Merge pull request #222372 from NixOS/nextcloud26

- Deprecated `xlibsWrapper` transitional package has been removed in favour of direct use of its constitutents: `xorg.libX11`, `freetype` and others.

- The latest available version of Nextcloud is v26 (available as `pkgs.nextcloud26`) which uses PHP 8.2 as interpreter by default. The installation logic is as follows:

  - If `system.stateVersion` is >=23.05, `pkgs.nextcloud26` will be installed by default.

  - If `system.stateVersion` is >=22.11, `pkgs.nextcloud25` will be installed by default.

  - Please note that an upgrade from v24 (or older) to v26 directly is not possible. Please upgrade to `nextcloud25` (or earlier) first. Nextcloud prohibits skipping major versions while upgrading. You can upgrade by declaring [`services.nextcloud.package = pkgs.nextcloud25;`](options.html#opt-services.nextcloud.package).

  - It's recommended to use the latest version available (i.e. v26) and to specify that using `services.nextcloud.package`.

- .NET 5.0 was removed due to being end-of-life, use a newer, supported .NET version - https://dotnet.microsoft.com/en-us/platform/support/policy/dotnet-core

- The iputils package, which is installed by default, no longer provides the

[services.nextcloud](#opt-services.nextcloud.enable). A

desktop client is packaged at `pkgs.nextcloud-client`.

The current default by NixOS is `nextcloud25` which is also the latest

The current default by NixOS is `nextcloud26` which is also the latest

major version available.

## Basic usage {#module-services-nextcloud-basic-usage}

    package = mkOption {

      type = types.package;

      description = lib.mdDoc "Which package to use for the Nextcloud instance.";

      relatedPackages = [ "nextcloud24" "nextcloud25" ];

      relatedPackages = [ "nextcloud24" "nextcloud25" "nextcloud26" ];

    };

    phpPackage = mkOption {

      type = types.package;

  config = mkIf cfg.enable (mkMerge [

    { warnings = let

        latest = 25;

        latest = 26;

        upgradeWarning = major: nixos:

          ''

            A legacy Nextcloud install (from before NixOS ${nixos}) may be installed.

            `services.nextcloud.package`.

          '';

        # FIXME(@Ma27) remove as soon as nextcloud properly supports

        # mariadb >=10.6.

        isUnsupportedMariadb =

          # All currently supported Nextcloud versions are affected (https://github.com/nextcloud/server/issues/25436).

          (versionOlder cfg.package.version "24")

          # This module uses mysql

          && (cfg.config.dbtype == "mysql")

          # MySQL is managed via NixOS

          && config.services.mysql.enable

          # We're using MariaDB

          && (getName config.services.mysql.package) == "mariadb-server"

          # MariaDB is at least 10.6 and thus not supported

          && (versionAtLeast (getVersion config.services.mysql.package) "10.6");

      in (optional (cfg.poolConfig != null) ''

          Using config.services.nextcloud.poolConfig is deprecated and will become unsupported in a future release.

          Please migrate your configuration to config.services.nextcloud.poolSettings.

        ++ (optional (versionOlder cfg.package.version "23") (upgradeWarning 22 "22.05"))

        ++ (optional (versionOlder cfg.package.version "24") (upgradeWarning 23 "22.05"))

        ++ (optional (versionOlder cfg.package.version "25") (upgradeWarning 24 "22.11"))

        ++ (optional (versionOlder cfg.package.version "26") (upgradeWarning 25 "23.05"))

        ++ (optional cfg.enableBrokenCiphersForSSE ''

          You're using PHP's openssl extension built against OpenSSL 1.1 for Nextcloud.

          This is only necessary if you're using Nextcloud's server-side encryption.

          See <https://docs.nextcloud.com/server/latest/admin_manual/configuration_files/encryption_configuration.html#disabling-encryption> on how to achieve this.

          For more context, here is the implementing pull request: https://github.com/NixOS/nixpkgs/pull/198470

        '')

        ++ (optional isUnsupportedMariadb ''

            You seem to be using MariaDB at an unsupported version (i.e. at least 10.6)!

            Please note that this isn't supported officially by Nextcloud. You can either

            * Switch to `pkgs.mysql`

            * Downgrade MariaDB to at least 10.5

            * Work around Nextcloud's problems by specifying `innodb_read_only_compressed=0`

            For further context, please read

            https://help.nextcloud.com/t/update-to-next-cloud-21-0-2-has-get-an-error/117028/15

        '');

      services.nextcloud.package = with pkgs;

              `pkgs.nextcloud`.

            ''

          else if versionOlder stateVersion "22.11" then nextcloud24

          else nextcloud25

          else if versionOlder stateVersion "23.05" then nextcloud25

          else nextcloud26

        );

      services.nextcloud.phpPackage =

        if versionOlder cfg.package.version "24" then pkgs.php80

        else pkgs.php81;

        if versionOlder cfg.package.version "26" then pkgs.php81

        else pkgs.php82;

    }

    { assertions = [

          '';

          serviceConfig.Type = "oneshot";

          serviceConfig.User = "nextcloud";

          # On Nextcloud ≥ 26, it is not necessary to patch the database files to prevent

          # an automatic creation of the database user.

          environment.NC_setup_create_db_user = lib.mkIf (nextcloudGreaterOrEqualThan "26") "false";

        };

        nextcloud-cron = {

          after = [ "nextcloud-setup.service" ];

          name = cfg.config.dbuser;

          ensurePermissions = { "${cfg.config.dbname}.*" = "ALL PRIVILEGES"; };

        }];

        # FIXME(@Ma27) Nextcloud isn't compatible with mariadb 10.6,

        # this is a workaround.

        # See https://help.nextcloud.com/t/update-to-next-cloud-21-0-2-has-get-an-error/117028/22

        settings = mkIf (versionOlder cfg.package.version "24") {

          mysqld = {

            innodb_read_only_compressed = 0;

          };

        };

        initialScript = pkgs.writeText "mysql-init" ''

          CREATE USER '${cfg.config.dbname}'@'localhost' IDENTIFIED BY '${builtins.readFile( cfg.config.dbpassFile )}';

          CREATE DATABASE IF NOT EXISTS ${cfg.config.dbname};

    };

  })

{ }

  [ 24 25 ]

  [ 24 25 26 ]

    nextcloudwithopenssl1.wait_for_unit("multi-user.target")

    nextcloudwithopenssl1.succeed("nextcloud-occ status")

    nextcloudwithopenssl1.succeed("curl -sSf http://nextcloudwithopenssl1/login")

    nextcloud_version = ${toString nextcloudVersion}

    with subtest("With OpenSSL 1 SSE can be enabled and used"):

        nextcloudwithopenssl1.succeed("nextcloud-occ app:enable encryption")

        nextcloudwithopenssl1.succeed("nextcloud-occ status")

    with subtest("Existing encrypted files cannot be read, but new files can be added"):

        nextcloudwithopenssl1.fail("${withRcloneEnv3} ${pkgs.rclone}/bin/rclone cat nextcloud:test-shared-file >&2")

        # This will succed starting NC26 because of their custom implementation of openssl_seal

        read_existing_file_test = nextcloudwithopenssl1.fail if nextcloud_version < 26 else nextcloudwithopenssl1.succeed

        read_existing_file_test("${withRcloneEnv3} ${pkgs.rclone}/bin/rclone cat nextcloud:test-shared-file >&2")

        nextcloudwithopenssl1.succeed("nextcloud-occ encryption:disable")

        nextcloudwithopenssl1.succeed("${copySharedFile3}")

        nextcloudwithopenssl1.succeed("grep bye /var/lib/nextcloud/data/root/files/test-shared-file2")