Commit Graph

75 Commits

Author SHA1 Message Date
Maximilian Bosch
45d2b8b536
nixos/nextcloud: deprecated dbtableprefix
Closes #320381

Installation with a custom dbtableprefix is not allowed anymore for a
while[1] and we shouldn't advertise it as such.

The option is deprecated for now since I'm not sure if there are some
weird corner-cases where removing the option directly would break
existing installations from before <20 with a custom dbtableprefix. The
migration-path for such a case is as follows:

* Check if /var/lib/nextcloud/config/config.php has the correct
  dbtableprefix set and if not, take care of it.
* Remove `dbtableprefix` from the NixOS configuration. It's effectively
  state anyways.

After a bit of time to switch (perhaps after the next release
branchoff), the option can be removed.

[1] https://github.com/nextcloud/server/issues/24836
2024-06-19 11:43:33 +02:00
Maximilian Bosch
0b31ada92b
nixos/nextcloud: refactor tests
The tests had very much duplication and some if it was even wrong! For
instance, `withRcloneEnv` in the MySQL test didn't have the `"$@"` at
the bottom to execute commands passed to it. Because of that, the MySQL
testcase never checked whether files can be uploaded.

Since tests are just another module-system I decided to abstract away
common things by using it:

* Define a base module with
  * an empty `client` node and a `nextcloud` node with defaults
    shared among all tests.
  * rclone scripts that are used by all tests.
  * a `testScript` checking upload/download. Additional checks can be
    added via `test-helpers.extraTests`.

* Make common information such as admin user & password shared via
  options.

Also, changed the following things:

* The `name` of the final derivation also includes the Nextcloud major
  it was tested against.

* Improved the objecstore test by making sure the file was actually
  uploaded into the bucket.
2024-06-12 10:55:26 +02:00
Maximilian Bosch
6ecafb1c38
nixos/nextcloud: fix objectstore/s3 test
* Make sure `withRcloneEnv` actually invokes the command it gets as
  `argv`. Until no, nothing was uploaded. This mistake was copied from
  the MySQL test that appears to have the same issue (will be addressed
  in the next commit).

* Test upload/download through with rclone once to see if Nextcloud
  interaction with S3 works fine.

* Make sure we actually have something in the bucket (until now with an
  `ls` and no real check, will do some larger cleanups and make this
  better in the next commit).

* Use actual AWS-style access keys.
2024-06-11 12:37:42 +02:00
Jonas Heinrich
de1f4538e8
nixos/tests/nextcloud: Add test for object store 2024-06-10 13:52:55 +02:00
Maximilian Bosch
4e964de927
nextcloud26: remove 2024-05-01 10:22:25 +02:00
Raito Bezarius
4a76833a0d
nixos/tests/nextcloud: test NextCloud 29 (Hub 8) too
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-04-25 15:27:30 +02:00
Maximilian Bosch
0fac694dba
Merge pull request #290507 from dotlambda/nextcloud-notify_push-meta
nextcloud-notify_push.test_client: add meta
2024-02-22 17:28:11 +01:00
Robert Schütz
16e379fa03 nextcloud-notify_push.test_client: add meta 2024-02-21 15:12:58 -08:00
Maximilian Bosch
37d6961f33
nixos/nextcloud: add regression test for not delivering code anymore
PR #277382 didn't fix just an issue with .mjs files for the `forms` app,
but an underlying, more problematic issue: for `/nix-apps` &
`/store-apps`, the fcgi config for PHP and the block for assets were
never reached.

That meant that e.g. `/nix-apps/notes/lib/AppInfo/Application.php`
returned the PHP source code as text/plain. Considering that there was
never a fundamental change to how this config's structure, I'm pretty
sure that the issue was pretty much there since the module exists.

After consulting the NixOS security team we agreed that this is most
likely harmless because you'd have to use private apps with secrets in
the raw PHP code of said app. However, this is still problematic because
one important assumption - that PHP code is never sent to the browser -
is broken which is why we decided on not mentioning this impact in the
previous PR from December 2023.

To make sure that we don't regress our nginx config, I decided to add
the reproducer which fails on 8bbbb228b4
as testcase to our integration tests.
2024-02-10 17:52:19 +01:00
Jonas Heinrich
e1c0d281b2 nixos/nextcloud: Rename extraOptions to settings 2024-01-26 14:22:49 +01:00
Maximilian Bosch
d25fdec5b3
Merge pull request #212430 from onny/nextcloud-cleanup
nixos/nextcloud: Move options into now freeForm extraOptions
2023-12-29 23:44:24 +01:00
nikstur
1c22b64fc9 nixos/tests/nextcloud: replace activationScript
Replace with a seprate systemd service
2023-12-29 03:41:45 +01:00
Jonas Heinrich
dd8c96379f nixos/nextcloud: Move options into now freeForm extraOptions 2023-12-29 01:04:46 +01:00
Robert Schütz
f6ea3f91b5 nextcloud28: init at 28.0.0 2023-12-13 15:57:33 -08:00
Sandro Jäckel
79e3ab84dd
nixos/tests/nextcloud: fix with-declarative-redis-and-secrets test 2023-11-25 22:58:06 +01:00
K900
5323b93e9d nixos/tests: remove unnecessary stateVersion assignments 2023-10-27 12:56:13 +03:00
Maximilian Bosch
efc5c80e18
nextcloud25: remove
EOL of Nextcloud v25 is scheduled by the end of this month.
2023-10-07 16:16:42 +02:00
Jonas Heinrich
14f7b1161d nixos/tests/nextcloud: Fix deprecation warning 2023-08-09 16:57:57 +02:00
Jonas Heinrich
b0ba7d2406 nixos/tests/nextcloud: Fix broken webdav url
Starting with Rclone v1.63, which is used in the Nextcloud tests for
synchronization, the client relies on the correct WebDAV endpoint url,
see https://github.com/rclone/rclone/issues/7103
2023-08-01 09:11:27 +02:00
Maximilian Bosch
cac7282c17
nixos/tests/nextcloud: fix more issues related to redis tests
* Ensure that the redis cache is actually used in the "trivial" case
  (`with-postgresql-and-redis`)
* Test against all Nextcloud versions we've packaged
* Actually set a secret to make sure that the provided secret is
  properly read by Nextcloud.
* Add myself as maintainer to the secret-test to make sure that I don't
  miss any more changes like this that could break the functionality of
  that feature.
2023-06-17 14:04:44 +02:00
Maximilian Bosch
3df3a89892
nixos/nextcloud: fix declarative cache configuration
It's supposed to be `memcache.distributed`, not an associative PHP array
named `memcache` with a key `distributed`.

This was probably never caught because the initial `grep -q` check in
the test was invalid: `redis-cli` prints nothing if no keys can be found
when not writing to a tty apparently.
2023-06-16 14:11:38 +02:00
Maximilian Bosch
5a2769d981
nextcloud27: init
Fixes #237560
2023-06-16 14:11:38 +02:00
figsoda
202699c918 nixos/tests: fix typos 2023-05-19 22:31:04 -04:00
Gabriel Fontes
f9f76529cd
nixos/nextcloud: default createLocally to false 2023-05-14 12:09:50 -03:00
Gabriel Fontes
fddf531c6f
nixos/nextcloud: refactor database.createLocally
Fixes https://github.com/NixOS/nixpkgs/issues/228971
2023-05-01 12:20:40 -03:00
Maximilian Bosch
430f1dcdbd
nextcloud: remove nextcloud24, 25.0.5 -> 25.0.6, 26.0.0 -> 26.0.1 2023-04-20 11:34:54 +02:00
Maximilian Bosch
cbc539c19f nixos/nextcloud: minor fixups
* Apply review comments.
* Default to PHP 8.2 for v26.
2023-03-22 22:37:17 +01:00
Raito Bezarius
d7a27b38a2 nixos/tests/nextcloud: do not expect failure on NC ≥26 with respect to RC4 bug 2023-03-22 22:37:16 +01:00
Raito Bezarius
5e5c4c975a nixos/web-apps/nextcloud: introduce nextcloud26 2023-03-22 22:37:13 +01:00
ajs124
8a5596aded nixosTests.nextcloud.with-postgresql-and-redis*: also test notify_push 2023-02-21 15:05:16 +01:00
Sandro
cef47da8e5
Revert "nextcloud26: init at 26.0.0beta1" 2023-01-28 22:01:42 +01:00
Colin Arnott
aefbc9623b
nextcloud26: init at 26.0.0beta1
Because nextcloud ships their prerelease versions on a different url, we
are not parsing the version string to detect which path to use. We also
enabled and validated this change via nixos module testing.
2023-01-27 15:28:41 +00:00
Maximilian Bosch
35b146ca31
nixos/nextcloud: fixup openssl compat change
Upon testing the change itself I realized that it doesn't build properly
because

* the `pname` of a php extension is `php-<name>`, not `<name>`.
* calling the extension `openssl-legacy` resulted in PHP trying to compile
  `ext/openssl-legacy` which broke since it doesn't exist:

      source root is php-8.1.12
      setting SOURCE_DATE_EPOCH to timestamp 1666719000 of file php-8.1.12/win32/wsyslog.c
      patching sources
      cdToExtensionRootPhase
      /nix/store/48mnkga4kh84xyiqwzx8v7iv090i7z66-stdenv-linux/setup: line 1399: cd: ext/openssl-legacy: No such file or directory

I didn't encounter that one before because I was mostly interested in
having a sane behavior for everyone not using this "feature" and the
documentation around this. My findings about the behavior with turning
openssl1.1 on/off are still valid because I tested this on `master` with
manually replacing `openssl` by `openssl_1_1` in `php-packages.nix`.

To work around the issue I had to slightly modify the extension
build-system for PHP:

* The attribute `extensionName` is now relevant to determine the output
  paths (e.g. `lib/openssl.so`). This is not a behavioral change for
  existing extensions because then `extensionName==name`.

  However when specifying `extName` in `php-packages.nix` this value is
  overridden and it is made sure that the extension called `extName` NOT
  `name` (i.e. `openssl` vs `openssl-legacy`) is built and installed.

  The `name` still has to be kept to keep the legacy openssl available
  as `php.extensions.openssl-legacy`.

Additionally I implemented a small VM test to check the behavior with
server-side encryption:

* For `stateVersion` below 22.11, OpenSSL 1.1 is used (in `basic.nix`
  it's checked that OpenSSL 3 is used). With that the "default"
  behavior of the module is checked.

* It is ensured that the PHP interpreter for Nextcloud's php-fpm
  actually loads the correct openssl extension.

* It is tested that (encrypted) files remain usable when (temporarily)
  installing OpenSSL3 (of course then they're not decryptable, but on a
  rollback that should still be possible).

Finally, a few more documentation changes:

* I also mentioned the issue in `nextcloud.xml` to make sure the issue
  is at least mentioned in the manual section about Nextcloud. Not too
  much detail here, but the relevant option `enableBrokenCiphersForSSE`
  is referenced.

* I fixed a few minor wording issues to also give the full context
  (we're talking about Nextcloud; we're talking about the PHP extension
  **only**; please check if you really need this even though it's
  enabled by default).

  This is because I felt that sometimes it might be hard to understand
  what's going on when e.g. an eval-warning appears without telling where
  exactly it comes from.
2022-11-11 14:45:46 +01:00
Maximilian Bosch
61128cba67
nixos/nextcloud: minor docs cleanup for openssl change
* s/NextCloud/Nextcloud/g
* `enableBrokenCiphersForSSE` should be enabled by default for any NixOS
  installation from before 22.11 to make sure existing installations
  don't run into the issue. Not the other way round.
* Update release notes to reflect on that.
* Improve wording of the warning a bit: explain which option to change
  to get rid of it.
* Ensure that basic tests w/o `enableBrokenCiphersForSSE` run with
  OpenSSL 3.
2022-11-10 12:17:43 +01:00
Raito Bezarius
7eefaeb5e3
nextcloud25: use openssl 1.1 as a PHP extension to fix RC4 encryption 2022-11-10 12:17:43 +01:00
Maximilian Bosch
40b7f52b8f
nextcloud25: init 2022-10-23 17:20:49 +02:00
Maximilian Bosch
f72099e0cd
nixos/nextcloud: fix a deprecation warning in the tests using redis 2022-09-10 23:53:40 +02:00
stuebinm
5f4d5fcfa4 services/nextcloud: apply suggestions 2022-07-06 00:16:04 +02:00
stuebinm
c3e03d1199
Merge branch 'master' into nextcloud-secrets 2022-06-30 22:24:44 +02:00
Maximilian Bosch
33c44a1031
nextcloud22: drop
Version 22 will be EOLed in July 2022[1] and we shouldn't have
unsupported software in the soon-to-be-released NixOS 22.05, hence
dropping it already.

[1] https://github.com/nextcloud/server/wiki/Maintenance-and-Release-Schedule
2022-05-21 18:34:28 +02:00
Colin Arnott
ecd8d42397
nextcloud24: init at 24.0.0
Added Nextcloud 23 and set it as the default Nextcloud version for the
NixOS module. Added PHP 8.1 as an option for phpPackage and default for
Nextcloud ≥ 24.
2022-05-06 00:37:39 +00:00
stuebinm
92fe62e1de
Merge branch 'master' into nextcloud-secrets 2022-04-24 18:43:28 +02:00
stuebinm
1c9c4a8e80 services/nextcloud: better secretFile test
this is virtually identical to the declarative redis test now, except
that the config json is set manually.
2022-04-24 18:04:37 +02:00
stuebinm
439243d38f services/nextcloud: check redis config 2022-04-24 18:04:12 +02:00
Jonas Heinrich
047473aa32 nixos/nextcloud: Support create database locally 2022-04-19 14:35:59 -04:00
Maximilian Bosch
15876a546c
nextcloud21: remove
EOLed by upstream in 2022-02[1].

[1] https://docs.nextcloud.com/server/23/admin_manual/release_schedule.html#older-versions
2022-03-15 21:26:46 +01:00
Lara
909536115d nixos/nextcloud: Fix nixos test on master
Resolves #155509
2022-01-18 19:09:22 +00:00
Ilan Joselevich
c0f4b20db7 nextcloud23: init at 23.0.0 2021-12-02 20:53:21 +02:00
Maximilian Bosch
e1e15974f8
nextcloud20: drop
The version 20 of Nextcloud will be EOLed by the end of this month[1].

Since the recommended default (that didn't raise an eval-warning) on
21.05 was Nextcloud 21, this shouldn't affect too many people.

In order to ensure that nobody does a (not working) upgrade across
several major-versions of Nextcloud, I replaced the derivation of
`nextcloud20` with a `throw` that provides instructions how to proceed.

The only case that I consider "risky" is a setup upgraded from 21.05 (or
older) with a `system.stateVersion` <21.11 and with
`services.nextcloud.package` not explicitly declared in its config. To
avoid that, I also left the `else-if` for `stateVersion < 21.03` which
now sets `services.nextcloud.package` to `pkgs.nextcloud20` and thus
leads to an eval-error. This condition can be removed
as soon as 21.05 is EOL because then it's safe to assume that only
21.11. is used as stable release where no Nextcloud <=20 exists that can
lead to such an issue.

It can't be removed earlier because then every `system.stateVersion <
21.11` would lead to `nextcloud21` which is a problem if `nextcloud19`
is still used.

[1] https://docs.nextcloud.com/server/20/admin_manual/release_schedule.html
2021-10-25 01:34:47 +02:00
Maximilian Bosch
1ee008fcb5
nixos/nextcloud: fixup #119638
A few minor changes to get #119638 - nextcloud: add option to set
datadir and extensions - ready:

* `cfg.datadir` now gets `cfg.home` as default to make the type
  non-nullable.
* Enhanced the `basic` test to check the behavior with a custom datadir
  that's not `/var/lib/nextcloud`.
* Fix hashes for apps in option example.
* Simplify if/else for `appstoreenable` in override config.
* Simplify a few `mapAttrsToList`-expressions in
  `nextcloud-setup.service`.
2021-10-09 22:45:31 +02:00