commit 26126c75dfda66d59e46d000865a05987d0aa04a · pyrox.dev/nixpkgs

+17 -10

nixos/modules/services/web-apps/nextcloud.nix

···

       9
       9
        
       

     

       10
       10
        
       let

     

       11
       11
        
         cfg = config.services.nextcloud;

     

       12
       12
       +
       

     

       13
       13
       +
         overridePackage = cfg.package.override {

     

       14
       14
       +
           inherit (config.security.pki) caBundle;

     

       15
       15
       +
         };

     

       16
       16
       +
       

     

       12
       17
        
         fpm = config.services.phpfpm.pools.nextcloud;

     

       13
       18
        
       

     

       14
       19
        
         jsonFormat = pkgs.formats.json { };

     
···

       51
       56
        
         };

     

       52
       57
        
       

     

       53
       58
        
         webroot =

     

       54
       54
       -
           pkgs.runCommand "${cfg.package.name or "nextcloud"}-with-apps"

     

       59
       59
       +
           pkgs.runCommand "${overridePackage.name or "nextcloud"}-with-apps"

     

       55
       60
        
             {

     

       56
       61
        
               preferLocalBuild = true;

     

       57
       62
        
             }

     

       58
       63
        
             ''

     

       59
       64
        
               mkdir $out

     

       60
       60
       -
               ln -sfv "${cfg.package}"/* "$out"

     

       65
       65
       +
               ln -sfv "${overridePackage}"/* "$out"

     

       61
       66
        
               ${concatStrings (

     

       62
       67
        
                 mapAttrsToList (

     

       63
       68
        
                   name: store:

     
···

       185
       190
        
         mysqlLocal = cfg.database.createLocally && cfg.config.dbtype == "mysql";

     

       186
       191
        
         pgsqlLocal = cfg.database.createLocally && cfg.config.dbtype == "pgsql";

     

       187
       192
        
       

     

       188
       188
       -
         nextcloudGreaterOrEqualThan = versionAtLeast cfg.package.version;

     

       189
       189
       -
         nextcloudOlderThan = versionOlder cfg.package.version;

     

       193
       193
       +
         nextcloudGreaterOrEqualThan = versionAtLeast overridePackage.version;

     

       194
       194
       +
         nextcloudOlderThan = versionOlder overridePackage.version;

     

       190
       195
        
       

     

       191
       196
        
         # https://github.com/nextcloud/documentation/pull/11179

     

       192
       197
        
         ocmProviderIsNotAStaticDirAnymore =

     
···

       1028
       1033
        
                 If you have an existing installation with a custom table prefix, make sure it is

     

       1029
       1034
        
                 set correctly in `config.php` and remove the option from your NixOS config.

     

       1030
       1035
        
               '')

     

       1031
       1031
       -
               ++ (optional (versionOlder cfg.package.version "26") (upgradeWarning 25 "23.05"))

     

       1032
       1032
       -
               ++ (optional (versionOlder cfg.package.version "27") (upgradeWarning 26 "23.11"))

     

       1033
       1033
       -
               ++ (optional (versionOlder cfg.package.version "28") (upgradeWarning 27 "24.05"))

     

       1034
       1034
       -
               ++ (optional (versionOlder cfg.package.version "29") (upgradeWarning 28 "24.11"))

     

       1035
       1035
       -
               ++ (optional (versionOlder cfg.package.version "30") (upgradeWarning 29 "24.11"))

     

       1036
       1036
       -
               ++ (optional (versionOlder cfg.package.version "31") (upgradeWarning 30 "25.05"));

     

       1036
       1036
       +
               ++ (optional (versionOlder overridePackage.version "26") (upgradeWarning 25 "23.05"))

     

       1037
       1037
       +
               ++ (optional (versionOlder overridePackage.version "27") (upgradeWarning 26 "23.11"))

     

       1038
       1038
       +
               ++ (optional (versionOlder overridePackage.version "28") (upgradeWarning 27 "24.05"))

     

       1039
       1039
       +
               ++ (optional (versionOlder overridePackage.version "29") (upgradeWarning 28 "24.11"))

     

       1040
       1040
       +
               ++ (optional (versionOlder overridePackage.version "30") (upgradeWarning 29 "24.11"))

     

       1041
       1041
       +
               ++ (optional (versionOlder overridePackage.version "31") (upgradeWarning 30 "25.05"));

     

       1037
       1042
        
       

     

       1038
       1043
        
             services.nextcloud.package =

     

       1039
       1044
        
               with pkgs;

     
···

       1386
       1391
        
                   datadirectory = lib.mkDefault "${datadir}/data";

     

       1387
       1392
        
                   trusted_domains = [ cfg.hostName ];

     

       1388
       1393
        
                   "upgrade.disable-web" = true;

     

       1394
       1394
       +
                   # NixOS already provides its own integrity check and the nix store is read-only, therefore Nextcloud does not need to do its own integrity checks.

     

       1395
       1395
       +
                   "integrity.check.disabled" = true;

     

       1389
       1396
        
                 })

     

       1390
       1397
        
                 (lib.mkIf cfg.configureRedis {

     

       1391
       1398
        
                   "memcache.distributed" = ''\OC\Memcache\Redis'';

+70 -11

nixos/tests/nextcloud/with-objectstore.nix

···

       26
       26
        
       

     

       27
       27
        
           nodes = {

     

       28
       28
        
             nextcloud =

     

       29
       29
       -
               { config, pkgs, ... }:

     

       30
       29
        
               {

     

       31
       31
       -
                 networking.firewall.allowedTCPPorts = [ 9000 ];

     

       32
       32
       -
                 environment.systemPackages = [ pkgs.minio-client ];

     

       33
       33
       -
       

     

       30
       30
       +
                 config,

     

       31
       31
       +
                 pkgs,

     

       32
       32
       +
                 nodes,

     

       33
       33
       +
                 ...

     

       34
       34
       +
               }:

     

       35
       35
       +
               {

     

       34
       36
        
                 services.nextcloud.config.dbtype = "sqlite";

     

       35
       37
        
       

     

       36
       38
        
                 services.nextcloud.config.objectstore.s3 = {

     
···

       39
       41
        
                   autocreate = true;

     

       40
       42
        
                   key = accessKey;

     

       41
       43
        
                   secretFile = "${pkgs.writeText "secretKey" secretKey}";

     

       42
       42
       -
                   hostname = "nextcloud";

     

       43
       43
       -
                   useSsl = false;

     

       44
       44
       -
                   port = 9000;

     

       44
       44
       +
                   hostname = "acme.test";

     

       45
       45
       +
                   useSsl = true;

     

       46
       46
       +
                   port = 443;

     

       45
       47
        
                   usePathStyle = true;

     

       46
       48
        
                   region = "us-east-1";

     

       47
       49
        
                 };

     

       48
       50
        
       

     

       51
       51
       +
                 security.pki.certificates = [

     

       52
       52
       +
                   (builtins.readFile ../common/acme/server/ca.cert.pem)

     

       53
       53
       +
                 ];

     

       54
       54
       +
       

     

       55
       55
       +
                 environment.systemPackages = [ pkgs.minio-client ];

     

       56
       56
       +
       

     

       57
       57
       +
                 # The dummy certs are for acme.test, so we pretend that's the FQDN

     

       58
       58
       +
                 # of the minio VM.

     

       59
       59
       +
                 networking.extraHosts = ''

     

       60
       60
       +
                   ${nodes.minio.networking.primaryIPAddress} acme.test

     

       61
       61
       +
                 '';

     

       62
       62
       +
               };

     

       63
       63
       +
       

     

       64
       64
       +
             client =

     

       65
       65
       +
               { nodes, ... }:

     

       66
       66
       +
               {

     

       67
       67
       +
                 security.pki.certificates = [

     

       68
       68
       +
                   (builtins.readFile ../common/acme/server/ca.cert.pem)

     

       69
       69
       +
                 ];

     

       70
       70
       +
                 networking.extraHosts = ''

     

       71
       71
       +
                   ${nodes.minio.networking.primaryIPAddress} acme.test

     

       72
       72
       +
                 '';

     

       73
       73
       +
               };

     

       74
       74
       +
       

     

       75
       75
       +
             minio =

     

       76
       76
       +
               { ... }:

     

       77
       77
       +
               {

     

       78
       78
       +
                 security.pki.certificates = [

     

       79
       79
       +
                   (builtins.readFile ../common/acme/server/ca.cert.pem)

     

       80
       80
       +
                 ];

     

       81
       81
       +
       

     

       82
       82
       +
                 services.nginx = {

     

       83
       83
       +
                   enable = true;

     

       84
       84
       +
                   recommendedProxySettings = true;

     

       85
       85
       +
       

     

       86
       86
       +
                   virtualHosts."acme.test" = {

     

       87
       87
       +
                     onlySSL = true;

     

       88
       88
       +
                     sslCertificate = ../common/acme/server/acme.test.cert.pem;

     

       89
       89
       +
                     sslCertificateKey = ../common/acme/server/acme.test.key.pem;

     

       90
       90
       +
                     locations."/".proxyPass = "http://127.0.0.1:9000";

     

       91
       91
       +
                   };

     

       92
       92
       +
                 };

     

       93
       93
       +
       

     

       94
       94
       +
                 networking.extraHosts = ''

     

       95
       95
       +
                   127.0.0.1 acme.test

     

       96
       96
       +
                 '';

     

       97
       97
       +
       

     

       98
       98
       +
                 networking.firewall.allowedTCPPorts = [

     

       99
       99
       +
                   9000

     

       100
       100
       +
                   80

     

       101
       101
       +
                   443

     

       102
       102
       +
                 ];

     

       103
       103
       +
       

     

       49
       104
        
                 services.minio = {

     

       50
       105
        
                   enable = true;

     

       51
       106
        
                   listenAddress = "0.0.0.0:9000";

     
···

       56
       111
        
           };

     

       57
       112
        
       

     

       58
       113
        
           test-helpers.init = ''

     

       59
       59
       -
             nextcloud.wait_for_open_port(9000)

     

       114
       114
       +
             minio.start()

     

       115
       115
       +
             minio.wait_for_open_port(9000)

     

       116
       116
       +
             minio.wait_for_unit("nginx.service")

     

       117
       117
       +
             minio.wait_for_open_port(443)

     

       60
       118
        
           '';

     

       61
       119
        
       

     

       62
       120
        
           test-helpers.extraTests =

     

       63
       121
        
             { nodes, ... }:

     

       64
       122
        
             ''

     

       123
       123
       +
       

     

       65
       124
        
               with subtest("File is not on the filesystem"):

     

       66
       125
        
                   nextcloud.succeed("test ! -e ${nodes.nextcloud.services.nextcloud.home}/data/root/files/test-shared-file")

     

       67
       126
        
       

     

       68
       127
        
               with subtest("Check if file is in S3"):

     

       69
       128
        
                   nextcloud.succeed(

     

       70
       70
       -
                       "mc config host add minio http://localhost:9000 ${accessKey} ${secretKey} --api s3v4"

     

       129
       129
       +
                       "mc config host add minio https://acme.test ${accessKey} ${secretKey} --api s3v4"

     

       71
       130
        
                   )

     

       72
       131
        
                   files = nextcloud.succeed('mc ls minio/nextcloud|sort').strip().split('\n')

     

       73
       132
        
       

     
···

       100
       159
        
               with subtest("Test download from S3"):

     

       101
       160
        
                   client.succeed(

     

       102
       161
        
                       "env AWS_ACCESS_KEY_ID=${accessKey} AWS_SECRET_ACCESS_KEY=${secretKey} "

     

       103
       103
       -
                       + f"${lib.getExe pkgs.awscli2} s3 cp s3://nextcloud/{file} test --endpoint-url http://nextcloud:9000 "

     

       104
       104
       -
                       + "--region us-east-1"

     

       162
       162
       +
                       + f"${lib.getExe pkgs.awscli2} s3 cp s3://nextcloud/{file} test --endpoint-url https://acme.test "

     

       163
       163
       +
                       + "--region us-east-1 --ca-bundle /etc/ssl/certs/ca-bundle.crt"

     

       105
       164
        
                   )

     

       106
       165
        
       

     

       107
       166
        
                   client.succeed("test hi = $(cat test)")

pkgs/servers/nextcloud/default.nix

···

       3
       3
        
         stdenvNoCC,

     

       4
       4
        
         fetchurl,

     

       5
       5
        
         nixosTests,

     

       6
       6
       +
         cacert,

     

       7
       7
       +
         caBundle ? "${cacert}/etc/ssl/certs/ca-bundle.crt",

     

       6
       8
        
         nextcloud30Packages,

     

       7
       9
        
         nextcloud31Packages,

     

       8
       10
        
       }:

     
···

       31
       33
        
               ) nixosTests.nextcloud;

     

       32
       34
        
               inherit packages;

     

       33
       35
        
             };

     

       36
       36
       +
       

     

       37
       37
       +
             postPatch = ''

     

       38
       38
       +
               cp ${caBundle} resources/config/ca-bundle.crt

     

       39
       39
       +
             '';

     

       34
       40
        
       

     

       35
       41
        
             installPhase = ''

     

       36
       42
        
               runHook preInstall