Update to 2021-11-24 18:00

roles/seafile/defaults/main.yml

@@ -11,11 +11,11 @@
 #   MaxUsers = "9"
 #   Mode = "subscription"
 #   etc...
-seafile_version: "{{ seafile_license is defined | ternary('8.0.14','8.0.7') }}"
+seafile_version: "{{ seafile_license is defined | ternary('8.0.14','9.0.1') }}"
 
 # Archive URL and sha1 are only used for the community version
 seafile_archive_url: https://s3.eu-central-1.amazonaws.com/download.seadrive.org/seafile-server_{{ seafile_version }}_x86-64.tar.gz
-seafile_archive_sha1: 8f8915072750544d3f783bac62fb67d1082567d3
+seafile_archive_sha1: 6f55aa1d465e94a7ada1dff7e1923e020ddb5a6c
 
 seafile_root_dir: /opt/seafile
 seafile_data_dir: "{{ seafile_root_dir }}/data"
@@ -44,9 +44,6 @@ seafile_seafile_port: 8082
 # Seahub port
 seafile_seahub_port: 8000
 
-# Should seahub run as a FastCGI server
-seafile_seahub_fastcgi: False
-
 # If you want webdav to be enabled
 seafile_webdav: True
 seafile_webdav_port: 8080

roles/seafile/tasks/archive_pre.yml

@@ -4,11 +4,13 @@
   file: path={{ seafile_root_dir }}/archives/{{ seafile_current_version.stdout }} state=directory
   tags: seafile
 
-- name: Stop the service during upgrade
+- name: Stop services during upgrade
-  service: name={{ item }} state=stopped
+  systemd: name={{ item }} state=stopped
-  with_items:
+  loop:
-    - seafile
+    - seafile.service
-    - seahub
+    - seahub.service
+    - seafile-clean-db.timer
+    - seafile-gc.timer
   tags: seafile
 
 - name: Backup the databases
@@ -33,6 +35,7 @@
     dest: "{{ seafile_root_dir }}/archives/{{ seafile_current_version.stdout }}/"
     recursive: True
     delete: True
+    compress: False
   delegate_to: "{{ inventory_hostname }}"
   tags: seafile
 

roles/seafile/tasks/cleanup.yml

@@ -2,12 +2,11 @@
 
 - name: Remove tmp and obsolete files
   file: path={{ item }} state=absent
-  with_items:
+  loop:
     - "{{ seafile_root_dir }}/tmp/seafile-server_{{ seafile_version }}_x86-64.tar.gz"
     - "{{ seafile_root_dir }}/tmp/seafile-server-{{ seafile_version }}"
     - "{{ seafile_root_dir }}/tmp/seafile-pro-server_{{ seafile_version }}_x86-64_CentOS.tar.gz"
     - "{{ seafile_root_dir }}/tmp/seafile-pro-server-{{ seafile_version }}"
-    - /etc/cron.d/seafil_gc
     - "{{ seafile_data_dir }}/db_dumps"
     - "{{ seafile_data_dir }}/backup"
     # All these are obsoletes backup hooks
@@ -15,4 +14,8 @@
     - /etc/backup/pre.d/seafile_mount_fuse.sh
     - /etc/backup/post.d/seafile_rm_dumps.sh
     - /etc/backup/post.d/seafile_umount_fuse.sh
+    # Old cron job, replaced with systemd timers
+    - /etc/cron.d/seafile_gc
+    # This one has a typo in even older versions of the role
+    - /etc/cron.d/seafil_gc
   tags: seafile

roles/seafile/tasks/install.yml

@@ -214,10 +214,14 @@
   tags: seafile
 
 - name: Deploy systemd services
-  template: src={{ item }}.service.j2 dest=/etc/systemd/system/{{ item }}.service
+  template: src={{ item }}.j2 dest=/etc/systemd/system/{{ item }}
   with_items:
-    - seafile
+    - seafile.service
-    - seahub
+    - seahub.service
+    - seafile-clean-db.service
+    - seafile-clean-db.timer
+    - seafile-gc.service
+    - seafile-gc.timer
   notify:
     - restart seafile
     - restart seahub
@@ -273,19 +277,10 @@
     mode: 0755
   tags: seafile
 
-- name: Deploy script to run garbage collector
+- name: Deploy maintenance scripts
-  template: src=gc.sh.j2 dest={{ seafile_root_dir }}/seafile-server/gc.sh mode=0755
+  template: src={{ item }}.sh.j2 dest={{ seafile_root_dir }}/bin/{{ item }}.sh mode=0700
-  tags: seafile
+  loop:
-
+    - gc
-- name: Add a cron job for garbage collector
+    - clean_db
-  cron:
-    name: seafile_gc
-    minute: 10
-    hour: 02
-    weekday: 0
-    user: root
-    job: '{{ seafile_root_dir }}/seafile-server/gc.sh'
-    cron_file: seafile_gc
-    state: present
   tags: seafile
 

roles/seafile/tasks/services.yml

@@ -1,10 +1,17 @@
 ---
 
-- name: Start and enable the services
+- name: Start and enable services
-  service: name={{ item }} state=started enabled=yes
+  service: name={{ item }} state=started enabled=True
-  with_items:
+  loop:
     - seafile
     - seahub
   when: seafile_install_mode != 'upgrade' # We need to run upgrade script manually
   tags: seafile
 
+- name: Start and enable timers
+  systemd: name={{ item }}.timer state=started enabled=True
+  loop:
+    - seafile-clean-db
+    - seafile-gc
+  tags: seafile
+

roles/seafile/templates/clean_db.sh.j2

@@ -0,0 +1,10 @@
+#!/bin/sh
+
+set -eo pipefail
+
+PATH=/opt/seafile/bin:/bin:/usr/bin
+PYTHONPATH=/opt/seafile/lib64/python3.6/site-packages/
+PYTHON=/opt/seafile/bin/python
+cd {{ seafile_root_dir }}/seafile-server
+./seahub.sh python-env python3 seahub/manage.py clearsessions
+

roles/seafile/templates/gc.sh.j2

@@ -1,11 +1,9 @@
 #!/bin/sh
 
 {% if seafile_license is not defined %}
-/usr/bin/systemctl stop seafile
+/usr/bin/systemctl stop seafile seahub
-/usr/bin/systemctl stop seahub
 {% endif %}
 /usr/bin/systemd-cat /usr/bin/sudo -u {{ seafile_user }} {{ seafile_root_dir }}/seafile-server/seaf-gc.sh
 {% if seafile_license is not defined %}
-/usr/bin/systemctl start seafile
+/usr/bin/systemctl start seafile seahub
-/usr/bin/systemctl start seahub
 {% endif %}

roles/seafile/templates/seafile-clean-db.service.j2

@@ -0,0 +1,7 @@
+[Unit]
+Description=Seafile DB cleaner service
+
+[Service]
+Type=oneshot
+PrivateTmp=yes
+ExecStart={{ seafile_root_dir }}/bin/clean_db.sh

roles/seafile/templates/seafile-clean-db.timer.j2

@@ -0,0 +1,9 @@
+[Unit]
+Description=Seafile DB cleaner service
+
+[Timer]
+OnCalendar=daily
+Persistent=true
+
+[Install]
+WantedBy=timers.target

roles/seafile/templates/seafile-gc.service.j2

@@ -0,0 +1,7 @@
+[Unit]
+Description=Seafile Garbage Collect service
+
+[Service]
+Type=oneshot
+PrivateTmp=yes
+ExecStart={{ seafile_root_dir }}/bin/gc.sh

roles/seafile/templates/seafile-gc.timer.j2

@@ -0,0 +1,9 @@
+[Unit]
+Description=Seafile Garbage Collect service
+
+[Timer]
+OnCalendar=Sun *-*-* 02:10:00
+Persistent=true
+
+[Install]
+WantedBy=timers.target

roles/seafile/templates/seafile.conf.j2

@@ -29,7 +29,7 @@ max_upload_size = {{ seafile_max_upload_size }}
 max_download_dir_size = {{ seafile_max_download_dir_size }}
 {% endif %}
 web_token_expire_time = 7200
-{% if seafile_version is version('9.0.0', '>=') %}
+{% if seafile_version is version('9.0.1', '>') %}
 use_go_fileserver = true
 {% endif %}
 

roles/seafile/templates/seahub.service.j2

@@ -6,7 +6,7 @@ After=network.target seafile.service
 Type=forking
 Environment=PYTHONPATH={{ seafile_root_dir }}/lib64/python3.6/site-packages/
 Environment=PYTHON={{ seafile_root_dir }}/bin/python
-ExecStart={{ seafile_root_dir }}/seafile-server/seahub.sh {{ seafile_seahub_fastcgi | ternary('start-fastcgi','start') }} {{ seafile_seahub_port }}
+ExecStart={{ seafile_root_dir }}/seafile-server/seahub.sh start {{ seafile_seahub_port }}
 ExecStop={{ seafile_root_dir }}/seafile-server/seahub.sh stop
 User={{ seafile_user }}
 Group={{ seafile_group }}

roles/seafile/templates/seahub_settings.py.j2

@@ -99,9 +99,6 @@ REPO_PASSWORD_MIN_LENGTH = 4
 
 ENABLE_REPO_SNAPSHOT_LABEL = True
 
-ENABLE_VIDEO_THUMBNAIL = False
-THUMBNAIL_VIDEO_FRAME_TIME = 5
-
 {% if seafile_oauth2_auth == True %}
 ENABLE_OAUTH = True
 OAUTH_ENABLE_INSECURE_TRANSPORT = True
@@ -157,3 +154,12 @@ ONLYOFFICE_JWT_SECRET = '{{ seafile_oo_secret }}'
 USE_X_FORWARDED_HOST = True
 SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
 {% endif %}
+
+{% if seafile_license is defined %}
+{% if seafile_scan_av %}
+ENABLE_UPLOAD_LINK_VIRUS_CHECK = True
+{% endif %}
+{% if system_admin_email is defined %}
+VIRUS_SCAN_NOTIFY_LIST = ['{{ system_admin_email }}']
+{% endif %}
+{% endif %}

roles/seafile/vars/RedHat-8.yml

@@ -43,3 +43,4 @@ seafile_rm_libs:
   - libsasl2.so.3
   - libldap_r-2.4.so.2  # 9.0.0
   - libcrypto.so.1.1    # 9.0.0
+  - libssl.so.1.1       # 9.0.0