1 with import ../../libs.nix;
7 buildApp = { appName, version, url, sha256, installPhase ? "mkdir -p $out && cp -R . $out/" }:
8 pkgs.stdenv.mkDerivation rec {
9 name = "nextcloud-app-${appName}-${version}";
11 phases = "unpackPhase installPhase";
13 src = fetchurl { inherit url sha256; };
16 # FIXME: nextcloud complains that he cannot write into config
17 # directory when an app needs upgrade
18 # /!\ Attention, just changing the version number is not
19 # sufficient when the downloaded file doesn’t contain the version
20 # number in it, sha256 needs to be recomputed
21 audioplayer = buildApp rec {
22 appName = "audioplayer";
24 url = "https://github.com/Rello/${appName}/releases/download/${version}/${appName}-${version}.tar.gz";
25 sha256 = "1pg4y51cv3agy28n4gfc8i7x1ya1yijxrmhpblm1n846vhmwdcm8";
27 bookmarks = buildApp rec {
28 appName = "bookmarks";
30 url = "https://github.com/nextcloud/${appName}/releases/download/v${version}/${appName}-${version}.tar.gz";
31 sha256 = "0s7lkcl70izlkihnml1par0cac0wvckllyyga3jkb7k9vdg7d40c";
33 calendar = buildApp rec {
36 url = "https://github.com/nextcloud/${appName}/releases/download/v${version}/${appName}.tar.gz";
37 sha256 = "00dijvcvy7snsjslfbyzvpp9anhms22zp1f0zkj89ln33jmana63";
39 contacts = buildApp rec {
42 url = "https://github.com/nextcloud/${appName}/releases/download/v${version}/${appName}.tar.gz";
43 sha256 = "0fafy5kgzr5ldr3hxxxgmnw4y3qpjnv5ha1f1dlmqbc65s8frw7s";
48 url = "https://github.com/nextcloud/${appName}/releases/download/v${version}/${appName}.tar.gz";
49 sha256 = "1kygzixxdkp3dbma009p3pw0fj8wgcqcv39n7pay78lh6zi3nic7";
51 files_markdown = buildApp rec {
52 appName = "files_markdown";
54 url = "https://github.com/icewind1991/${appName}/releases/download/v${version}/${appName}.tar.gz";
55 sha256 = "1dzvy4c6vff2qmkwqw13dx92xdkafaxgnipswjw44mh0ncc2n9ym";
57 gpxedit = buildApp rec {
60 url = "https://gitlab.com/eneiluj/gpxedit-oc/wikis/uploads/33d187268c5f6f6a55350d656305701c/${appName}-${version}.tar.gz";
61 sha256 = "0ynpaxm0xhvcj8xax6rm1w0p6j57wbqidhi7bhn268n483gwl2sw";
63 gpxpod = buildApp rec {
66 url = "https://gitlab.com/eneiluj/gpxpod-oc/-/archive/v${version}/${appName}-oc-v${version}.tar.gz";
67 sha256 = "0smpi4r3z7zfl1612fb30cwm1xmpiq95c81zzqiwzjf288iys74k";
69 keeweb = buildApp rec {
72 url = "https://github.com/jhass/nextcloud-keeweb/releases/download/v${version}/${appName}-${version}.tar.gz";
73 sha256 = "0453kkb0a8vfivmibpwpx4bvhyn64jhns6cdfjacmnvbm6d75nj1";
75 notes = buildApp rec {
78 url = "https://github.com/nextcloud/${appName}/releases/download/v${version}/${appName}.tar.gz";
79 sha256 = "1albzqqsdirzyw8vhvs7r0qm2wqp8vm9vmxm4crhncd85bk01hmh";
81 ocsms = buildApp rec {
84 url = "https://github.com/nextcloud/${appName}/releases/download/${version}/${appName}-${version}.tar.gz";
85 sha256 = "19xgs82js4sdf6j9478vg9li7za7csvcaa1hbq9nmrq441sbxk9c";
87 spreed = buildApp rec {
90 url = "https://github.com/nextcloud/${appName}/releases/download/v${version}/${appName}-${version}.tar.gz";
91 sha256 = "1d48mak1fnf1b28r2687yqamm4pxfg3qyxcj9ny31a6xg2cm0xa7";
93 tasks = buildApp rec {
96 url = "https://github.com/nextcloud/${appName}/releases/download/v${version}/${appName}.tar.gz";
97 sha256 = "089m124lfsfk09fqj50x9n7zndq97jp5afgb8s001rpmzym4g6ny";
101 varDir = "/var/lib/nextcloud";
103 assert checkEnv "NIXOPS_NEXTCLOUD_PASSWORD_SALT";
104 assert checkEnv "NIXOPS_NEXTCLOUD_DB_USER";
105 assert checkEnv "NIXOPS_NEXTCLOUD_DB_PASSWORD";
106 assert checkEnv "NIXOPS_NEXTCLOUD_INSTANCE_ID";
107 assert checkEnv "NIXOPS_NEXTCLOUD_SECRET";
108 assert checkEnv "NIXOPS_NEXTCLOUD_REDIS_DB_INDEX";
109 pkgs.writeText "config.php" ''
112 'instanceid' => '${builtins.getEnv "NIXOPS_NEXTCLOUD_INSTANCE_ID"}',
113 'datadirectory' => '/var/lib/nextcloud/',
114 'passwordsalt' => '${builtins.getEnv "NIXOPS_NEXTCLOUD_PASSWORD_SALT"}',
117 'version' => '15.0.0.10',
118 'dbname' => 'webapps',
120 'dbtableprefix' => 'oc_',
121 'dbuser' => '${builtins.getEnv "NIXOPS_NEXTCLOUD_DB_USER"}',
122 'dbpassword' => '${builtins.getEnv "NIXOPS_NEXTCLOUD_DB_PASSWORD"}',
124 'maxZipInputSize' => 0,
125 'allowZipDownload' => true,
128 'maintenance' => false,
131 0 => 'cloud.immae.eu',
133 'secret' => '${builtins.getEnv "NIXOPS_NEXTCLOUD_SECRET"}',
134 'appstoreenabled' => false,
135 'appstore.experimental.enabled' => true,
137 'trashbin_retention_obligation' => 'auto',
138 'htaccess.RewriteBase' => '/',
139 'mail_smtpmode' => 'smtp',
140 'mail_smtphost' => 'mail.immae.eu',
141 'mail_smtpname' => ${"''"},
142 'mail_smtppassword' => ${"''"},
143 'mail_from_address' => 'owncloud',
144 'mail_smtpauth' => false,
145 'mail_domain' => 'immae.eu',
146 'memcache.local' => '\\OC\\Memcache\\APCu',
147 'memcache.locking' => '\\OC\\Memcache\\Redis',
148 'filelocking.enabled' => true,
151 'host' => 'localhost',
153 'dbindex' => ${builtins.getEnv "NIXOPS_NEXTCLOUD_REDIS_DB_INDEX"},
155 'overwrite.cli.url' => 'https://cloud.immae.eu',
156 'ldapIgnoreNamingRules' => false,
157 'ldapProviderFactory' => '\\OCA\\User_LDAP\\LDAPProviderFactory',
158 'config_is_read_only' => true,
161 config = stdenv.mkDerivation rec {
162 name = "nextcloud-config";
163 src = ./nextcloud-config;
164 phases = "installPhase";
168 cp ${config_php} $out/config.php
171 webRoot = stdenv.mkDerivation rec {
172 name = "nextcloud-${version}";
176 url = "https://download.nextcloud.com/server/releases/${name}.tar.bz2";
177 sha256 = "0y7bk1588n5rmmranmmrkajh50074460hr4v052ahg9mf60wbc2v";
184 ln -sf ${config} $out/config
185 ${builtins.concatStringsSep "\n" (
186 pkgs.lib.attrsets.mapAttrsToList (name: value: "ln -sf ${value} $out/apps/${name}") apps
191 description = "Sharing solution for files, calendars, contacts and more";
192 homepage = https://nextcloud.com;
193 maintainers = with stdenv.lib.maintainers; [ schneefux bachp globin fpletz ];
194 license = stdenv.lib.licenses.agpl3Plus;
195 platforms = with stdenv.lib.platforms; unix;
201 install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir}
207 modules = [ "proxy_fcgi" ];
209 <Directory ${webRoot}>
211 DirectoryIndex index.php
212 Options FollowSymlinks
216 <IfModule mod_headers.c>
217 Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains; preload"
219 <FilesMatch "\.php$">
221 SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost"
229 basedir = builtins.concatStringsSep ":" (
230 [ webRoot varDir config ]
231 ++ pkgs.lib.attrsets.mapAttrsToList (name: value: value) apps);
232 socket = "/var/run/phpfpm/nextcloud.sock";
235 user = ${apache.user}
236 group = ${apache.group}
237 listen.owner = ${apache.user}
238 listen.group = ${apache.group}
241 pm.process_idle_timeout = 60
243 php_admin_value[output_buffering] = 0
244 php_admin_value[max_execution_time] = 1800
245 php_admin_value[zend_extension] = "opcache"
246 ;php_value[opcache.enable] = 1
247 php_value[opcache.enable_cli] = 1
248 php_value[opcache.interned_strings_buffer] = 8
249 php_value[opcache.max_accelerated_files] = 10000
250 php_value[opcache.memory_consumption] = 128
251 php_value[opcache.save_comments] = 1
252 php_value[opcache.revalidate_freq] = 1
253 php_admin_value[memory_limit] = 512M
255 php_admin_value[open_basedir] = "${basedir}:/proc/meminfo:/dev/urandom:/proc/self/fd:/tmp"