commit f57bed88326b7b7e3ff6dc97ddeaef5b02f8e510 · pyrox.dev/nixpkgs

+17 -42

nixos/modules/services/web-apps/nextcloud.nix

···

       51
       51
        
       in {

     

       52
       52
        
       

     

       53
       53
        
         imports = [

     

       54
       54
       +
           (mkRemovedOptionModule [ "services" "nextcloud" "config" "adminpass" ] ''

     

       55
       55
       +
             Please use `services.nextcloud.config.adminpassFile' instead!

     

       56
       56
       +
           '')

     

       57
       57
       +
           (mkRemovedOptionModule [ "services" "nextcloud" "config" "dbpass" ] ''

     

       58
       58
       +
             Please use `services.nextcloud.config.dbpassFile' instead!

     

       59
       59
       +
           '')

     

       54
       60
        
           (mkRemovedOptionModule [ "services" "nextcloud" "nginx" "enable" ] ''

     

       55
       61
        
             The nextcloud module supports `nginx` as reverse-proxy by default and doesn't

     

       56
       62
        
             support other reverse-proxies officially.

     
···

       206
       212
        
               default = "nextcloud";

     

       207
       213
        
               description = "Database user.";

     

       208
       214
        
             };

     

       209
       209
       -
             dbpass = mkOption {

     

       210
       210
       -
               type = types.nullOr types.str;

     

       211
       211
       -
               default = null;

     

       212
       212
       -
               description = ''

     

       213
       213
       -
                 Database password.  Use <literal>dbpassFile</literal> to avoid this

     

       214
       214
       -
                 being world-readable in the <literal>/nix/store</literal>.

     

       215
       215
       -
               '';

     

       216
       216
       -
             };

     

       217
       215
        
             dbpassFile = mkOption {

     

       218
       216
        
               type = types.nullOr types.str;

     

       219
       217
        
               default = null;

     
···

       246
       244
        
               default = "root";

     

       247
       245
        
               description = "Admin username.";

     

       248
       246
        
             };

     

       249
       249
       -
             adminpass = mkOption {

     

       250
       250
       -
               type = types.nullOr types.str;

     

       251
       251
       -
               default = null;

     

       252
       252
       -
               description = ''

     

       253
       253
       -
                 Admin password.  Use <literal>adminpassFile</literal> to avoid this

     

       254
       254
       -
                 being world-readable in the <literal>/nix/store</literal>.

     

       255
       255
       -
               '';

     

       256
       256
       -
             };

     

       257
       247
        
             adminpassFile = mkOption {

     

       258
       258
       -
               type = types.nullOr types.str;

     

       259
       259
       -
               default = null;

     

       248
       248
       +
               type = types.str;

     

       260
       249
        
               description = ''

     

       261
       250
        
                 The full path to a file that contains the admin's password. Must be

     

       262
       251
        
                 readable by user <literal>nextcloud</literal>.

     
···

       403
       392
        
               This is used by the theming app and for generating previews of certain images (e.g. SVG and HEIF).

     

       404
       393
        
               You may want to disable it for increased security. In that case, previews will still be available

     

       405
       394
        
               for some images (e.g. JPEG and PNG).

     

       406
       406
       -
               See https://github.com/nextcloud/server/issues/13099

     

       395
       395
       +
               See <link xlink:href="https://github.com/nextcloud/server/issues/13099" />.

     

       407
       396
        
           '' // {

     

       408
       397
        
             default = true;

     

       409
       398
        
           };

     
···

       464
       453
        
       

     

       465
       454
        
         config = mkIf cfg.enable (mkMerge [

     

       466
       455
        
           { assertions = let acfg = cfg.config; in [

     

       467
       467
       -
               { assertion = !(acfg.dbpass != null && acfg.dbpassFile != null);

     

       468
       468
       -
                 message = "Please specify no more than one of dbpass or dbpassFile";

     

       469
       469
       -
               }

     

       470
       470
       -
               { assertion = ((acfg.adminpass != null || acfg.adminpassFile != null)

     

       471
       471
       -
                   && !(acfg.adminpass != null && acfg.adminpassFile != null));

     

       472
       472
       -
                 message = "Please specify exactly one of adminpass or adminpassFile";

     

       473
       473
       -
               }

     

       474
       456
        
               { assertion = versionOlder cfg.package.version "21" -> cfg.config.defaultPhoneRegion == null;

     

       475
       457
        
                 message = "The `defaultPhoneRegion'-setting is only supported for Nextcloud >=21!";

     

       476
       458
        
               }

     
···

       613
       595
        
                     ${optionalString (c.dbport != null) "'dbport' => '${toString c.dbport}',"}

     

       614
       596
        
                     ${optionalString (c.dbuser != null) "'dbuser' => '${c.dbuser}',"}

     

       615
       597
        
                     ${optionalString (c.dbtableprefix != null) "'dbtableprefix' => '${toString c.dbtableprefix}',"}

     

       616
       616
       -
                     ${optionalString (c.dbpass != null) "'dbpassword' => '${c.dbpass}',"}

     

       617
       598
        
                     ${optionalString (c.dbpassFile != null) "'dbpassword' => nix_read_secret('${c.dbpassFile}'),"}

     

       618
       599
        
                     'dbtype' => '${c.dbtype}',

     

       619
       600
        
                     'trusted_domains' => ${writePhpArrary ([ cfg.hostName ] ++ c.extraTrustedDomains)},

     
···

       628
       609
        
                     arg = "DBPASS";

     

       629
       610
        
                     value = if c.dbpassFile != null

     

       630
       611
        
                       then ''"$(<"${toString c.dbpassFile}")"''

     

       631
       631
       -
                       else if c.dbpass != null

     

       632
       632
       -
                       then ''"${toString c.dbpass}"''

     

       633
       612
        
                       else ''""'';

     

       634
       613
        
                   };

     

       635
       614
        
                   adminpass = {

     

       636
       615
        
                     arg = "ADMINPASS";

     

       637
       637
       -
                     value = if c.adminpassFile != null

     

       638
       638
       -
                       then ''"$(<"${toString c.adminpassFile}")"''

     

       639
       639
       -
                       else ''"${toString c.adminpass}"'';

     

       616
       616
       +
                     value = ''"$(<"${toString c.adminpassFile}")"'';

     

       640
       617
        
                   };

     

       641
       618
        
                   installFlags = concatStringsSep " \\\n    "

     

       642
       619
        
                     (mapAttrsToList (k: v: "${k} ${toString v}") {

     
···

       682
       659
        
                       exit 1

     

       683
       660
        
                     fi

     

       684
       661
        
                   ''}

     

       685
       685
       -
                   ${optionalString (c.adminpassFile != null) ''

     

       686
       686
       -
                     if [ ! -r "${c.adminpassFile}" ]; then

     

       687
       687
       -
                       echo "adminpassFile ${c.adminpassFile} is not readable by nextcloud:nextcloud! Aborting..."

     

       688
       688
       -
                       exit 1

     

       689
       689
       -
                     fi

     

       690
       690
       -
                     if [ -z "$(<${c.adminpassFile})" ]; then

     

       691
       691
       -
                       echo "adminpassFile ${c.adminpassFile} is empty!"

     

       692
       692
       -
                       exit 1

     

       693
       693
       -
                     fi

     

       694
       694
       -
                   ''}

     

       662
       662
       +
                   if [ ! -r "${c.adminpassFile}" ]; then

     

       663
       663
       +
                     echo "adminpassFile ${c.adminpassFile} is not readable by nextcloud:nextcloud! Aborting..."

     

       664
       664
       +
                     exit 1

     

       665
       665
       +
                   fi

     

       666
       666
       +
                   if [ -z "$(<${c.adminpassFile})" ]; then

     

       667
       667
       +
                     echo "adminpassFile ${c.adminpassFile} is empty!"

     

       668
       668
       +
                     exit 1

     

       669
       669
       +
                   fi

     

       695
       670
        
       

     

       696
       671
        
                   ln -sf ${cfg.package}/apps ${cfg.home}/

     

       697
       672

+1 -1

nixos/tests/nextcloud/basic.nix

···

       38
       38
        
               hostName = "nextcloud";

     

       39
       39
        
               config = {

     

       40
       40
        
                 # Don't inherit adminuser since "root" is supposed to be the default

     

       41
       41
       -
                 inherit adminpass;

     

       41
       41
       +
                 adminpassFile = "${pkgs.writeText "adminpass" adminpass}"; # Don't try this at home!

     

       42
       42
        
                 dbtableprefix = "nixos_";

     

       43
       43
        
               };

     

       44
       44
        
               package = pkgs.${"nextcloud" + (toString nextcloudVersion)};

+2 -2

nixos/tests/nextcloud/with-mysql-and-memcached.nix

···

       32
       32
        
                 dbuser = "nextcloud";

     

       33
       33
        
                 dbhost = "127.0.0.1";

     

       34
       34
        
                 dbport = 3306;

     

       35
       35
       -
                 dbpass = "hunter2";

     

       35
       35
       +
                 dbpassFile = "${pkgs.writeText "dbpass" "hunter2" }";

     

       36
       36
        
                 # Don't inherit adminuser since "root" is supposed to be the default

     

       37
       37
       -
                 inherit adminpass;

     

       37
       37
       +
                 adminpassFile = "${pkgs.writeText "adminpass" adminpass}"; # Don't try this at home!

     

       38
       38
        
               };

     

       39
       39
        
             };

     

       40
       40