2019-06-16 19:59:06 +00:00
|
|
|
|
{ config, lib, pkgs, ... }:
|
2018-06-29 17:17:54 +00:00
|
|
|
|
|
|
|
|
|
with lib;
|
|
|
|
|
|
|
|
|
|
let
|
|
|
|
|
cfg = config.services.nextcloud;
|
2019-07-03 21:34:17 +00:00
|
|
|
|
fpm = config.services.phpfpm.pools.nextcloud;
|
2018-06-29 17:17:54 +00:00
|
|
|
|
|
2021-03-31 12:56:14 +00:00
|
|
|
|
jsonFormat = pkgs.formats.json {};
|
|
|
|
|
|
2023-08-05 09:23:58 +00:00
|
|
|
|
defaultPHPSettings = {
|
|
|
|
|
short_open_tag = "Off";
|
|
|
|
|
expose_php = "Off";
|
|
|
|
|
error_reporting = "E_ALL & ~E_DEPRECATED & ~E_STRICT";
|
|
|
|
|
display_errors = "stderr";
|
|
|
|
|
"opcache.enable_cli" = "1";
|
|
|
|
|
"opcache.interned_strings_buffer" = "8";
|
|
|
|
|
"opcache.max_accelerated_files" = "10000";
|
|
|
|
|
"opcache.memory_consumption" = "128";
|
|
|
|
|
"opcache.revalidate_freq" = "1";
|
|
|
|
|
"opcache.fast_shutdown" = "1";
|
|
|
|
|
"openssl.cafile" = "/etc/ssl/certs/ca-certificates.crt";
|
|
|
|
|
catch_workers_output = "yes";
|
|
|
|
|
};
|
|
|
|
|
|
2021-10-09 20:36:35 +00:00
|
|
|
|
inherit (cfg) datadir;
|
2018-06-29 17:17:54 +00:00
|
|
|
|
|
2021-10-01 15:03:09 +00:00
|
|
|
|
phpPackage = cfg.phpPackage.buildEnv {
|
2021-01-09 16:53:30 +00:00
|
|
|
|
extensions = { enabled, all }:
|
2023-10-09 08:47:17 +00:00
|
|
|
|
(with all; enabled
|
2021-04-22 00:17:12 +00:00
|
|
|
|
++ optional cfg.enableImagemagick imagick
|
2021-01-11 21:15:22 +00:00
|
|
|
|
# Optionally enabled depending on caching settings
|
|
|
|
|
++ optional cfg.caching.apcu apcu
|
|
|
|
|
++ optional cfg.caching.redis redis
|
|
|
|
|
++ optional cfg.caching.memcached memcached
|
|
|
|
|
)
|
2021-01-09 16:53:30 +00:00
|
|
|
|
++ cfg.phpExtraExtensions all; # Enabled by user
|
2023-08-05 09:23:58 +00:00
|
|
|
|
extraConfig = toKeyValue cfg.phpOptions;
|
2021-01-09 16:53:30 +00:00
|
|
|
|
};
|
2019-03-01 15:37:00 +00:00
|
|
|
|
|
2018-06-29 17:17:54 +00:00
|
|
|
|
toKeyValue = generators.toKeyValue {
|
|
|
|
|
mkKeyValue = generators.mkKeyValueDefault {} " = ";
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
occ = pkgs.writeScriptBin "nextcloud-occ" ''
|
2020-04-07 06:25:48 +00:00
|
|
|
|
#! ${pkgs.runtimeShell}
|
2020-03-14 03:07:30 +00:00
|
|
|
|
cd ${cfg.package}
|
2019-11-26 14:31:13 +00:00
|
|
|
|
sudo=exec
|
2020-07-26 08:54:23 +00:00
|
|
|
|
if [[ "$USER" != nextcloud ]]; then
|
|
|
|
|
sudo='exec /run/wrappers/bin/sudo -u nextcloud --preserve-env=NEXTCLOUD_CONFIG_DIR --preserve-env=OC_PASS'
|
2019-11-26 14:31:13 +00:00
|
|
|
|
fi
|
2021-09-25 20:16:35 +00:00
|
|
|
|
export NEXTCLOUD_CONFIG_DIR="${datadir}/config"
|
2019-11-26 14:31:13 +00:00
|
|
|
|
$sudo \
|
2019-04-06 07:34:54 +00:00
|
|
|
|
${phpPackage}/bin/php \
|
2020-12-20 16:16:11 +00:00
|
|
|
|
occ "$@"
|
2018-06-29 17:17:54 +00:00
|
|
|
|
'';
|
|
|
|
|
|
2020-03-14 03:07:30 +00:00
|
|
|
|
inherit (config.system) stateVersion;
|
|
|
|
|
|
2023-04-30 17:34:42 +00:00
|
|
|
|
mysqlLocal = cfg.database.createLocally && cfg.config.dbtype == "mysql";
|
|
|
|
|
pgsqlLocal = cfg.database.createLocally && cfg.config.dbtype == "pgsql";
|
|
|
|
|
|
2023-10-09 09:27:40 +00:00
|
|
|
|
# https://github.com/nextcloud/documentation/pull/11179
|
|
|
|
|
ocmProviderIsNotAStaticDirAnymore = versionAtLeast cfg.package.version "27.1.2";
|
|
|
|
|
|
2018-06-29 17:17:54 +00:00
|
|
|
|
in {
|
2020-08-03 07:04:46 +00:00
|
|
|
|
|
|
|
|
|
imports = [
|
2021-10-08 16:30:57 +00:00
|
|
|
|
(mkRemovedOptionModule [ "services" "nextcloud" "config" "adminpass" ] ''
|
|
|
|
|
Please use `services.nextcloud.config.adminpassFile' instead!
|
|
|
|
|
'')
|
|
|
|
|
(mkRemovedOptionModule [ "services" "nextcloud" "config" "dbpass" ] ''
|
|
|
|
|
Please use `services.nextcloud.config.dbpassFile' instead!
|
|
|
|
|
'')
|
2020-08-10 20:09:01 +00:00
|
|
|
|
(mkRemovedOptionModule [ "services" "nextcloud" "nginx" "enable" ] ''
|
|
|
|
|
The nextcloud module supports `nginx` as reverse-proxy by default and doesn't
|
|
|
|
|
support other reverse-proxies officially.
|
|
|
|
|
|
|
|
|
|
However it's possible to use an alternative reverse-proxy by
|
|
|
|
|
|
|
|
|
|
* disabling nginx
|
|
|
|
|
* setting `listen.owner` & `listen.group` in the phpfpm-pool to a different value
|
|
|
|
|
|
|
|
|
|
Further details about this can be found in the `Nextcloud`-section of the NixOS-manual
|
2022-12-18 00:31:14 +00:00
|
|
|
|
(which can be opened e.g. by running `nixos-help`).
|
2020-08-10 20:09:01 +00:00
|
|
|
|
'')
|
2023-10-09 08:47:17 +00:00
|
|
|
|
(mkRemovedOptionModule [ "services" "nextcloud" "enableBrokenCiphersForSSE" ] ''
|
|
|
|
|
This option has no effect since there's no supported Nextcloud version packaged here
|
|
|
|
|
using OpenSSL for RC4 SSE.
|
|
|
|
|
'')
|
2021-04-22 00:17:12 +00:00
|
|
|
|
(mkRemovedOptionModule [ "services" "nextcloud" "disableImagemagick" ] ''
|
2023-01-19 09:40:25 +00:00
|
|
|
|
Use services.nextcloud.enableImagemagick instead.
|
2021-04-22 00:17:12 +00:00
|
|
|
|
'')
|
2020-08-03 07:04:46 +00:00
|
|
|
|
];
|
|
|
|
|
|
2018-06-29 17:17:54 +00:00
|
|
|
|
options.services.nextcloud = {
|
|
|
|
|
enable = mkEnableOption (lib.mdDoc "nextcloud");
|
2022-10-29 14:20:57 +00:00
|
|
|
|
|
2018-06-29 17:17:54 +00:00
|
|
|
|
hostName = mkOption {
|
|
|
|
|
type = types.str;
|
|
|
|
|
description = lib.mdDoc "FQDN for the nextcloud instance.";
|
|
|
|
|
};
|
|
|
|
|
home = mkOption {
|
|
|
|
|
type = types.str;
|
|
|
|
|
default = "/var/lib/nextcloud";
|
|
|
|
|
description = lib.mdDoc "Storage path of nextcloud.";
|
|
|
|
|
};
|
2021-09-25 20:16:35 +00:00
|
|
|
|
datadir = mkOption {
|
2021-10-09 20:36:35 +00:00
|
|
|
|
type = types.str;
|
2022-06-26 18:27:03 +00:00
|
|
|
|
default = config.services.nextcloud.home;
|
|
|
|
|
defaultText = literalExpression "config.services.nextcloud.home";
|
2021-09-25 20:16:35 +00:00
|
|
|
|
description = lib.mdDoc ''
|
2023-08-04 03:51:12 +00:00
|
|
|
|
Nextcloud's data storage path. Will be [](#opt-services.nextcloud.home) by default.
|
|
|
|
|
This folder will be populated with a config.php file and a data folder which contains the state of the instance (excluding the database).";
|
2021-09-25 20:16:35 +00:00
|
|
|
|
'';
|
|
|
|
|
example = "/mnt/nextcloud-file";
|
|
|
|
|
};
|
2021-09-25 20:19:14 +00:00
|
|
|
|
extraApps = mkOption {
|
|
|
|
|
type = types.attrsOf types.package;
|
|
|
|
|
default = { };
|
|
|
|
|
description = lib.mdDoc ''
|
|
|
|
|
Extra apps to install. Should be an attrSet of appid to packages generated by fetchNextcloudApp.
|
|
|
|
|
The appid must be identical to the "id" value in the apps appinfo/info.xml.
|
|
|
|
|
Using this will disable the appstore to prevent Nextcloud from updating these apps (see [](#opt-services.nextcloud.appstoreEnable)).
|
|
|
|
|
'';
|
2021-10-09 20:45:39 +00:00
|
|
|
|
example = literalExpression ''
|
2021-09-25 20:19:14 +00:00
|
|
|
|
{
|
|
|
|
|
maps = pkgs.fetchNextcloudApp {
|
|
|
|
|
name = "maps";
|
2021-10-09 20:36:35 +00:00
|
|
|
|
sha256 = "007y80idqg6b6zk6kjxg4vgw0z8fsxs9lajnv49vv1zjy6jx2i1i";
|
2021-09-25 20:19:14 +00:00
|
|
|
|
url = "https://github.com/nextcloud/maps/releases/download/v0.1.9/maps-0.1.9.tar.gz";
|
|
|
|
|
version = "0.1.9";
|
|
|
|
|
};
|
|
|
|
|
phonetrack = pkgs.fetchNextcloudApp {
|
|
|
|
|
name = "phonetrack";
|
2021-10-09 20:36:35 +00:00
|
|
|
|
sha256 = "0qf366vbahyl27p9mshfma1as4nvql6w75zy2zk5xwwbp343vsbc";
|
2021-09-25 20:19:14 +00:00
|
|
|
|
url = "https://gitlab.com/eneiluj/phonetrack-oc/-/wikis/uploads/931aaaf8dca24bf31a7e169a83c17235/phonetrack-0.6.9.tar.gz";
|
|
|
|
|
version = "0.6.9";
|
|
|
|
|
};
|
|
|
|
|
}
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
extraAppsEnable = mkOption {
|
|
|
|
|
type = types.bool;
|
|
|
|
|
default = true;
|
|
|
|
|
description = lib.mdDoc ''
|
2023-08-04 03:51:12 +00:00
|
|
|
|
Automatically enable the apps in [](#opt-services.nextcloud.extraApps) every time Nextcloud starts.
|
|
|
|
|
If set to false, apps need to be enabled in the Nextcloud web user interface or with `nextcloud-occ app:enable`.
|
2021-09-25 20:19:14 +00:00
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
appstoreEnable = mkOption {
|
|
|
|
|
type = types.nullOr types.bool;
|
|
|
|
|
default = null;
|
|
|
|
|
example = true;
|
|
|
|
|
description = lib.mdDoc ''
|
2023-08-04 03:51:12 +00:00
|
|
|
|
Allow the installation and updating of apps from the Nextcloud appstore.
|
2021-09-25 20:19:14 +00:00
|
|
|
|
Enabled by default unless there are packages in [](#opt-services.nextcloud.extraApps).
|
2023-08-04 03:51:12 +00:00
|
|
|
|
Set this to true to force enable the store even if [](#opt-services.nextcloud.extraApps) is used.
|
|
|
|
|
Set this to false to disable the installation of apps from the global appstore. App management is always enabled regardless of this setting.
|
2021-09-25 20:19:14 +00:00
|
|
|
|
'';
|
|
|
|
|
};
|
2019-02-26 08:18:08 +00:00
|
|
|
|
logLevel = mkOption {
|
|
|
|
|
type = types.ints.between 0 4;
|
|
|
|
|
default = 2;
|
2023-08-04 03:51:12 +00:00
|
|
|
|
description = lib.mdDoc ''
|
|
|
|
|
Log level value between 0 (DEBUG) and 4 (FATAL).
|
|
|
|
|
|
|
|
|
|
- 0 (debug): Log all activity.
|
|
|
|
|
|
|
|
|
|
- 1 (info): Log activity such as user logins and file activities, plus warnings, errors, and fatal errors.
|
|
|
|
|
|
|
|
|
|
- 2 (warn): Log successful operations, as well as warnings of potential problems, errors and fatal errors.
|
|
|
|
|
|
|
|
|
|
- 3 (error): Log failed operations and fatal errors.
|
|
|
|
|
|
|
|
|
|
- 4 (fatal): Log only fatal errors that cause the server to stop.
|
|
|
|
|
'';
|
2019-02-26 08:18:08 +00:00
|
|
|
|
};
|
2022-10-27 21:30:59 +00:00
|
|
|
|
logType = mkOption {
|
|
|
|
|
type = types.enum [ "errorlog" "file" "syslog" "systemd" ];
|
|
|
|
|
default = "syslog";
|
|
|
|
|
description = lib.mdDoc ''
|
|
|
|
|
Logging backend to use.
|
|
|
|
|
systemd requires the php-systemd package to be added to services.nextcloud.phpExtraExtensions.
|
|
|
|
|
See the [nextcloud documentation](https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/logging_configuration.html) for details.
|
|
|
|
|
'';
|
|
|
|
|
};
|
2018-06-29 17:17:54 +00:00
|
|
|
|
https = mkOption {
|
|
|
|
|
type = types.bool;
|
|
|
|
|
default = false;
|
2023-08-04 03:51:12 +00:00
|
|
|
|
description = lib.mdDoc "Use HTTPS for generated links.";
|
2018-06-29 17:17:54 +00:00
|
|
|
|
};
|
2020-03-14 03:07:30 +00:00
|
|
|
|
package = mkOption {
|
|
|
|
|
type = types.package;
|
|
|
|
|
description = lib.mdDoc "Which package to use for the Nextcloud instance.";
|
2023-10-07 14:16:42 +00:00
|
|
|
|
relatedPackages = [ "nextcloud26" "nextcloud27" ];
|
2020-03-14 03:07:30 +00:00
|
|
|
|
};
|
2021-10-01 15:03:09 +00:00
|
|
|
|
phpPackage = mkOption {
|
|
|
|
|
type = types.package;
|
2023-06-21 20:09:16 +00:00
|
|
|
|
relatedPackages = [ "php81" "php82" ];
|
2021-10-01 15:03:09 +00:00
|
|
|
|
defaultText = "pkgs.php";
|
|
|
|
|
description = lib.mdDoc ''
|
|
|
|
|
PHP package to use for Nextcloud.
|
|
|
|
|
'';
|
2020-03-14 03:07:30 +00:00
|
|
|
|
};
|
2018-06-29 17:17:54 +00:00
|
|
|
|
|
|
|
|
|
maxUploadSize = mkOption {
|
|
|
|
|
default = "512M";
|
|
|
|
|
type = types.str;
|
|
|
|
|
description = lib.mdDoc ''
|
2023-08-04 03:51:12 +00:00
|
|
|
|
The upload limit for files. This changes the relevant options
|
2018-06-29 17:17:54 +00:00
|
|
|
|
in php.ini and nginx if enabled.
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
skeletonDirectory = mkOption {
|
|
|
|
|
default = "";
|
|
|
|
|
type = types.str;
|
|
|
|
|
description = lib.mdDoc ''
|
|
|
|
|
The directory where the skeleton files are located. These files will be
|
|
|
|
|
copied to the data directory of new users. Leave empty to not copy any
|
|
|
|
|
skeleton files.
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
webfinger = mkOption {
|
|
|
|
|
type = types.bool;
|
|
|
|
|
default = false;
|
|
|
|
|
description = lib.mdDoc ''
|
|
|
|
|
Enable this option if you plan on using the webfinger plugin.
|
|
|
|
|
The appropriate nginx rewrite rules will be added to your configuration.
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
2021-01-09 16:53:30 +00:00
|
|
|
|
phpExtraExtensions = mkOption {
|
|
|
|
|
type = with types; functionTo (listOf package);
|
|
|
|
|
default = all: [];
|
2021-10-03 16:06:03 +00:00
|
|
|
|
defaultText = literalExpression "all: []";
|
2021-01-09 16:53:30 +00:00
|
|
|
|
description = lib.mdDoc ''
|
2023-08-04 03:51:12 +00:00
|
|
|
|
Additional PHP extensions to use for Nextcloud.
|
|
|
|
|
By default, only extensions necessary for a vanilla Nextcloud installation are enabled,
|
2021-01-09 16:53:30 +00:00
|
|
|
|
but you may choose from the list of available extensions and add further ones.
|
2023-08-04 03:51:12 +00:00
|
|
|
|
This is sometimes necessary to be able to install a certain Nextcloud app that has additional requirements.
|
2021-01-09 16:53:30 +00:00
|
|
|
|
'';
|
2021-10-03 16:06:03 +00:00
|
|
|
|
example = literalExpression ''
|
2021-01-09 16:53:30 +00:00
|
|
|
|
all: [ all.pdlib all.bz2 ]
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
2018-06-29 17:17:54 +00:00
|
|
|
|
phpOptions = mkOption {
|
|
|
|
|
type = types.attrsOf types.str;
|
2023-08-05 09:23:58 +00:00
|
|
|
|
defaultText = literalExpression (generators.toPretty { } defaultPHPSettings);
|
2018-06-29 17:17:54 +00:00
|
|
|
|
description = lib.mdDoc ''
|
|
|
|
|
Options for PHP's php.ini file for nextcloud.
|
2023-08-05 09:23:58 +00:00
|
|
|
|
|
|
|
|
|
Please note that this option is _additive_ on purpose while the
|
|
|
|
|
attribute values inside the default are option defaults: that means that
|
|
|
|
|
|
|
|
|
|
```nix
|
|
|
|
|
{
|
|
|
|
|
services.nextcloud.phpOptions."opcache.interned_strings_buffer" = "23";
|
|
|
|
|
}
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
will override the `php.ini` option `opcache.interned_strings_buffer` without
|
|
|
|
|
discarding the rest of the defaults.
|
|
|
|
|
|
|
|
|
|
Overriding all of `phpOptions` (including `upload_max_filesize`, `post_max_size`
|
|
|
|
|
and `memory_limit` which all point to [](#opt-services.nextcloud.maxUploadSize)
|
|
|
|
|
by default) can be done like this:
|
|
|
|
|
|
|
|
|
|
```nix
|
|
|
|
|
{
|
|
|
|
|
services.nextcloud.phpOptions = lib.mkForce {
|
|
|
|
|
/* ... */
|
|
|
|
|
};
|
|
|
|
|
}
|
|
|
|
|
```
|
2018-06-29 17:17:54 +00:00
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
2019-09-10 17:33:00 +00:00
|
|
|
|
poolSettings = mkOption {
|
|
|
|
|
type = with types; attrsOf (oneOf [ str int bool ]);
|
|
|
|
|
default = {
|
|
|
|
|
"pm" = "dynamic";
|
|
|
|
|
"pm.max_children" = "32";
|
|
|
|
|
"pm.start_servers" = "2";
|
|
|
|
|
"pm.min_spare_servers" = "2";
|
|
|
|
|
"pm.max_spare_servers" = "4";
|
|
|
|
|
"pm.max_requests" = "500";
|
|
|
|
|
};
|
|
|
|
|
description = lib.mdDoc ''
|
|
|
|
|
Options for nextcloud's PHP pool. See the documentation on `php-fpm.conf` for details on configuration directives.
|
2018-10-11 14:13:23 +00:00
|
|
|
|
'';
|
2019-09-10 17:33:00 +00:00
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
poolConfig = mkOption {
|
|
|
|
|
type = types.nullOr types.lines;
|
|
|
|
|
default = null;
|
2018-10-11 14:13:23 +00:00
|
|
|
|
description = lib.mdDoc ''
|
2023-08-04 03:51:12 +00:00
|
|
|
|
Options for Nextcloud's PHP pool. See the documentation on `php-fpm.conf` for details on configuration directives.
|
2018-10-11 14:13:23 +00:00
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
2022-08-04 08:52:25 +00:00
|
|
|
|
fastcgiTimeout = mkOption {
|
|
|
|
|
type = types.int;
|
|
|
|
|
default = 120;
|
|
|
|
|
description = lib.mdDoc ''
|
|
|
|
|
FastCGI timeout for database connection in seconds.
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
2021-12-15 14:56:19 +00:00
|
|
|
|
database = {
|
|
|
|
|
|
|
|
|
|
createLocally = mkOption {
|
|
|
|
|
type = types.bool;
|
2023-05-09 14:51:39 +00:00
|
|
|
|
default = false;
|
2021-12-15 14:56:19 +00:00
|
|
|
|
description = lib.mdDoc ''
|
2023-08-04 03:51:12 +00:00
|
|
|
|
Whether to create the database and database user locally.
|
2021-12-15 14:56:19 +00:00
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
2018-06-29 17:17:54 +00:00
|
|
|
|
config = {
|
|
|
|
|
dbtype = mkOption {
|
|
|
|
|
type = types.enum [ "sqlite" "pgsql" "mysql" ];
|
|
|
|
|
default = "sqlite";
|
|
|
|
|
description = lib.mdDoc "Database type.";
|
|
|
|
|
};
|
|
|
|
|
dbname = mkOption {
|
|
|
|
|
type = types.nullOr types.str;
|
|
|
|
|
default = "nextcloud";
|
|
|
|
|
description = lib.mdDoc "Database name.";
|
|
|
|
|
};
|
|
|
|
|
dbuser = mkOption {
|
|
|
|
|
type = types.nullOr types.str;
|
2020-07-26 08:54:23 +00:00
|
|
|
|
default = "nextcloud";
|
2018-06-29 17:17:54 +00:00
|
|
|
|
description = lib.mdDoc "Database user.";
|
|
|
|
|
};
|
|
|
|
|
dbpassFile = mkOption {
|
|
|
|
|
type = types.nullOr types.str;
|
|
|
|
|
default = null;
|
|
|
|
|
description = lib.mdDoc ''
|
|
|
|
|
The full path to a file that contains the database password.
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
dbhost = mkOption {
|
|
|
|
|
type = types.nullOr types.str;
|
2023-04-30 17:34:42 +00:00
|
|
|
|
default =
|
|
|
|
|
if pgsqlLocal then "/run/postgresql"
|
|
|
|
|
else if mysqlLocal then "localhost:/run/mysqld/mysqld.sock"
|
|
|
|
|
else "localhost";
|
|
|
|
|
defaultText = "localhost";
|
2018-11-10 03:30:54 +00:00
|
|
|
|
description = lib.mdDoc ''
|
2023-08-04 03:51:12 +00:00
|
|
|
|
Database host or socket path.
|
|
|
|
|
If [](#opt-services.nextcloud.database.createLocally) is true and
|
|
|
|
|
[](#opt-services.nextcloud.config.dbtype) is either `pgsql` or `mysql`,
|
|
|
|
|
defaults to the correct Unix socket instead.
|
2018-11-10 03:30:54 +00:00
|
|
|
|
'';
|
2018-06-29 17:17:54 +00:00
|
|
|
|
};
|
|
|
|
|
dbport = mkOption {
|
|
|
|
|
type = with types; nullOr (either int str);
|
|
|
|
|
default = null;
|
|
|
|
|
description = lib.mdDoc "Database port.";
|
|
|
|
|
};
|
|
|
|
|
dbtableprefix = mkOption {
|
|
|
|
|
type = types.nullOr types.str;
|
|
|
|
|
default = null;
|
2023-08-04 03:51:12 +00:00
|
|
|
|
description = lib.mdDoc "Table prefix in Nextcloud's database.";
|
2018-06-29 17:17:54 +00:00
|
|
|
|
};
|
|
|
|
|
adminuser = mkOption {
|
|
|
|
|
type = types.str;
|
|
|
|
|
default = "root";
|
2023-08-07 10:16:41 +00:00
|
|
|
|
description = lib.mdDoc ''
|
|
|
|
|
Username for the admin account. The username is only set during the
|
|
|
|
|
initial setup of Nextcloud! Since the username also acts as unique
|
|
|
|
|
ID internally, it cannot be changed later!
|
|
|
|
|
'';
|
2018-06-29 17:17:54 +00:00
|
|
|
|
};
|
|
|
|
|
adminpassFile = mkOption {
|
2021-10-08 16:30:57 +00:00
|
|
|
|
type = types.str;
|
2018-06-29 17:17:54 +00:00
|
|
|
|
description = lib.mdDoc ''
|
2021-01-12 18:31:14 +00:00
|
|
|
|
The full path to a file that contains the admin's password. Must be
|
2023-06-01 12:43:51 +00:00
|
|
|
|
readable by user `nextcloud`. The password is set only in the initial
|
2023-08-04 03:51:12 +00:00
|
|
|
|
setup of Nextcloud by the systemd service `nextcloud-setup.service`.
|
2018-06-29 17:17:54 +00:00
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
extraTrustedDomains = mkOption {
|
|
|
|
|
type = types.listOf types.str;
|
|
|
|
|
default = [];
|
|
|
|
|
description = lib.mdDoc ''
|
2023-08-04 03:51:12 +00:00
|
|
|
|
Trusted domains from which the Nextcloud installation will be
|
2022-12-18 00:31:14 +00:00
|
|
|
|
accessible. You don't need to add
|
2018-06-29 17:17:54 +00:00
|
|
|
|
`services.nextcloud.hostname` here.
|
|
|
|
|
'';
|
|
|
|
|
};
|
2019-02-27 21:14:35 +00:00
|
|
|
|
|
2020-01-11 14:43:43 +00:00
|
|
|
|
trustedProxies = mkOption {
|
|
|
|
|
type = types.listOf types.str;
|
|
|
|
|
default = [];
|
|
|
|
|
description = lib.mdDoc ''
|
2023-08-04 03:51:12 +00:00
|
|
|
|
Trusted proxies to provide if the Nextcloud installation is being
|
|
|
|
|
proxied to secure against, e.g. spoofing.
|
2020-01-11 14:43:43 +00:00
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
2019-02-27 21:14:35 +00:00
|
|
|
|
overwriteProtocol = mkOption {
|
|
|
|
|
type = types.nullOr (types.enum [ "http" "https" ]);
|
|
|
|
|
default = null;
|
|
|
|
|
example = "https";
|
|
|
|
|
|
|
|
|
|
description = lib.mdDoc ''
|
2023-08-04 03:51:12 +00:00
|
|
|
|
Force Nextcloud to always use HTTP or HTTPS i.e. for link generation.
|
|
|
|
|
Nextcloud uses the currently used protocol by default, but when
|
|
|
|
|
behind a reverse-proxy, it may use `http` for everything although
|
|
|
|
|
Nextcloud may be served via HTTPS.
|
2019-02-27 21:14:35 +00:00
|
|
|
|
'';
|
|
|
|
|
};
|
2021-02-24 21:27:39 +00:00
|
|
|
|
|
|
|
|
|
defaultPhoneRegion = mkOption {
|
|
|
|
|
default = null;
|
|
|
|
|
type = types.nullOr types.str;
|
|
|
|
|
example = "DE";
|
|
|
|
|
description = lib.mdDoc ''
|
2023-08-04 03:51:12 +00:00
|
|
|
|
An [ISO 3166-1](https://www.iso.org/iso-3166-country-codes.html)
|
|
|
|
|
country code which replaces automatic phone-number detection
|
|
|
|
|
without a country code.
|
2021-02-24 21:27:39 +00:00
|
|
|
|
|
2023-08-04 03:51:12 +00:00
|
|
|
|
As an example, with `DE` set as the default phone region,
|
|
|
|
|
the `+49` prefix can be omitted for phone numbers.
|
2021-02-24 21:27:39 +00:00
|
|
|
|
'';
|
|
|
|
|
};
|
2021-09-27 07:04:29 +00:00
|
|
|
|
|
2021-10-03 03:41:02 +00:00
|
|
|
|
objectstore = {
|
|
|
|
|
s3 = {
|
|
|
|
|
enable = mkEnableOption (lib.mdDoc ''
|
|
|
|
|
S3 object storage as primary storage.
|
|
|
|
|
|
|
|
|
|
This mounts a bucket on an Amazon S3 object storage or compatible
|
|
|
|
|
implementation into the virtual filesystem.
|
|
|
|
|
|
2021-10-06 15:33:31 +00:00
|
|
|
|
Further details about this feature can be found in the
|
|
|
|
|
[upstream documentation](https://docs.nextcloud.com/server/22/admin_manual/configuration_files/primary_storage.html).
|
2021-10-03 03:41:02 +00:00
|
|
|
|
'');
|
2021-09-27 07:04:29 +00:00
|
|
|
|
bucket = mkOption {
|
|
|
|
|
type = types.str;
|
|
|
|
|
example = "nextcloud";
|
|
|
|
|
description = lib.mdDoc ''
|
|
|
|
|
The name of the S3 bucket.
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
autocreate = mkOption {
|
|
|
|
|
type = types.bool;
|
|
|
|
|
description = lib.mdDoc ''
|
|
|
|
|
Create the objectstore if it does not exist.
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
key = mkOption {
|
|
|
|
|
type = types.str;
|
|
|
|
|
example = "EJ39ITYZEUH5BGWDRUFY";
|
|
|
|
|
description = lib.mdDoc ''
|
|
|
|
|
The access key for the S3 bucket.
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
secretFile = mkOption {
|
2021-09-28 02:09:05 +00:00
|
|
|
|
type = types.str;
|
2021-09-27 07:04:29 +00:00
|
|
|
|
example = "/var/nextcloud-objectstore-s3-secret";
|
|
|
|
|
description = lib.mdDoc ''
|
|
|
|
|
The full path to a file that contains the access secret. Must be
|
|
|
|
|
readable by user `nextcloud`.
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
hostname = mkOption {
|
|
|
|
|
type = types.nullOr types.str;
|
|
|
|
|
default = null;
|
|
|
|
|
example = "example.com";
|
|
|
|
|
description = lib.mdDoc ''
|
|
|
|
|
Required for some non-Amazon implementations.
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
port = mkOption {
|
|
|
|
|
type = types.nullOr types.port;
|
|
|
|
|
default = null;
|
|
|
|
|
description = lib.mdDoc ''
|
|
|
|
|
Required for some non-Amazon implementations.
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
useSsl = mkOption {
|
2021-10-03 03:50:25 +00:00
|
|
|
|
type = types.bool;
|
|
|
|
|
default = true;
|
2021-09-27 07:04:29 +00:00
|
|
|
|
description = lib.mdDoc ''
|
|
|
|
|
Use SSL for objectstore access.
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
region = mkOption {
|
|
|
|
|
type = types.nullOr types.str;
|
|
|
|
|
default = null;
|
|
|
|
|
example = "REGION";
|
|
|
|
|
description = lib.mdDoc ''
|
|
|
|
|
Required for some non-Amazon implementations.
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
usePathStyle = mkOption {
|
|
|
|
|
type = types.bool;
|
|
|
|
|
default = false;
|
|
|
|
|
description = lib.mdDoc ''
|
|
|
|
|
Required for some non-Amazon S3 implementations.
|
|
|
|
|
|
|
|
|
|
Ordinarily, requests will be made with
|
2021-10-06 15:33:31 +00:00
|
|
|
|
`http://bucket.hostname.domain/`, but with path style
|
2021-09-27 07:04:29 +00:00
|
|
|
|
enabled requests are made with
|
2021-10-06 15:33:31 +00:00
|
|
|
|
`http://hostname.domain/bucket` instead.
|
2021-09-27 07:04:29 +00:00
|
|
|
|
'';
|
|
|
|
|
};
|
2023-02-22 17:57:07 +00:00
|
|
|
|
sseCKeyFile = mkOption {
|
|
|
|
|
type = types.nullOr types.path;
|
|
|
|
|
default = null;
|
|
|
|
|
example = "/var/nextcloud-objectstore-s3-sse-c-key";
|
|
|
|
|
description = lib.mdDoc ''
|
|
|
|
|
If provided this is the full path to a file that contains the key
|
|
|
|
|
to enable [server-side encryption with customer-provided keys][1]
|
|
|
|
|
(SSE-C).
|
|
|
|
|
|
|
|
|
|
The file must contain a random 32-byte key encoded as a base64
|
|
|
|
|
string, e.g. generated with the command
|
|
|
|
|
|
|
|
|
|
```
|
|
|
|
|
openssl rand 32 | base64
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
Must be readable by user `nextcloud`.
|
|
|
|
|
|
|
|
|
|
[1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/ServerSideEncryptionCustomerKeys.html
|
|
|
|
|
'';
|
|
|
|
|
};
|
2021-09-27 07:04:29 +00:00
|
|
|
|
};
|
|
|
|
|
};
|
2018-06-29 17:17:54 +00:00
|
|
|
|
};
|
|
|
|
|
|
2021-04-22 00:17:12 +00:00
|
|
|
|
enableImagemagick = mkEnableOption (lib.mdDoc ''
|
2021-10-06 15:33:31 +00:00
|
|
|
|
the ImageMagick module for PHP.
|
2021-03-08 00:06:48 +00:00
|
|
|
|
This is used by the theming app and for generating previews of certain images (e.g. SVG and HEIF).
|
2021-03-08 23:02:33 +00:00
|
|
|
|
You may want to disable it for increased security. In that case, previews will still be available
|
2021-03-08 00:06:48 +00:00
|
|
|
|
for some images (e.g. JPEG and PNG).
|
2021-10-08 16:30:57 +00:00
|
|
|
|
See <https://github.com/nextcloud/server/issues/13099>.
|
2021-04-22 00:17:12 +00:00
|
|
|
|
'') // {
|
|
|
|
|
default = true;
|
2021-03-08 00:06:48 +00:00
|
|
|
|
};
|
|
|
|
|
|
2023-04-15 15:52:18 +00:00
|
|
|
|
configureRedis = lib.mkOption {
|
|
|
|
|
type = lib.types.bool;
|
|
|
|
|
default = config.services.nextcloud.notify_push.enable;
|
|
|
|
|
defaultText = literalExpression "config.services.nextcloud.notify_push.enable";
|
|
|
|
|
description = lib.mdDoc ''
|
2023-08-04 03:51:12 +00:00
|
|
|
|
Whether to configure Nextcloud to use the recommended Redis settings for small instances.
|
2023-04-15 15:52:18 +00:00
|
|
|
|
|
|
|
|
|
::: {.note}
|
2023-08-04 03:51:12 +00:00
|
|
|
|
The `notify_push` app requires Redis to be configured. If this option is turned off, this must be configured manually.
|
2023-04-15 15:52:18 +00:00
|
|
|
|
:::
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
2018-06-29 17:17:54 +00:00
|
|
|
|
caching = {
|
|
|
|
|
apcu = mkOption {
|
|
|
|
|
type = types.bool;
|
|
|
|
|
default = true;
|
|
|
|
|
description = lib.mdDoc ''
|
|
|
|
|
Whether to load the APCu module into PHP.
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
redis = mkOption {
|
|
|
|
|
type = types.bool;
|
|
|
|
|
default = false;
|
|
|
|
|
description = lib.mdDoc ''
|
|
|
|
|
Whether to load the Redis module into PHP.
|
|
|
|
|
You still need to enable Redis in your config.php.
|
|
|
|
|
See https://docs.nextcloud.com/server/14/admin_manual/configuration_server/caching_configuration.html
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
memcached = mkOption {
|
|
|
|
|
type = types.bool;
|
|
|
|
|
default = false;
|
|
|
|
|
description = lib.mdDoc ''
|
|
|
|
|
Whether to load the Memcached module into PHP.
|
|
|
|
|
You still need to enable Memcached in your config.php.
|
|
|
|
|
See https://docs.nextcloud.com/server/14/admin_manual/configuration_server/caching_configuration.html
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
};
|
2019-05-19 17:58:19 +00:00
|
|
|
|
autoUpdateApps = {
|
|
|
|
|
enable = mkOption {
|
|
|
|
|
type = types.bool;
|
|
|
|
|
default = false;
|
|
|
|
|
description = lib.mdDoc ''
|
2023-08-04 03:51:12 +00:00
|
|
|
|
Run a regular auto-update of all apps installed from the Nextcloud app store.
|
2019-05-19 17:58:19 +00:00
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
startAt = mkOption {
|
|
|
|
|
type = with types; either str (listOf str);
|
|
|
|
|
default = "05:00:00";
|
|
|
|
|
example = "Sun 14:00:00";
|
|
|
|
|
description = lib.mdDoc ''
|
|
|
|
|
When to run the update. See `systemd.services.<name>.startAt`.
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
};
|
2020-06-20 07:55:02 +00:00
|
|
|
|
occ = mkOption {
|
|
|
|
|
type = types.package;
|
|
|
|
|
default = occ;
|
2022-08-20 20:27:20 +00:00
|
|
|
|
defaultText = literalMD "generated script";
|
2020-06-20 07:55:02 +00:00
|
|
|
|
internal = true;
|
|
|
|
|
description = lib.mdDoc ''
|
|
|
|
|
The nextcloud-occ program preconfigured to target this Nextcloud instance.
|
|
|
|
|
'';
|
|
|
|
|
};
|
2022-04-23 11:17:51 +00:00
|
|
|
|
globalProfiles = mkEnableOption (lib.mdDoc "global profiles") // {
|
|
|
|
|
description = lib.mdDoc ''
|
|
|
|
|
Makes user-profiles globally available under `nextcloud.tld/u/user.name`.
|
|
|
|
|
Even though it's enabled by default in Nextcloud, it must be explicitly enabled
|
|
|
|
|
here because it has the side-effect that personal information is even accessible to
|
|
|
|
|
unauthenticated users by default.
|
|
|
|
|
|
2022-08-13 09:54:57 +00:00
|
|
|
|
By default, the following properties are set to “Show to everyone”
|
2022-04-23 11:17:51 +00:00
|
|
|
|
if this flag is enabled:
|
|
|
|
|
- About
|
|
|
|
|
- Full name
|
|
|
|
|
- Headline
|
|
|
|
|
- Organisation
|
|
|
|
|
- Profile picture
|
|
|
|
|
- Role
|
|
|
|
|
- Twitter
|
|
|
|
|
- Website
|
|
|
|
|
|
|
|
|
|
Only has an effect in Nextcloud 23 and later.
|
|
|
|
|
'';
|
|
|
|
|
};
|
2021-03-30 16:20:28 +00:00
|
|
|
|
|
|
|
|
|
extraOptions = mkOption {
|
2021-03-31 12:56:14 +00:00
|
|
|
|
type = jsonFormat.type;
|
2021-03-30 16:20:28 +00:00
|
|
|
|
default = {};
|
|
|
|
|
description = lib.mdDoc ''
|
2023-08-04 03:51:12 +00:00
|
|
|
|
Extra options which should be appended to Nextcloud's config.php file.
|
2021-03-30 16:20:28 +00:00
|
|
|
|
'';
|
2022-07-05 22:08:29 +00:00
|
|
|
|
example = literalExpression '' {
|
2021-03-30 16:20:28 +00:00
|
|
|
|
redis = {
|
|
|
|
|
host = "/run/redis/redis.sock";
|
|
|
|
|
port = 0;
|
|
|
|
|
dbindex = 0;
|
|
|
|
|
password = "secret";
|
|
|
|
|
timeout = 1.5;
|
|
|
|
|
};
|
2022-04-24 13:47:29 +00:00
|
|
|
|
} '';
|
2021-03-30 16:20:28 +00:00
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
secretFile = mkOption {
|
|
|
|
|
type = types.nullOr types.str;
|
|
|
|
|
default = null;
|
|
|
|
|
description = lib.mdDoc ''
|
2023-08-04 03:51:12 +00:00
|
|
|
|
Secret options which will be appended to Nextcloud's config.php file (written as JSON, in the same
|
2021-03-31 12:56:14 +00:00
|
|
|
|
form as the [](#opt-services.nextcloud.extraOptions) option), for example
|
2022-08-13 09:47:02 +00:00
|
|
|
|
`{"redis":{"password":"secret"}}`.
|
2021-03-30 16:20:28 +00:00
|
|
|
|
'';
|
|
|
|
|
};
|
2022-07-05 22:08:29 +00:00
|
|
|
|
|
2022-05-13 20:12:36 +00:00
|
|
|
|
nginx = {
|
|
|
|
|
recommendedHttpHeaders = mkOption {
|
|
|
|
|
type = types.bool;
|
|
|
|
|
default = true;
|
|
|
|
|
description = lib.mdDoc "Enable additional recommended HTTP response headers";
|
|
|
|
|
};
|
|
|
|
|
hstsMaxAge = mkOption {
|
|
|
|
|
type = types.ints.positive;
|
|
|
|
|
default = 15552000;
|
|
|
|
|
description = lib.mdDoc ''
|
|
|
|
|
Value for the `max-age` directive of the HTTP
|
|
|
|
|
`Strict-Transport-Security` header.
|
|
|
|
|
|
|
|
|
|
See section 6.1.1 of IETF RFC 6797 for detailed information on this
|
|
|
|
|
directive and header.
|
|
|
|
|
'';
|
|
|
|
|
};
|
2022-01-18 16:12:50 +00:00
|
|
|
|
};
|
2018-06-29 17:17:54 +00:00
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
config = mkIf cfg.enable (mkMerge [
|
2021-10-27 10:54:04 +00:00
|
|
|
|
{ warnings = let
|
2023-06-14 11:59:43 +00:00
|
|
|
|
latest = 27;
|
2020-10-04 21:37:19 +00:00
|
|
|
|
upgradeWarning = major: nixos:
|
|
|
|
|
''
|
|
|
|
|
A legacy Nextcloud install (from before NixOS ${nixos}) may be installed.
|
|
|
|
|
|
|
|
|
|
After nextcloud${toString major} is installed successfully, you can safely upgrade
|
2023-08-04 03:51:12 +00:00
|
|
|
|
to ${toString (major + 1)}. The latest version available is Nextcloud${toString latest}.
|
2020-10-04 21:37:19 +00:00
|
|
|
|
|
|
|
|
|
Please note that Nextcloud doesn't support upgrades across multiple major versions
|
|
|
|
|
(i.e. an upgrade from 16 is possible to 17, but not 16 to 18).
|
|
|
|
|
|
|
|
|
|
The package can be upgraded by explicitly declaring the service-option
|
|
|
|
|
`services.nextcloud.package`.
|
|
|
|
|
'';
|
2021-10-01 13:25:31 +00:00
|
|
|
|
|
2020-10-04 21:37:19 +00:00
|
|
|
|
in (optional (cfg.poolConfig != null) ''
|
2020-03-14 03:07:30 +00:00
|
|
|
|
Using config.services.nextcloud.poolConfig is deprecated and will become unsupported in a future release.
|
|
|
|
|
Please migrate your configuration to config.services.nextcloud.poolSettings.
|
|
|
|
|
'')
|
2022-10-23 14:31:22 +00:00
|
|
|
|
++ (optional (versionOlder cfg.package.version "25") (upgradeWarning 24 "22.11"))
|
2023-03-21 15:54:17 +00:00
|
|
|
|
++ (optional (versionOlder cfg.package.version "26") (upgradeWarning 25 "23.05"))
|
2023-10-09 08:47:17 +00:00
|
|
|
|
++ (optional (versionOlder cfg.package.version "27") (upgradeWarning 26 "23.11"));
|
2020-03-14 03:07:30 +00:00
|
|
|
|
|
|
|
|
|
services.nextcloud.package = with pkgs;
|
|
|
|
|
mkDefault (
|
|
|
|
|
if pkgs ? nextcloud
|
|
|
|
|
then throw ''
|
|
|
|
|
The `pkgs.nextcloud`-attribute has been removed. If it's supposed to be the default
|
|
|
|
|
nextcloud defined in an overlay, please set `services.nextcloud.package` to
|
|
|
|
|
`pkgs.nextcloud`.
|
|
|
|
|
''
|
2022-10-23 14:31:22 +00:00
|
|
|
|
else if versionOlder stateVersion "22.11" then nextcloud24
|
2023-03-21 15:54:17 +00:00
|
|
|
|
else if versionOlder stateVersion "23.05" then nextcloud25
|
2023-06-14 11:59:43 +00:00
|
|
|
|
else if versionOlder stateVersion "23.11" then nextcloud26
|
|
|
|
|
else nextcloud27
|
2020-03-14 03:07:30 +00:00
|
|
|
|
);
|
2021-10-01 15:03:09 +00:00
|
|
|
|
|
|
|
|
|
services.nextcloud.phpPackage =
|
2023-03-22 18:57:23 +00:00
|
|
|
|
if versionOlder cfg.package.version "26" then pkgs.php81
|
|
|
|
|
else pkgs.php82;
|
2023-08-05 09:23:58 +00:00
|
|
|
|
|
|
|
|
|
services.nextcloud.phpOptions = mkMerge [
|
|
|
|
|
(mapAttrs (const mkOptionDefault) defaultPHPSettings)
|
|
|
|
|
{
|
|
|
|
|
upload_max_filesize = cfg.maxUploadSize;
|
|
|
|
|
post_max_size = cfg.maxUploadSize;
|
|
|
|
|
memory_limit = cfg.maxUploadSize;
|
|
|
|
|
}
|
|
|
|
|
(mkIf cfg.caching.apcu {
|
|
|
|
|
"apc.enable_cli" = "1";
|
|
|
|
|
})
|
|
|
|
|
];
|
2018-06-29 17:17:54 +00:00
|
|
|
|
}
|
|
|
|
|
|
2021-12-15 14:56:19 +00:00
|
|
|
|
{ assertions = [
|
2023-04-30 17:34:42 +00:00
|
|
|
|
{ assertion = cfg.database.createLocally -> cfg.config.dbpassFile == null;
|
|
|
|
|
message = ''
|
2023-05-09 14:51:39 +00:00
|
|
|
|
Using `services.nextcloud.database.createLocally` with database
|
|
|
|
|
password authentication is no longer supported.
|
2023-04-30 17:34:42 +00:00
|
|
|
|
|
|
|
|
|
If you use an external database (or want to use password auth for any
|
|
|
|
|
other reason), set `services.nextcloud.database.createLocally` to
|
|
|
|
|
`false`. The database won't be managed for you (use `services.mysql`
|
|
|
|
|
if you want to set it up).
|
|
|
|
|
|
|
|
|
|
If you want this module to manage your nextcloud database for you,
|
|
|
|
|
unset `services.nextcloud.config.dbpassFile` and
|
|
|
|
|
`services.nextcloud.config.dbhost` to use socket authentication
|
|
|
|
|
instead of password.
|
|
|
|
|
'';
|
2021-12-15 14:56:19 +00:00
|
|
|
|
}
|
|
|
|
|
]; }
|
|
|
|
|
|
2019-08-13 21:52:01 +00:00
|
|
|
|
{ systemd.timers.nextcloud-cron = {
|
2018-06-29 17:17:54 +00:00
|
|
|
|
wantedBy = [ "timers.target" ];
|
2022-06-26 18:29:59 +00:00
|
|
|
|
after = [ "nextcloud-setup.service" ];
|
2018-06-29 17:17:54 +00:00
|
|
|
|
timerConfig.OnBootSec = "5m";
|
2021-10-30 12:22:09 +00:00
|
|
|
|
timerConfig.OnUnitActiveSec = "5m";
|
2018-06-29 17:17:54 +00:00
|
|
|
|
timerConfig.Unit = "nextcloud-cron.service";
|
|
|
|
|
};
|
|
|
|
|
|
2021-02-10 10:03:38 +00:00
|
|
|
|
systemd.tmpfiles.rules = ["d ${cfg.home} 0750 nextcloud nextcloud"];
|
|
|
|
|
|
2018-06-29 17:17:54 +00:00
|
|
|
|
systemd.services = {
|
2020-06-03 16:57:14 +00:00
|
|
|
|
# When upgrading the Nextcloud package, Nextcloud can report errors such as
|
|
|
|
|
# "The files of the app [all apps in /var/lib/nextcloud/apps] were not replaced correctly"
|
|
|
|
|
# Restarting phpfpm on Nextcloud package update fixes these issues (but this is a workaround).
|
|
|
|
|
phpfpm-nextcloud.restartTriggers = [ cfg.package ];
|
|
|
|
|
|
2019-08-13 21:52:01 +00:00
|
|
|
|
nextcloud-setup = let
|
2019-06-28 15:54:11 +00:00
|
|
|
|
c = cfg.config;
|
2022-12-18 00:31:14 +00:00
|
|
|
|
writePhpArray = a: "[${concatMapStringsSep "," (val: ''"${toString val}"'') a}]";
|
2021-10-03 03:41:02 +00:00
|
|
|
|
requiresReadSecretFunction = c.dbpassFile != null || c.objectstore.s3.enable;
|
2021-10-05 07:07:44 +00:00
|
|
|
|
objectstoreConfig = let s3 = c.objectstore.s3; in optionalString s3.enable ''
|
|
|
|
|
'objectstore' => [
|
|
|
|
|
'class' => '\\OC\\Files\\ObjectStore\\S3',
|
|
|
|
|
'arguments' => [
|
|
|
|
|
'bucket' => '${s3.bucket}',
|
|
|
|
|
'autocreate' => ${boolToString s3.autocreate},
|
|
|
|
|
'key' => '${s3.key}',
|
|
|
|
|
'secret' => nix_read_secret('${s3.secretFile}'),
|
|
|
|
|
${optionalString (s3.hostname != null) "'hostname' => '${s3.hostname}',"}
|
|
|
|
|
${optionalString (s3.port != null) "'port' => ${toString s3.port},"}
|
|
|
|
|
'use_ssl' => ${boolToString s3.useSsl},
|
|
|
|
|
${optionalString (s3.region != null) "'region' => '${s3.region}',"}
|
|
|
|
|
'use_path_style' => ${boolToString s3.usePathStyle},
|
2023-02-22 17:57:07 +00:00
|
|
|
|
${optionalString (s3.sseCKeyFile != null) "'sse_c_key' => nix_read_secret('${s3.sseCKeyFile}'),"}
|
2021-10-05 07:07:44 +00:00
|
|
|
|
],
|
|
|
|
|
]
|
|
|
|
|
'';
|
2021-10-03 03:41:02 +00:00
|
|
|
|
|
2021-10-09 20:36:35 +00:00
|
|
|
|
showAppStoreSetting = cfg.appstoreEnable != null || cfg.extraApps != {};
|
|
|
|
|
renderedAppStoreSetting =
|
|
|
|
|
let
|
|
|
|
|
x = cfg.appstoreEnable;
|
|
|
|
|
in
|
|
|
|
|
if x == null then "false"
|
|
|
|
|
else boolToString x;
|
|
|
|
|
|
2022-04-23 11:17:51 +00:00
|
|
|
|
nextcloudGreaterOrEqualThan = req: versionAtLeast cfg.package.version req;
|
|
|
|
|
|
2018-06-29 17:17:54 +00:00
|
|
|
|
overrideConfig = pkgs.writeText "nextcloud-config.php" ''
|
|
|
|
|
<?php
|
2021-09-27 07:04:29 +00:00
|
|
|
|
${optionalString requiresReadSecretFunction ''
|
|
|
|
|
function nix_read_secret($file) {
|
2019-06-28 15:54:11 +00:00
|
|
|
|
if (!file_exists($file)) {
|
|
|
|
|
throw new \RuntimeException(sprintf(
|
2021-10-03 07:29:13 +00:00
|
|
|
|
"Cannot start Nextcloud, secret file %s set by NixOS doesn't seem to "
|
2020-12-09 18:54:43 +00:00
|
|
|
|
. "exist! Please make sure that the file exists and has appropriate "
|
|
|
|
|
. "permissions for user & group 'nextcloud'!",
|
2019-06-28 15:54:11 +00:00
|
|
|
|
$file
|
|
|
|
|
));
|
|
|
|
|
}
|
|
|
|
|
return trim(file_get_contents($file));
|
2022-04-24 15:16:13 +00:00
|
|
|
|
}''}
|
|
|
|
|
function nix_decode_json_file($file, $error) {
|
|
|
|
|
if (!file_exists($file)) {
|
|
|
|
|
throw new \RuntimeException(sprintf($error, $file));
|
2019-06-28 15:54:11 +00:00
|
|
|
|
}
|
2022-04-24 15:16:13 +00:00
|
|
|
|
$decoded = json_decode(file_get_contents($file), true);
|
|
|
|
|
|
|
|
|
|
if (json_last_error() !== JSON_ERROR_NONE) {
|
|
|
|
|
throw new \RuntimeException(sprintf("Cannot decode %s, because: %s", $file, json_last_error_msg()));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return $decoded;
|
|
|
|
|
}
|
2018-06-29 17:17:54 +00:00
|
|
|
|
$CONFIG = [
|
|
|
|
|
'apps_paths' => [
|
2021-09-25 20:19:14 +00:00
|
|
|
|
${optionalString (cfg.extraApps != { }) "[ 'path' => '${cfg.home}/nix-apps', 'url' => '/nix-apps', 'writable' => false ],"}
|
2018-06-29 17:17:54 +00:00
|
|
|
|
[ 'path' => '${cfg.home}/apps', 'url' => '/apps', 'writable' => false ],
|
|
|
|
|
[ 'path' => '${cfg.home}/store-apps', 'url' => '/store-apps', 'writable' => true ],
|
|
|
|
|
],
|
2021-10-09 20:36:35 +00:00
|
|
|
|
${optionalString (showAppStoreSetting) "'appstoreenabled' => ${renderedAppStoreSetting},"}
|
2021-09-25 20:16:35 +00:00
|
|
|
|
'datadirectory' => '${datadir}/data',
|
2018-06-29 17:17:54 +00:00
|
|
|
|
'skeletondirectory' => '${cfg.skeletonDirectory}',
|
|
|
|
|
${optionalString cfg.caching.apcu "'memcache.local' => '\\OC\\Memcache\\APCu',"}
|
2022-10-27 21:30:59 +00:00
|
|
|
|
'log_type' => '${cfg.logType}',
|
2021-07-17 08:19:45 +00:00
|
|
|
|
'loglevel' => '${builtins.toString cfg.logLevel}',
|
2019-06-28 15:54:11 +00:00
|
|
|
|
${optionalString (c.overwriteProtocol != null) "'overwriteprotocol' => '${c.overwriteProtocol}',"}
|
|
|
|
|
${optionalString (c.dbname != null) "'dbname' => '${c.dbname}',"}
|
|
|
|
|
${optionalString (c.dbhost != null) "'dbhost' => '${c.dbhost}',"}
|
|
|
|
|
${optionalString (c.dbport != null) "'dbport' => '${toString c.dbport}',"}
|
|
|
|
|
${optionalString (c.dbuser != null) "'dbuser' => '${c.dbuser}',"}
|
|
|
|
|
${optionalString (c.dbtableprefix != null) "'dbtableprefix' => '${toString c.dbtableprefix}',"}
|
2021-08-01 18:39:29 +00:00
|
|
|
|
${optionalString (c.dbpassFile != null) ''
|
2022-07-05 22:05:31 +00:00
|
|
|
|
'dbpassword' => nix_read_secret(
|
|
|
|
|
"${c.dbpassFile}"
|
2021-08-01 18:39:29 +00:00
|
|
|
|
),
|
|
|
|
|
''
|
|
|
|
|
}
|
2019-06-28 15:54:11 +00:00
|
|
|
|
'dbtype' => '${c.dbtype}',
|
2022-12-18 00:31:14 +00:00
|
|
|
|
'trusted_domains' => ${writePhpArray ([ cfg.hostName ] ++ c.extraTrustedDomains)},
|
|
|
|
|
'trusted_proxies' => ${writePhpArray (c.trustedProxies)},
|
2021-02-24 21:27:39 +00:00
|
|
|
|
${optionalString (c.defaultPhoneRegion != null) "'default_phone_region' => '${c.defaultPhoneRegion}',"}
|
2022-05-28 18:14:12 +00:00
|
|
|
|
${optionalString (nextcloudGreaterOrEqualThan "23") "'profile.enabled' => ${boolToString cfg.globalProfiles},"}
|
2021-09-27 07:04:29 +00:00
|
|
|
|
${objectstoreConfig}
|
2018-06-29 17:17:54 +00:00
|
|
|
|
];
|
2021-03-30 16:20:28 +00:00
|
|
|
|
|
2022-06-30 20:21:43 +00:00
|
|
|
|
$CONFIG = array_replace_recursive($CONFIG, nix_decode_json_file(
|
2022-04-24 15:16:13 +00:00
|
|
|
|
"${jsonFormat.generate "nextcloud-extraOptions.json" cfg.extraOptions}",
|
2022-07-06 09:57:44 +00:00
|
|
|
|
"impossible: this should never happen (decoding generated extraOptions file %s failed)"
|
2022-06-30 20:21:43 +00:00
|
|
|
|
));
|
2022-04-24 13:47:29 +00:00
|
|
|
|
|
2021-08-01 18:39:29 +00:00
|
|
|
|
${optionalString (cfg.secretFile != null) ''
|
2022-04-24 15:16:13 +00:00
|
|
|
|
$CONFIG = array_replace_recursive($CONFIG, nix_decode_json_file(
|
|
|
|
|
"${cfg.secretFile}",
|
2021-08-01 18:39:29 +00:00
|
|
|
|
"Cannot start Nextcloud, secrets file %s set by NixOS doesn't exist!"
|
2022-04-24 15:16:13 +00:00
|
|
|
|
));
|
2021-08-01 18:39:29 +00:00
|
|
|
|
''}
|
2018-06-29 17:17:54 +00:00
|
|
|
|
'';
|
|
|
|
|
occInstallCmd = let
|
2021-10-06 15:34:48 +00:00
|
|
|
|
mkExport = { arg, value }: "export ${arg}=${value}";
|
|
|
|
|
dbpass = {
|
|
|
|
|
arg = "DBPASS";
|
|
|
|
|
value = if c.dbpassFile != null
|
|
|
|
|
then ''"$(<"${toString c.dbpassFile}")"''
|
|
|
|
|
else ''""'';
|
|
|
|
|
};
|
|
|
|
|
adminpass = {
|
|
|
|
|
arg = "ADMINPASS";
|
2021-10-08 16:30:57 +00:00
|
|
|
|
value = ''"$(<"${toString c.adminpassFile}")"'';
|
2021-10-06 15:34:48 +00:00
|
|
|
|
};
|
2018-06-29 17:17:54 +00:00
|
|
|
|
installFlags = concatStringsSep " \\\n "
|
|
|
|
|
(mapAttrsToList (k: v: "${k} ${toString v}") {
|
|
|
|
|
"--database" = ''"${c.dbtype}"'';
|
|
|
|
|
# The following attributes are optional depending on the type of
|
|
|
|
|
# database. Those that evaluate to null on the left hand side
|
|
|
|
|
# will be omitted.
|
|
|
|
|
${if c.dbname != null then "--database-name" else null} = ''"${c.dbname}"'';
|
|
|
|
|
${if c.dbhost != null then "--database-host" else null} = ''"${c.dbhost}"'';
|
|
|
|
|
${if c.dbport != null then "--database-port" else null} = ''"${toString c.dbport}"'';
|
|
|
|
|
${if c.dbuser != null then "--database-user" else null} = ''"${c.dbuser}"'';
|
2022-09-25 13:55:52 +00:00
|
|
|
|
"--database-pass" = "\"\$${dbpass.arg}\"";
|
2018-06-29 17:17:54 +00:00
|
|
|
|
"--admin-user" = ''"${c.adminuser}"'';
|
2022-09-25 13:55:52 +00:00
|
|
|
|
"--admin-pass" = "\"\$${adminpass.arg}\"";
|
2021-09-25 20:16:35 +00:00
|
|
|
|
"--data-dir" = ''"${datadir}/data"'';
|
2018-06-29 17:17:54 +00:00
|
|
|
|
});
|
|
|
|
|
in ''
|
2021-10-06 15:34:48 +00:00
|
|
|
|
${mkExport dbpass}
|
|
|
|
|
${mkExport adminpass}
|
2018-06-29 17:17:54 +00:00
|
|
|
|
${occ}/bin/nextcloud-occ maintenance:install \
|
|
|
|
|
${installFlags}
|
|
|
|
|
'';
|
|
|
|
|
occSetTrustedDomainsCmd = concatStringsSep "\n" (imap0
|
|
|
|
|
(i: v: ''
|
|
|
|
|
${occ}/bin/nextcloud-occ config:system:set trusted_domains \
|
|
|
|
|
${toString i} --value="${toString v}"
|
|
|
|
|
'') ([ cfg.hostName ] ++ cfg.config.extraTrustedDomains));
|
|
|
|
|
|
|
|
|
|
in {
|
|
|
|
|
wantedBy = [ "multi-user.target" ];
|
|
|
|
|
before = [ "phpfpm-nextcloud.service" ];
|
2023-04-30 17:34:42 +00:00
|
|
|
|
after = optional mysqlLocal "mysql.service" ++ optional pgsqlLocal "postgresql.service";
|
|
|
|
|
requires = optional mysqlLocal "mysql.service" ++ optional pgsqlLocal "postgresql.service";
|
2019-02-20 16:40:36 +00:00
|
|
|
|
path = [ occ ];
|
2018-06-29 17:17:54 +00:00
|
|
|
|
script = ''
|
2021-02-05 11:25:22 +00:00
|
|
|
|
${optionalString (c.dbpassFile != null) ''
|
|
|
|
|
if [ ! -r "${c.dbpassFile}" ]; then
|
|
|
|
|
echo "dbpassFile ${c.dbpassFile} is not readable by nextcloud:nextcloud! Aborting..."
|
|
|
|
|
exit 1
|
|
|
|
|
fi
|
|
|
|
|
if [ -z "$(<${c.dbpassFile})" ]; then
|
|
|
|
|
echo "dbpassFile ${c.dbpassFile} is empty!"
|
|
|
|
|
exit 1
|
|
|
|
|
fi
|
|
|
|
|
''}
|
2021-10-08 16:30:57 +00:00
|
|
|
|
if [ ! -r "${c.adminpassFile}" ]; then
|
|
|
|
|
echo "adminpassFile ${c.adminpassFile} is not readable by nextcloud:nextcloud! Aborting..."
|
|
|
|
|
exit 1
|
|
|
|
|
fi
|
|
|
|
|
if [ -z "$(<${c.adminpassFile})" ]; then
|
|
|
|
|
echo "adminpassFile ${c.adminpassFile} is empty!"
|
|
|
|
|
exit 1
|
|
|
|
|
fi
|
2021-02-05 11:25:22 +00:00
|
|
|
|
|
2020-03-14 03:07:30 +00:00
|
|
|
|
ln -sf ${cfg.package}/apps ${cfg.home}/
|
2020-07-27 05:41:42 +00:00
|
|
|
|
|
2021-10-09 20:36:35 +00:00
|
|
|
|
# Install extra apps
|
|
|
|
|
ln -sfT \
|
|
|
|
|
${pkgs.linkFarm "nix-apps"
|
|
|
|
|
(mapAttrsToList (name: path: { inherit name path; }) cfg.extraApps)} \
|
|
|
|
|
${cfg.home}/nix-apps
|
2020-07-27 05:41:42 +00:00
|
|
|
|
|
|
|
|
|
# create nextcloud directories.
|
|
|
|
|
# if the directories exist already with wrong permissions, we fix that
|
2021-09-25 20:19:14 +00:00
|
|
|
|
for dir in ${datadir}/config ${datadir}/data ${cfg.home}/store-apps ${cfg.home}/nix-apps; do
|
2020-07-27 05:41:42 +00:00
|
|
|
|
if [ ! -e $dir ]; then
|
|
|
|
|
install -o nextcloud -g nextcloud -d $dir
|
|
|
|
|
elif [ $(stat -c "%G" $dir) != "nextcloud" ]; then
|
2020-08-03 07:04:46 +00:00
|
|
|
|
chgrp -R nextcloud $dir
|
2020-07-27 05:41:42 +00:00
|
|
|
|
fi
|
|
|
|
|
done
|
|
|
|
|
|
2021-09-25 20:16:35 +00:00
|
|
|
|
ln -sf ${overrideConfig} ${datadir}/config/override.config.php
|
2018-06-29 17:17:54 +00:00
|
|
|
|
|
|
|
|
|
# Do not install if already installed
|
2021-09-25 20:16:35 +00:00
|
|
|
|
if [[ ! -e ${datadir}/config/config.php ]]; then
|
2018-06-29 17:17:54 +00:00
|
|
|
|
${occInstallCmd}
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
${occ}/bin/nextcloud-occ upgrade
|
|
|
|
|
|
|
|
|
|
${occ}/bin/nextcloud-occ config:system:delete trusted_domains
|
2021-09-25 20:16:35 +00:00
|
|
|
|
|
|
|
|
|
${optionalString (cfg.extraAppsEnable && cfg.extraApps != { }) ''
|
2022-04-30 03:30:56 +00:00
|
|
|
|
# Try to enable apps
|
2021-10-09 20:36:35 +00:00
|
|
|
|
${occ}/bin/nextcloud-occ app:enable ${concatStringsSep " " (attrNames cfg.extraApps)}
|
2021-09-25 20:16:35 +00:00
|
|
|
|
''}
|
|
|
|
|
|
2018-06-29 17:17:54 +00:00
|
|
|
|
${occSetTrustedDomainsCmd}
|
|
|
|
|
'';
|
|
|
|
|
serviceConfig.Type = "oneshot";
|
2020-07-26 08:54:23 +00:00
|
|
|
|
serviceConfig.User = "nextcloud";
|
2023-03-21 16:34:23 +00:00
|
|
|
|
# On Nextcloud ≥ 26, it is not necessary to patch the database files to prevent
|
|
|
|
|
# an automatic creation of the database user.
|
|
|
|
|
environment.NC_setup_create_db_user = lib.mkIf (nextcloudGreaterOrEqualThan "26") "false";
|
2018-06-29 17:17:54 +00:00
|
|
|
|
};
|
2019-08-13 21:52:01 +00:00
|
|
|
|
nextcloud-cron = {
|
2022-06-26 18:29:59 +00:00
|
|
|
|
after = [ "nextcloud-setup.service" ];
|
2021-09-25 20:16:35 +00:00
|
|
|
|
environment.NEXTCLOUD_CONFIG_DIR = "${datadir}/config";
|
2018-06-29 17:17:54 +00:00
|
|
|
|
serviceConfig.Type = "oneshot";
|
2020-07-26 08:54:23 +00:00
|
|
|
|
serviceConfig.User = "nextcloud";
|
2020-03-14 03:07:30 +00:00
|
|
|
|
serviceConfig.ExecStart = "${phpPackage}/bin/php -f ${cfg.package}/cron.php";
|
2018-06-29 17:17:54 +00:00
|
|
|
|
};
|
2019-08-13 21:52:01 +00:00
|
|
|
|
nextcloud-update-plugins = mkIf cfg.autoUpdateApps.enable {
|
2022-06-26 18:29:59 +00:00
|
|
|
|
after = [ "nextcloud-setup.service" ];
|
2019-05-19 17:58:19 +00:00
|
|
|
|
serviceConfig.Type = "oneshot";
|
|
|
|
|
serviceConfig.ExecStart = "${occ}/bin/nextcloud-occ app:update --all";
|
2020-07-26 08:54:23 +00:00
|
|
|
|
serviceConfig.User = "nextcloud";
|
2019-05-19 17:58:19 +00:00
|
|
|
|
startAt = cfg.autoUpdateApps.startAt;
|
|
|
|
|
};
|
2018-06-29 17:17:54 +00:00
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
services.phpfpm = {
|
2019-08-08 02:36:49 +00:00
|
|
|
|
pools.nextcloud = {
|
2020-07-26 08:54:23 +00:00
|
|
|
|
user = "nextcloud";
|
|
|
|
|
group = "nextcloud";
|
2019-03-01 15:37:00 +00:00
|
|
|
|
phpPackage = phpPackage;
|
2019-08-08 02:36:49 +00:00
|
|
|
|
phpEnv = {
|
2021-09-25 20:16:35 +00:00
|
|
|
|
NEXTCLOUD_CONFIG_DIR = "${datadir}/config";
|
2019-08-08 02:36:49 +00:00
|
|
|
|
PATH = "/run/wrappers/bin:/nix/var/nix/profiles/default/bin:/run/current-system/sw/bin:/usr/bin:/bin";
|
|
|
|
|
};
|
|
|
|
|
settings = mapAttrs (name: mkDefault) {
|
2020-07-27 05:06:04 +00:00
|
|
|
|
"listen.owner" = config.services.nginx.user;
|
2020-07-27 13:20:13 +00:00
|
|
|
|
"listen.group" = config.services.nginx.group;
|
2019-09-10 17:33:00 +00:00
|
|
|
|
} // cfg.poolSettings;
|
2019-08-08 02:36:49 +00:00
|
|
|
|
extraConfig = cfg.poolConfig;
|
2018-06-29 17:17:54 +00:00
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
2020-07-26 08:54:23 +00:00
|
|
|
|
users.users.nextcloud = {
|
2018-06-29 17:17:54 +00:00
|
|
|
|
home = "${cfg.home}";
|
2020-07-26 08:54:23 +00:00
|
|
|
|
group = "nextcloud";
|
2021-03-07 13:54:00 +00:00
|
|
|
|
isSystemUser = true;
|
2018-06-29 17:17:54 +00:00
|
|
|
|
};
|
2020-07-27 05:06:04 +00:00
|
|
|
|
users.groups.nextcloud.members = [ "nextcloud" config.services.nginx.user ];
|
2018-06-29 17:17:54 +00:00
|
|
|
|
|
|
|
|
|
environment.systemPackages = [ occ ];
|
2020-08-03 07:04:46 +00:00
|
|
|
|
|
2023-04-30 17:34:42 +00:00
|
|
|
|
services.mysql = lib.mkIf mysqlLocal {
|
2021-12-15 14:56:19 +00:00
|
|
|
|
enable = true;
|
|
|
|
|
package = lib.mkDefault pkgs.mariadb;
|
|
|
|
|
ensureDatabases = [ cfg.config.dbname ];
|
|
|
|
|
ensureUsers = [{
|
|
|
|
|
name = cfg.config.dbuser;
|
|
|
|
|
ensurePermissions = { "${cfg.config.dbname}.*" = "ALL PRIVILEGES"; };
|
|
|
|
|
}];
|
2023-04-30 17:34:42 +00:00
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
services.postgresql = mkIf pgsqlLocal {
|
|
|
|
|
enable = true;
|
|
|
|
|
ensureDatabases = [ cfg.config.dbname ];
|
|
|
|
|
ensureUsers = [{
|
|
|
|
|
name = cfg.config.dbuser;
|
|
|
|
|
ensurePermissions = { "DATABASE ${cfg.config.dbname}" = "ALL PRIVILEGES"; };
|
|
|
|
|
}];
|
2021-12-15 14:56:19 +00:00
|
|
|
|
};
|
|
|
|
|
|
2023-04-15 15:52:18 +00:00
|
|
|
|
services.redis.servers.nextcloud = lib.mkIf cfg.configureRedis {
|
|
|
|
|
enable = true;
|
|
|
|
|
user = "nextcloud";
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
services.nextcloud = lib.mkIf cfg.configureRedis {
|
|
|
|
|
caching.redis = true;
|
|
|
|
|
extraOptions = {
|
2023-06-16 12:07:05 +00:00
|
|
|
|
"memcache.distributed" = ''\OC\Memcache\Redis'';
|
|
|
|
|
"memcache.locking" = ''\OC\Memcache\Redis'';
|
2023-04-15 15:52:18 +00:00
|
|
|
|
redis = {
|
|
|
|
|
host = config.services.redis.servers.nextcloud.unixSocket;
|
|
|
|
|
port = 0;
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
2020-08-12 15:20:56 +00:00
|
|
|
|
services.nginx.enable = mkDefault true;
|
2020-09-10 14:49:23 +00:00
|
|
|
|
|
2021-07-08 14:43:27 +00:00
|
|
|
|
services.nginx.virtualHosts.${cfg.hostName} = {
|
2020-08-12 15:20:56 +00:00
|
|
|
|
root = cfg.package;
|
|
|
|
|
locations = {
|
|
|
|
|
"= /robots.txt" = {
|
|
|
|
|
priority = 100;
|
|
|
|
|
extraConfig = ''
|
|
|
|
|
allow all;
|
2020-07-27 05:06:04 +00:00
|
|
|
|
access_log off;
|
|
|
|
|
'';
|
2020-08-12 15:20:56 +00:00
|
|
|
|
};
|
2021-02-24 22:01:14 +00:00
|
|
|
|
"= /" = {
|
|
|
|
|
priority = 100;
|
|
|
|
|
extraConfig = ''
|
|
|
|
|
if ( $http_user_agent ~ ^DavClnt ) {
|
|
|
|
|
return 302 /remote.php/webdav/$is_args$args;
|
|
|
|
|
}
|
|
|
|
|
'';
|
|
|
|
|
};
|
2020-08-12 15:20:56 +00:00
|
|
|
|
"~ ^/store-apps" = {
|
|
|
|
|
priority = 201;
|
|
|
|
|
extraConfig = "root ${cfg.home};";
|
|
|
|
|
};
|
2021-09-25 20:19:14 +00:00
|
|
|
|
"~ ^/nix-apps" = {
|
|
|
|
|
priority = 201;
|
|
|
|
|
extraConfig = "root ${cfg.home};";
|
|
|
|
|
};
|
2020-08-15 15:12:11 +00:00
|
|
|
|
"^~ /.well-known" = {
|
2020-08-12 15:20:56 +00:00
|
|
|
|
priority = 210;
|
2020-08-15 15:12:11 +00:00
|
|
|
|
extraConfig = ''
|
2021-02-16 16:58:38 +00:00
|
|
|
|
absolute_redirect off;
|
2020-08-15 15:12:11 +00:00
|
|
|
|
location = /.well-known/carddav {
|
2021-02-15 10:03:12 +00:00
|
|
|
|
return 301 /remote.php/dav;
|
2020-08-15 15:12:11 +00:00
|
|
|
|
}
|
|
|
|
|
location = /.well-known/caldav {
|
2021-02-15 10:03:12 +00:00
|
|
|
|
return 301 /remote.php/dav;
|
2020-08-15 15:12:11 +00:00
|
|
|
|
}
|
2021-02-24 22:01:14 +00:00
|
|
|
|
location ~ ^/\.well-known/(?!acme-challenge|pki-validation) {
|
|
|
|
|
return 301 /index.php$request_uri;
|
|
|
|
|
}
|
2020-08-15 15:12:11 +00:00
|
|
|
|
try_files $uri $uri/ =404;
|
|
|
|
|
'';
|
2020-08-12 15:20:56 +00:00
|
|
|
|
};
|
2023-10-09 09:27:40 +00:00
|
|
|
|
"~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/)" = {
|
|
|
|
|
priority = 450;
|
|
|
|
|
extraConfig = ''
|
|
|
|
|
return 404;
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
"~ ^/(?:\\.|autotest|occ|issue|indie|db_|console)" = {
|
|
|
|
|
priority = 450;
|
|
|
|
|
extraConfig = ''
|
|
|
|
|
return 404;
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
"~ \\.php(?:$|/)" = {
|
2020-08-12 15:20:56 +00:00
|
|
|
|
priority = 500;
|
|
|
|
|
extraConfig = ''
|
2023-10-09 09:27:40 +00:00
|
|
|
|
# legacy support (i.e. static files and directories in cfg.package)
|
|
|
|
|
rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[s${optionalString (!ocmProviderIsNotAStaticDirAnymore) "m"}]-provider\/.+|.+\/richdocumentscode\/proxy) /index.php$request_uri;
|
2020-08-12 15:20:56 +00:00
|
|
|
|
include ${config.services.nginx.package}/conf/fastcgi.conf;
|
2020-08-15 15:12:11 +00:00
|
|
|
|
fastcgi_split_path_info ^(.+?\.php)(\\/.*)$;
|
|
|
|
|
set $path_info $fastcgi_path_info;
|
2020-08-12 15:20:56 +00:00
|
|
|
|
try_files $fastcgi_script_name =404;
|
2020-08-15 15:12:11 +00:00
|
|
|
|
fastcgi_param PATH_INFO $path_info;
|
|
|
|
|
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
2020-08-12 15:20:56 +00:00
|
|
|
|
fastcgi_param HTTPS ${if cfg.https then "on" else "off"};
|
|
|
|
|
fastcgi_param modHeadersAvailable true;
|
|
|
|
|
fastcgi_param front_controller_active true;
|
|
|
|
|
fastcgi_pass unix:${fpm.socket};
|
|
|
|
|
fastcgi_intercept_errors on;
|
|
|
|
|
fastcgi_request_buffering off;
|
2022-08-04 08:52:25 +00:00
|
|
|
|
fastcgi_read_timeout ${builtins.toString cfg.fastcgiTimeout}s;
|
2018-06-29 17:17:54 +00:00
|
|
|
|
'';
|
|
|
|
|
};
|
2023-10-09 09:27:40 +00:00
|
|
|
|
"~ \\.(?:css|js|mjs|svg|gif|png|jpg|jpeg|ico|wasm|tflite|map|html|ttf|bcmap|mp4|webm)$".extraConfig = ''
|
2020-08-12 15:20:56 +00:00
|
|
|
|
try_files $uri /index.php$request_uri;
|
2020-08-15 15:12:11 +00:00
|
|
|
|
expires 6M;
|
2020-08-12 15:20:56 +00:00
|
|
|
|
access_log off;
|
2023-10-09 09:27:40 +00:00
|
|
|
|
location ~ \.wasm$ {
|
|
|
|
|
default_type application/wasm;
|
|
|
|
|
}
|
2020-08-12 15:20:56 +00:00
|
|
|
|
'';
|
2023-10-09 09:27:40 +00:00
|
|
|
|
"~ ^\\/(?:updater|ocs-provider${optionalString (!ocmProviderIsNotAStaticDirAnymore) "|ocm-provider"})(?:$|\\/)".extraConfig = ''
|
2020-08-15 15:12:11 +00:00
|
|
|
|
try_files $uri/ =404;
|
|
|
|
|
index index.php;
|
|
|
|
|
'';
|
2023-10-09 09:27:40 +00:00
|
|
|
|
"/remote" = {
|
|
|
|
|
priority = 1500;
|
|
|
|
|
extraConfig = ''
|
|
|
|
|
return 301 /remote.php$request_uri;
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
"/" = {
|
|
|
|
|
priority = 1600;
|
|
|
|
|
extraConfig = ''
|
|
|
|
|
try_files $uri $uri/ /index.php$request_uri;
|
|
|
|
|
'';
|
|
|
|
|
};
|
2018-06-29 17:17:54 +00:00
|
|
|
|
};
|
2020-08-12 15:20:56 +00:00
|
|
|
|
extraConfig = ''
|
2020-08-15 15:12:11 +00:00
|
|
|
|
index index.php index.html /index.php$request_uri;
|
2022-01-18 16:12:50 +00:00
|
|
|
|
${optionalString (cfg.nginx.recommendedHttpHeaders) ''
|
|
|
|
|
add_header X-Content-Type-Options nosniff;
|
|
|
|
|
add_header X-XSS-Protection "1; mode=block";
|
2023-03-26 02:48:09 +00:00
|
|
|
|
add_header X-Robots-Tag "noindex, nofollow";
|
2022-01-18 16:12:50 +00:00
|
|
|
|
add_header X-Download-Options noopen;
|
|
|
|
|
add_header X-Permitted-Cross-Domain-Policies none;
|
|
|
|
|
add_header X-Frame-Options sameorigin;
|
|
|
|
|
add_header Referrer-Policy no-referrer;
|
2022-05-13 20:12:36 +00:00
|
|
|
|
''}
|
|
|
|
|
${optionalString (cfg.https) ''
|
|
|
|
|
add_header Strict-Transport-Security "max-age=${toString cfg.nginx.hstsMaxAge}; includeSubDomains" always;
|
2022-01-18 16:12:50 +00:00
|
|
|
|
''}
|
2020-08-12 15:20:56 +00:00
|
|
|
|
client_max_body_size ${cfg.maxUploadSize};
|
|
|
|
|
fastcgi_buffers 64 4K;
|
|
|
|
|
fastcgi_hide_header X-Powered-By;
|
|
|
|
|
gzip on;
|
|
|
|
|
gzip_vary on;
|
|
|
|
|
gzip_comp_level 4;
|
|
|
|
|
gzip_min_length 256;
|
|
|
|
|
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
|
|
|
|
|
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
|
|
|
|
|
|
|
|
|
|
${optionalString cfg.webfinger ''
|
|
|
|
|
rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
|
|
|
|
|
rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;
|
|
|
|
|
''}
|
|
|
|
|
'';
|
2018-06-29 17:17:54 +00:00
|
|
|
|
};
|
2020-07-27 05:06:04 +00:00
|
|
|
|
}
|
2018-06-29 17:17:54 +00:00
|
|
|
|
]);
|
2018-11-25 23:43:45 +00:00
|
|
|
|
|
2023-01-24 23:33:40 +00:00
|
|
|
|
meta.doc = ./nextcloud.md;
|
2018-06-29 17:17:54 +00:00
|
|
|
|
}
|