pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / nixos / modules / services / web-servers / apache-httpd / owncloud.nix
at 17.09-beta 22 kB view raw
1{ config, lib, pkgs, serverInfo, php, ... }: 2 3with lib; 4 5let 6 7 httpd = serverInfo.serverConfig.package; 8 9 version24 = !versionOlder httpd.version "2.4"; 10 11 allGranted = if version24 then '' 12 Require all granted 13 '' else '' 14 Order allow,deny 15 Allow from all 16 ''; 17 18 owncloudConfig = pkgs.writeText "config.php" 19 '' 20 <?php 21 22 /* Only enable this for local development and not in productive environments */ 23 /* This will disable the minifier and outputs some additional debug informations */ 24 define("DEBUG", false); 25 26 $CONFIG = array( 27 /* Flag to indicate ownCloud is successfully installed (true = installed) */ 28 "installed" => true, 29 30 /* Type of database, can be sqlite, mysql or pgsql */ 31 "dbtype" => "${config.dbType}", 32 33 /* Name of the ownCloud database */ 34 "dbname" => "${config.dbName}", 35 36 /* User to access the ownCloud database */ 37 "dbuser" => "${config.dbUser}", 38 39 /* Password to access the ownCloud database */ 40 "dbpassword" => "${config.dbPassword}", 41 42 /* Host running the ownCloud database. To specify a port use "HOSTNAME:####"; to specify a unix sockets use "localhost:/path/to/socket". */ 43 "dbhost" => "${config.dbServer}", 44 45 /* Prefix for the ownCloud tables in the database */ 46 "dbtableprefix" => "", 47 48 /* Force use of HTTPS connection (true = use HTTPS) */ 49 "forcessl" => ${config.forceSSL}, 50 51 /* Blacklist a specific file and disallow the upload of files with this name - WARNING: USE THIS ONLY IF YOU KNOW WHAT YOU ARE DOING. */ 52 "blacklisted_files" => array('.htaccess'), 53 54 /* The automatic hostname detection of ownCloud can fail in certain reverse proxy and CLI/cron situations. This option allows to manually override the automatic detection. You can also add a port. For example "www.example.com:88" */ 55 "overwritehost" => "${config.overwriteHost}", 56 57 /* The automatic protocol detection of ownCloud can fail in certain reverse proxy and CLI/cron situations. This option allows to manually override the protocol detection. For example "https" */ 58 "overwriteprotocol" => "${config.overwriteProtocol}", 59 60 /* The automatic webroot detection of ownCloud can fail in certain reverse proxy and CLI/cron situations. This option allows to manually override the automatic detection. For example "/domain.tld/ownCloud". The value "/" can be used to remove the root. */ 61 "overwritewebroot" => "${config.overwriteWebRoot}", 62 63 /* The automatic detection of ownCloud can fail in certain reverse proxy and CLI/cron situations. This option allows to define a manually override condition as regular expression for the remote ip address. For example "^10\.0\.0\.[1-3]$" */ 64 "overwritecondaddr" => "", 65 66 /* A proxy to use to connect to the internet. For example "myproxy.org:88" */ 67 "proxy" => "", 68 69 /* The optional authentication for the proxy to use to connect to the internet. The format is: [username]:[password] */ 70 "proxyuserpwd" => "", 71 72 /* List of trusted domains, to prevent host header poisoning ownCloud is only using these Host headers */ 73 ${if config.trustedDomain != "" then "'trusted_domains' => array('${config.trustedDomain}')," else ""} 74 75 /* Theme to use for ownCloud */ 76 "theme" => "", 77 78 /* Optional ownCloud default language - overrides automatic language detection on public pages like login or shared items. This has no effect on the user's language preference configured under "personal -> language" once they have logged in */ 79 "default_language" => "${config.defaultLang}", 80 81 /* Path to the parent directory of the 3rdparty directory */ 82 "3rdpartyroot" => "", 83 84 /* URL to the parent directory of the 3rdparty directory, as seen by the browser */ 85 "3rdpartyurl" => "", 86 87 /* Default app to open on login. 88 * This can be a comma-separated list of app ids. 89 * If the first app is not enabled for the current user, 90 * it will try with the second one and so on. If no enabled app could be found, 91 * the "files" app will be displayed instead. */ 92 "defaultapp" => "${config.defaultApp}", 93 94 /* Enable the help menu item in the settings */ 95 "knowledgebaseenabled" => true, 96 97 /* Enable installing apps from the appstore */ 98 "appstoreenabled" => ${config.appStoreEnable}, 99 100 /* URL of the appstore to use, server should understand OCS */ 101 "appstoreurl" => "https://api.owncloud.com/v1", 102 103 /* Domain name used by ownCloud for the sender mail address, e.g. no-reply@example.com */ 104 "mail_domain" => "${config.mailFromDomain}", 105 106 /* FROM address used by ownCloud for the sender mail address, e.g. owncloud@example.com 107 This setting overwrites the built in 'sharing-noreply' and 'lostpassword-noreply' 108 FROM addresses, that ownCloud uses 109 */ 110 "mail_from_address" => "${config.mailFrom}", 111 112 /* Enable SMTP class debugging */ 113 "mail_smtpdebug" => false, 114 115 /* Mode to use for sending mail, can be sendmail, smtp, qmail or php, see PHPMailer docs */ 116 "mail_smtpmode" => "${config.SMTPMode}", 117 118 /* Host to use for sending mail, depends on mail_smtpmode if this is used */ 119 "mail_smtphost" => "${config.SMTPHost}", 120 121 /* Port to use for sending mail, depends on mail_smtpmode if this is used */ 122 "mail_smtpport" => ${config.SMTPPort}, 123 124 /* SMTP server timeout in seconds for sending mail, depends on mail_smtpmode if this is used */ 125 "mail_smtptimeout" => ${config.SMTPTimeout}, 126 127 /* SMTP connection prefix or sending mail, depends on mail_smtpmode if this is used. 128 Can be "", ssl or tls */ 129 "mail_smtpsecure" => "${config.SMTPSecure}", 130 131 /* authentication needed to send mail, depends on mail_smtpmode if this is used 132 * (false = disable authentication) 133 */ 134 "mail_smtpauth" => ${config.SMTPAuth}, 135 136 /* authentication type needed to send mail, depends on mail_smtpmode if this is used 137 * Can be LOGIN (default), PLAIN or NTLM */ 138 "mail_smtpauthtype" => "${config.SMTPAuthType}", 139 140 /* Username to use for sendmail mail, depends on mail_smtpauth if this is used */ 141 "mail_smtpname" => "${config.SMTPUser}", 142 143 /* Password to use for sendmail mail, depends on mail_smtpauth if this is used */ 144 "mail_smtppassword" => "${config.SMTPPass}", 145 146 /* memcached servers (Only used when xCache, APC and APCu are absent.) */ 147 "memcached_servers" => array( 148 // hostname, port and optional weight. Also see: 149 // http://www.php.net/manual/en/memcached.addservers.php 150 // http://www.php.net/manual/en/memcached.addserver.php 151 //array('localhost', 11211), 152 //array('other.host.local', 11211), 153 ), 154 155 /* How long should ownCloud keep deleted files in the trash bin, default value: 30 days */ 156 'trashbin_retention_obligation' => 30, 157 158 /* Disable/Enable auto expire for the trash bin, by default auto expire is enabled */ 159 'trashbin_auto_expire' => true, 160 161 /* allow user to change his display name, if it is supported by the back-end */ 162 'allow_user_to_change_display_name' => true, 163 164 /* Check 3rdparty apps for malicious code fragments */ 165 "appcodechecker" => true, 166 167 /* Check if ownCloud is up to date */ 168 "updatechecker" => true, 169 170 /* Are we connected to the internet or are we running in a closed network? */ 171 "has_internet_connection" => true, 172 173 /* Check if the ownCloud WebDAV server is working correctly. Can be disabled if not needed in special situations*/ 174 "check_for_working_webdav" => true, 175 176 /* Check if .htaccess protection of data is working correctly. Can be disabled if not needed in special situations*/ 177 "check_for_working_htaccess" => true, 178 179 /* Place to log to, can be owncloud and syslog (owncloud is log menu item in admin menu) */ 180 "log_type" => "owncloud", 181 182 /* File for the owncloud logger to log to, (default is ownloud.log in the data dir) */ 183 "logfile" => "${config.dataDir}/owncloud.log", 184 185 /* Loglevel to start logging at. 0=DEBUG, 1=INFO, 2=WARN, 3=ERROR (default is WARN) */ 186 "loglevel" => "2", 187 188 /* date format to be used while writing to the owncloud logfile */ 189 'logdateformat' => 'F d, Y H:i:s', 190 191 /* timezone used while writing to the owncloud logfile (default: UTC) */ 192 'logtimezone' => '${serverInfo.fullConfig.time.timeZone}', 193 194 /* Append all database queries and parameters to the log file. 195 (watch out, this option can increase the size of your log file)*/ 196 "log_query" => false, 197 198 /* Whether ownCloud should log the last successfull cron exec */ 199 "cron_log" => true, 200 201 /* 202 * Configure the size in bytes log rotation should happen, 0 or false disables the rotation. 203 * This rotates the current owncloud logfile to a new name, this way the total log usage 204 * will stay limited and older entries are available for a while longer. The 205 * total disk usage is twice the configured size. 206 * WARNING: When you use this, the log entries will eventually be lost. 207 */ 208 'log_rotate_size' => "104857600", // 104857600, // 100 MiB 209 210 /* Lifetime of the remember login cookie, default is 15 days */ 211 "remember_login_cookie_lifetime" => 1296000, 212 213 /* Life time of a session after inactivity */ 214 "session_lifetime" => 86400, 215 216 /* 217 * Enable/disable session keep alive when a user is logged in in the Web UI. 218 * This is achieved by sending a "heartbeat" to the server to prevent 219 * the session timing out. 220 */ 221 "session_keepalive" => true, 222 223 /* Custom CSP policy, changing this will overwrite the standard policy */ 224 "custom_csp_policy" => "default-src 'self'; script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; frame-src *; img-src *; font-src 'self' data:; media-src *", 225 226 /* Enable/disable X-Frame-Restriction */ 227 /* HIGH SECURITY RISK IF DISABLED*/ 228 "xframe_restriction" => true, 229 230 /* The directory where the user data is stored, default to data in the owncloud 231 * directory. The sqlite database is also stored here, when sqlite is used. 232 */ 233 "datadirectory" => "${config.dataDir}/storage", 234 235 /* The directory where the skeleton files are located. These files will be copied to the data 236 * directory of new users. Leave empty to not copy any skeleton files. 237 */ 238 // "skeletondirectory" => "", 239 240 /* Enable maintenance mode to disable ownCloud 241 If you want to prevent users to login to ownCloud before you start doing some maintenance work, 242 you need to set the value of the maintenance parameter to true. 243 Please keep in mind that users who are already logged-in are kicked out of ownCloud instantly. 244 */ 245 "maintenance" => false, 246 247 "apps_paths" => array( 248 249 /* Set an array of path for your apps directories 250 key 'path' is for the fs path and the key 'url' is for the http path to your 251 applications paths. 'writable' indicates whether the user can install apps in this folder. 252 You must have at least 1 app folder writable or you must set the parameter 'appstoreenabled' to false 253 */ 254 array( 255 'path'=> '${config.dataDir}/apps', 256 'url' => '/apps', 257 'writable' => true, 258 ), 259 ), 260 'user_backends'=>array( 261 /* 262 array( 263 'class'=>'OC_User_IMAP', 264 'arguments'=>array('{imap.gmail.com:993/imap/ssl}INBOX') 265 ) 266 */ 267 ), 268 //links to custom clients 269 'customclient_desktop' => ''', //http://owncloud.org/sync-clients/ 270 'customclient_android' => ''', //https://play.google.com/store/apps/details?id=com.owncloud.android 271 'customclient_ios' => ''', //https://itunes.apple.com/us/app/owncloud/id543672169?mt=8 272 273 // PREVIEW 274 'enable_previews' => true, 275 /* the max width of a generated preview, if value is null, there is no limit */ 276 'preview_max_x' => null, 277 /* the max height of a generated preview, if value is null, there is no limit */ 278 'preview_max_y' => null, 279 /* the max factor to scale a preview, default is set to 10 */ 280 'preview_max_scale_factor' => 10, 281 /* custom path for libreoffice / openoffice binary */ 282 'preview_libreoffice_path' => '${config.libreofficePath}', 283 /* cl parameters for libreoffice / openoffice */ 284 'preview_office_cl_parameters' => ''', 285 286 /* whether avatars should be enabled */ 287 'enable_avatars' => true, 288 289 // Extra SSL options to be used for configuration 290 'openssl' => array( 291 'config' => '/etc/ssl/openssl.cnf', 292 ), 293 294 // default cipher used for file encryption, currently we support AES-128-CFB and AES-256-CFB 295 'cipher' => 'AES-256-CFB', 296 297 /* whether usage of the instance should be restricted to admin users only */ 298 'singleuser' => false, 299 300 /* all css and js files will be served by the web server statically in one js file and ons css file*/ 301 'asset-pipeline.enabled' => false, 302 303 /* where mount.json file should be stored, defaults to data/mount.json */ 304 'mount_file' => ''', 305 306 /* 307 * Location of the cache folder, defaults to "data/$user/cache" where "$user" is the current user. 308 * 309 * When specified, the format will change to "$cache_path/$user" where "$cache_path" is the configured 310 * cache directory and "$user" is the user. 311 * 312 */ 313 'cache_path' => ''', 314 315 /* EXPERIMENTAL: option whether to include external storage in quota calculation, defaults to false */ 316 'quota_include_external_storage' => false, 317 318 /* 319 * specifies how often the filesystem is checked for changes made outside owncloud 320 * 0 -> never check the filesystem for outside changes, provides a performance increase when it's certain that no changes are made directly to the filesystem 321 * 1 -> check each file or folder at most once per request, recomended for general use if outside changes might happen 322 * 2 -> check every time the filesystem is used, causes a performance hit when using external storages, not recomended for regular use 323 */ 324 'filesystem_check_changes' => 1, 325 326 /* If true, prevent owncloud from changing the cache due to changes in the filesystem for all storage */ 327 'filesystem_cache_readonly' => false, 328 329 /** 330 * define default folder for shared files and folders 331 */ 332 'share_folder' => '/', 333 334 'version' => '${config.package.version}', 335 336 'openssl' => '${pkgs.openssl.bin}/bin/openssl' 337 338 ); 339 340 ''; 341 342in 343 344rec { 345 346 extraConfig = 347 '' 348 ${if config.urlPrefix != "" then "Alias ${config.urlPrefix} ${config.package}" else '' 349 350 RewriteEngine On 351 RewriteCond %{DOCUMENT_ROOT}%{REQUEST_URI} !-f 352 RewriteCond %{DOCUMENT_ROOT}%{REQUEST_URI} !-d 353 ''} 354 355 <Directory ${config.package}> 356 ${builtins.readFile "${config.package}/.htaccess"} 357 </Directory> 358 ''; 359 360 globalEnvVars = [ 361 { name = "OC_CONFIG_PATH"; value = "${config.dataDir}/config/"; } 362 ]; 363 364 documentRoot = if config.urlPrefix == "" then config.package else null; 365 366 enablePHP = true; 367 368 options = { 369 370 package = mkOption { 371 type = types.package; 372 default = pkgs.owncloud70; 373 defaultText = "pkgs.owncloud70"; 374 example = literalExample "pkgs.owncloud70"; 375 description = '' 376 PostgreSQL package to use. 377 ''; 378 }; 379 380 urlPrefix = mkOption { 381 default = ""; 382 example = "/owncloud"; 383 description = '' 384 The URL prefix under which the owncloud service appears. 385 ''; 386 }; 387 388 id = mkOption { 389 default = "main"; 390 description = '' 391 A unique identifier necessary to keep multiple owncloud server 392 instances on the same machine apart. This is used to 393 disambiguate the administrative scripts, which get names like 394 mediawiki-$id-change-password. 395 ''; 396 }; 397 398 adminUser = mkOption { 399 default = "owncloud"; 400 description = "The admin user name for accessing owncloud."; 401 }; 402 403 adminPassword = mkOption { 404 description = "The admin password for accessing owncloud."; 405 }; 406 407 dbType = mkOption { 408 default = "pgsql"; 409 description = "Type of database, in NixOS, for now, only pgsql."; 410 }; 411 412 dbName = mkOption { 413 default = "owncloud"; 414 description = "Name of the database that holds the owncloud data."; 415 }; 416 417 dbServer = mkOption { 418 default = "localhost:5432"; 419 description = '' 420 The location of the database server. 421 ''; 422 }; 423 424 dbUser = mkOption { 425 default = "owncloud"; 426 description = "The user name for accessing the database."; 427 }; 428 429 dbPassword = mkOption { 430 example = "foobar"; 431 description = '' 432 The password of the database user. Warning: this is stored in 433 cleartext in the Nix store! 434 ''; 435 }; 436 437 forceSSL = mkOption { 438 default = "false"; 439 description = "Force use of HTTPS connection."; 440 }; 441 442 adminAddr = mkOption { 443 default = serverInfo.serverConfig.adminAddr; 444 example = "admin@example.com"; 445 description = '' 446 Emergency contact e-mail address. Defaults to the Apache 447 admin address. 448 ''; 449 }; 450 451 siteName = mkOption { 452 default = "owncloud"; 453 example = "Foobar owncloud"; 454 description = "Name of the owncloud"; 455 }; 456 457 trustedDomain = mkOption { 458 default = ""; 459 description = "Trusted domain"; 460 }; 461 462 defaultLang = mkOption { 463 default = ""; 464 description = "Default language"; 465 }; 466 467 defaultApp = mkOption { 468 default = ""; 469 description = "Default application"; 470 }; 471 472 appStoreEnable = mkOption { 473 default = "true"; 474 description = "Enable app store"; 475 }; 476 477 mailFrom = mkOption { 478 default = "no-reply"; 479 description = "Mail from"; 480 }; 481 482 mailFromDomain = mkOption { 483 default = "example.xyz"; 484 description = "Mail from domain"; 485 }; 486 487 SMTPMode = mkOption { 488 default = "smtp"; 489 description = "Which mode to use for sending mail: sendmail, smtp, qmail or php."; 490 }; 491 492 SMTPHost = mkOption { 493 default = ""; 494 description = "SMTP host"; 495 }; 496 497 SMTPPort = mkOption { 498 default = "25"; 499 description = "SMTP port"; 500 }; 501 502 SMTPTimeout = mkOption { 503 default = "10"; 504 description = "SMTP mode"; 505 }; 506 507 SMTPSecure = mkOption { 508 default = "ssl"; 509 description = "SMTP secure"; 510 }; 511 512 SMTPAuth = mkOption { 513 default = "true"; 514 description = "SMTP auth"; 515 }; 516 517 SMTPAuthType = mkOption { 518 default = "LOGIN"; 519 description = "SMTP auth type"; 520 }; 521 522 SMTPUser = mkOption { 523 default = ""; 524 description = "SMTP user"; 525 }; 526 527 SMTPPass = mkOption { 528 default = ""; 529 description = "SMTP pass"; 530 }; 531 532 dataDir = mkOption { 533 default = "/var/lib/owncloud"; 534 description = "Data dir"; 535 }; 536 537 libreofficePath = mkOption { 538 default = "/usr/bin/libreoffice"; 539 description = "Path for LibreOffice/OpenOffice binary."; 540 }; 541 542 overwriteHost = mkOption { 543 default = ""; 544 description = "The automatic hostname detection of ownCloud can fail in 545 certain reverse proxy and CLI/cron situations. This option allows to 546 manually override the automatic detection. You can also add a port."; 547 }; 548 549 overwriteProtocol = mkOption { 550 default = ""; 551 description = "The automatic protocol detection of ownCloud can fail in 552 certain reverse proxy and CLI/cron situations. This option allows to 553 manually override the protocol detection."; 554 }; 555 556 overwriteWebRoot = mkOption { 557 default = ""; 558 description = "The automatic webroot detection of ownCloud can fail in 559 certain reverse proxy and CLI/cron situations. This option allows to 560 manually override the automatic detection."; 561 }; 562 563 }; 564 565 startupScript = pkgs.writeScript "owncloud_startup.sh" '' 566 567 if [ ! -d ${config.dataDir}/config ]; then 568 mkdir -p ${config.dataDir}/config 569 cp ${owncloudConfig} ${config.dataDir}/config/config.php 570 mkdir -p ${config.dataDir}/storage 571 mkdir -p ${config.dataDir}/apps 572 cp -r ${config.package}/apps/* ${config.dataDir}/apps/ 573 chmod -R ug+rw ${config.dataDir} 574 chmod -R o-rwx ${config.dataDir} 575 chown -R wwwrun:wwwrun ${config.dataDir} 576 577 ${pkgs.postgresql}/bin/createuser -s -r postgres 578 ${pkgs.postgresql}/bin/createuser --no-superuser --no-createdb --no-createrole "${config.dbUser}" || true 579 ${pkgs.postgresql}/bin/createdb "${config.dbName}" -O "${config.dbUser}" || true 580 ${pkgs.sudo}/bin/sudo -u postgres ${pkgs.postgresql}/bin/psql -U postgres -d postgres -c "alter user ${config.dbUser} with password '${config.dbPassword}';" || true 581 582 QUERY="CREATE TABLE appconfig (appid VARCHAR( 255 ) NOT NULL ,configkey VARCHAR( 255 ) NOT NULL ,configvalue VARCHAR( 255 ) NOT NULL); GRANT ALL ON appconfig TO ${config.dbUser}; ALTER TABLE appconfig OWNER TO ${config.dbUser};" 583 ${pkgs.sudo}/bin/sudo -u postgres ${pkgs.postgresql}/bin/psql -h "/tmp" -U postgres -d ${config.dbName} -Atw -c "$QUERY" || true 584 fi 585 586 if [ -e ${config.package}/config/ca-bundle.crt ]; then 587 cp -f ${config.package}/config/ca-bundle.crt ${config.dataDir}/config/ 588 fi 589 590 ${php}/bin/php ${config.package}/occ upgrade >> ${config.dataDir}/upgrade.log || true 591 592 chown wwwrun:wwwrun ${config.dataDir}/owncloud.log || true 593 594 QUERY="INSERT INTO groups (gid) values('admin'); INSERT INTO users (uid,password) values('${config.adminUser}','${builtins.hashString "sha1" config.adminPassword}'); INSERT INTO group_user (gid,uid) values('admin','${config.adminUser}');" 595 ${pkgs.sudo}/bin/sudo -u postgres ${pkgs.postgresql}/bin/psql -h "/tmp" -U postgres -d ${config.dbName} -Atw -c "$QUERY" || true 596 ''; 597}