Update config files for seafile 11

conf/ccnet.conf

@@ -9,9 +9,3 @@ USER = __DB_USER__
 PASSWD = __DB_PWD__
 DB = ccnetdb
 CONNECTION_CHARSET = utf8
-
-[LDAP]
-HOST = ldap://localhost:389
-BASE = ou=users,dc=yunohost,dc=org
-LOGIN_ATTR = mail
-FILTER = permission=cn=__APP__.main,ou=permission,dc=yunohost,dc=org

conf/nginx.conf

@@ -1,31 +1,50 @@
+
 location __PATH__ {
         proxy_pass         http://127.0.0.1:__PORT_SEAHUB__;
         proxy_set_header   Host $host;
         proxy_set_header   X-Real-IP $remote_addr;
         proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header   X-Forwarded-Host $server_name;
-        proxy_read_timeout 1200s;
 
-        # used for view/edit office file via Office Online Server
+        proxy_read_timeout 1200s;
         client_max_body_size 0;
 
-        access_log      /var/log/nginx/seahub.access.log;
-        error_log       /var/log/nginx/seahub.error.log;
+         access_log      /var/log/nginx/seahub.access.log;
+         error_log       /var/log/nginx/seahub.error.log;
 
         include conf.d/yunohost_panel.conf.inc;
 }
 
+location __PATH__/media/ {
+        alias  __INSTALL_DIR__/seafile-server-latest/seahub/media/;
+}
+
 location /seafhttp/ {
         proxy_pass http://127.0.0.1:__PORT_FILESERVER__/;
-        client_max_body_size 0;
         proxy_connect_timeout  36000s;
         proxy_read_timeout  36000s;
         proxy_send_timeout  36000s;
+
+        client_max_body_size 0;
+        proxy_request_buffering off;
+
+        access_log      /var/log/nginx/seafhttp.access.log;
+        error_log       /var/log/nginx/seafhttp.error.log;
 }
 
+location /notification/ping {
+        proxy_pass http://127.0.0.1:8083/ping;
+        access_log      /var/log/nginx/notification.access.log;
+        error_log       /var/log/nginx/notification.error.log;
+}
 
-location __PATH__/media/ {
-        alias  __INSTALL_DIR__/seafile-server-latest/seahub/media/;
+location /notification {
+        proxy_pass http://127.0.0.1:8083/;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+        access_log      /var/log/nginx/notification.access.log;
+        error_log       /var/log/nginx/notification.error.log;
 }
 
 location /seafdav {
@@ -35,8 +54,10 @@ location /seafdav {
         proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header   X-Forwarded-Host $server_name;
         proxy_set_header   X-Forwarded-Proto $scheme;
+
         proxy_read_timeout  1200s;
         client_max_body_size 0;
+        proxy_request_buffering off;
 
         access_log      /var/log/nginx/seafdav.access.log;
         error_log       /var/log/nginx/seafdav.error.log;

conf/seafevents.conf

@@ -0,0 +1,18 @@
+[DATABASE]
+type = mysql
+host = 127.0.0.1
+port = 3306
+username = __DB_USER__
+password = __DB_PWD__
+name = seahubdb
+
+[STATISTICS]
+## must be "true" to enable statistics
+enabled = false
+
+[SEAHUB EMAIL]
+## must be "true" to enable user email notifications when there are new unread notifications
+enabled = true
+
+## interval of sending Seahub email. Can be s(seconds), m(minutes), h(hours), d(days)
+interval = 1d

conf/seafile.conf

@@ -7,6 +7,8 @@ max_upload_size=1000
 # Set maximum download directory size to 200M.
 max_download_dir_size=1000
 
+use_go_fileserver = true
+
 [database]
 type = mysql
 host = 127.0.0.1
@@ -15,3 +17,13 @@ user = __DB_USER__
 password = __DB_PWD__
 db_name = __DB_NAME__
 connection_charset = utf8
+
+[memcached]
+memcached_options = --SERVER=127.0.0.1 --POOL-MIN=10 --POOL-MAX=100
+
+[notification]
+enabled = true
+host = 127.0.0.1
+port = __PORT_NOTIFICATIONSERVER__
+log_level = info
+jwt_private_key = __JWT_PRIVATE_KEY_NOTIFICATION_SERVER__

conf/seahub_settings.py

@@ -1,46 +1,403 @@
-SECRET_KEY = "__SEAHUB_SECRET_KEY__"
+# -*- coding: utf-8 -*-
+
+SECRET_KEY = "{{ seahub_secret_key }}"
 
 DATABASES = {
     'default': {
         'ENGINE': 'django.db.backends.mysql',
         'NAME': 'seahubdb',
-        'USER': '__DB_USER__',
-        'PASSWORD': '__DB_PWD__',
+        'USER': '{{ db_user }}',
+        'PASSWORD': '{{ db_pwd }}',
         'HOST': '127.0.0.1',
         'PORT': '3306',
-        'OPTIONS': {
-            'init_command': 'SET storage_engine=INNODB',
-        }
+        'OPTIONS': {'charset': 'utf8mb4'},
     }
 }
 
-SERVICE_URL =  "https://__DOMAIN____PATH__"
-FILE_SERVER_ROOT = "https://__DOMAIN__/seafhttp"
-SITE_ROOT = "__PATH2__"
-SERVE_STATIC = False
-MEDIA_URL = "__PATH2__media/"
-COMPRESS_URL = MEDIA_URL
-STATIC_URL = MEDIA_URL + 'assets/'
-EMAIL_USE_TLS = True
-EMAIL_HOST = "__DOMAIN__"
-EMAIL_HOST_USER = "__APP__"
-EMAIL_HOST_PASSWORD = "__MAIL_PWD__"
-EMAIL_PORT = "587"
-REPLACE_FROM_EMAIL = True
-ADD_REPLY_TO_HEADER = True
-DEFAULT_FROM_EMAIL = "__APP__@__DOMAIN__"
-SERVER_EMAIL = "__APP__@__DOMAIN__"
-LOGIN_URL = '__PATH2__accounts/login/'
-ENABLE_WIKI = True
-ALLOWED_HOSTS = ['__DOMAIN__']
-ENABLE_REMOTE_USER_AUTHENTICATION = True
-REMOTE_USER_HEADER = 'HTTP_EMAIL'
-REMOTE_USER_CREATE_UNKNOWN_USER = False
-REMOTE_USER_PROTECTED_PATH = ['__PATH__', '__PATH2__accounts/login']
-TIME_ZONE = "__TIME_ZONE__"
 CACHES = {
     'default': {
         'BACKEND': 'django_pylibmc.memcached.PyLibMCCache',
         'LOCATION': '127.0.0.1:11211',
     },
 }
+
+FILE_SERVER_ROOT = "https://{{ domain }}/seafhttp"
+SERVE_STATIC = False
+MEDIA_URL = "{{ path2 }}media/"
+COMPRESS_URL = MEDIA_URL
+STATIC_URL = MEDIA_URL + 'assets/'
+LOGIN_URL = '{{ path2 }}accounts/login/'
+
+#
+# LDAP
+#
+
+ENABLE_LDAP = True
+# The URL of LDAP server
+LDAP_SERVER_URL = 'ldap://localhost:389'
+
+# The root node of users who can log in to Seafile in the LDAP server
+LDAP_BASE_DN = 'ou=users,dc=yunohost,dc=org'
+
+# DN of the administrator used to query the LDAP server for information.
+# For OpenLDAP, it maybe cn=admin,dc=example,dc=com
+LDAP_ADMIN_DN = '' # Need to leave empty to work with anonymous authentication
+
+# Password of LDAP_ADMIN_DN
+LDAP_ADMIN_PASSWORD = '' # Need to leave empty to work with anonymous authentication
+
+# Identify the source of the user, used in
+# the table social_auth_usersocialauth, defaults to 'ldap'
+LDAP_PROVIDER = 'ldap'
+
+# User's attribute used to log in to Seafile.
+# It should be a unique identifier for the user in LDAP server.
+# Learn more about this id from the descriptions at begining of this section.
+LDAP_LOGIN_ATTR = 'mail'
+
+# LDAP user's contact_email attribute
+LDAP_CONTACT_EMAIL_ATTR = 'mail'
+
+# LDAP user's role attribute
+LDAP_USER_ROLE_ATTR = ''
+
+# For sync user's first name
+LDAP_USER_FIRST_NAME_ATTR = 'givenName'
+
+# For sync user's last name
+LDAP_USER_LAST_NAME_ATTR = 'sn'
+
+# Whether to reverse the user's first and last name
+LDAP_USER_NAME_REVERSE = False
+
+# Additional filter conditions, users who meet the filter conditions can log in, otherwise they cannot log in
+LDAP_FILTER = 'permission=cn={{ app }}.main,ou=permission,dc=yunohost,dc=org'
+
+#
+# SSO
+#
+
+ENABLE_REMOTE_USER_AUTHENTICATION = True
+REMOTE_USER_HEADER = 'HTTP_EMAIL'
+REMOTE_USER_CREATE_UNKNOWN_USER = False
+REMOTE_USER_PROTECTED_PATH = ['{{ path }}', '{{ path2 }}accounts/login', '{{ path2 }}sso']
+
+#
+# Security settings
+#
+
+# For security consideration, please set to match the host/domain of your site, e.g., ALLOWED_HOSTS = ['.example.com'].
+# Please refer https://docs.djangoproject.com/en/dev/ref/settings/#allowed-hosts for details.
+ALLOWED_HOSTS = ['{{ domain }}']
+
+# Whether to use a secure cookie for the CSRF cookie
+# https://docs.djangoproject.com/en/3.2/ref/settings/#csrf-cookie-secure
+CSRF_COOKIE_SECURE = True
+
+# The value of the SameSite flag on the CSRF cookie
+# https://docs.djangoproject.com/en/3.2/ref/settings/#csrf-cookie-samesite
+CSRF_COOKIE_SAMESITE = 'Strict'
+
+# https://docs.djangoproject.com/en/3.2/ref/settings/#csrf-trusted-origins
+CSRF_TRUSTED_ORIGINS = ['https://{{ domain }}']
+
+#
+# User options
+#
+
+# Enalbe or disalbe registration on web. Default is `False`.
+# ENABLE_SIGNUP = False
+
+# Activate or deactivate user when registration complete. Default is `True`.
+# If set to `False`, new users need to be activated by admin in admin panel.
+# ACTIVATE_AFTER_REGISTRATION = True
+
+# Whether to send email when a system admin adding a new member. Default is `True`.
+# SEND_EMAIL_ON_ADDING_SYSTEM_MEMBER = True
+
+# Whether to send email when a system admin resetting a user's password. Default is `True`.
+# SEND_EMAIL_ON_RESETTING_USER_PASSWD = True
+
+# Send system admin notify email when user registration is complete. Default is `False`.
+# NOTIFY_ADMIN_AFTER_REGISTRATION = False
+
+# Remember days for login. Default is 7
+# LOGIN_REMEMBER_DAYS = 7
+
+# Attempt limit before showing a captcha when login.
+# LOGIN_ATTEMPT_LIMIT = 3
+
+# deactivate user account when login attempts exceed limit
+# Since version 5.1.2 or pro 5.1.3
+# FREEZE_USER_ON_LOGIN_FAILED = False
+
+# Age of cookie, in seconds (default: 2 weeks).
+# SESSION_COOKIE_AGE = 60 * 60 * 24 * 7 * 2
+
+# Whether a user's session cookie expires when the Web browser is closed.
+# SESSION_EXPIRE_AT_BROWSER_CLOSE = False
+
+# Whether to save the session data on every request. Default is `False`
+# SESSION_SAVE_EVERY_REQUEST = False
+
+# Whether enable the feature "published library". Default is `False`
+# Since 6.1.0 CE
+ENABLE_WIKI = True
+
+# In old version, if you use Single Sign On, the password is not saved in Seafile.
+# Users can't use WebDAV because Seafile can't check whether the password is correct.
+# Since version 6.3.8, you can enable this option to let user's to specific a password for WebDAV login.
+# Users login via SSO can use this password to login in WebDAV.
+# Enable the feature. pycryptodome should be installed first.
+# sudo pip install pycryptodome==3.12.0
+ENABLE_WEBDAV_SECRET = False
+
+# Since version 7.0.9, you can force a full user to log in with a two factor authentication.
+# The prerequisite is that the administrator should 'enable two factor authentication' in the 'System Admin -> Settings' page.
+# Then you can add the following configuration information to the configuration file.
+# ENABLE_FORCE_2FA_TO_ALL_USERS = False
+
+#
+# Library options
+#
+
+# if enable create encrypted library
+# ENABLE_ENCRYPTED_LIBRARY = True
+
+# version for encrypted library
+# should only be `2` or `4`.
+# version 3 is insecure (using AES128 encryption) so it's not recommended any more.
+# ENCRYPTED_LIBRARY_VERSION = 2
+
+# mininum length for password of encrypted library
+# REPO_PASSWORD_MIN_LENGTH = 8
+
+# force use password when generate a share/upload link (since version 8.0.9)
+# SHARE_LINK_FORCE_USE_PASSWORD = False
+
+# mininum length for password for share link (since version 4.4)
+# SHARE_LINK_PASSWORD_MIN_LENGTH = 8
+
+# LEVEL for the password of a share/upload link
+# based on four types of input:
+# num, upper letter, lower letter, other symbols
+# '3' means password must have at least 3 types of the above. (since version 8.0.9)
+# SHARE_LINK_PASSWORD_STRENGTH_LEVEL = 3
+
+# Default expire days for share link (since version 6.3.8)
+# Once this value is configured, the user can no longer generate an share link with no expiration time.
+# If the expiration value is not set when the share link is generated, the value configured here will be used.
+# SHARE_LINK_EXPIRE_DAYS_DEFAULT = 5
+
+# minimum expire days for share link (since version 6.3.6)
+# SHARE_LINK_EXPIRE_DAYS_MIN should be less than SHARE_LINK_EXPIRE_DAYS_DEFAULT (If the latter is set).
+# SHARE_LINK_EXPIRE_DAYS_MIN = 3 # default is 0, no limit.
+
+# maximum expire days for share link (since version 6.3.6)
+# SHARE_LINK_EXPIRE_DAYS_MIN should be greater than SHARE_LINK_EXPIRE_DAYS_DEFAULT (If the latter is set).
+# SHARE_LINK_EXPIRE_DAYS_MAX = 8 # default is 0, no limit.
+
+# Default expire days for upload link (since version 7.1.6)
+# Once this value is configured, the user can no longer generate an upload link with no expiration time.
+# If the expiration value is not set when the upload link is generated, the value configured here will be used.
+# UPLOAD_LINK_EXPIRE_DAYS_DEFAULT = 5
+
+# minimum expire days for upload link (since version 7.1.6)
+# UPLOAD_LINK_EXPIRE_DAYS_MIN should be less than UPLOAD_LINK_EXPIRE_DAYS_DEFAULT (If the latter is set).
+# UPLOAD_LINK_EXPIRE_DAYS_MIN = 3 # default is 0, no limit.
+
+# maximum expire days for upload link (since version 7.1.6)
+# UPLOAD_LINK_EXPIRE_DAYS_MAX should be greater than UPLOAD_LINK_EXPIRE_DAYS_DEFAULT (If the latter is set).
+# UPLOAD_LINK_EXPIRE_DAYS_MAX = 8 # default is 0, no limit.
+
+# force user login when view file/folder share link (since version 6.3.6)
+# SHARE_LINK_LOGIN_REQUIRED = False
+
+# enable water mark when view(not edit) file in web browser (since version 6.3.6)
+# ENABLE_WATERMARK = True
+
+# Disable sync with any folder. Default is `False`
+# NOTE: since version 4.2.4
+# DISABLE_SYNC_WITH_ANY_FOLDER = False
+
+# Enable or disable library history setting
+# ENABLE_REPO_HISTORY_SETTING = True
+
+# Enable or disable normal user to create organization libraries
+# Since version 5.0.5
+# ENABLE_USER_CREATE_ORG_REPO = True
+
+# Enable or disable user share library to any group
+# Since version 6.2.0
+# ENABLE_SHARE_TO_ALL_GROUPS = True
+
+# Enable or disable user to clean trash (default is True)
+# Since version 6.3.6
+# ENABLE_USER_CLEAN_TRASH = True
+
+# Add a report abuse button on download links. (since version 7.1.0)
+# Users can report abuse on the share link page, fill in the report type, contact information, and description.
+# Default is false.
+# ENABLE_SHARE_LINK_REPORT_ABUSE = False
+
+#
+# Online preview
+#
+
+# Whether to use pdf.js to view pdf files online. Default is `True`,  you can turn it off.
+# NOTE: since version 1.4.
+# USE_PDFJS = True
+
+# Online preview maximum file size, defaults to 30M.
+# FILE_PREVIEW_MAX_SIZE = 30 * 1024 * 1024
+
+# Extensions of previewed text files.
+# NOTE: since version 6.1.1
+# TEXT_PREVIEW_EXT = """ac, am, bat, c, cc, cmake, cpp, cs, css, diff, el, h, html,
+# htm, java, js, json, less, make, org, php, pl, properties, py, rb,
+# scala, script, sh, sql, txt, text, tex, vi, vim, xhtml, xml, log, csv,
+# groovy, rst, patch, go"""
+
+# Enable or disable thumbnails
+# NOTE: since version 4.0.2
+# ENABLE_THUMBNAIL = True
+
+# Seafile only generates thumbnails for images smaller than the following size.
+# Since version 6.3.8 pro, suport the psd online preview.
+# THUMBNAIL_IMAGE_SIZE_LIMIT = 30 # MB
+
+# Enable or disable thumbnail for video. ffmpeg and moviepy should be installed first.
+# For details, please refer to https://manual.seafile.com/deploy/video_thumbnails.html
+# NOTE: this option is deprecated in version 7.1
+# ENABLE_VIDEO_THUMBNAIL = False
+
+# Use the frame at 5 second as thumbnail
+# NOTE: this option is deprecated in version 7.1
+# THUMBNAIL_VIDEO_FRAME_TIME = 5
+
+# Absolute filesystem path to the directory that will hold thumbnail files.
+# THUMBNAIL_ROOT = '/haiwen/seahub-data/thumbnail/thumb/'
+
+# Default size for picture preview. Enlarge this size can improve the preview quality.
+# NOTE: since version 6.1.1
+# THUMBNAIL_SIZE_FOR_ORIGINAL = 1024
+
+#
+# Other options
+#
+
+# This is outside URL for Seahub(Seafile Web).
+# The domain part (i.e., www.example.com) will be used in generating share links and download/upload file via web.
+# Note: Outside URL means "if you use Nginx, it should be the Nginx's address"
+# Note: SERVICE_URL is moved to seahub_settings.py since 9.0.0
+SERVICE_URL =  "https://{{ domain }}{{ path }}"
+
+# Disable settings via Web interface in system admin->settings
+# Default is True
+# Since 5.1.3
+# ENABLE_SETTINGS_VIA_WEB = True
+
+# Choices can be found here:
+# http://en.wikipedia.org/wiki/List_of_tz_zones_by_name
+# although not all choices may be available on all operating systems.
+# If running in a Windows environment this must be set to the same as your
+# system time zone.
+TIME_ZONE = "{{ time_zone }}"
+
+# Language code for this installation. All choices can be found here:
+# http://www.i18nguy.com/unicode/language-identifiers.html
+# Default language for sending emails.
+LANGUAGE_CODE = '{{ language }}'
+
+# Custom language code choice.
+LANGUAGES = (
+{%- for lang in lang_list.splitlines() -%}
+    ('{{ lang.split(',')[0]}}', '{{ lang.split(',')[1] }}'),
+{%- endfor %}
+)
+
+# Set this to your website/company's name. This is contained in email notifications and welcome message when user login for the first time.
+SITE_NAME = 'Seafile'
+
+# Browser tab's title
+SITE_TITLE = 'Private Seafile'
+
+# If you don't want to run seahub website on your site's root path, set this option to your preferred path.
+# e.g. setting it to '/seahub/' would run seahub on http://example.com/seahub/.
+SITE_ROOT = "{{ path2 }}"
+
+# Max number of files when user upload file/folder.
+# Since version 6.0.4
+# MAX_NUMBER_OF_FILES_FOR_FILEUPLOAD = 500
+
+# Control the language that send email. Default to user's current language.
+# Since version 6.1.1
+# SHARE_LINK_EMAIL_LANGUAGE = ''
+
+# Interval for browser requests unread notifications
+# Since PRO 6.1.4 or CE 6.1.2
+# UNREAD_NOTIFICATIONS_REQUEST_INTERVAL = 3 * 60 # seconds
+
+# Get web api auth token on profile page.
+# ENABLE_GET_AUTH_TOKEN_BY_SESSION = True
+
+# Since 8.0.6 CE/PRO version.
+# Url redirected to after user logout Seafile.
+# Usually configured as Single Logout url.
+LOGOUT_REDIRECT_URL = 'https://{{ domain }}/yunohost/sso/?action=logout'
+
+# Enable system admin add T&C, all users need to accept terms before using. Defaults to `False`.
+# Since version 6.0
+# ENABLE_TERMS_AND_CONDITIONS = False
+
+# Enable two factor authentication for accounts. Defaults to `False`.
+# Since version 6.0
+# ENABLE_TWO_FACTOR_AUTH = False
+
+# Enable user select a template when he/she creates library.
+# When user select a template, Seafile will create folders releated to the pattern automaticly.
+# Since version 6.0
+# LIBRARY_TEMPLATES = {
+#     'Technology': ['/Develop/Python', '/Test'],
+#     'Finance': ['/Current assets', '/Fixed assets/Computer']
+# }
+
+# Enable a user to change password in 'settings' page. Default to `True`
+# Since version 6.2.11
+# ENABLE_CHANGE_PASSWORD = True
+
+# If show contact email when search user.
+# ENABLE_SHOW_CONTACT_EMAIL_WHEN_SEARCH_USER = True
+
+#
+# Mail
+#
+
+EMAIL_USE_TLS = True
+EMAIL_HOST = "{{ domain }}"
+EMAIL_HOST_USER = "{{ app }}"
+EMAIL_HOST_PASSWORD = "{{ mail_pwd }}"
+EMAIL_PORT = "587"
+REPLACE_FROM_EMAIL = True
+ADD_REPLY_TO_HEADER = True
+DEFAULT_FROM_EMAIL = "{{ app }}@{{ domain }}"
+SERVER_EMAIL = "{{ app }}@{{ domain }}"
+
+#
+# RESTful API
+#
+
+# API throttling related settings. Enlarger the rates if you got 429 response code during API calls.
+# REST_FRAMEWORK = {
+#     'DEFAULT_THROTTLE_RATES': {
+#         'ping': '600/minute',
+#         'anon': '5/minute',
+#         'user': '300/minute',
+#     },
+#     'UNICODE_JSON': False,
+# }
+
+# Throtting whitelist used to disable throttle for certain IPs.
+# e.g. REST_FRAMEWORK_THROTTING_WHITELIST = ['127.0.0.1', '192.168.1.1']
+# Please make sure `REMOTE_ADDR` header is configured in Nginx conf according to https://manual.seafile.com/deploy/deploy_with_nginx.html.
+# REST_FRAMEWORK_THROTTING_WHITELIST = []

manifest.toml

@@ -5,7 +5,7 @@ name = "Seafile"
 description.en = "Open Source Cloud Storage"
 description.fr = "Stockage Cloud Open Source"
 
-version = "9.0.9~ynh3"
+version = "11.0.6~ynh1"
 
 maintainers = ["Josué Tille"]
 
@@ -19,7 +19,7 @@ cpe = "cpe:2.3:a:seafile:seafile"
 
 [integration]
 yunohost = ">= 11.2.8"
-architectures = ["amd64", "arm64", "armhf"]
+architectures = ["amd64", "arm64"]
 multi_instance = false
 ldap = true
 sso = true
@@ -82,6 +82,13 @@ ram.runtime = "500M"
     file_server.show_tile = false
     file_server.protected = true
 
+    notification_server.url = "__DOMAIN__/notification"
+    notification_server.label = "Notification server"
+    notification_server.allowed = "visitors"
+    notification_server.auth_header = false
+    notification_server.show_tile = false
+    notification_server.protected = true
+
     webdav.url = "__DOMAIN__/seafdav"
     webdav.label = "Webdav"
     webdav.allowed = "visitors"
@@ -89,6 +96,13 @@ ram.runtime = "500M"
     webdav.protected = true
     webdav.show_tile = false
 
+    notification.url = "__DOMAIN__/notification"
+    notification.label = "Client-notification"
+    notification.allowed = "visitors"
+    notification.auth_header = false
+    notification.protected = true
+    notification.show_tile = false
+
     media.url = "/media"
     media.label = "Media"
     media.allowed = "visitors"
@@ -99,24 +113,27 @@ ram.runtime = "500M"
     [resources.ports]
     seahub.default = 8000
     fileserver.default = 8082
+    notificationserver.default = 8083
     webdav.default = 8080
 
     [resources.sources.main]
-    amd64.url = "https://s3.eu-central-1.amazonaws.com/download.seadrive.org/seafile-server_9.0.9_x86-64.tar.gz"
-    amd64.sha256 = "db76bb33572ad0a6860470e907bed4ed780aa17d9e022226d99448a7f9e4ba74"
+    format = "docker"
+    extract = true
+    prefetch = false
 
-    arm64.url = "https://github.com/haiwen/seafile-rpi/releases/download/v9.0.9/seafile-server-9.0.9-bullseye-arm64v8l.tar.gz"
-    arm64.sha256 = "c58f5d6b741dec240be9d75d6e617102b7adbfeba98cbd866732822bf9ca10b7"
-    armhf.url = "https://github.com/haiwen/seafile-rpi/releases/download/v9.0.9/seafile-server-9.0.9-bullseye-arm32v7l.tar.gz"
-    armhf.sha256 = "171fcf08b726d452e1c4cd22dadb9f8f5cf6848424ebc1e04cde5be34ef3d7f6"
+    amd64.url = "seafileltd/seafile-mc:11.0.6"
+    amd64.sha256 = "be2599ce87ad47e5bf3fd4ce70b9d6a98290e0cffe9df5f45f6fac5d9ee3b8f8"
+
+    arm64.url = "seafileltd/seafile-mc:11.0.6"
+    arm64.sha256 = "01452c02a5866a7e7ced4448ca4e26b7e01f2a5b0ba56da62446a00343a0e1df"
 
     [resources.apt]
-    packages = ["ffmpeg",
-                "python3", "python3-venv", "python3-setuptools", "python3-pip", "python3-dev",
+    packages = ["python3", "python3-venv", "python3-setuptools", "python3-pip", "python3-dev",
                 "python3-requests", "python3-scipy", "python3-matplotlib",
                 "mariadb-server", "libmariadb-dev-compat", "libmariadb-dev",
+                "ldap-utils", "libldap2-dev", "libsasl2-dev",
                 "memcached", "libmemcached-dev",
-                "libjpeg62-turbo-dev", "zlib1g-dev", "libffi-dev"]
+                "ffmpeg"]
 
     [resources.database]
     type = "mysql"