commit 19d29ccadec0358fc52bae90c654a959d37e2034 · pyrox.dev/nixpkgs

+2 -2

nixos/modules/services/web-apps/nextcloud.md

···

       65
        
       invoked by using the `nextcloud-occ` wrapper that's globally available on a system with Nextcloud enabled.

     

       66
        
       

     

       67
        
       It requires elevated permissions to become the `nextcloud` user. Given the way the privilege

     

       68
       -
       escalation is implemented, parameters passed via the environment to Nextcloud (e.g. `OC_PASS`) are

     

       69
       -
       currently ignored.

     

       70
        
       

     

       71
        
       Custom service units that need to run `nextcloud-occ` either need elevated privileges

     

       72
        
       or the systemd configuration from `nextcloud-setup.service` (recommended):

···

       65
        
       invoked by using the `nextcloud-occ` wrapper that's globally available on a system with Nextcloud enabled.

     

       66
        
       

     

       67
        
       It requires elevated permissions to become the `nextcloud` user. Given the way the privilege

     

       68
       +
       escalation is implemented, parameters passed via the environment to Nextcloud are

     

       69
       +
       currently ignored, except for `OC_PASS` and `NC_PASS`.

     

       70
        
       

     

       71
        
       Custom service units that need to run `nextcloud-occ` either need elevated privileges

     

       72
        
       or the systemd configuration from `nextcloud-setup.service` (recommended):

nixos/modules/services/web-apps/nextcloud.nix

···

       163
        
                   --wait \

     

       164
        
                   --collect \

     

       165
        
                   --service-type=exec \

     

       0
        
       
     

       0
        
       
     

       166
        
                   --quiet \

     

       167
        
                   ${command}

     

       168
        
               elif [[ "$USER" != nextcloud ]]; then

     

       169
        
                 if [[ -x /run/wrappers/bin/sudo ]]; then

     

       170
        
                   exec /run/wrappers/bin/sudo \

     

       171
        
                     --preserve-env=CREDENTIALS_DIRECTORY \

     

       0
        
       
     

       0
        
       
     

       172
        
                     --user=nextcloud \

     

       173
        
                     ${command}

     

       174
        
                 else

     

       175
        
                   exec ${lib.getExe' pkgs.util-linux "runuser"} \

     

       176
        
                     --whitelist-environment=CREDENTIALS_DIRECTORY \

     

       0
        
       
     

       0
        
       
     

       177
        
                     --user=nextcloud \

     

       178
        
                     ${command}

     

       179
        
                 fi

···

       163
        
                   --wait \

     

       164
        
                   --collect \

     

       165
        
                   --service-type=exec \

     

       166
       +
                   --setenv OC_PASS \

     

       167
       +
                   --setenv NC_PASS \

     

       168
        
                   --quiet \

     

       169
        
                   ${command}

     

       170
        
               elif [[ "$USER" != nextcloud ]]; then

     

       171
        
                 if [[ -x /run/wrappers/bin/sudo ]]; then

     

       172
        
                   exec /run/wrappers/bin/sudo \

     

       173
        
                     --preserve-env=CREDENTIALS_DIRECTORY \

     

       174
       +
                     --preserve-env=OC_PASS \

     

       175
       +
                     --preserve-env=NC_PASS \

     

       176
        
                     --user=nextcloud \

     

       177
        
                     ${command}

     

       178
        
                 else

     

       179
        
                   exec ${lib.getExe' pkgs.util-linux "runuser"} \

     

       180
        
                     --whitelist-environment=CREDENTIALS_DIRECTORY \

     

       181
       +
                     --whitelist-environment=OC_PASS \

     

       182
       +
                     --whitelist-environment=NC_PASS \

     

       183
        
                     --user=nextcloud \

     

       184
        
                     ${command}

     

       185
        
                 fi