pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / nixos / modules / services / web-servers / apache-httpd / owncloud.nix
at 18.09-beta 22 kB view raw
1{ config, lib, pkgs, serverInfo, php, ... }: 2 3with lib; 4 5let 6 7 owncloudConfig = pkgs.writeText "config.php" 8 '' 9 <?php 10 11 /* Only enable this for local development and not in productive environments */ 12 /* This will disable the minifier and outputs some additional debug informations */ 13 define("DEBUG", false); 14 15 $CONFIG = array( 16 /* Flag to indicate ownCloud is successfully installed (true = installed) */ 17 "installed" => true, 18 19 /* Type of database, can be sqlite, mysql or pgsql */ 20 "dbtype" => "${config.dbType}", 21 22 /* Name of the ownCloud database */ 23 "dbname" => "${config.dbName}", 24 25 /* User to access the ownCloud database */ 26 "dbuser" => "${config.dbUser}", 27 28 /* Password to access the ownCloud database */ 29 "dbpassword" => "${config.dbPassword}", 30 31 /* Host running the ownCloud database. To specify a port use "HOSTNAME:####"; to specify a unix sockets use "localhost:/path/to/socket". */ 32 "dbhost" => "${config.dbServer}", 33 34 /* Prefix for the ownCloud tables in the database */ 35 "dbtableprefix" => "", 36 37 /* Force use of HTTPS connection (true = use HTTPS) */ 38 "forcessl" => ${config.forceSSL}, 39 40 /* Blacklist a specific file and disallow the upload of files with this name - WARNING: USE THIS ONLY IF YOU KNOW WHAT YOU ARE DOING. */ 41 "blacklisted_files" => array('.htaccess'), 42 43 /* The automatic hostname detection of ownCloud can fail in certain reverse proxy and CLI/cron situations. This option allows to manually override the automatic detection. You can also add a port. For example "www.example.com:88" */ 44 "overwritehost" => "${config.overwriteHost}", 45 46 /* The automatic protocol detection of ownCloud can fail in certain reverse proxy and CLI/cron situations. This option allows to manually override the protocol detection. For example "https" */ 47 "overwriteprotocol" => "${config.overwriteProtocol}", 48 49 /* The automatic webroot detection of ownCloud can fail in certain reverse proxy and CLI/cron situations. This option allows to manually override the automatic detection. For example "/domain.tld/ownCloud". The value "/" can be used to remove the root. */ 50 "overwritewebroot" => "${config.overwriteWebRoot}", 51 52 /* The automatic detection of ownCloud can fail in certain reverse proxy and CLI/cron situations. This option allows to define a manually override condition as regular expression for the remote ip address. For example "^10\.0\.0\.[1-3]$" */ 53 "overwritecondaddr" => "", 54 55 /* A proxy to use to connect to the internet. For example "myproxy.org:88" */ 56 "proxy" => "", 57 58 /* The optional authentication for the proxy to use to connect to the internet. The format is: [username]:[password] */ 59 "proxyuserpwd" => "", 60 61 /* List of trusted domains, to prevent host header poisoning ownCloud is only using these Host headers */ 62 ${if config.trustedDomain != "" then "'trusted_domains' => array('${config.trustedDomain}')," else ""} 63 64 /* Theme to use for ownCloud */ 65 "theme" => "", 66 67 /* Optional ownCloud default language - overrides automatic language detection on public pages like login or shared items. This has no effect on the user's language preference configured under "personal -> language" once they have logged in */ 68 "default_language" => "${config.defaultLang}", 69 70 /* Path to the parent directory of the 3rdparty directory */ 71 "3rdpartyroot" => "", 72 73 /* URL to the parent directory of the 3rdparty directory, as seen by the browser */ 74 "3rdpartyurl" => "", 75 76 /* Default app to open on login. 77 * This can be a comma-separated list of app ids. 78 * If the first app is not enabled for the current user, 79 * it will try with the second one and so on. If no enabled app could be found, 80 * the "files" app will be displayed instead. */ 81 "defaultapp" => "${config.defaultApp}", 82 83 /* Enable the help menu item in the settings */ 84 "knowledgebaseenabled" => true, 85 86 /* Enable installing apps from the appstore */ 87 "appstoreenabled" => ${config.appStoreEnable}, 88 89 /* URL of the appstore to use, server should understand OCS */ 90 "appstoreurl" => "https://api.owncloud.com/v1", 91 92 /* Domain name used by ownCloud for the sender mail address, e.g. no-reply@example.com */ 93 "mail_domain" => "${config.mailFromDomain}", 94 95 /* FROM address used by ownCloud for the sender mail address, e.g. owncloud@example.com 96 This setting overwrites the built in 'sharing-noreply' and 'lostpassword-noreply' 97 FROM addresses, that ownCloud uses 98 */ 99 "mail_from_address" => "${config.mailFrom}", 100 101 /* Enable SMTP class debugging */ 102 "mail_smtpdebug" => false, 103 104 /* Mode to use for sending mail, can be sendmail, smtp, qmail or php, see PHPMailer docs */ 105 "mail_smtpmode" => "${config.SMTPMode}", 106 107 /* Host to use for sending mail, depends on mail_smtpmode if this is used */ 108 "mail_smtphost" => "${config.SMTPHost}", 109 110 /* Port to use for sending mail, depends on mail_smtpmode if this is used */ 111 "mail_smtpport" => ${config.SMTPPort}, 112 113 /* SMTP server timeout in seconds for sending mail, depends on mail_smtpmode if this is used */ 114 "mail_smtptimeout" => ${config.SMTPTimeout}, 115 116 /* SMTP connection prefix or sending mail, depends on mail_smtpmode if this is used. 117 Can be "", ssl or tls */ 118 "mail_smtpsecure" => "${config.SMTPSecure}", 119 120 /* authentication needed to send mail, depends on mail_smtpmode if this is used 121 * (false = disable authentication) 122 */ 123 "mail_smtpauth" => ${config.SMTPAuth}, 124 125 /* authentication type needed to send mail, depends on mail_smtpmode if this is used 126 * Can be LOGIN (default), PLAIN or NTLM */ 127 "mail_smtpauthtype" => "${config.SMTPAuthType}", 128 129 /* Username to use for sendmail mail, depends on mail_smtpauth if this is used */ 130 "mail_smtpname" => "${config.SMTPUser}", 131 132 /* Password to use for sendmail mail, depends on mail_smtpauth if this is used */ 133 "mail_smtppassword" => "${config.SMTPPass}", 134 135 /* memcached servers (Only used when xCache, APC and APCu are absent.) */ 136 "memcached_servers" => array( 137 // hostname, port and optional weight. Also see: 138 // http://www.php.net/manual/en/memcached.addservers.php 139 // http://www.php.net/manual/en/memcached.addserver.php 140 //array('localhost', 11211), 141 //array('other.host.local', 11211), 142 ), 143 144 /* How long should ownCloud keep deleted files in the trash bin, default value: 30 days */ 145 'trashbin_retention_obligation' => 30, 146 147 /* Disable/Enable auto expire for the trash bin, by default auto expire is enabled */ 148 'trashbin_auto_expire' => true, 149 150 /* allow user to change his display name, if it is supported by the back-end */ 151 'allow_user_to_change_display_name' => true, 152 153 /* Check 3rdparty apps for malicious code fragments */ 154 "appcodechecker" => true, 155 156 /* Check if ownCloud is up to date */ 157 "updatechecker" => true, 158 159 /* Are we connected to the internet or are we running in a closed network? */ 160 "has_internet_connection" => true, 161 162 /* Check if the ownCloud WebDAV server is working correctly. Can be disabled if not needed in special situations*/ 163 "check_for_working_webdav" => true, 164 165 /* Check if .htaccess protection of data is working correctly. Can be disabled if not needed in special situations*/ 166 "check_for_working_htaccess" => true, 167 168 /* Place to log to, can be owncloud and syslog (owncloud is log menu item in admin menu) */ 169 "log_type" => "owncloud", 170 171 /* File for the owncloud logger to log to, (default is ownloud.log in the data dir) */ 172 "logfile" => "${config.dataDir}/owncloud.log", 173 174 /* Loglevel to start logging at. 0=DEBUG, 1=INFO, 2=WARN, 3=ERROR (default is WARN) */ 175 "loglevel" => "2", 176 177 /* date format to be used while writing to the owncloud logfile */ 178 'logdateformat' => 'F d, Y H:i:s', 179 180 ${tzSetting} 181 182 /* Append all database queries and parameters to the log file. 183 (watch out, this option can increase the size of your log file)*/ 184 "log_query" => false, 185 186 /* Whether ownCloud should log the last successfull cron exec */ 187 "cron_log" => true, 188 189 /* 190 * Configure the size in bytes log rotation should happen, 0 or false disables the rotation. 191 * This rotates the current owncloud logfile to a new name, this way the total log usage 192 * will stay limited and older entries are available for a while longer. The 193 * total disk usage is twice the configured size. 194 * WARNING: When you use this, the log entries will eventually be lost. 195 */ 196 'log_rotate_size' => "104857600", // 104857600, // 100 MiB 197 198 /* Lifetime of the remember login cookie, default is 15 days */ 199 "remember_login_cookie_lifetime" => 1296000, 200 201 /* Life time of a session after inactivity */ 202 "session_lifetime" => 86400, 203 204 /* 205 * Enable/disable session keep alive when a user is logged in in the Web UI. 206 * This is achieved by sending a "heartbeat" to the server to prevent 207 * the session timing out. 208 */ 209 "session_keepalive" => true, 210 211 /* Custom CSP policy, changing this will overwrite the standard policy */ 212 "custom_csp_policy" => "default-src 'self'; script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; frame-src *; img-src *; font-src 'self' data:; media-src *", 213 214 /* Enable/disable X-Frame-Restriction */ 215 /* HIGH SECURITY RISK IF DISABLED*/ 216 "xframe_restriction" => true, 217 218 /* The directory where the user data is stored, default to data in the owncloud 219 * directory. The sqlite database is also stored here, when sqlite is used. 220 */ 221 "datadirectory" => "${config.dataDir}/storage", 222 223 /* The directory where the skeleton files are located. These files will be copied to the data 224 * directory of new users. Leave empty to not copy any skeleton files. 225 */ 226 // "skeletondirectory" => "", 227 228 /* Enable maintenance mode to disable ownCloud 229 If you want to prevent users to login to ownCloud before you start doing some maintenance work, 230 you need to set the value of the maintenance parameter to true. 231 Please keep in mind that users who are already logged-in are kicked out of ownCloud instantly. 232 */ 233 "maintenance" => false, 234 235 "apps_paths" => array( 236 237 /* Set an array of path for your apps directories 238 key 'path' is for the fs path and the key 'url' is for the http path to your 239 applications paths. 'writable' indicates whether the user can install apps in this folder. 240 You must have at least 1 app folder writable or you must set the parameter 'appstoreenabled' to false 241 */ 242 array( 243 'path'=> '${config.dataDir}/apps', 244 'url' => '/apps', 245 'writable' => true, 246 ), 247 ), 248 'user_backends'=>array( 249 /* 250 array( 251 'class'=>'OC_User_IMAP', 252 'arguments'=>array('{imap.gmail.com:993/imap/ssl}INBOX') 253 ) 254 */ 255 ), 256 //links to custom clients 257 'customclient_desktop' => ''', //http://owncloud.org/sync-clients/ 258 'customclient_android' => ''', //https://play.google.com/store/apps/details?id=com.owncloud.android 259 'customclient_ios' => ''', //https://itunes.apple.com/us/app/owncloud/id543672169?mt=8 260 261 // PREVIEW 262 'enable_previews' => true, 263 /* the max width of a generated preview, if value is null, there is no limit */ 264 'preview_max_x' => null, 265 /* the max height of a generated preview, if value is null, there is no limit */ 266 'preview_max_y' => null, 267 /* the max factor to scale a preview, default is set to 10 */ 268 'preview_max_scale_factor' => 10, 269 /* custom path for libreoffice / openoffice binary */ 270 'preview_libreoffice_path' => '${config.libreofficePath}', 271 /* cl parameters for libreoffice / openoffice */ 272 'preview_office_cl_parameters' => ''', 273 274 /* whether avatars should be enabled */ 275 'enable_avatars' => true, 276 277 // Extra SSL options to be used for configuration 278 'openssl' => array( 279 'config' => '/etc/ssl/openssl.cnf', 280 ), 281 282 // default cipher used for file encryption, currently we support AES-128-CFB and AES-256-CFB 283 'cipher' => 'AES-256-CFB', 284 285 /* whether usage of the instance should be restricted to admin users only */ 286 'singleuser' => false, 287 288 /* all css and js files will be served by the web server statically in one js file and ons css file*/ 289 'asset-pipeline.enabled' => false, 290 291 /* where mount.json file should be stored, defaults to data/mount.json */ 292 'mount_file' => ''', 293 294 /* 295 * Location of the cache folder, defaults to "data/$user/cache" where "$user" is the current user. 296 * 297 * When specified, the format will change to "$cache_path/$user" where "$cache_path" is the configured 298 * cache directory and "$user" is the user. 299 * 300 */ 301 'cache_path' => ''', 302 303 /* EXPERIMENTAL: option whether to include external storage in quota calculation, defaults to false */ 304 'quota_include_external_storage' => false, 305 306 /* 307 * specifies how often the filesystem is checked for changes made outside owncloud 308 * 0 -> never check the filesystem for outside changes, provides a performance increase when it's certain that no changes are made directly to the filesystem 309 * 1 -> check each file or folder at most once per request, recomended for general use if outside changes might happen 310 * 2 -> check every time the filesystem is used, causes a performance hit when using external storages, not recomended for regular use 311 */ 312 'filesystem_check_changes' => 1, 313 314 /* If true, prevent owncloud from changing the cache due to changes in the filesystem for all storage */ 315 'filesystem_cache_readonly' => false, 316 317 /** 318 * define default folder for shared files and folders 319 */ 320 'share_folder' => '/', 321 322 'version' => '${config.package.version}', 323 324 'openssl' => '${pkgs.openssl.bin}/bin/openssl' 325 326 ); 327 328 ''; 329 330 tzSetting = let tz = serverInfo.fullConfig.time.timeZone; in optionalString (!isNull tz) '' 331 /* timezone used while writing to the owncloud logfile (default: UTC) */ 332 'logtimezone' => '${tz}', 333 ''; 334 335 postgresql = serverInfo.fullConfig.services.postgresql.package; 336 337 setupDb = pkgs.writeScript "setup-owncloud-db" '' 338 #!${pkgs.runtimeShell} 339 PATH="${postgresql}/bin" 340 createuser --no-superuser --no-createdb --no-createrole "${config.dbUser}" || true 341 createdb "${config.dbName}" -O "${config.dbUser}" || true 342 psql -U postgres -d postgres -c "alter user ${config.dbUser} with password '${config.dbPassword}';" || true 343 344 QUERY="CREATE TABLE appconfig 345 ( appid VARCHAR( 255 ) NOT NULL 346 , configkey VARCHAR( 255 ) NOT NULL 347 , configvalue VARCHAR( 255 ) NOT NULL 348 ); 349 GRANT ALL ON appconfig TO ${config.dbUser}; 350 ALTER TABLE appconfig OWNER TO ${config.dbUser};" 351 352 psql -h "/tmp" -U postgres -d ${config.dbName} -Atw -c "$QUERY" || true 353 ''; 354 355in 356 357rec { 358 359 extraConfig = 360 '' 361 ${if config.urlPrefix != "" then "Alias ${config.urlPrefix} ${config.package}" else '' 362 363 RewriteEngine On 364 RewriteCond %{DOCUMENT_ROOT}%{REQUEST_URI} !-f 365 RewriteCond %{DOCUMENT_ROOT}%{REQUEST_URI} !-d 366 ''} 367 368 <Directory ${config.package}> 369 Include ${config.package}/.htaccess 370 </Directory> 371 ''; 372 373 globalEnvVars = [ 374 { name = "OC_CONFIG_PATH"; value = "${config.dataDir}/config/"; } 375 ]; 376 377 documentRoot = if config.urlPrefix == "" then config.package else null; 378 379 enablePHP = true; 380 381 options = { 382 383 package = mkOption { 384 type = types.package; 385 default = pkgs.owncloud70; 386 defaultText = "pkgs.owncloud70"; 387 example = literalExample "pkgs.owncloud70"; 388 description = '' 389 ownCloud package to use. 390 ''; 391 }; 392 393 urlPrefix = mkOption { 394 default = ""; 395 example = "/owncloud"; 396 description = '' 397 The URL prefix under which the owncloud service appears. 398 ''; 399 }; 400 401 id = mkOption { 402 default = "main"; 403 description = '' 404 A unique identifier necessary to keep multiple owncloud server 405 instances on the same machine apart. This is used to 406 disambiguate the administrative scripts, which get names like 407 mediawiki-$id-change-password. 408 ''; 409 }; 410 411 adminUser = mkOption { 412 default = "owncloud"; 413 description = "The admin user name for accessing owncloud."; 414 }; 415 416 adminPassword = mkOption { 417 description = "The admin password for accessing owncloud."; 418 }; 419 420 dbType = mkOption { 421 default = "pgsql"; 422 description = "Type of database, in NixOS, for now, only pgsql."; 423 }; 424 425 dbName = mkOption { 426 default = "owncloud"; 427 description = "Name of the database that holds the owncloud data."; 428 }; 429 430 dbServer = mkOption { 431 default = "localhost:5432"; 432 description = '' 433 The location of the database server. 434 ''; 435 }; 436 437 dbUser = mkOption { 438 default = "owncloud"; 439 description = "The user name for accessing the database."; 440 }; 441 442 dbPassword = mkOption { 443 example = "foobar"; 444 description = '' 445 The password of the database user. Warning: this is stored in 446 cleartext in the Nix store! 447 ''; 448 }; 449 450 forceSSL = mkOption { 451 default = "false"; 452 description = "Force use of HTTPS connection."; 453 }; 454 455 adminAddr = mkOption { 456 default = serverInfo.serverConfig.adminAddr; 457 example = "admin@example.com"; 458 description = '' 459 Emergency contact e-mail address. Defaults to the Apache 460 admin address. 461 ''; 462 }; 463 464 siteName = mkOption { 465 default = "owncloud"; 466 example = "Foobar owncloud"; 467 description = "Name of the owncloud"; 468 }; 469 470 trustedDomain = mkOption { 471 default = ""; 472 description = "Trusted domain"; 473 }; 474 475 defaultLang = mkOption { 476 default = ""; 477 description = "Default language"; 478 }; 479 480 defaultApp = mkOption { 481 default = ""; 482 description = "Default application"; 483 }; 484 485 appStoreEnable = mkOption { 486 default = "true"; 487 description = "Enable app store"; 488 }; 489 490 mailFrom = mkOption { 491 default = "no-reply"; 492 description = "Mail from"; 493 }; 494 495 mailFromDomain = mkOption { 496 default = "example.xyz"; 497 description = "Mail from domain"; 498 }; 499 500 SMTPMode = mkOption { 501 default = "smtp"; 502 description = "Which mode to use for sending mail: sendmail, smtp, qmail or php."; 503 }; 504 505 SMTPHost = mkOption { 506 default = ""; 507 description = "SMTP host"; 508 }; 509 510 SMTPPort = mkOption { 511 default = "25"; 512 description = "SMTP port"; 513 }; 514 515 SMTPTimeout = mkOption { 516 default = "10"; 517 description = "SMTP mode"; 518 }; 519 520 SMTPSecure = mkOption { 521 default = "ssl"; 522 description = "SMTP secure"; 523 }; 524 525 SMTPAuth = mkOption { 526 default = "true"; 527 description = "SMTP auth"; 528 }; 529 530 SMTPAuthType = mkOption { 531 default = "LOGIN"; 532 description = "SMTP auth type"; 533 }; 534 535 SMTPUser = mkOption { 536 default = ""; 537 description = "SMTP user"; 538 }; 539 540 SMTPPass = mkOption { 541 default = ""; 542 description = "SMTP pass"; 543 }; 544 545 dataDir = mkOption { 546 default = "/var/lib/owncloud"; 547 description = "Data dir"; 548 }; 549 550 libreofficePath = mkOption { 551 default = "/usr/bin/libreoffice"; 552 description = "Path for LibreOffice/OpenOffice binary."; 553 }; 554 555 overwriteHost = mkOption { 556 default = ""; 557 description = "The automatic hostname detection of ownCloud can fail in 558 certain reverse proxy and CLI/cron situations. This option allows to 559 manually override the automatic detection. You can also add a port."; 560 }; 561 562 overwriteProtocol = mkOption { 563 default = ""; 564 description = "The automatic protocol detection of ownCloud can fail in 565 certain reverse proxy and CLI/cron situations. This option allows to 566 manually override the protocol detection."; 567 }; 568 569 overwriteWebRoot = mkOption { 570 default = ""; 571 description = "The automatic webroot detection of ownCloud can fail in 572 certain reverse proxy and CLI/cron situations. This option allows to 573 manually override the automatic detection."; 574 }; 575 576 }; 577 578 startupScript = pkgs.writeScript "owncloud_startup.sh" '' 579 580 if [ ! -d ${config.dataDir}/config ]; then 581 mkdir -p ${config.dataDir}/config 582 cp ${owncloudConfig} ${config.dataDir}/config/config.php 583 mkdir -p ${config.dataDir}/storage 584 mkdir -p ${config.dataDir}/apps 585 cp -r ${config.package}/apps/* ${config.dataDir}/apps/ 586 chmod -R ug+rw ${config.dataDir} 587 chmod -R o-rwx ${config.dataDir} 588 chown -R wwwrun:wwwrun ${config.dataDir} 589 590 ${pkgs.sudo}/bin/sudo -u postgres ${setupDb} 591 fi 592 593 if [ -e ${config.package}/config/ca-bundle.crt ]; then 594 cp -f ${config.package}/config/ca-bundle.crt ${config.dataDir}/config/ 595 fi 596 597 ${php}/bin/php ${config.package}/occ upgrade >> ${config.dataDir}/upgrade.log || true 598 599 chown wwwrun:wwwrun ${config.dataDir}/owncloud.log || true 600 601 QUERY="INSERT INTO groups (gid) values('admin'); 602 INSERT INTO users (uid,password) 603 values('${config.adminUser}','${builtins.hashString "sha1" config.adminPassword}'); 604 INSERT INTO group_user (gid,uid) 605 values('admin','${config.adminUser}');" 606 ${pkgs.sudo}/bin/sudo -u postgres ${postgresql}/bin/psql -h "/tmp" -U postgres -d ${config.dbName} -Atw -c "$QUERY" || true 607 ''; 608}