nixos/nextcloud: Move options into now freeForm extraOptions
This commit is contained in:
parent
5ec415b260
commit
dd8c96379f
@ -91,6 +91,8 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m
|
||||
|
||||
- `libass` now uses the native CoreText backend on Darwin, which may fix subtitle rendering issues with `mpv`, `ffmpeg`, etc.
|
||||
|
||||
- The following options of the Nextcloud module were moved into `services.nextcloud.extraOptions`: `logLevel`, `logType`, `log_type`, `defaultPhoneRegion`, `overwriteProtocol`, `skeletonDirectory`, `globalProfiles`, `extraTrustedDomains` and `trustedProxies`.
|
||||
|
||||
- The Yama LSM is now enabled by default in the kernel, which prevents ptracing
|
||||
non-child processes. This means you will not be able to attach gdb to an
|
||||
existing process, but will need to start that process from gdb (so it is a
|
||||
|
@ -51,7 +51,7 @@ to ensure that changes can be applied by changing the module's options.
|
||||
In case the application serves multiple domains (those are checked with
|
||||
[`$_SERVER['HTTP_HOST']`](https://www.php.net/manual/en/reserved.variables.server.php))
|
||||
it's needed to add them to
|
||||
[`services.nextcloud.config.extraTrustedDomains`](#opt-services.nextcloud.config.extraTrustedDomains).
|
||||
[`services.nextcloud.extraOptions.trusted_domains`](#opt-services.nextcloud.extraOptions.trusted_domains).
|
||||
|
||||
Auto updates for Nextcloud apps can be enabled using
|
||||
[`services.nextcloud.autoUpdateApps`](#opt-services.nextcloud.autoUpdateApps.enable).
|
||||
|
@ -94,6 +94,22 @@ in {
|
||||
(mkRemovedOptionModule [ "services" "nextcloud" "disableImagemagick" ] ''
|
||||
Use services.nextcloud.enableImagemagick instead.
|
||||
'')
|
||||
(mkRenamedOptionModule
|
||||
[ "services" "nextcloud" "logLevel" ] [ "services" "nextcloud" "extraOptions" "loglevel" ])
|
||||
(mkRenamedOptionModule
|
||||
[ "services" "nextcloud" "logType" ] [ "services" "nextcloud" "extraOptions" "log_type" ])
|
||||
(mkRenamedOptionModule
|
||||
[ "services" "nextcloud" "config" "defaultPhoneRegion" ] [ "services" "nextcloud" "extraOptions" "default_phone_region" ])
|
||||
(mkRenamedOptionModule
|
||||
[ "services" "nextcloud" "config" "overwriteProtocol" ] [ "services" "nextcloud" "extraOptions" "overwriteprotocol" ])
|
||||
(mkRenamedOptionModule
|
||||
[ "services" "nextcloud" "skeletonDirectory" ] [ "services" "nextcloud" "extraOptions" "skeletondirectory" ])
|
||||
(mkRenamedOptionModule
|
||||
[ "services" "nextcloud" "config" "globalProfiles" ] [ "services" "nextcloud" "extraOptions" "profile.enabled" ])
|
||||
(mkRenamedOptionModule
|
||||
[ "services" "nextcloud" "config" "extraTrustedDomains" ] [ "services" "nextcloud" "extraOptions" "trusted_domains" ])
|
||||
(mkRenamedOptionModule
|
||||
[ "services" "nextcloud" "config" "trustedProxies" ] [ "services" "nextcloud" "extraOptions" "trusted_proxies" ])
|
||||
];
|
||||
|
||||
options.services.nextcloud = {
|
||||
@ -157,32 +173,6 @@ in {
|
||||
Set this to false to disable the installation of apps from the global appstore. App management is always enabled regardless of this setting.
|
||||
'';
|
||||
};
|
||||
logLevel = mkOption {
|
||||
type = types.ints.between 0 4;
|
||||
default = 2;
|
||||
description = lib.mdDoc ''
|
||||
Log level value between 0 (DEBUG) and 4 (FATAL).
|
||||
|
||||
- 0 (debug): Log all activity.
|
||||
|
||||
- 1 (info): Log activity such as user logins and file activities, plus warnings, errors, and fatal errors.
|
||||
|
||||
- 2 (warn): Log successful operations, as well as warnings of potential problems, errors and fatal errors.
|
||||
|
||||
- 3 (error): Log failed operations and fatal errors.
|
||||
|
||||
- 4 (fatal): Log only fatal errors that cause the server to stop.
|
||||
'';
|
||||
};
|
||||
logType = mkOption {
|
||||
type = types.enum [ "errorlog" "file" "syslog" "systemd" ];
|
||||
default = "syslog";
|
||||
description = lib.mdDoc ''
|
||||
Logging backend to use.
|
||||
systemd requires the php-systemd package to be added to services.nextcloud.phpExtraExtensions.
|
||||
See the [nextcloud documentation](https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/logging_configuration.html) for details.
|
||||
'';
|
||||
};
|
||||
https = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
@ -206,16 +196,6 @@ in {
|
||||
'';
|
||||
};
|
||||
|
||||
skeletonDirectory = mkOption {
|
||||
default = "";
|
||||
type = types.str;
|
||||
description = lib.mdDoc ''
|
||||
The directory where the skeleton files are located. These files will be
|
||||
copied to the data directory of new users. Leave empty to not copy any
|
||||
skeleton files.
|
||||
'';
|
||||
};
|
||||
|
||||
webfinger = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
@ -315,7 +295,6 @@ in {
|
||||
|
||||
};
|
||||
|
||||
|
||||
config = {
|
||||
dbtype = mkOption {
|
||||
type = types.enum [ "sqlite" "pgsql" "mysql" ];
|
||||
@ -380,53 +359,6 @@ in {
|
||||
setup of Nextcloud by the systemd service `nextcloud-setup.service`.
|
||||
'';
|
||||
};
|
||||
|
||||
extraTrustedDomains = mkOption {
|
||||
type = types.listOf types.str;
|
||||
default = [];
|
||||
description = lib.mdDoc ''
|
||||
Trusted domains from which the Nextcloud installation will be
|
||||
accessible. You don't need to add
|
||||
`services.nextcloud.hostname` here.
|
||||
'';
|
||||
};
|
||||
|
||||
trustedProxies = mkOption {
|
||||
type = types.listOf types.str;
|
||||
default = [];
|
||||
description = lib.mdDoc ''
|
||||
Trusted proxies to provide if the Nextcloud installation is being
|
||||
proxied to secure against, e.g. spoofing.
|
||||
'';
|
||||
};
|
||||
|
||||
overwriteProtocol = mkOption {
|
||||
type = types.nullOr (types.enum [ "http" "https" ]);
|
||||
default = null;
|
||||
example = "https";
|
||||
|
||||
description = lib.mdDoc ''
|
||||
Force Nextcloud to always use HTTP or HTTPS i.e. for link generation.
|
||||
Nextcloud uses the currently used protocol by default, but when
|
||||
behind a reverse-proxy, it may use `http` for everything although
|
||||
Nextcloud may be served via HTTPS.
|
||||
'';
|
||||
};
|
||||
|
||||
defaultPhoneRegion = mkOption {
|
||||
default = null;
|
||||
type = types.nullOr types.str;
|
||||
example = "DE";
|
||||
description = lib.mdDoc ''
|
||||
An [ISO 3166-1](https://www.iso.org/iso-3166-country-codes.html)
|
||||
country code which replaces automatic phone-number detection
|
||||
without a country code.
|
||||
|
||||
As an example, with `DE` set as the default phone region,
|
||||
the `+49` prefix can be omitted for phone numbers.
|
||||
'';
|
||||
};
|
||||
|
||||
objectstore = {
|
||||
s3 = {
|
||||
enable = mkEnableOption (lib.mdDoc ''
|
||||
@ -609,30 +541,109 @@ in {
|
||||
The nextcloud-occ program preconfigured to target this Nextcloud instance.
|
||||
'';
|
||||
};
|
||||
globalProfiles = mkEnableOption (lib.mdDoc "global profiles") // {
|
||||
description = lib.mdDoc ''
|
||||
Makes user-profiles globally available under `nextcloud.tld/u/user.name`.
|
||||
Even though it's enabled by default in Nextcloud, it must be explicitly enabled
|
||||
here because it has the side-effect that personal information is even accessible to
|
||||
unauthenticated users by default.
|
||||
|
||||
By default, the following properties are set to “Show to everyone”
|
||||
if this flag is enabled:
|
||||
- About
|
||||
- Full name
|
||||
- Headline
|
||||
- Organisation
|
||||
- Profile picture
|
||||
- Role
|
||||
- Twitter
|
||||
- Website
|
||||
|
||||
Only has an effect in Nextcloud 23 and later.
|
||||
'';
|
||||
};
|
||||
|
||||
extraOptions = mkOption {
|
||||
type = jsonFormat.type;
|
||||
type = types.submodule {
|
||||
freeformType = jsonFormat.type;
|
||||
options = {
|
||||
|
||||
loglevel = mkOption {
|
||||
type = types.ints.between 0 4;
|
||||
default = 2;
|
||||
description = lib.mdDoc ''
|
||||
Log level value between 0 (DEBUG) and 4 (FATAL).
|
||||
|
||||
- 0 (debug): Log all activity.
|
||||
|
||||
- 1 (info): Log activity such as user logins and file activities, plus warnings, errors, and fatal errors.
|
||||
|
||||
- 2 (warn): Log successful operations, as well as warnings of potential problems, errors and fatal errors.
|
||||
|
||||
- 3 (error): Log failed operations and fatal errors.
|
||||
|
||||
- 4 (fatal): Log only fatal errors that cause the server to stop.
|
||||
'';
|
||||
};
|
||||
log_type = mkOption {
|
||||
type = types.enum [ "errorlog" "file" "syslog" "systemd" ];
|
||||
default = "syslog";
|
||||
description = lib.mdDoc ''
|
||||
Logging backend to use.
|
||||
systemd requires the php-systemd package to be added to services.nextcloud.phpExtraExtensions.
|
||||
See the [nextcloud documentation](https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/logging_configuration.html) for details.
|
||||
'';
|
||||
};
|
||||
skeletondirectory = mkOption {
|
||||
default = "";
|
||||
type = types.str;
|
||||
description = lib.mdDoc ''
|
||||
The directory where the skeleton files are located. These files will be
|
||||
copied to the data directory of new users. Leave empty to not copy any
|
||||
skeleton files.
|
||||
'';
|
||||
};
|
||||
trusted_domains = mkOption {
|
||||
type = types.listOf types.str;
|
||||
default = [];
|
||||
description = lib.mdDoc ''
|
||||
Trusted domains, from which the nextcloud installation will be
|
||||
accessible. You don't need to add
|
||||
`services.nextcloud.hostname` here.
|
||||
'';
|
||||
};
|
||||
trusted_proxies = mkOption {
|
||||
type = types.listOf types.str;
|
||||
default = [];
|
||||
description = lib.mdDoc ''
|
||||
Trusted proxies, to provide if the nextcloud installation is being
|
||||
proxied to secure against e.g. spoofing.
|
||||
'';
|
||||
};
|
||||
overwriteprotocol = mkOption {
|
||||
type = types.enum [ "" "http" "https" ];
|
||||
default = "";
|
||||
example = "https";
|
||||
description = lib.mdDoc ''
|
||||
Force Nextcloud to always use HTTP or HTTPS i.e. for link generation.
|
||||
Nextcloud uses the currently used protocol by default, but when
|
||||
behind a reverse-proxy, it may use `http` for everything although
|
||||
Nextcloud may be served via HTTPS.
|
||||
'';
|
||||
};
|
||||
default_phone_region = mkOption {
|
||||
default = "";
|
||||
type = types.str;
|
||||
example = "DE";
|
||||
description = lib.mdDoc ''
|
||||
An [ISO 3166-1](https://www.iso.org/iso-3166-country-codes.html)
|
||||
country code which replaces automatic phone-number detection
|
||||
without a country code.
|
||||
|
||||
As an example, with `DE` set as the default phone region,
|
||||
the `+49` prefix can be omitted for phone numbers.
|
||||
'';
|
||||
};
|
||||
"profile.enabled" = mkEnableOption (lib.mdDoc "global profiles") // {
|
||||
description = lib.mdDoc ''
|
||||
Makes user-profiles globally available under `nextcloud.tld/u/user.name`.
|
||||
Even though it's enabled by default in Nextcloud, it must be explicitly enabled
|
||||
here because it has the side-effect that personal information is even accessible to
|
||||
unauthenticated users by default.
|
||||
By default, the following properties are set to “Show to everyone”
|
||||
if this flag is enabled:
|
||||
- About
|
||||
- Full name
|
||||
- Headline
|
||||
- Organisation
|
||||
- Profile picture
|
||||
- Role
|
||||
- Twitter
|
||||
- Website
|
||||
Only has an effect in Nextcloud 23 and later.
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
default = {};
|
||||
description = lib.mdDoc ''
|
||||
Extra options which should be appended to Nextcloud's config.php file.
|
||||
@ -770,7 +781,6 @@ in {
|
||||
|
||||
nextcloud-setup = let
|
||||
c = cfg.config;
|
||||
writePhpArray = a: "[${concatMapStringsSep "," (val: ''"${toString val}"'') a}]";
|
||||
requiresReadSecretFunction = c.dbpassFile != null || c.objectstore.s3.enable;
|
||||
objectstoreConfig = let s3 = c.objectstore.s3; in optionalString s3.enable ''
|
||||
'objectstore' => [
|
||||
@ -833,12 +843,7 @@ in {
|
||||
[ 'path' => '${cfg.home}/store-apps', 'url' => '/store-apps', 'writable' => true ],
|
||||
],
|
||||
${optionalString (showAppStoreSetting) "'appstoreenabled' => ${renderedAppStoreSetting},"}
|
||||
'datadirectory' => '${datadir}/data',
|
||||
'skeletondirectory' => '${cfg.skeletonDirectory}',
|
||||
${optionalString cfg.caching.apcu "'memcache.local' => '\\OC\\Memcache\\APCu',"}
|
||||
'log_type' => '${cfg.logType}',
|
||||
'loglevel' => '${builtins.toString cfg.logLevel}',
|
||||
${optionalString (c.overwriteProtocol != null) "'overwriteprotocol' => '${c.overwriteProtocol}',"}
|
||||
${optionalString (c.dbname != null) "'dbname' => '${c.dbname}',"}
|
||||
${optionalString (c.dbhost != null) "'dbhost' => '${c.dbhost}',"}
|
||||
${optionalString (c.dbport != null) "'dbport' => '${toString c.dbport}',"}
|
||||
@ -851,10 +856,6 @@ in {
|
||||
''
|
||||
}
|
||||
'dbtype' => '${c.dbtype}',
|
||||
'trusted_domains' => ${writePhpArray ([ cfg.hostName ] ++ c.extraTrustedDomains)},
|
||||
'trusted_proxies' => ${writePhpArray (c.trustedProxies)},
|
||||
${optionalString (c.defaultPhoneRegion != null) "'default_phone_region' => '${c.defaultPhoneRegion}',"}
|
||||
${optionalString (nextcloudGreaterOrEqualThan "23") "'profile.enabled' => ${boolToString cfg.globalProfiles},"}
|
||||
${objectstoreConfig}
|
||||
];
|
||||
|
||||
@ -907,7 +908,7 @@ in {
|
||||
(i: v: ''
|
||||
${occ}/bin/nextcloud-occ config:system:set trusted_domains \
|
||||
${toString i} --value="${toString v}"
|
||||
'') ([ cfg.hostName ] ++ cfg.config.extraTrustedDomains));
|
||||
'') ([ cfg.hostName ] ++ cfg.extraOptions.trusted_domains));
|
||||
|
||||
in {
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
@ -1043,16 +1044,19 @@ in {
|
||||
user = "nextcloud";
|
||||
};
|
||||
|
||||
services.nextcloud = lib.mkIf cfg.configureRedis {
|
||||
caching.redis = true;
|
||||
extraOptions = {
|
||||
services.nextcloud = {
|
||||
caching.redis = lib.mkIf cfg.configureRedis true;
|
||||
extraOptions = mkMerge [({
|
||||
datadirectory = lib.mkDefault "${datadir}/data";
|
||||
trusted_domains = [ cfg.hostName ];
|
||||
}) (lib.mkIf cfg.configureRedis {
|
||||
"memcache.distributed" = ''\OC\Memcache\Redis'';
|
||||
"memcache.locking" = ''\OC\Memcache\Redis'';
|
||||
redis = {
|
||||
host = config.services.redis.servers.nextcloud.unixSocket;
|
||||
port = 0;
|
||||
};
|
||||
};
|
||||
})];
|
||||
};
|
||||
|
||||
services.nginx.enable = mkDefault true;
|
||||
|
@ -32,7 +32,6 @@ in {
|
||||
adminpassFile = toString (pkgs.writeText "admin-pass-file" ''
|
||||
${adminpass}
|
||||
'');
|
||||
trustedProxies = [ "::1" ];
|
||||
};
|
||||
notify_push = {
|
||||
enable = true;
|
||||
@ -42,6 +41,7 @@ in {
|
||||
extraApps = {
|
||||
inherit (pkgs."nextcloud${lib.versions.major config.services.nextcloud.package.version}Packages".apps) notify_push;
|
||||
};
|
||||
extraOptions.trusted_proxies = [ "::1" ];
|
||||
};
|
||||
|
||||
services.redis.servers."nextcloud".enable = true;
|
||||
|
Loading…
Reference in New Issue
Block a user