pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / nixos / modules / services / web-servers / apache-httpd / owncloud.nix
at 15.09-beta 21 kB view raw
1{ config, lib, pkgs, serverInfo, php, ... }: 2 3with lib; 4 5let 6 7 httpd = serverInfo.serverConfig.package; 8 9 version24 = !versionOlder httpd.version "2.4"; 10 11 allGranted = if version24 then '' 12 Require all granted 13 '' else '' 14 Order allow,deny 15 Allow from all 16 ''; 17 18 owncloudConfig = pkgs.writeText "config.php" 19 '' 20 <?php 21 22 /* Only enable this for local development and not in productive environments */ 23 /* This will disable the minifier and outputs some additional debug informations */ 24 define("DEBUG", false); 25 26 $CONFIG = array( 27 /* Flag to indicate ownCloud is successfully installed (true = installed) */ 28 "installed" => true, 29 30 /* Type of database, can be sqlite, mysql or pgsql */ 31 "dbtype" => "${config.dbType}", 32 33 /* Name of the ownCloud database */ 34 "dbname" => "${config.dbName}", 35 36 /* User to access the ownCloud database */ 37 "dbuser" => "${config.dbUser}", 38 39 /* Password to access the ownCloud database */ 40 "dbpassword" => "${config.dbPassword}", 41 42 /* Host running the ownCloud database. To specify a port use "HOSTNAME:####"; to specify a unix sockets use "localhost:/path/to/socket". */ 43 "dbhost" => "${config.dbServer}", 44 45 /* Prefix for the ownCloud tables in the database */ 46 "dbtableprefix" => "", 47 48 /* Force use of HTTPS connection (true = use HTTPS) */ 49 "forcessl" => ${config.forceSSL}, 50 51 /* Blacklist a specific file and disallow the upload of files with this name - WARNING: USE THIS ONLY IF YOU KNOW WHAT YOU ARE DOING. */ 52 "blacklisted_files" => array('.htaccess'), 53 54 /* The automatic hostname detection of ownCloud can fail in certain reverse proxy and CLI/cron situations. This option allows to manually override the automatic detection. You can also add a port. For example "www.example.com:88" */ 55 "overwritehost" => "${config.overwriteHost}", 56 57 /* The automatic protocol detection of ownCloud can fail in certain reverse proxy and CLI/cron situations. This option allows to manually override the protocol detection. For example "https" */ 58 "overwriteprotocol" => "${config.overwriteProtocol}", 59 60 /* The automatic webroot detection of ownCloud can fail in certain reverse proxy and CLI/cron situations. This option allows to manually override the automatic detection. For example "/domain.tld/ownCloud". The value "/" can be used to remove the root. */ 61 "overwritewebroot" => "${config.overwriteWebRoot}", 62 63 /* The automatic detection of ownCloud can fail in certain reverse proxy and CLI/cron situations. This option allows to define a manually override condition as regular expression for the remote ip address. For example "^10\.0\.0\.[1-3]$" */ 64 "overwritecondaddr" => "", 65 66 /* A proxy to use to connect to the internet. For example "myproxy.org:88" */ 67 "proxy" => "", 68 69 /* The optional authentication for the proxy to use to connect to the internet. The format is: [username]:[password] */ 70 "proxyuserpwd" => "", 71 72 /* List of trusted domains, to prevent host header poisoning ownCloud is only using these Host headers */ 73 'trusted_domains' => array('${config.trustedDomain}'), 74 75 /* Theme to use for ownCloud */ 76 "theme" => "", 77 78 /* Optional ownCloud default language - overrides automatic language detection on public pages like login or shared items. This has no effect on the user's language preference configured under "personal -> language" once they have logged in */ 79 "default_language" => "${config.defaultLang}", 80 81 /* Path to the parent directory of the 3rdparty directory */ 82 "3rdpartyroot" => "", 83 84 /* URL to the parent directory of the 3rdparty directory, as seen by the browser */ 85 "3rdpartyurl" => "", 86 87 /* Default app to open on login. 88 * This can be a comma-separated list of app ids. 89 * If the first app is not enabled for the current user, 90 * it will try with the second one and so on. If no enabled app could be found, 91 * the "files" app will be displayed instead. */ 92 "defaultapp" => "${config.defaultApp}", 93 94 /* Enable the help menu item in the settings */ 95 "knowledgebaseenabled" => true, 96 97 /* Enable installing apps from the appstore */ 98 "appstoreenabled" => ${config.appStoreEnable}, 99 100 /* URL of the appstore to use, server should understand OCS */ 101 "appstoreurl" => "https://api.owncloud.com/v1", 102 103 /* Domain name used by ownCloud for the sender mail address, e.g. no-reply@example.com */ 104 "mail_domain" => "${config.mailFromDomain}", 105 106 /* FROM address used by ownCloud for the sender mail address, e.g. owncloud@example.com 107 This setting overwrites the built in 'sharing-noreply' and 'lostpassword-noreply' 108 FROM addresses, that ownCloud uses 109 */ 110 "mail_from_address" => "${config.mailFrom}", 111 112 /* Enable SMTP class debugging */ 113 "mail_smtpdebug" => false, 114 115 /* Mode to use for sending mail, can be sendmail, smtp, qmail or php, see PHPMailer docs */ 116 "mail_smtpmode" => "${config.SMTPMode}", 117 118 /* Host to use for sending mail, depends on mail_smtpmode if this is used */ 119 "mail_smtphost" => "${config.SMTPHost}", 120 121 /* Port to use for sending mail, depends on mail_smtpmode if this is used */ 122 "mail_smtpport" => ${config.SMTPPort}, 123 124 /* SMTP server timeout in seconds for sending mail, depends on mail_smtpmode if this is used */ 125 "mail_smtptimeout" => ${config.SMTPTimeout}, 126 127 /* SMTP connection prefix or sending mail, depends on mail_smtpmode if this is used. 128 Can be "", ssl or tls */ 129 "mail_smtpsecure" => "${config.SMTPSecure}", 130 131 /* authentication needed to send mail, depends on mail_smtpmode if this is used 132 * (false = disable authentication) 133 */ 134 "mail_smtpauth" => ${config.SMTPAuth}, 135 136 /* authentication type needed to send mail, depends on mail_smtpmode if this is used 137 * Can be LOGIN (default), PLAIN or NTLM */ 138 "mail_smtpauthtype" => "${config.SMTPAuthType}", 139 140 /* Username to use for sendmail mail, depends on mail_smtpauth if this is used */ 141 "mail_smtpname" => "${config.SMTPUser}", 142 143 /* Password to use for sendmail mail, depends on mail_smtpauth if this is used */ 144 "mail_smtppassword" => "${config.SMTPPass}", 145 146 /* memcached servers (Only used when xCache, APC and APCu are absent.) */ 147 "memcached_servers" => array( 148 // hostname, port and optional weight. Also see: 149 // http://www.php.net/manual/en/memcached.addservers.php 150 // http://www.php.net/manual/en/memcached.addserver.php 151 //array('localhost', 11211), 152 //array('other.host.local', 11211), 153 ), 154 155 /* How long should ownCloud keep deleted files in the trash bin, default value: 30 days */ 156 'trashbin_retention_obligation' => 30, 157 158 /* Disable/Enable auto expire for the trash bin, by default auto expire is enabled */ 159 'trashbin_auto_expire' => true, 160 161 /* allow user to change his display name, if it is supported by the back-end */ 162 'allow_user_to_change_display_name' => true, 163 164 /* Check 3rdparty apps for malicious code fragments */ 165 "appcodechecker" => true, 166 167 /* Check if ownCloud is up to date */ 168 "updatechecker" => true, 169 170 /* Are we connected to the internet or are we running in a closed network? */ 171 "has_internet_connection" => true, 172 173 /* Check if the ownCloud WebDAV server is working correctly. Can be disabled if not needed in special situations*/ 174 "check_for_working_webdav" => true, 175 176 /* Check if .htaccess protection of data is working correctly. Can be disabled if not needed in special situations*/ 177 "check_for_working_htaccess" => true, 178 179 /* Place to log to, can be owncloud and syslog (owncloud is log menu item in admin menu) */ 180 "log_type" => "owncloud", 181 182 /* File for the owncloud logger to log to, (default is ownloud.log in the data dir) */ 183 "logfile" => "${config.dataDir}/owncloud.log", 184 185 /* Loglevel to start logging at. 0=DEBUG, 1=INFO, 2=WARN, 3=ERROR (default is WARN) */ 186 "loglevel" => "2", 187 188 /* date format to be used while writing to the owncloud logfile */ 189 'logdateformat' => 'F d, Y H:i:s', 190 191 /* timezone used while writing to the owncloud logfile (default: UTC) */ 192 'logtimezone' => '${serverInfo.fullConfig.time.timeZone}', 193 194 /* Append all database queries and parameters to the log file. 195 (watch out, this option can increase the size of your log file)*/ 196 "log_query" => false, 197 198 /* Whether ownCloud should log the last successfull cron exec */ 199 "cron_log" => true, 200 201 /* 202 * Configure the size in bytes log rotation should happen, 0 or false disables the rotation. 203 * This rotates the current owncloud logfile to a new name, this way the total log usage 204 * will stay limited and older entries are available for a while longer. The 205 * total disk usage is twice the configured size. 206 * WARNING: When you use this, the log entries will eventually be lost. 207 */ 208 'log_rotate_size' => "104857600", // 104857600, // 100 MiB 209 210 /* Lifetime of the remember login cookie, default is 15 days */ 211 "remember_login_cookie_lifetime" => 1296000, 212 213 /* Life time of a session after inactivity */ 214 "session_lifetime" => 86400, 215 216 /* 217 * Enable/disable session keep alive when a user is logged in in the Web UI. 218 * This is achieved by sending a "heartbeat" to the server to prevent 219 * the session timing out. 220 */ 221 "session_keepalive" => true, 222 223 /* Custom CSP policy, changing this will overwrite the standard policy */ 224 "custom_csp_policy" => "default-src 'self'; script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; frame-src *; img-src *; font-src 'self' data:; media-src *", 225 226 /* Enable/disable X-Frame-Restriction */ 227 /* HIGH SECURITY RISK IF DISABLED*/ 228 "xframe_restriction" => true, 229 230 /* The directory where the user data is stored, default to data in the owncloud 231 * directory. The sqlite database is also stored here, when sqlite is used. 232 */ 233 "datadirectory" => "${config.dataDir}/storage", 234 235 /* The directory where the skeleton files are located. These files will be copied to the data 236 * directory of new users. Leave empty to not copy any skeleton files. 237 */ 238 // "skeletondirectory" => "", 239 240 /* Enable maintenance mode to disable ownCloud 241 If you want to prevent users to login to ownCloud before you start doing some maintenance work, 242 you need to set the value of the maintenance parameter to true. 243 Please keep in mind that users who are already logged-in are kicked out of ownCloud instantly. 244 */ 245 "maintenance" => false, 246 247 "apps_paths" => array( 248 249 /* Set an array of path for your apps directories 250 key 'path' is for the fs path and the key 'url' is for the http path to your 251 applications paths. 'writable' indicates whether the user can install apps in this folder. 252 You must have at least 1 app folder writable or you must set the parameter 'appstoreenabled' to false 253 */ 254 array( 255 'path'=> '${config.dataDir}/apps', 256 'url' => '/apps', 257 'writable' => true, 258 ), 259 ), 260 'user_backends'=>array( 261 /* 262 array( 263 'class'=>'OC_User_IMAP', 264 'arguments'=>array('{imap.gmail.com:993/imap/ssl}INBOX') 265 ) 266 */ 267 ), 268 //links to custom clients 269 'customclient_desktop' => ''', //http://owncloud.org/sync-clients/ 270 'customclient_android' => ''', //https://play.google.com/store/apps/details?id=com.owncloud.android 271 'customclient_ios' => ''', //https://itunes.apple.com/us/app/owncloud/id543672169?mt=8 272 273 // PREVIEW 274 'enable_previews' => true, 275 /* the max width of a generated preview, if value is null, there is no limit */ 276 'preview_max_x' => null, 277 /* the max height of a generated preview, if value is null, there is no limit */ 278 'preview_max_y' => null, 279 /* the max factor to scale a preview, default is set to 10 */ 280 'preview_max_scale_factor' => 10, 281 /* custom path for libreoffice / openoffice binary */ 282 'preview_libreoffice_path' => '${config.libreofficePath}', 283 /* cl parameters for libreoffice / openoffice */ 284 'preview_office_cl_parameters' => ''', 285 286 /* whether avatars should be enabled */ 287 'enable_avatars' => true, 288 289 // Extra SSL options to be used for configuration 290 'openssl' => array( 291 'config' => '/etc/ssl/openssl.cnf', 292 ), 293 294 // default cipher used for file encryption, currently we support AES-128-CFB and AES-256-CFB 295 'cipher' => 'AES-256-CFB', 296 297 /* whether usage of the instance should be restricted to admin users only */ 298 'singleuser' => false, 299 300 /* all css and js files will be served by the web server statically in one js file and ons css file*/ 301 'asset-pipeline.enabled' => false, 302 303 /* where mount.json file should be stored, defaults to data/mount.json */ 304 'mount_file' => ''', 305 306 /* 307 * Location of the cache folder, defaults to "data/$user/cache" where "$user" is the current user. 308 * 309 * When specified, the format will change to "$cache_path/$user" where "$cache_path" is the configured 310 * cache directory and "$user" is the user. 311 * 312 */ 313 'cache_path' => ''', 314 315 /* EXPERIMENTAL: option whether to include external storage in quota calculation, defaults to false */ 316 'quota_include_external_storage' => false, 317 318 /* 319 * specifies how often the filesystem is checked for changes made outside owncloud 320 * 0 -> never check the filesystem for outside changes, provides a performance increase when it's certain that no changes are made directly to the filesystem 321 * 1 -> check each file or folder at most once per request, recomended for general use if outside changes might happen 322 * 2 -> check every time the filesystem is used, causes a performance hit when using external storages, not recomended for regular use 323 */ 324 'filesystem_check_changes' => 1, 325 326 /* If true, prevent owncloud from changing the cache due to changes in the filesystem for all storage */ 327 'filesystem_cache_readonly' => false, 328 329 /** 330 * define default folder for shared files and folders 331 */ 332 'share_folder' => '/', 333 334 'version' => '${pkgs.owncloud.version}', 335 336 'openssl' => '${pkgs.openssl}/bin/openssl' 337 338 ); 339 340 ''; 341 342in 343 344rec { 345 346 extraConfig = 347 '' 348 ServerName ${config.siteName} 349 ServerAdmin ${config.adminAddr} 350 DocumentRoot ${documentRoot} 351 352 RewriteEngine On 353 RewriteCond %{DOCUMENT_ROOT}%{REQUEST_URI} !-f 354 RewriteCond %{DOCUMENT_ROOT}%{REQUEST_URI} !-d 355 356 <Directory ${pkgs.owncloud}> 357 ${builtins.readFile "${pkgs.owncloud}/.htaccess"} 358 </Directory> 359 ''; 360 361 globalEnvVars = [ 362 { name = "OC_CONFIG_PATH"; value = "${config.dataDir}/config/"; } 363 ]; 364 365 documentRoot = pkgs.owncloud; 366 367 enablePHP = true; 368 369 options = { 370 371 id = mkOption { 372 default = "main"; 373 description = '' 374 A unique identifier necessary to keep multiple owncloud server 375 instances on the same machine apart. This is used to 376 disambiguate the administrative scripts, which get names like 377 mediawiki-$id-change-password. 378 ''; 379 }; 380 381 adminUser = mkOption { 382 default = "owncloud"; 383 description = "The admin user name for accessing owncloud."; 384 }; 385 386 adminPassword = mkOption { 387 description = "The admin password for accessing owncloud."; 388 }; 389 390 dbType = mkOption { 391 default = "pgsql"; 392 description = "Type of database, in NixOS, for now, only pgsql."; 393 }; 394 395 dbName = mkOption { 396 default = "owncloud"; 397 description = "Name of the database that holds the owncloud data."; 398 }; 399 400 dbServer = mkOption { 401 default = "localhost:5432"; 402 description = '' 403 The location of the database server. 404 ''; 405 }; 406 407 dbUser = mkOption { 408 default = "owncloud"; 409 description = "The user name for accessing the database."; 410 }; 411 412 dbPassword = mkOption { 413 example = "foobar"; 414 description = '' 415 The password of the database user. Warning: this is stored in 416 cleartext in the Nix store! 417 ''; 418 }; 419 420 forceSSL = mkOption { 421 default = "false"; 422 description = "Force use of HTTPS connection."; 423 }; 424 425 adminAddr = mkOption { 426 default = serverInfo.serverConfig.adminAddr; 427 example = "admin@example.com"; 428 description = '' 429 Emergency contact e-mail address. Defaults to the Apache 430 admin address. 431 ''; 432 }; 433 434 siteName = mkOption { 435 default = "owncloud"; 436 example = "Foobar owncloud"; 437 description = "Name of the owncloud"; 438 }; 439 440 trustedDomain = mkOption { 441 default = ""; 442 description = "Trusted domain"; 443 }; 444 445 defaultLang = mkOption { 446 default = ""; 447 description = "Default language"; 448 }; 449 450 defaultApp = mkOption { 451 default = ""; 452 description = "Default application"; 453 }; 454 455 appStoreEnable = mkOption { 456 default = "true"; 457 description = "Enable app store"; 458 }; 459 460 mailFrom = mkOption { 461 default = "no-reply"; 462 description = "Mail from"; 463 }; 464 465 mailFromDomain = mkOption { 466 default = "example.xyz"; 467 description = "Mail from domain"; 468 }; 469 470 SMTPMode = mkOption { 471 default = "smtp"; 472 description = "Which mode to use for sending mail: sendmail, smtp, qmail or php."; 473 }; 474 475 SMTPHost = mkOption { 476 default = ""; 477 description = "SMTP host"; 478 }; 479 480 SMTPPort = mkOption { 481 default = "25"; 482 description = "SMTP port"; 483 }; 484 485 SMTPTimeout = mkOption { 486 default = "10"; 487 description = "SMTP mode"; 488 }; 489 490 SMTPSecure = mkOption { 491 default = "ssl"; 492 description = "SMTP secure"; 493 }; 494 495 SMTPAuth = mkOption { 496 default = "true"; 497 description = "SMTP auth"; 498 }; 499 500 SMTPAuthType = mkOption { 501 default = "LOGIN"; 502 description = "SMTP auth type"; 503 }; 504 505 SMTPUser = mkOption { 506 default = ""; 507 description = "SMTP user"; 508 }; 509 510 SMTPPass = mkOption { 511 default = ""; 512 description = "SMTP pass"; 513 }; 514 515 dataDir = mkOption { 516 default = "/var/lib/owncloud"; 517 description = "Data dir"; 518 }; 519 520 libreofficePath = mkOption { 521 default = "/usr/bin/libreoffice"; 522 description = "Path for LibreOffice/OpenOffice binary."; 523 }; 524 525 overwriteHost = mkOption { 526 default = ""; 527 description = "The automatic hostname detection of ownCloud can fail in 528 certain reverse proxy and CLI/cron situations. This option allows to 529 manually override the automatic detection. You can also add a port."; 530 }; 531 532 overwriteProtocol = mkOption { 533 default = ""; 534 description = "The automatic protocol detection of ownCloud can fail in 535 certain reverse proxy and CLI/cron situations. This option allows to 536 manually override the protocol detection."; 537 }; 538 539 overwriteWebRoot = mkOption { 540 default = ""; 541 description = "The automatic webroot detection of ownCloud can fail in 542 certain reverse proxy and CLI/cron situations. This option allows to 543 manually override the automatic detection."; 544 }; 545 546 }; 547 548 startupScript = pkgs.writeScript "owncloud_startup.sh" '' 549 550 if [ ! -d ${config.dataDir}/config ]; then 551 mkdir -p ${config.dataDir}/config 552 cp ${owncloudConfig} ${config.dataDir}/config/config.php 553 mkdir -p ${config.dataDir}/storage 554 mkdir -p ${config.dataDir}/apps 555 cp -r ${pkgs.owncloud}/apps/* ${config.dataDir}/apps/ 556 chmod -R ug+rw ${config.dataDir} 557 chmod -R o-rwx ${config.dataDir} 558 chown -R wwwrun:wwwrun ${config.dataDir} 559 560 ${pkgs.postgresql}/bin/createuser -s -r postgres 561 ${pkgs.postgresql}/bin/createuser --no-superuser --no-createdb --no-createrole "${config.dbUser}" || true 562 ${pkgs.postgresql}/bin/createdb "${config.dbName}" -O "${config.dbUser}" || true 563 ${pkgs.sudo}/bin/sudo -u postgres ${pkgs.postgresql}/bin/psql -U postgres -d postgres -c "alter user ${config.dbUser} with password '${config.dbPassword}';" || true 564 565 QUERY="CREATE TABLE appconfig (appid VARCHAR( 255 ) NOT NULL ,configkey VARCHAR( 255 ) NOT NULL ,configvalue VARCHAR( 255 ) NOT NULL); GRANT ALL ON appconfig TO ${config.dbUser}; ALTER TABLE appconfig OWNER TO ${config.dbUser};" 566 ${pkgs.sudo}/bin/sudo -u postgres ${pkgs.postgresql}/bin/psql -h "/tmp" -U postgres -d ${config.dbName} -Atw -c "$QUERY" || true 567 fi 568 569 ${php}/bin/php ${pkgs.owncloud}/occ upgrade || true 570 571 chown wwwrun:wwwrun ${config.dataDir}/owncloud.log || true 572 573 QUERY="INSERT INTO groups (gid) values('admin'); INSERT INTO users (uid,password) values('${config.adminUser}','${builtins.hashString "sha1" config.adminPassword}'); INSERT INTO group_user (gid,uid) values('admin','${config.adminUser}');" 574 ${pkgs.sudo}/bin/sudo -u postgres ${pkgs.postgresql}/bin/psql -h "/tmp" -U postgres -d ${config.dbName} -Atw -c "$QUERY" || true 575 ''; 576}