colin/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

nixos/nextcloud: Move options into now freeForm extraOptions

Browse Source
This commit is contained in:
Jonas Heinrich 2023-12-09 17:07:44 +01:00
parent 5ec415b260
commit dd8c96379f
4 changed files with 129 additions and 123 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
nixos/doc/manual/release-notes/rl-2405.section.md
View File

@ -91,6 +91,8 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m
- `libass` now uses the native CoreText backend on Darwin, which may fix subtitle rendering issues with `mpv`, `ffmpeg`, etc.
- The following options of the Nextcloud module were moved into `services.nextcloud.extraOptions`: `logLevel`, `logType`, `log_type`, `defaultPhoneRegion`, `overwriteProtocol`, `skeletonDirectory`, `globalProfiles`, `extraTrustedDomains` and `trustedProxies`.
- The Yama LSM is now enabled by default in the kernel, which prevents ptracing
non-child processes. This means you will not be able to attach gdb to an
existing process, but will need to start that process from gdb (so it is a

2
nixos/modules/services/web-apps/nextcloud.md
View File

@ -51,7 +51,7 @@ to ensure that changes can be applied by changing the module's options.
In case the application serves multiple domains (those are checked with
[`$_SERVER['HTTP_HOST']`](https://www.php.net/manual/en/reserved.variables.server.php))
it's needed to add them to
[`services.nextcloud.config.extraTrustedDomains`](#opt-services.nextcloud.config.extraTrustedDomains).
[`services.nextcloud.extraOptions.trusted_domains`](#opt-services.nextcloud.extraOptions.trusted_domains).
Auto updates for Nextcloud apps can be enabled using
[`services.nextcloud.autoUpdateApps`](#opt-services.nextcloud.autoUpdateApps.enable).

246
nixos/modules/services/web-apps/nextcloud.nix
View File

@ -94,6 +94,22 @@ in {
(mkRemovedOptionModule [ "services" "nextcloud" "disableImagemagick" ] ''
Use services.nextcloud.enableImagemagick instead.
'')
(mkRenamedOptionModule
[ "services" "nextcloud" "logLevel" ] [ "services" "nextcloud" "extraOptions" "loglevel" ])
(mkRenamedOptionModule
[ "services" "nextcloud" "logType" ] [ "services" "nextcloud" "extraOptions" "log_type" ])
(mkRenamedOptionModule
[ "services" "nextcloud" "config" "defaultPhoneRegion" ] [ "services" "nextcloud" "extraOptions" "default_phone_region" ])
(mkRenamedOptionModule
[ "services" "nextcloud" "config" "overwriteProtocol" ] [ "services" "nextcloud" "extraOptions" "overwriteprotocol" ])
(mkRenamedOptionModule
[ "services" "nextcloud" "skeletonDirectory" ] [ "services" "nextcloud" "extraOptions" "skeletondirectory" ])
(mkRenamedOptionModule
[ "services" "nextcloud" "config" "globalProfiles" ] [ "services" "nextcloud" "extraOptions" "profile.enabled" ])
(mkRenamedOptionModule
[ "services" "nextcloud" "config" "extraTrustedDomains" ] [ "services" "nextcloud" "extraOptions" "trusted_domains" ])
(mkRenamedOptionModule
[ "services" "nextcloud" "config" "trustedProxies" ] [ "services" "nextcloud" "extraOptions" "trusted_proxies" ])
];
options.services.nextcloud = {
@ -157,32 +173,6 @@ in {
Set this to false to disable the installation of apps from the global appstore. App management is always enabled regardless of this setting.
'';
};
logLevel = mkOption {
type = types.ints.between 0 4;
default = 2;
description = lib.mdDoc ''
Log level value between 0 (DEBUG) and 4 (FATAL).
- 0 (debug): Log all activity.
- 1 (info): Log activity such as user logins and file activities, plus warnings, errors, and fatal errors.
- 2 (warn): Log successful operations, as well as warnings of potential problems, errors and fatal errors.
- 3 (error): Log failed operations and fatal errors.
- 4 (fatal): Log only fatal errors that cause the server to stop.
'';
};
logType = mkOption {
type = types.enum [ "errorlog" "file" "syslog" "systemd" ];
default = "syslog";
description = lib.mdDoc ''
Logging backend to use.
systemd requires the php-systemd package to be added to services.nextcloud.phpExtraExtensions.
See the [nextcloud documentation](https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/logging_configuration.html) for details.
'';
};
https = mkOption {
type = types.bool;
default = false;
@ -206,16 +196,6 @@ in {
'';
};
skeletonDirectory = mkOption {
default = "";
type = types.str;
description = lib.mdDoc ''
The directory where the skeleton files are located. These files will be
copied to the data directory of new users. Leave empty to not copy any
skeleton files.
'';
};
webfinger = mkOption {
type = types.bool;
default = false;
@ -315,7 +295,6 @@ in {
};
config = {
dbtype = mkOption {
type = types.enum [ "sqlite" "pgsql" "mysql" ];
@ -380,53 +359,6 @@ in {
setup of Nextcloud by the systemd service `nextcloud-setup.service`.
'';
};
extraTrustedDomains = mkOption {
type = types.listOf types.str;
default = [];
description = lib.mdDoc ''
Trusted domains from which the Nextcloud installation will be
accessible. You don't need to add
`services.nextcloud.hostname` here.
'';
};
trustedProxies = mkOption {
type = types.listOf types.str;
default = [];
description = lib.mdDoc ''
Trusted proxies to provide if the Nextcloud installation is being
proxied to secure against, e.g. spoofing.
'';
};
overwriteProtocol = mkOption {
type = types.nullOr (types.enum [ "http" "https" ]);
default = null;
example = "https";
description = lib.mdDoc ''
Force Nextcloud to always use HTTP or HTTPS i.e. for link generation.
Nextcloud uses the currently used protocol by default, but when
behind a reverse-proxy, it may use `http` for everything although
Nextcloud may be served via HTTPS.
'';
};
defaultPhoneRegion = mkOption {
default = null;
type = types.nullOr types.str;
example = "DE";
description = lib.mdDoc ''
An [ISO 3166-1](https://www.iso.org/iso-3166-country-codes.html)
country code which replaces automatic phone-number detection
without a country code.
As an example, with `DE` set as the default phone region,
the `+49` prefix can be omitted for phone numbers.
'';
};
objectstore = {
s3 = {
enable = mkEnableOption (lib.mdDoc ''
@ -609,30 +541,109 @@ in {
The nextcloud-occ program preconfigured to target this Nextcloud instance.
'';
};
globalProfiles = mkEnableOption (lib.mdDoc "global profiles") // {
description = lib.mdDoc ''
Makes user-profiles globally available under `nextcloud.tld/u/user.name`.
Even though it's enabled by default in Nextcloud, it must be explicitly enabled
here because it has the side-effect that personal information is even accessible to
unauthenticated users by default.
By default, the following properties are set to Show to everyone
if this flag is enabled:
- About
- Full name
- Headline
- Organisation
- Profile picture
- Role
- Twitter
- Website
Only has an effect in Nextcloud 23 and later.
'';
};
extraOptions = mkOption {
type = jsonFormat.type;
type = types.submodule {
freeformType = jsonFormat.type;
options = {
loglevel = mkOption {
type = types.ints.between 0 4;
default = 2;
description = lib.mdDoc ''
Log level value between 0 (DEBUG) and 4 (FATAL).
- 0 (debug): Log all activity.
- 1 (info): Log activity such as user logins and file activities, plus warnings, errors, and fatal errors.
- 2 (warn): Log successful operations, as well as warnings of potential problems, errors and fatal errors.
- 3 (error): Log failed operations and fatal errors.
- 4 (fatal): Log only fatal errors that cause the server to stop.
'';
};
log_type = mkOption {
type = types.enum [ "errorlog" "file" "syslog" "systemd" ];
default = "syslog";
description = lib.mdDoc ''
Logging backend to use.
systemd requires the php-systemd package to be added to services.nextcloud.phpExtraExtensions.
See the [nextcloud documentation](https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/logging_configuration.html) for details.
'';
};
skeletondirectory = mkOption {
default = "";
type = types.str;
description = lib.mdDoc ''
The directory where the skeleton files are located. These files will be
copied to the data directory of new users. Leave empty to not copy any
skeleton files.
'';
};
trusted_domains = mkOption {
type = types.listOf types.str;
default = [];
description = lib.mdDoc ''
Trusted domains, from which the nextcloud installation will be
accessible. You don't need to add
`services.nextcloud.hostname` here.
'';
};
trusted_proxies = mkOption {
type = types.listOf types.str;
default = [];
description = lib.mdDoc ''
Trusted proxies, to provide if the nextcloud installation is being
proxied to secure against e.g. spoofing.
'';
};
overwriteprotocol = mkOption {
type = types.enum [ "" "http" "https" ];
default = "";
example = "https";
description = lib.mdDoc ''
Force Nextcloud to always use HTTP or HTTPS i.e. for link generation.
Nextcloud uses the currently used protocol by default, but when
behind a reverse-proxy, it may use `http` for everything although
Nextcloud may be served via HTTPS.
'';
};
default_phone_region = mkOption {
default = "";
type = types.str;
example = "DE";
description = lib.mdDoc ''
An [ISO 3166-1](https://www.iso.org/iso-3166-country-codes.html)
country code which replaces automatic phone-number detection
without a country code.
As an example, with `DE` set as the default phone region,
the `+49` prefix can be omitted for phone numbers.
'';
};
"profile.enabled" = mkEnableOption (lib.mdDoc "global profiles") // {
description = lib.mdDoc ''
Makes user-profiles globally available under `nextcloud.tld/u/user.name`.
Even though it's enabled by default in Nextcloud, it must be explicitly enabled
here because it has the side-effect that personal information is even accessible to
unauthenticated users by default.
By default, the following properties are set to Show to everyone
if this flag is enabled:
- About
- Full name
- Headline
- Organisation
- Profile picture
- Role
- Twitter
- Website
Only has an effect in Nextcloud 23 and later.
'';
};
};
};
default = {};
description = lib.mdDoc ''
Extra options which should be appended to Nextcloud's config.php file.
@ -770,7 +781,6 @@ in {
nextcloud-setup = let
c = cfg.config;
writePhpArray = a: "[${concatMapStringsSep "," (val: ''"${toString val}"'') a}]";
requiresReadSecretFunction = c.dbpassFile != null || c.objectstore.s3.enable;
objectstoreConfig = let s3 = c.objectstore.s3; in optionalString s3.enable ''
'objectstore' => [
@ -833,12 +843,7 @@ in {
[ 'path' => '${cfg.home}/store-apps', 'url' => '/store-apps', 'writable' => true ],
],
${optionalString (showAppStoreSetting) "'appstoreenabled' => ${renderedAppStoreSetting},"}
'datadirectory' => '${datadir}/data',
'skeletondirectory' => '${cfg.skeletonDirectory}',
${optionalString cfg.caching.apcu "'memcache.local' => '\\OC\\Memcache\\APCu',"}
'log_type' => '${cfg.logType}',
'loglevel' => '${builtins.toString cfg.logLevel}',
${optionalString (c.overwriteProtocol != null) "'overwriteprotocol' => '${c.overwriteProtocol}',"}
${optionalString (c.dbname != null) "'dbname' => '${c.dbname}',"}
${optionalString (c.dbhost != null) "'dbhost' => '${c.dbhost}',"}
${optionalString (c.dbport != null) "'dbport' => '${toString c.dbport}',"}
@ -851,10 +856,6 @@ in {
''
}
'dbtype' => '${c.dbtype}',
'trusted_domains' => ${writePhpArray ([ cfg.hostName ] ++ c.extraTrustedDomains)},
'trusted_proxies' => ${writePhpArray (c.trustedProxies)},
${optionalString (c.defaultPhoneRegion != null) "'default_phone_region' => '${c.defaultPhoneRegion}',"}
${optionalString (nextcloudGreaterOrEqualThan "23") "'profile.enabled' => ${boolToString cfg.globalProfiles},"}
${objectstoreConfig}
];
@ -907,7 +908,7 @@ in {
(i: v: ''
${occ}/bin/nextcloud-occ config:system:set trusted_domains \
${toString i} --value="${toString v}"
'') ([ cfg.hostName ] ++ cfg.config.extraTrustedDomains));
'') ([ cfg.hostName ] ++ cfg.extraOptions.trusted_domains));
in {
wantedBy = [ "multi-user.target" ];
@ -1043,16 +1044,19 @@ in {
user = "nextcloud";
};
services.nextcloud = lib.mkIf cfg.configureRedis {
caching.redis = true;
extraOptions = {
services.nextcloud = {
caching.redis = lib.mkIf cfg.configureRedis true;
extraOptions = mkMerge [({
datadirectory = lib.mkDefault "${datadir}/data";
trusted_domains = [ cfg.hostName ];
}) (lib.mkIf cfg.configureRedis {
"memcache.distributed" = ''\OC\Memcache\Redis'';
"memcache.locking" = ''\OC\Memcache\Redis'';
redis = {
host = config.services.redis.servers.nextcloud.unixSocket;
port = 0;
};
};
})];
};
services.nginx.enable = mkDefault true;

2
nixos/tests/nextcloud/with-postgresql-and-redis.nix
View File

@ -32,7 +32,6 @@ in {
adminpassFile = toString (pkgs.writeText "admin-pass-file" ''
${adminpass}
'');
trustedProxies = [ "::1" ];
};
notify_push = {
enable = true;
@ -42,6 +41,7 @@ in {
extraApps = {
inherit (pkgs."nextcloud${lib.versions.major config.services.nextcloud.package.version}Packages".apps) notify_push;
};
extraOptions.trusted_proxies = [ "::1" ];
};
services.redis.servers."nextcloud".enable = true;