {{ include "seafile-helm.fullname" . }}
+ - name: tmp
+ emptyDir: {}
+ initContainers:
+ - name: seahub-media
+ securityContext:
+ {{- toYaml .Values.securityContext | nindent 12 }}
+ image: "{{ .Values.image.repository }}:seahub-{{ .Values.image.tag | default .Chart.AppVersion }}"
+ imagePullPolicy: {{ .Values.image.pullPolicy }}
+ command:
+ - "/bin/sh"
+ - "-c"
+ args:
+ - "rsync -avH /source/seahub/media/avatars/ /media"
+ volumeMounts:
+ - mountPath: "/media"
+ name: seahub
+ containers:
+ - name: seafile
+ securityContext:
+ {{- toYaml .Values.securityContext | nindent 12 }}
+ image: "{{ .Values.image.repository }}:seafile-{{ .Values.image.tag | default .Chart.AppVersion }}"
+ imagePullPolicy: {{ .Values.image.pullPolicy }}
+ ports:
+ - name: seafhttp
+ containerPort: 8082
+ protocol: TCP
+ startupProbe:
+ tcpSocket:
+ port: seafhttp
+ livenessProbe:
+ tcpSocket:
+ port: seafhttp
+ readinessProbe:
+ tcpSocket:
+ port: seafhttp
+ resources:
+ {{- toYaml .Values.resources | nindent 12 }}
+ volumeMounts:
+ - mountPath: "/data"
+ name: seafile
+ - mountPath: "/conf"
+ name: config
+ - mountPath: "/tmp"
+ name: tmp
+ - name: seahub
+ securityContext:
+ {{- toYaml .Values.securityContext | nindent 12 }}
+ image: "{{ .Values.image.repository }}:seahub-{{ .Values.image.tag | default .Chart.AppVersion }}"
+ imagePullPolicy: {{ .Values.image.pullPolicy }}
+ ports:
+ - name: seahub
+ containerPort: 8000
+ protocol: TCP
+ startupProbe:
+ httpGet:
+ path: /
+ port: seahub
+ livenessProbe:
+ httpGet:
+ path: /
+ port: seahub
+ readinessProbe:
+ httpGet:
+ path: /
+ port: seahub
+ resources:
+ {{- toYaml .Values.resources | nindent 12 }}
+ volumeMounts:
+ - mountPath: "/data"
+ name: seafile
+ - mountPath: "/source/seahub/media/avatars/"
+ name: seahub
+ - mountPath: "/conf"
+ name: config
+ - mountPath: "/tmp"
+ name: tmp
+ {{- with .Values.nodeSelector }}
+ nodeSelector:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- with .Values.affinity }}
+ affinity:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- with .Values.tolerations }}
+ tolerations:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
diff --git a/seafile/templates/ingress.yaml b/seafile/templates/ingress.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..872a8d470eec95160075505be67a2927923d420f
--- /dev/null
+++ b/seafile/templates/ingress.yaml
@@ -0,0 +1,27 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+ name: {{ include "seafile-helm.fullname" . }}
+ labels:
+ {{- include "seafile-helm.labels" . | nindent 4 }}
+ annotations:
+ {{- .Values.ingress.annotations | toYaml | nindent 4 }}
+spec:
+ rules:
+ - host: "{{ .Values.ingress.host }}"
+ http:
+ paths:
+ - path: "{{ .Values.ingress.seahub_path }}"
+ backend:
+ service:
+ name: {{ include "seafile-helm.fullname" . }}
+ port:
+ name: seahub
+ pathType: Prefix
+ - path: "{{ .Values.ingress.seafhttp_path }}"
+ backend:
+ service:
+ name: {{ include "seafile-helm.fullname" . }}
+ port:
+ name: seafhttp
+ pathType: Prefix
diff --git a/seafile/templates/secret.yaml b/seafile/templates/secret.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..18b4afd77005be83dd598c428bad351c611b7f62
--- /dev/null
+++ b/seafile/templates/secret.yaml
@@ -0,0 +1,86 @@
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ include "seafile-helm.fullname" . }}
+ labels:
+ {{- include "seafile-helm.labels" . | nindent 4 }}
+stringData:
+ ccnet.ini: |-
+ [Database]
+ ENGINE = {{ .Values.ccnet.database.backend }}
+ HOST = {{ .Values.ccnet.database.hostname }}
+ PORT = {{ .Values.ccnet.database.port }}
+ USER = {{ .Values.ccnet.database.username }}
+ PASSWD = {{ .Values.ccnet.database.password }}
+ DB = {{ .Values.ccnet.database.name }}
+ CREATE_TABLES = {{ .Values.ccnet.create_tables }}
+
+ [General]
+ SERVICE_URL = {{ .Values.ingress.external_schema }}://{{ .Values.ingress.host }}{{ .Values.ingress.path }}
+
+ [Client]
+ PORT = 13419
+ UNIX_SOCKET = /tmp/seafile.sock
+ gunicorn.conf: |-
+ import os
+
+ daemon = True
+ workers = 5
+
+ bind = "127.0.0.1:8000"
+
+ pids_dir = '/tmp'
+ pidfile = os.path.join(pids_dir, 'seahub.pid')
+
+ timeout = 1200
+ limit_request_line = 8190
+ seafile.conf: |-
+ [fileserver]
+ port = 8082
+
+ [database]
+ type = {{ .Values.seafile.database.backend }}
+ host = {{ .Values.seafile.database.hostname }}
+ port = {{ .Values.seafile.database.port }}
+ user = {{ .Values.seafile.database.username }}
+ password = {{ .Values.seafile.database.password }}
+ db_name = {{ .Values.seafile.database.name }}
+ create_tables = {{ .Values.seafile.create_tables }}
+ seahub_settings.py: |-
+ FILE_SERVER_ROOT = '{{ .Values.ingress.external_schema }}://{{ .Values.ingress.host }}{{ .Values.ingress.seafhttp_path }}'
+
+ SECRET_KEY = "{{ .Values.cookie_secret }}"
+
+ DATABASES = {
+ 'default': {
+ 'ENGINE': '{{ .Values.seahub.database.backend }}',
+ 'NAME': '{{ .Values.seahub.database.name }}',
+ 'USER': '{{ .Values.seahub.database.username }}',
+ 'PASSWORD': '{{ .Values.seahub.database.password }}',
+ 'HOST': '{{ .Values.seahub.database.hostname }}',
+ 'PORT': '{{ .Values.seahub.database.port }}',
+ }
+ }
+
+ {{ if .Values.seahub.cache.enabled }}
+ CACHES = {
+ 'default': {
+ 'BACKEND': '{{ .Values.seahub.cache.backend }}',
+ 'LOCATION': [
+ {{- range .Values.seahub.cache.locations -}}
+ '{{ . }}',
+ {{- end -}}
+ ],
+ },
+ }
+ {{ end }}
+
+ EMAIL_HOST = '{{ .Values.seahub.email.hostname }}'
+ EMAIL_PORT = {{ .Values.seahub.email.port }}
+ EMAIL_USE_TLS = {{ .Values.seahub.email.port }}
+ EMAIL_HOST_USER = '{{ .Values.seahub.email.username }}'
+ EMAIL_HOST_PASSWORD = '{{ .Values.seahub.email.password }}'
+
+ DEFAULT_FROM_EMAIL = '{{ .Values.seahub.email.default_from_email }}'
+ SERVER_EMAIL = '{{ .Values.seahub.email.server_email }}'
+ mykey.peer: "{{ .Values.ccnet.key }}"
diff --git a/seafile/templates/service.yaml b/seafile/templates/service.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..c45cb75ea4a1cb8e4cb25c0371a468ab3c65a4b4
--- /dev/null
+++ b/seafile/templates/service.yaml
@@ -0,0 +1,19 @@
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ include "seafile-helm.fullname" . }}
+ labels:
+ {{- include "seafile-helm.labels" . | nindent 4 }}
+spec:
+ type: {{ .Values.service.type }}
+ ports:
+ - port: 8082
+ targetPort: seafhttp
+ protocol: TCP
+ name: seafhttp
+ - port: 80
+ targetPort: seahub
+ protocol: TCP
+ name: seahub
+ selector:
+ {{- include "seafile-helm.selectorLabels" . | nindent 4 }}
diff --git a/seafile/values.yaml b/seafile/values.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..4721cc5a22b90292e07a494c8c06e33337be5936
--- /dev/null
+++ b/seafile/values.yaml
@@ -0,0 +1,100 @@
+replicaCount: 1
+
+image:
+ repository: k8r.eu/justjanne/seafile
+ pullPolicy: IfNotPresent
+ tag: ""
+
+imagePullSecrets: [ ]
+nameOverride: ""
+fullnameOverride: ""
+
+# use a proper random secret key here
+# undefined by default to force you to choose one
+# cookie_secret: ""
+
+ccnet:
+ create_tables: true
+ key: |-
+ -----BEGIN RSA PRIVATE KEY-----
+ ...
+ -----END RSA PRIVATE KEY-----
+ database:
+ backend: pgsql
+ hostname: "example.tld"
+ port: 5432
+ name: "ccnet"
+ username: "username"
+ password: "password"
+
+seafile:
+ create_tables: true
+ database:
+ backend: pgsql
+ hostname: "example.tld"
+ port: 5432
+ name: "seafile"
+ username: "username"
+ password: "password"
+ volume: |-
+ emptyDir: {}
+
+seahub:
+ database:
+ backend: "django.db.backends.postgresql"
+ hostname: "example.tld"
+ port: 5432
+ name: "seahub"
+ username: "username"
+ password: "password"
+ cache:
+ enabled: false
+ backend: "django.core.cache.backends.memcached.PyMemcacheCache"
+ locations:
+ - "example.tld:11211"
+ email:
+ use_tls: true
+ hostname: "example.tld"
+ port: 587
+ username: "user@example.tld"
+ password: "password"
+ default_from_email: "user@example.tld"
+ server_email: "user@example.tld"
+ volume: |-
+ emptyDir: {}
+
+service:
+ type: ClusterIP
+
+ingress:
+ external_schema: "https"
+ host: "example.com"
+ seafhttp_path: "/seafhttp"
+ seahub_path: "/"
+ annotations: { }
+
+securityContext: { }
+# capabilities:
+# drop:
+# - ALL
+# runAsNonRoot: true
+# runAsUser: 1000
+
+resources:
+ limits:
+ cpu: 500m
+ memory: 2Gi
+ requests:
+ cpu: 200m
+ memory: 500Mi
+
+podAnnotations: { }
+
+podSecurityContext:
+ fsGroup: 2000
+
+nodeSelector: { }
+
+tolerations: [ ]
+
+affinity: { }