Loading nixos/modules/services/web-apps/nextcloud.nix +17 −10 Original line number Diff line number Diff line Loading @@ -9,6 +9,11 @@ with lib; let cfg = config.services.nextcloud; overridePackage = cfg.package.override { inherit (config.security.pki) caBundle; }; fpm = config.services.phpfpm.pools.nextcloud; jsonFormat = pkgs.formats.json { }; Loading Loading @@ -51,13 +56,13 @@ let }; webroot = pkgs.runCommand "${cfg.package.name or "nextcloud"}-with-apps" pkgs.runCommand "${overridePackage.name or "nextcloud"}-with-apps" { preferLocalBuild = true; } '' mkdir $out ln -sfv "${cfg.package}"/* "$out" ln -sfv "${overridePackage}"/* "$out" ${concatStrings ( mapAttrsToList ( name: store: Loading Loading @@ -185,8 +190,8 @@ let mysqlLocal = cfg.database.createLocally && cfg.config.dbtype == "mysql"; pgsqlLocal = cfg.database.createLocally && cfg.config.dbtype == "pgsql"; nextcloudGreaterOrEqualThan = versionAtLeast cfg.package.version; nextcloudOlderThan = versionOlder cfg.package.version; nextcloudGreaterOrEqualThan = versionAtLeast overridePackage.version; nextcloudOlderThan = versionOlder overridePackage.version; # https://github.com/nextcloud/documentation/pull/11179 ocmProviderIsNotAStaticDirAnymore = Loading Loading @@ -1028,12 +1033,12 @@ in If you have an existing installation with a custom table prefix, make sure it is set correctly in `config.php` and remove the option from your NixOS config. '') ++ (optional (versionOlder cfg.package.version "26") (upgradeWarning 25 "23.05")) ++ (optional (versionOlder cfg.package.version "27") (upgradeWarning 26 "23.11")) ++ (optional (versionOlder cfg.package.version "28") (upgradeWarning 27 "24.05")) ++ (optional (versionOlder cfg.package.version "29") (upgradeWarning 28 "24.11")) ++ (optional (versionOlder cfg.package.version "30") (upgradeWarning 29 "24.11")) ++ (optional (versionOlder cfg.package.version "31") (upgradeWarning 30 "25.05")); ++ (optional (versionOlder overridePackage.version "26") (upgradeWarning 25 "23.05")) ++ (optional (versionOlder overridePackage.version "27") (upgradeWarning 26 "23.11")) ++ (optional (versionOlder overridePackage.version "28") (upgradeWarning 27 "24.05")) ++ (optional (versionOlder overridePackage.version "29") (upgradeWarning 28 "24.11")) ++ (optional (versionOlder overridePackage.version "30") (upgradeWarning 29 "24.11")) ++ (optional (versionOlder overridePackage.version "31") (upgradeWarning 30 "25.05")); services.nextcloud.package = with pkgs; Loading Loading @@ -1386,6 +1391,8 @@ in datadirectory = lib.mkDefault "${datadir}/data"; trusted_domains = [ cfg.hostName ]; "upgrade.disable-web" = true; # NixOS already provides its own integrity check and the nix store is read-only, therefore Nextcloud does not need to do its own integrity checks. "integrity.check.disabled" = true; }) (lib.mkIf cfg.configureRedis { "memcache.distributed" = ''\OC\Memcache\Redis''; Loading nixos/tests/nextcloud/with-objectstore.nix +70 −11 Original line number Diff line number Diff line Loading @@ -26,11 +26,13 @@ runTest ( nodes = { nextcloud = { config, pkgs, ... }: { networking.firewall.allowedTCPPorts = [ 9000 ]; environment.systemPackages = [ pkgs.minio-client ]; config, pkgs, nodes, ... }: { services.nextcloud.config.dbtype = "sqlite"; services.nextcloud.config.objectstore.s3 = { Loading @@ -39,13 +41,66 @@ runTest ( autocreate = true; key = accessKey; secretFile = "${pkgs.writeText "secretKey" secretKey}"; hostname = "nextcloud"; useSsl = false; port = 9000; hostname = "acme.test"; useSsl = true; port = 443; usePathStyle = true; region = "us-east-1"; }; security.pki.certificates = [ (builtins.readFile ../common/acme/server/ca.cert.pem) ]; environment.systemPackages = [ pkgs.minio-client ]; # The dummy certs are for acme.test, so we pretend that's the FQDN # of the minio VM. networking.extraHosts = '' ${nodes.minio.networking.primaryIPAddress} acme.test ''; }; client = { nodes, ... }: { security.pki.certificates = [ (builtins.readFile ../common/acme/server/ca.cert.pem) ]; networking.extraHosts = '' ${nodes.minio.networking.primaryIPAddress} acme.test ''; }; minio = { ... }: { security.pki.certificates = [ (builtins.readFile ../common/acme/server/ca.cert.pem) ]; services.nginx = { enable = true; recommendedProxySettings = true; virtualHosts."acme.test" = { onlySSL = true; sslCertificate = ../common/acme/server/acme.test.cert.pem; sslCertificateKey = ../common/acme/server/acme.test.key.pem; locations."/".proxyPass = "http://127.0.0.1:9000"; }; }; networking.extraHosts = '' 127.0.0.1 acme.test ''; networking.firewall.allowedTCPPorts = [ 9000 80 443 ]; services.minio = { enable = true; listenAddress = "0.0.0.0:9000"; Loading @@ -56,18 +111,22 @@ runTest ( }; test-helpers.init = '' nextcloud.wait_for_open_port(9000) minio.start() minio.wait_for_open_port(9000) minio.wait_for_unit("nginx.service") minio.wait_for_open_port(443) ''; test-helpers.extraTests = { nodes, ... }: '' with subtest("File is not on the filesystem"): nextcloud.succeed("test ! -e ${nodes.nextcloud.services.nextcloud.home}/data/root/files/test-shared-file") with subtest("Check if file is in S3"): nextcloud.succeed( "mc config host add minio http://localhost:9000 ${accessKey} ${secretKey} --api s3v4" "mc config host add minio https://acme.test ${accessKey} ${secretKey} --api s3v4" ) files = nextcloud.succeed('mc ls minio/nextcloud|sort').strip().split('\n') Loading Loading @@ -100,8 +159,8 @@ runTest ( with subtest("Test download from S3"): client.succeed( "env AWS_ACCESS_KEY_ID=${accessKey} AWS_SECRET_ACCESS_KEY=${secretKey} " + f"${lib.getExe pkgs.awscli2} s3 cp s3://nextcloud/{file} test --endpoint-url http://nextcloud:9000 " + "--region us-east-1" + f"${lib.getExe pkgs.awscli2} s3 cp s3://nextcloud/{file} test --endpoint-url https://acme.test " + "--region us-east-1 --ca-bundle /etc/ssl/certs/ca-bundle.crt" ) client.succeed("test hi = $(cat test)") Loading pkgs/servers/nextcloud/default.nix +6 −0 Original line number Diff line number Diff line Loading @@ -3,6 +3,8 @@ stdenvNoCC, fetchurl, nixosTests, cacert, caBundle ? "${cacert}/etc/ssl/certs/ca-bundle.crt", nextcloud30Packages, nextcloud31Packages, }: Loading Loading @@ -32,6 +34,10 @@ let inherit packages; }; postPatch = '' cp ${caBundle} resources/config/ca-bundle.crt ''; installPhase = '' runHook preInstall mkdir -p $out/ Loading Loading
nixos/modules/services/web-apps/nextcloud.nix +17 −10 Original line number Diff line number Diff line Loading @@ -9,6 +9,11 @@ with lib; let cfg = config.services.nextcloud; overridePackage = cfg.package.override { inherit (config.security.pki) caBundle; }; fpm = config.services.phpfpm.pools.nextcloud; jsonFormat = pkgs.formats.json { }; Loading Loading @@ -51,13 +56,13 @@ let }; webroot = pkgs.runCommand "${cfg.package.name or "nextcloud"}-with-apps" pkgs.runCommand "${overridePackage.name or "nextcloud"}-with-apps" { preferLocalBuild = true; } '' mkdir $out ln -sfv "${cfg.package}"/* "$out" ln -sfv "${overridePackage}"/* "$out" ${concatStrings ( mapAttrsToList ( name: store: Loading Loading @@ -185,8 +190,8 @@ let mysqlLocal = cfg.database.createLocally && cfg.config.dbtype == "mysql"; pgsqlLocal = cfg.database.createLocally && cfg.config.dbtype == "pgsql"; nextcloudGreaterOrEqualThan = versionAtLeast cfg.package.version; nextcloudOlderThan = versionOlder cfg.package.version; nextcloudGreaterOrEqualThan = versionAtLeast overridePackage.version; nextcloudOlderThan = versionOlder overridePackage.version; # https://github.com/nextcloud/documentation/pull/11179 ocmProviderIsNotAStaticDirAnymore = Loading Loading @@ -1028,12 +1033,12 @@ in If you have an existing installation with a custom table prefix, make sure it is set correctly in `config.php` and remove the option from your NixOS config. '') ++ (optional (versionOlder cfg.package.version "26") (upgradeWarning 25 "23.05")) ++ (optional (versionOlder cfg.package.version "27") (upgradeWarning 26 "23.11")) ++ (optional (versionOlder cfg.package.version "28") (upgradeWarning 27 "24.05")) ++ (optional (versionOlder cfg.package.version "29") (upgradeWarning 28 "24.11")) ++ (optional (versionOlder cfg.package.version "30") (upgradeWarning 29 "24.11")) ++ (optional (versionOlder cfg.package.version "31") (upgradeWarning 30 "25.05")); ++ (optional (versionOlder overridePackage.version "26") (upgradeWarning 25 "23.05")) ++ (optional (versionOlder overridePackage.version "27") (upgradeWarning 26 "23.11")) ++ (optional (versionOlder overridePackage.version "28") (upgradeWarning 27 "24.05")) ++ (optional (versionOlder overridePackage.version "29") (upgradeWarning 28 "24.11")) ++ (optional (versionOlder overridePackage.version "30") (upgradeWarning 29 "24.11")) ++ (optional (versionOlder overridePackage.version "31") (upgradeWarning 30 "25.05")); services.nextcloud.package = with pkgs; Loading Loading @@ -1386,6 +1391,8 @@ in datadirectory = lib.mkDefault "${datadir}/data"; trusted_domains = [ cfg.hostName ]; "upgrade.disable-web" = true; # NixOS already provides its own integrity check and the nix store is read-only, therefore Nextcloud does not need to do its own integrity checks. "integrity.check.disabled" = true; }) (lib.mkIf cfg.configureRedis { "memcache.distributed" = ''\OC\Memcache\Redis''; Loading
nixos/tests/nextcloud/with-objectstore.nix +70 −11 Original line number Diff line number Diff line Loading @@ -26,11 +26,13 @@ runTest ( nodes = { nextcloud = { config, pkgs, ... }: { networking.firewall.allowedTCPPorts = [ 9000 ]; environment.systemPackages = [ pkgs.minio-client ]; config, pkgs, nodes, ... }: { services.nextcloud.config.dbtype = "sqlite"; services.nextcloud.config.objectstore.s3 = { Loading @@ -39,13 +41,66 @@ runTest ( autocreate = true; key = accessKey; secretFile = "${pkgs.writeText "secretKey" secretKey}"; hostname = "nextcloud"; useSsl = false; port = 9000; hostname = "acme.test"; useSsl = true; port = 443; usePathStyle = true; region = "us-east-1"; }; security.pki.certificates = [ (builtins.readFile ../common/acme/server/ca.cert.pem) ]; environment.systemPackages = [ pkgs.minio-client ]; # The dummy certs are for acme.test, so we pretend that's the FQDN # of the minio VM. networking.extraHosts = '' ${nodes.minio.networking.primaryIPAddress} acme.test ''; }; client = { nodes, ... }: { security.pki.certificates = [ (builtins.readFile ../common/acme/server/ca.cert.pem) ]; networking.extraHosts = '' ${nodes.minio.networking.primaryIPAddress} acme.test ''; }; minio = { ... }: { security.pki.certificates = [ (builtins.readFile ../common/acme/server/ca.cert.pem) ]; services.nginx = { enable = true; recommendedProxySettings = true; virtualHosts."acme.test" = { onlySSL = true; sslCertificate = ../common/acme/server/acme.test.cert.pem; sslCertificateKey = ../common/acme/server/acme.test.key.pem; locations."/".proxyPass = "http://127.0.0.1:9000"; }; }; networking.extraHosts = '' 127.0.0.1 acme.test ''; networking.firewall.allowedTCPPorts = [ 9000 80 443 ]; services.minio = { enable = true; listenAddress = "0.0.0.0:9000"; Loading @@ -56,18 +111,22 @@ runTest ( }; test-helpers.init = '' nextcloud.wait_for_open_port(9000) minio.start() minio.wait_for_open_port(9000) minio.wait_for_unit("nginx.service") minio.wait_for_open_port(443) ''; test-helpers.extraTests = { nodes, ... }: '' with subtest("File is not on the filesystem"): nextcloud.succeed("test ! -e ${nodes.nextcloud.services.nextcloud.home}/data/root/files/test-shared-file") with subtest("Check if file is in S3"): nextcloud.succeed( "mc config host add minio http://localhost:9000 ${accessKey} ${secretKey} --api s3v4" "mc config host add minio https://acme.test ${accessKey} ${secretKey} --api s3v4" ) files = nextcloud.succeed('mc ls minio/nextcloud|sort').strip().split('\n') Loading Loading @@ -100,8 +159,8 @@ runTest ( with subtest("Test download from S3"): client.succeed( "env AWS_ACCESS_KEY_ID=${accessKey} AWS_SECRET_ACCESS_KEY=${secretKey} " + f"${lib.getExe pkgs.awscli2} s3 cp s3://nextcloud/{file} test --endpoint-url http://nextcloud:9000 " + "--region us-east-1" + f"${lib.getExe pkgs.awscli2} s3 cp s3://nextcloud/{file} test --endpoint-url https://acme.test " + "--region us-east-1 --ca-bundle /etc/ssl/certs/ca-bundle.crt" ) client.succeed("test hi = $(cat test)") Loading
pkgs/servers/nextcloud/default.nix +6 −0 Original line number Diff line number Diff line Loading @@ -3,6 +3,8 @@ stdenvNoCC, fetchurl, nixosTests, cacert, caBundle ? "${cacert}/etc/ssl/certs/ca-bundle.crt", nextcloud30Packages, nextcloud31Packages, }: Loading Loading @@ -32,6 +34,10 @@ let inherit packages; }; postPatch = '' cp ${caBundle} resources/config/ca-bundle.crt ''; installPhase = '' runHook preInstall mkdir -p $out/ Loading
