Merge master into staging-next

/pkgs/top-level/php-packages.nix         @jtojnar @aanderse @globin @ma27 @talyz

# Docker tools

/pkgs/build-support/docker                   @roberth

/nixos/tests/docker-tools*                   @roberth

/doc/build-helpers/images/dockertools.section.md  @roberth

/pkgs/build-support/docker                       @roberth @jhol

/nixos/tests/docker-tools*                       @roberth @jhol

/doc/build-helpers/images/dockertools.section.md @roberth @jhol

# Blockchains

/pkgs/applications/blockchains  @mmahut @RaghavSood

  See the neovim help page [`:help startup`](https://neovim.io/doc/user/starting.html#startup) for more information, as well as [the nixpkgs neovim wrapper documentation](#neovim-custom-configuration).

- `cloudflare-ddns`: Added package cloudflare-ddns.

- `nextcloud32`: Added for the Nextcloud 32 major release.

  See https://nextcloud.com/blog/nextcloud-hub25-autumn/ for more details on the new major version.

    ```

  */

  listFilesRecursive =

    let

      # We only flatten at the very end, as flatten is recursive.

      internalFunc =

        dir:

    lib.flatten (

      lib.mapAttrsToList (

        name: type:

        if type == "directory" then

          lib.filesystem.listFilesRecursive (dir + "/${name}")

        else

          dir + "/${name}"

      ) (builtins.readDir dir)

    );

        (lib.mapAttrsToList (

          name: type: if type == "directory" then internalFunc (dir + "/${name}") else dir + "/${name}"

        ) (builtins.readDir dir));

    in

    dir: lib.flatten (internalFunc dir);

  /**

    Transform a directory tree containing package files suitable for

[services.nextcloud](#opt-services.nextcloud.enable). A

desktop client is packaged at `pkgs.nextcloud-client`.

The current default by NixOS is `nextcloud31` which is also the latest

The current default by NixOS is `nextcloud32` which is also the latest

major version available.

## Basic usage {#module-services-nextcloud-basic-usage}

    (lib.mkRemovedOptionModule [ "services" "nextcloud" "config" "dbport" ] ''

      Add port to services.nextcloud.config.dbhost instead.

    '')

    (lib.mkRemovedOptionModule [ "services" "nextcloud" "nginx" "recommendedHttpHeaders" ] ''

      This option has been removed to always follow upstream's security recommendation.

    '')

    (lib.mkRenamedOptionModule

      [ "services" "nextcloud" "logLevel" ]

      [ "services" "nextcloud" "settings" "loglevel" ]

      description = "Which package to use for the Nextcloud instance.";

      relatedPackages = [

        "nextcloud31"

        "nextcloud32"

      ];

    };

    phpPackage = lib.mkPackageOption pkgs "php" {

      default = [ "php83" ];

      default = [ "php84" ];

      example = "php82";

    };

    };

    nginx = {

      recommendedHttpHeaders = lib.mkOption {

        type = lib.types.bool;

        default = true;

        description = "Enable additional recommended HTTP response headers";

      };

      hstsMaxAge = lib.mkOption {

        type = lib.types.ints.positive;

        default = 15552000;

      {

        warnings =

          let

            latest = 31;

            latest = 32;

            upgradeWarning = major: nixos: ''

              A legacy Nextcloud install (from before NixOS ${nixos}) may be installed.

          ++ (lib.optional (lib.versionOlder overridePackage.version "28") (upgradeWarning 27 "24.05"))

          ++ (lib.optional (lib.versionOlder overridePackage.version "29") (upgradeWarning 28 "24.11"))

          ++ (lib.optional (lib.versionOlder overridePackage.version "30") (upgradeWarning 29 "24.11"))

          ++ (lib.optional (lib.versionOlder overridePackage.version "31") (upgradeWarning 30 "25.05"));

          ++ (lib.optional (lib.versionOlder overridePackage.version "31") (upgradeWarning 30 "25.05"))

          ++ (lib.optional (lib.versionOlder overridePackage.version "32") (upgradeWarning 31 "25.11"));

        services.nextcloud.package = lib.mkDefault (

          if pkgs ? nextcloud then

            pkgs.nextcloud29

          else if lib.versionOlder stateVersion "25.05" then

            pkgs.nextcloud30

          else

          else if lib.versionOlder stateVersion "25.11" then

            pkgs.nextcloud31

          else

            pkgs.nextcloud32

        );

        services.nextcloud.phpOptions = lib.mkMerge [

          };

          extraConfig = ''

            index index.php index.html /index.php$request_uri;

            ${lib.optionalString (cfg.nginx.recommendedHttpHeaders) ''

            add_header X-Content-Type-Options nosniff;

            add_header X-Robots-Tag "noindex, nofollow";

            add_header X-Permitted-Cross-Domain-Policies none;

            add_header X-Frame-Options sameorigin;

            add_header Referrer-Policy no-referrer;

            ''}

            ${lib.optionalString (cfg.https) ''

              add_header Strict-Transport-Security "max-age=${toString cfg.nginx.hstsMaxAge}; includeSubDomains" always;

            ''}

            client_max_body_size ${cfg.maxUploadSize};

            fastcgi_buffers 64 4K;

            fastcgi_hide_header X-Powered-By;

            # mirror upstream htaccess file https://github.com/nextcloud/server/blob/v32.0.0/.htaccess#L40-L41

            fastcgi_hide_header Referrer-Policy;

            fastcgi_hide_header X-Content-Type-Options;

            fastcgi_hide_header X-Frame-Options;

            fastcgi_hide_header X-Permitted-Cross-Domain-Policies;

            fastcgi_hide_header X-Robots-Tag;

            gzip on;

            gzip_vary on;

            gzip_comp_level 4;