nixos/seafile: add persistent user, configurable storage path, and gc service

[melvyn2]

Description of changes

Disable DynamicUser for seafile in favor of a persistent configurable service user and group. This allows moving the storage directory out of the systemd-managed StateDirectory (previously, external paths could be bind-mounted or symlinked into the state directory, but UID reassignments meant having to manually and slowly chown the entire storage).

This also allows access by other services, such as by a garbage-collection timer also added here.

Things done

• Built on platform(s)
  • x86_64-linux
  • aarch64-linux
  • x86_64-darwin
  • aarch64-darwin
• For non-Linux: Is sandboxing enabled in nix.conf? (See Nix manual)
  • sandbox = relaxed
  • sandbox = true
• Tested, as applicable:
  • NixOS test(s) (look inside nixos/tests)
  • and/or package tests
  • or, for functions and "core" functionality, tests in lib/tests or pkgs/test
  • made sure NixOS tests are linked to the relevant packages
• Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
• Tested basic functionality of all binary files (usually in ./result/bin/)
• 24.05 Release Notes (or backporting 23.05 and 23.11 Release notes)
  • (Package updates) Added a release notes entry if the change is major or breaking
  • (Module updates) Added a release notes entry if the change is significant
  • (Module addition) Added a release notes entry if adding a new NixOS module
• Fits CONTRIBUTING.md.

---

Add a 👍 reaction to pull requests you find important.

[melvyn2]

@greizgh looks you weren't auto-requested by the bot since the module is missing the meta.maintainer attr. Would you please review this PR?

[nixos-discourse]

This pull request has been mentioned on NixOS Discourse. There might be relevant details there:

https://discourse.nixos.org/t/prs-ready-for-review/3032/3863

[greizgh]

@greizgh looks you weren't auto-requested by the bot since the module is missing the meta.maintainer attr. Would you please review this PR?

Sorry, completely missed that. This lgtm! Thanks for your contribution, this was deep down on my todo list and I never got the time to look into GC.

[melvyn2]

Added you and @schmittlauch to the maintainers for this module, so we can have the maintainer approval tag hopefully.

[SuperSandro2000]

Suggested change

	if [[ $installedMajor == $pkgMajor && $installedMinor == $pkgMinor ]]; then
	:
	else
	echo "Server not upgraded yet" >&2
	if [[ $installedMajor != $pkgMajor && $installedMinor != $pkgMinor ]]; then
	echo "Server not upgraded yet" >&2

[melvyn2]

Was kept to match the main script, but that isn't too useful I guess.

[SuperSandro2000]

Can we easily deduplicate more things?

[melvyn2]

Seahub needs to be updated anyways so it can build again, version 10 is using django 3 (marked insecure), and there's no PR yet to update to 11. I'll take a look at this again once that PR's in motion.

[melvyn2]

Forgot to include it, update PR is #318727. Switching to draft until that's merged...

[melvyn2]

Closing in favor of #318727