cafkafk/nixpkgs
cafkafk/nixpkgs
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 2

Merge pull request #212430 from onny/nextcloud-cleanup

Browse source 
nixos/nextcloud: Move options into now freeForm extraOptions
This commit is contained in:
Maximilian Bosch 2023-12-29 23:44:24 +01:00 committed by GitHub
commit d25fdec5b3
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 137 additions and 123 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
nixos/doc/manual/release-notes/rl-2405.section.md
View file

@ -98,6 +98,16 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m
- `libass` now uses the native CoreText backend on Darwin, which may fix subtitle rendering issues with `mpv`, `ffmpeg`, etc. - `libass` now uses the native CoreText backend on Darwin, which may fix subtitle rendering issues with `mpv`, `ffmpeg`, etc.
- The following options of the Nextcloud module were moved into [`services.nextcloud.extraOptions`](#opt-services.nextcloud.extraOptions) and renamed to match the name from Nextcloud's `config.php`:
- `logLevel` -> [`loglevel`](#opt-services.nextcloud.extraOptions.loglevel),
- `logType` -> [`log_type`](#opt-services.nextcloud.extraOptions.log_type),
- `defaultPhoneRegion` -> [`default_phone_region`](#opt-services.nextcloud.extraOptions.default_phone_region),
- `overwriteProtocol` -> [`overwriteprotocol`](#opt-services.nextcloud.extraOptions.overwriteprotocol),
- `skeletonDirectory` -> [`skeletondirectory`](#opt-services.nextcloud.extraOptions.skeletondirectory),
- `globalProfiles` -> [`profile.enabled`](#opt-services.nextcloud.extraOptions._profile.enabled_),
- `extraTrustedDomains` -> [`trusted_domains`](#opt-services.nextcloud.extraOptions.trusted_domains) and
- `trustedProxies` -> [`trusted_proxies`](#opt-services.nextcloud.extraOptions.trusted_proxies).
- The Yama LSM is now enabled by default in the kernel, which prevents ptracing - The Yama LSM is now enabled by default in the kernel, which prevents ptracing
non-child processes. This means you will not be able to attach gdb to an non-child processes. This means you will not be able to attach gdb to an
existing process, but will need to start that process from gdb (so it is a existing process, but will need to start that process from gdb (so it is a

2
nixos/modules/services/web-apps/nextcloud.md
View file

@ -51,7 +51,7 @@ to ensure that changes can be applied by changing the module's options.
In case the application serves multiple domains (those are checked with In case the application serves multiple domains (those are checked with
[`$_SERVER['HTTP_HOST']`](https://www.php.net/manual/en/reserved.variables.server.php)) [`$_SERVER['HTTP_HOST']`](https://www.php.net/manual/en/reserved.variables.server.php))
it's needed to add them to it's needed to add them to
[`services.nextcloud.config.extraTrustedDomains`](#opt-services.nextcloud.config.extraTrustedDomains). [`services.nextcloud.extraOptions.trusted_domains`](#opt-services.nextcloud.extraOptions.trusted_domains).
Auto updates for Nextcloud apps can be enabled using Auto updates for Nextcloud apps can be enabled using
[`services.nextcloud.autoUpdateApps`](#opt-services.nextcloud.autoUpdateApps.enable). [`services.nextcloud.autoUpdateApps`](#opt-services.nextcloud.autoUpdateApps.enable).

214
nixos/modules/services/web-apps/nextcloud.nix
View file

@ -131,6 +131,22 @@ in {
(mkRemovedOptionModule [ "services" "nextcloud" "disableImagemagick" ] '' (mkRemovedOptionModule [ "services" "nextcloud" "disableImagemagick" ] ''
Use services.nextcloud.enableImagemagick instead. Use services.nextcloud.enableImagemagick instead.
'') '')
(mkRenamedOptionModule
[ "services" "nextcloud" "logLevel" ] [ "services" "nextcloud" "extraOptions" "loglevel" ])
(mkRenamedOptionModule
[ "services" "nextcloud" "logType" ] [ "services" "nextcloud" "extraOptions" "log_type" ])
(mkRenamedOptionModule
[ "services" "nextcloud" "config" "defaultPhoneRegion" ] [ "services" "nextcloud" "extraOptions" "default_phone_region" ])
(mkRenamedOptionModule
[ "services" "nextcloud" "config" "overwriteProtocol" ] [ "services" "nextcloud" "extraOptions" "overwriteprotocol" ])
(mkRenamedOptionModule
[ "services" "nextcloud" "skeletonDirectory" ] [ "services" "nextcloud" "extraOptions" "skeletondirectory" ])
(mkRenamedOptionModule
[ "services" "nextcloud" "config" "globalProfiles" ] [ "services" "nextcloud" "extraOptions" "profile.enabled" ])
(mkRenamedOptionModule
[ "services" "nextcloud" "config" "extraTrustedDomains" ] [ "services" "nextcloud" "extraOptions" "trusted_domains" ])
(mkRenamedOptionModule
[ "services" "nextcloud" "config" "trustedProxies" ] [ "services" "nextcloud" "extraOptions" "trusted_proxies" ])
]; ];
options.services.nextcloud = { options.services.nextcloud = {
@ -194,32 +210,6 @@ in {
Set this to false to disable the installation of apps from the global appstore. App management is always enabled regardless of this setting. Set this to false to disable the installation of apps from the global appstore. App management is always enabled regardless of this setting.
''; '';
}; };
logLevel = mkOption {
type = types.ints.between 0 4;
default = 2;
description = lib.mdDoc ''
Log level value between 0 (DEBUG) and 4 (FATAL).
- 0 (debug): Log all activity.
- 1 (info): Log activity such as user logins and file activities, plus warnings, errors, and fatal errors.
- 2 (warn): Log successful operations, as well as warnings of potential problems, errors and fatal errors.
- 3 (error): Log failed operations and fatal errors.
- 4 (fatal): Log only fatal errors that cause the server to stop.
'';
};
logType = mkOption {
type = types.enum [ "errorlog" "file" "syslog" "systemd" ];
default = "syslog";
description = lib.mdDoc ''
Logging backend to use.
systemd requires the php-systemd package to be added to services.nextcloud.phpExtraExtensions.
See the [nextcloud documentation](https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/logging_configuration.html) for details.
'';
};
https = mkOption { https = mkOption {
type = types.bool; type = types.bool;
default = false; default = false;
@ -243,16 +233,6 @@ in {
''; '';
}; };
skeletonDirectory = mkOption {
default = "";
type = types.str;
description = lib.mdDoc ''
The directory where the skeleton files are located. These files will be
copied to the data directory of new users. Leave empty to not copy any
skeleton files.
'';
};
webfinger = mkOption { webfinger = mkOption {
type = types.bool; type = types.bool;
default = false; default = false;
@ -352,7 +332,6 @@ in {
}; };
config = { config = {
dbtype = mkOption { dbtype = mkOption {
type = types.enum [ "sqlite" "pgsql" "mysql" ]; type = types.enum [ "sqlite" "pgsql" "mysql" ];
@ -417,53 +396,6 @@ in {
setup of Nextcloud by the systemd service `nextcloud-setup.service`. setup of Nextcloud by the systemd service `nextcloud-setup.service`.
''; '';
}; };
extraTrustedDomains = mkOption {
type = types.listOf types.str;
default = [];
description = lib.mdDoc ''
Trusted domains from which the Nextcloud installation will be
accessible. You don't need to add
`services.nextcloud.hostname` here.
'';
};
trustedProxies = mkOption {
type = types.listOf types.str;
default = [];
description = lib.mdDoc ''
Trusted proxies to provide if the Nextcloud installation is being
proxied to secure against, e.g. spoofing.
'';
};
overwriteProtocol = mkOption {
type = types.nullOr (types.enum [ "http" "https" ]);
default = null;
example = "https";
description = lib.mdDoc ''
Force Nextcloud to always use HTTP or HTTPS i.e. for link generation.
Nextcloud uses the currently used protocol by default, but when
behind a reverse-proxy, it may use `http` for everything although
Nextcloud may be served via HTTPS.
'';
};
defaultPhoneRegion = mkOption {
default = null;
type = types.nullOr types.str;
example = "DE";
description = lib.mdDoc ''
An [ISO 3166-1](https://www.iso.org/iso-3166-country-codes.html)
country code which replaces automatic phone-number detection
without a country code.
As an example, with `DE` set as the default phone region,
the `+49` prefix can be omitted for phone numbers.
'';
};
objectstore = { objectstore = {
s3 = { s3 = {
enable = mkEnableOption (lib.mdDoc '' enable = mkEnableOption (lib.mdDoc ''
@ -646,13 +578,94 @@ in {
The nextcloud-occ program preconfigured to target this Nextcloud instance. The nextcloud-occ program preconfigured to target this Nextcloud instance.
''; '';
}; };
globalProfiles = mkEnableOption (lib.mdDoc "global profiles") // {
extraOptions = mkOption {
type = types.submodule {
freeformType = jsonFormat.type;
options = {
loglevel = mkOption {
type = types.ints.between 0 4;
default = 2;
description = lib.mdDoc ''
Log level value between 0 (DEBUG) and 4 (FATAL).
- 0 (debug): Log all activity.
- 1 (info): Log activity such as user logins and file activities, plus warnings, errors, and fatal errors.
- 2 (warn): Log successful operations, as well as warnings of potential problems, errors and fatal errors.
- 3 (error): Log failed operations and fatal errors.
- 4 (fatal): Log only fatal errors that cause the server to stop.
'';
};
log_type = mkOption {
type = types.enum [ "errorlog" "file" "syslog" "systemd" ];
default = "syslog";
description = lib.mdDoc ''
Logging backend to use.
systemd requires the php-systemd package to be added to services.nextcloud.phpExtraExtensions.
See the [nextcloud documentation](https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/logging_configuration.html) for details.
'';
};
skeletondirectory = mkOption {
default = "";
type = types.str;
description = lib.mdDoc ''
The directory where the skeleton files are located. These files will be
copied to the data directory of new users. Leave empty to not copy any
skeleton files.
'';
};
trusted_domains = mkOption {
type = types.listOf types.str;
default = [];
description = lib.mdDoc ''
Trusted domains, from which the nextcloud installation will be
accessible. You don't need to add
`services.nextcloud.hostname` here.
'';
};
trusted_proxies = mkOption {
type = types.listOf types.str;
default = [];
description = lib.mdDoc ''
Trusted proxies, to provide if the nextcloud installation is being
proxied to secure against e.g. spoofing.
'';
};
overwriteprotocol = mkOption {
type = types.enum [ "" "http" "https" ];
default = "";
example = "https";
description = lib.mdDoc ''
Force Nextcloud to always use HTTP or HTTPS i.e. for link generation.
Nextcloud uses the currently used protocol by default, but when
behind a reverse-proxy, it may use `http` for everything although
Nextcloud may be served via HTTPS.
'';
};
default_phone_region = mkOption {
default = "";
type = types.str;
example = "DE";
description = lib.mdDoc ''
An [ISO 3166-1](https://www.iso.org/iso-3166-country-codes.html)
country code which replaces automatic phone-number detection
without a country code.
As an example, with `DE` set as the default phone region,
the `+49` prefix can be omitted for phone numbers.
'';
};
"profile.enabled" = mkEnableOption (lib.mdDoc "global profiles") // {
description = lib.mdDoc '' description = lib.mdDoc ''
Makes user-profiles globally available under `nextcloud.tld/u/user.name`. Makes user-profiles globally available under `nextcloud.tld/u/user.name`.
Even though it's enabled by default in Nextcloud, it must be explicitly enabled Even though it's enabled by default in Nextcloud, it must be explicitly enabled
here because it has the side-effect that personal information is even accessible to here because it has the side-effect that personal information is even accessible to
unauthenticated users by default. unauthenticated users by default.
By default, the following properties are set to Show to everyone By default, the following properties are set to Show to everyone
if this flag is enabled: if this flag is enabled:
- About - About
@ -663,13 +676,11 @@ in {
- Role - Role
- Twitter - Twitter
- Website - Website
Only has an effect in Nextcloud 23 and later. Only has an effect in Nextcloud 23 and later.
''; '';
}; };
};
extraOptions = mkOption { };
type = jsonFormat.type;
default = {}; default = {};
description = lib.mdDoc '' description = lib.mdDoc ''
Extra options which should be appended to Nextcloud's config.php file. Extra options which should be appended to Nextcloud's config.php file.
@ -807,7 +818,6 @@ in {
nextcloud-setup = let nextcloud-setup = let
c = cfg.config; c = cfg.config;
writePhpArray = a: "[${concatMapStringsSep "," (val: ''"${toString val}"'') a}]";
requiresReadSecretFunction = c.dbpassFile != null || c.objectstore.s3.enable; requiresReadSecretFunction = c.dbpassFile != null || c.objectstore.s3.enable;
objectstoreConfig = let s3 = c.objectstore.s3; in optionalString s3.enable '' objectstoreConfig = let s3 = c.objectstore.s3; in optionalString s3.enable ''
'objectstore' => [ 'objectstore' => [
@ -872,12 +882,7 @@ in {
${concatStrings (mapAttrsToList mkAppStoreConfig appStores)} ${concatStrings (mapAttrsToList mkAppStoreConfig appStores)}
], ],
${optionalString (showAppStoreSetting) "'appstoreenabled' => ${renderedAppStoreSetting},"} ${optionalString (showAppStoreSetting) "'appstoreenabled' => ${renderedAppStoreSetting},"}
'datadirectory' => '${datadir}/data',
'skeletondirectory' => '${cfg.skeletonDirectory}',
${optionalString cfg.caching.apcu "'memcache.local' => '\\OC\\Memcache\\APCu',"} ${optionalString cfg.caching.apcu "'memcache.local' => '\\OC\\Memcache\\APCu',"}
'log_type' => '${cfg.logType}',
'loglevel' => '${builtins.toString cfg.logLevel}',
${optionalString (c.overwriteProtocol != null) "'overwriteprotocol' => '${c.overwriteProtocol}',"}
${optionalString (c.dbname != null) "'dbname' => '${c.dbname}',"} ${optionalString (c.dbname != null) "'dbname' => '${c.dbname}',"}
${optionalString (c.dbhost != null) "'dbhost' => '${c.dbhost}',"} ${optionalString (c.dbhost != null) "'dbhost' => '${c.dbhost}',"}
${optionalString (c.dbport != null) "'dbport' => '${toString c.dbport}',"} ${optionalString (c.dbport != null) "'dbport' => '${toString c.dbport}',"}
@ -890,10 +895,6 @@ in {
'' ''
} }
'dbtype' => '${c.dbtype}', 'dbtype' => '${c.dbtype}',
'trusted_domains' => ${writePhpArray ([ cfg.hostName ] ++ c.extraTrustedDomains)},
'trusted_proxies' => ${writePhpArray (c.trustedProxies)},
${optionalString (c.defaultPhoneRegion != null) "'default_phone_region' => '${c.defaultPhoneRegion}',"}
${optionalString (nextcloudGreaterOrEqualThan "23") "'profile.enabled' => ${boolToString cfg.globalProfiles},"}
${objectstoreConfig} ${objectstoreConfig}
]; ];
@ -946,7 +947,7 @@ in {
(i: v: '' (i: v: ''
${occ}/bin/nextcloud-occ config:system:set trusted_domains \ ${occ}/bin/nextcloud-occ config:system:set trusted_domains \
${toString i} --value="${toString v}" ${toString i} --value="${toString v}"
'') ([ cfg.hostName ] ++ cfg.config.extraTrustedDomains)); '') ([ cfg.hostName ] ++ cfg.extraOptions.trusted_domains));
in { in {
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
@ -1081,16 +1082,19 @@ in {
user = "nextcloud"; user = "nextcloud";
}; };
services.nextcloud = lib.mkIf cfg.configureRedis { services.nextcloud = {
caching.redis = true; caching.redis = lib.mkIf cfg.configureRedis true;
extraOptions = { extraOptions = mkMerge [({
datadirectory = lib.mkDefault "${datadir}/data";
trusted_domains = [ cfg.hostName ];
}) (lib.mkIf cfg.configureRedis {
"memcache.distributed" = ''\OC\Memcache\Redis''; "memcache.distributed" = ''\OC\Memcache\Redis'';
"memcache.locking" = ''\OC\Memcache\Redis''; "memcache.locking" = ''\OC\Memcache\Redis'';
redis = { redis = {
host = config.services.redis.servers.nextcloud.unixSocket; host = config.services.redis.servers.nextcloud.unixSocket;
port = 0; port = 0;
}; };
}; })];
}; };
services.nginx.enable = mkDefault true; services.nginx.enable = mkDefault true;

2
nixos/tests/nextcloud/with-postgresql-and-redis.nix
View file

@ -32,7 +32,6 @@ in {
adminpassFile = toString (pkgs.writeText "admin-pass-file" '' adminpassFile = toString (pkgs.writeText "admin-pass-file" ''
${adminpass} ${adminpass}
''); '');
trustedProxies = [ "::1" ];
}; };
notify_push = { notify_push = {
enable = true; enable = true;
@ -42,6 +41,7 @@ in {
extraApps = { extraApps = {
inherit (pkgs."nextcloud${lib.versions.major config.services.nextcloud.package.version}Packages".apps) notify_push; inherit (pkgs."nextcloud${lib.versions.major config.services.nextcloud.package.version}Packages".apps) notify_push;
}; };
extraOptions.trusted_proxies = [ "::1" ];
}; };
services.redis.servers."nextcloud".enable = true; services.redis.servers."nextcloud".enable = true;