Commit Graph

206 Commits

Author SHA1 Message Date
figsoda
701bcdbead nixos: fix typos 2023-05-19 22:31:04 -04:00
Ryan Lahfa
fa06a3b646
Merge pull request #230888 from Misterio77/nextcloud-createlocally-optin
nixos/nextcloud: default createLocally to false
2023-05-15 09:28:15 +02:00
Gabriel Fontes
f9f76529cd
nixos/nextcloud: default createLocally to false 2023-05-14 12:09:50 -03:00
Sandro Jäckel
546d4d4b76
nixos/nextcloud: add configureRedis option 2023-05-03 22:40:41 +02:00
Gabriel Fontes
fddf531c6f
nixos/nextcloud: refactor database.createLocally
Fixes https://github.com/NixOS/nixpkgs/issues/228971
2023-05-01 12:20:40 -03:00
Maximilian Bosch
0abc5bcc7e
nixos/nextcloud: for nc26 it's not necessary anymore to set enableBrokenCiphersForSSE to false 2023-04-20 12:20:52 +02:00
Maximilian Bosch
430f1dcdbd
nextcloud: remove nextcloud24, 25.0.5 -> 25.0.6, 26.0.0 -> 26.0.1 2023-04-20 11:34:54 +02:00
Robert Schütz
15b859cefe nixos/nextcloud: set X-Robots-Tag to "noindex, nofollow"
Upstream did so in https://github.com/nextcloud/server/pull/36689 and
Nextcloud now complains that

    The "X-Robots-Tag" HTTP header is not set to "noindex, nofollow".
    This is a potential security or privacy risk, as it is recommended
    to adjust this setting accordingly.
2023-03-25 19:48:13 -07:00
Maximilian Bosch
cbc539c19f nixos/nextcloud: minor fixups
* Apply review comments.
* Default to PHP 8.2 for v26.
2023-03-22 22:37:17 +01:00
Maximilian Bosch
6a0b0a5de9 nextcloud: remove compat references to v23
This is not needed anymore because the version is EOL for almost a year
now and we don't even have the packages anymore, only the attributes for
compatibility for upgrades from older NixOS versions.
2023-03-22 22:37:17 +01:00
Raito Bezarius
dd96b7d8b4 nextcloud26, nixos/web-apps/nextcloud: drop the autocreate db user patch and wire the default in the NixOS module 2023-03-22 22:37:16 +01:00
Raito Bezarius
5e5c4c975a nixos/web-apps/nextcloud: introduce nextcloud26 2023-03-22 22:37:13 +01:00
Nicola Squartini
a2eeaddea2
nixos/nextcloud: support SSE-C for S3 primary storage
Add configuration option to enable [server-side encryption with
customer-provided keys][1] (SSE-C) when using S3 as primary storage in
Nextcloud.

[1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/ServerSideEncryptionCustomerKeys.html
2023-02-24 16:59:41 +01:00
Sandro
b2cf9511b3
Merge pull request #211547 from yater/patch-3 2023-02-14 22:32:47 +01:00
pennae
0a6e6cf7e6 nixos/manual: render module chapters with nixos-render-docs
this converts meta.doc into an md pointer, not an xml pointer. since we
no longer need xml for manual chapters we can also remove support for
manual chapters from md-to-db.sh

since pandoc converts smart quotes to docbook quote elements and our
nixos-render-docs does not we lose this distinction in the rendered
output. that's probably not that bad, our stylesheet didn't make use of
this anyway (and pre-23.05 versions of the chapters didn't use quote
elements either).

also updates the nixpkgs manual to clarify that option docs support all
extensions (although it doesn't support headings at all, so heading
anchors don't work by extension).
2023-01-27 20:07:34 +01:00
yater
3e1fdaf2e5 nixos/nextcloud: fix typo in option description
an option services.nextcloud.nginx.enableImagemagick does not exist.
2023-01-26 03:17:22 +01:00
figsoda
6bb0dbf91f nixos: fix typos 2022-12-17 19:31:14 -05:00
Maximilian Bosch
35b146ca31
nixos/nextcloud: fixup openssl compat change
Upon testing the change itself I realized that it doesn't build properly
because

* the `pname` of a php extension is `php-<name>`, not `<name>`.
* calling the extension `openssl-legacy` resulted in PHP trying to compile
  `ext/openssl-legacy` which broke since it doesn't exist:

      source root is php-8.1.12
      setting SOURCE_DATE_EPOCH to timestamp 1666719000 of file php-8.1.12/win32/wsyslog.c
      patching sources
      cdToExtensionRootPhase
      /nix/store/48mnkga4kh84xyiqwzx8v7iv090i7z66-stdenv-linux/setup: line 1399: cd: ext/openssl-legacy: No such file or directory

I didn't encounter that one before because I was mostly interested in
having a sane behavior for everyone not using this "feature" and the
documentation around this. My findings about the behavior with turning
openssl1.1 on/off are still valid because I tested this on `master` with
manually replacing `openssl` by `openssl_1_1` in `php-packages.nix`.

To work around the issue I had to slightly modify the extension
build-system for PHP:

* The attribute `extensionName` is now relevant to determine the output
  paths (e.g. `lib/openssl.so`). This is not a behavioral change for
  existing extensions because then `extensionName==name`.

  However when specifying `extName` in `php-packages.nix` this value is
  overridden and it is made sure that the extension called `extName` NOT
  `name` (i.e. `openssl` vs `openssl-legacy`) is built and installed.

  The `name` still has to be kept to keep the legacy openssl available
  as `php.extensions.openssl-legacy`.

Additionally I implemented a small VM test to check the behavior with
server-side encryption:

* For `stateVersion` below 22.11, OpenSSL 1.1 is used (in `basic.nix`
  it's checked that OpenSSL 3 is used). With that the "default"
  behavior of the module is checked.

* It is ensured that the PHP interpreter for Nextcloud's php-fpm
  actually loads the correct openssl extension.

* It is tested that (encrypted) files remain usable when (temporarily)
  installing OpenSSL3 (of course then they're not decryptable, but on a
  rollback that should still be possible).

Finally, a few more documentation changes:

* I also mentioned the issue in `nextcloud.xml` to make sure the issue
  is at least mentioned in the manual section about Nextcloud. Not too
  much detail here, but the relevant option `enableBrokenCiphersForSSE`
  is referenced.

* I fixed a few minor wording issues to also give the full context
  (we're talking about Nextcloud; we're talking about the PHP extension
  **only**; please check if you really need this even though it's
  enabled by default).

  This is because I felt that sometimes it might be hard to understand
  what's going on when e.g. an eval-warning appears without telling where
  exactly it comes from.
2022-11-11 14:45:46 +01:00
Maximilian Bosch
61128cba67
nixos/nextcloud: minor docs cleanup for openssl change
* s/NextCloud/Nextcloud/g
* `enableBrokenCiphersForSSE` should be enabled by default for any NixOS
  installation from before 22.11 to make sure existing installations
  don't run into the issue. Not the other way round.
* Update release notes to reflect on that.
* Improve wording of the warning a bit: explain which option to change
  to get rid of it.
* Ensure that basic tests w/o `enableBrokenCiphersForSSE` run with
  OpenSSL 3.
2022-11-10 12:17:43 +01:00
Raito Bezarius
394d4de877
nextcloud25: enable by default broken ciphers for NixOS ≤ 22.11 2022-11-10 12:17:43 +01:00
Raito Bezarius
7eefaeb5e3
nextcloud25: use openssl 1.1 as a PHP extension to fix RC4 encryption 2022-11-10 12:17:43 +01:00
Maximilian Bosch
176676c4cf
Merge pull request #192890 from Enzime/fix/nextcloud-space-passwords
nixos/nextcloud: handle passwords with spaces
2022-11-08 18:02:04 +01:00
Maximilian Bosch
ad21c759d4
nixos/nextcloud: fix upgrade warning 2022-11-03 14:32:21 +01:00
Sandro Jäckel
44cdc6104a
nixos/nextcloud: allow changing logType 2022-10-27 23:32:00 +02:00
Maximilian Bosch
40b7f52b8f
nextcloud25: init 2022-10-23 17:20:49 +02:00
Michael Hoang
823e4d2fdb nixos/nextcloud: handle passwords with spaces 2022-09-25 23:57:55 +10:00
pennae
722b99bc0e nixos/*: convert options with admonitions to MD
rendering changes only slightly, most changes are in spacing.
2022-08-31 16:36:16 +02:00
pennae
9547123258 nixos/*: convert internal option descriptions to MD
we'll have to do it eventually, may as well be now.
2022-08-31 16:32:54 +02:00
pennae
ef176dcf7e nixos/*: automatically convert option descriptions
conversions were done using https://github.com/pennae/nix-doc-munge
using (probably) rev f34e145 running

    nix-doc-munge nixos/**/*.nix
    nix-doc-munge --import nixos/**/*.nix

the tool ensures that only changes that could affect the generated
manual *but don't* are committed, other changes require manual review
and are discarded.
2022-08-31 16:32:53 +02:00
pennae
c915b915b5 nixos/*: md-convert options with unordered lists
mostly no rendering changes. some lists (like simplelist) don't have an
exact translation to markdown, so we use a comma-separated list of
literals instead.
2022-08-31 16:32:53 +02:00
pennae
51a11254a7 nixos/*: literalDocBook -> literalMD
no change to rendered output
2022-08-27 19:18:29 +02:00
Phillip Seeber
9704e9c856 nixos/nextcloud: add option to set fastcgi timeout 2022-08-21 18:14:47 +02:00
pennae
6039648c50 nixos/*: automatically convert option docs 2022-08-19 22:40:58 +02:00
pennae
d0ba463fcf nixos/*: replace <quote> with actual quotes 2022-08-19 22:40:58 +02:00
pennae
a4fdff515b nixos/*: turn inline code blocks into more appropriate things 2022-08-19 22:40:58 +02:00
pennae
61e93df189 nixos/*: automatically convert option docs to MD
once again using nix-doc-munge (69d080323a)
2022-08-03 22:46:41 +02:00
pennae
3aebb4a2be nixos/*: normalize link format
make (almost) all links appear on only a single line, with no
unnecessary whitespace, using double quotes for attributes. this lets us
automatically convert them to markdown easily.

the few remaining links are extremely long link in a gnome module, we'll
come back to those at a later date.
2022-08-03 21:57:46 +02:00
pennae
16102dce2f nixos/*: replace <code> in option docs with <literal>
markdown can't represent the difference without another extension and
both the html manual and the manpage render them the same, so keeping the
distinction is not very useful on its own. with the distinction removed
we can automatically convert many options that use <code> tags to markdown.

the manpage remains unchanged, html manual does not render
differently (but class names on code tags do change from "code" to "literal").
2022-08-03 21:03:23 +02:00
pennae
2e751c0772 treewide: automatically md-convert option descriptions
the conversion procedure is simple:

 - find all things that look like options, ie calls to either `mkOption`
   or `lib.mkOption` that take an attrset. remember the attrset as the
   option
 - for all options, find a `description` attribute who's value is not a
   call to `mdDoc` or `lib.mdDoc`
 - textually convert the entire value of the attribute to MD with a few
   simple regexes (the set from mdize-module.sh)
 - if the change produced a change in the manual output, discard
 - if the change kept the manual unchanged, add some text to the
   description to make sure we've actually found an option. if the
   manual changes this time, keep the converted description

this procedure converts 80% of nixos options to markdown. around 2000
options remain to be inspected, but most of those fail the "does not
change the manual output check": currently the MD conversion process
does not faithfully convert docbook tags like <code> and <package>, so
any option using such tags will not be converted at all.
2022-07-30 15:16:34 +02:00
stuebinm
3fbc2a433d services/nextcloud: impossible error message 2022-07-06 11:57:44 +02:00
stuebinm
5f4d5fcfa4 services/nextcloud: apply suggestions 2022-07-06 00:16:04 +02:00
stuebinm
dd9200c0a4 services/nextcloud: fix a bug 2022-07-06 00:05:31 +02:00
stuebinm
c3e03d1199
Merge branch 'master' into nextcloud-secrets 2022-06-30 22:24:44 +02:00
stuebinm
ef75aab612 services/nextcloud: more consistent code 2022-06-30 22:21:43 +02:00
Winter
d6f59779c6 nixos/nextcloud: remove extraneous nginx config directive 2022-06-26 14:30:59 -04:00
Winter
e54ddddd2a nixos/nextcloud: make all services run after nextcloud-setup 2022-06-26 14:29:59 -04:00
Winter
6be3ce36b6 nixos/nextcloud: use mkOption.default for datadir 2022-06-26 14:27:03 -04:00
Elis Hirwing
d0862b0ed9
nixos/nextcloud: Upgrade to PHP 8.0 2022-06-08 18:09:07 +02:00
Aleksandar Topuzović
fd86efb8c2 nixos/nextcloud: Fix broken config file 2022-05-28 19:14:12 +01:00
Maximilian Bosch
57a8966d03
Merge pull request #171227 from aidalgol/nextcloud-setup-script-fix
nixos/nextcloud: Fix broken error suppression in setup script
2022-05-27 13:23:10 +02:00