X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=nixops%2Fmodules%2Fwebsites%2Ftools%2Fcloud%2Fnextcloud.nix;h=b62606f10d6e2c7111627ebe8c64b573cd8bae9d;hb=9c5fe7b7064afb70dd0b8eb78af745eff84bb2e5;hp=ad440578b990edd38d134c90c9f68d1205bcf279;hpb=20ed2f853c57af063d27651bfd28c28ac8849414;p=perso%2FImmae%2FConfig%2FNix.git diff --git a/nixops/modules/websites/tools/cloud/nextcloud.nix b/nixops/modules/websites/tools/cloud/nextcloud.nix index ad44057..b62606f 100644 --- a/nixops/modules/websites/tools/cloud/nextcloud.nix +++ b/nixops/modules/websites/tools/cloud/nextcloud.nix @@ -113,68 +113,64 @@ let }; in rec { varDir = "/var/lib/nextcloud"; - config_php = writeText "config.php" '' - '${env.instance_id}1', - 'datadirectory' => '/var/lib/nextcloud/', - 'passwordsalt' => '${env.password_salt}', - 'debug' => false, - 'dbtype' => 'pgsql', - 'version' => '15.0.0.10', - 'dbname' => '${env.postgresql.database}', - 'dbhost' => '${env.postgresql.socket}', - 'dbtableprefix' => 'oc_', - 'dbuser' => '${env.postgresql.user}', - 'dbpassword' => '${env.postgresql.password}', - 'installed' => true, - 'maxZipInputSize' => 0, - 'allowZipDownload' => true, - 'forcessl' => true, - 'theme' => ${"''"}, - 'maintenance' => false, - 'trusted_domains' => - array ( - 0 => 'cloud.immae.eu', - ), - 'secret' => '${env.secret}', - 'appstoreenabled' => false, - 'appstore.experimental.enabled' => true, - 'loglevel' => 2, - 'trashbin_retention_obligation' => 'auto', - 'htaccess.RewriteBase' => '/', - 'mail_smtpmode' => 'sendmail', - 'mail_smtphost' => '127.0.0.1', - 'mail_smtpname' => ''', - 'mail_smtppassword' => ''', - 'mail_from_address' => 'owncloud', - 'mail_smtpauth' => false, - 'mail_domain' => 'immae.eu', - 'memcache.local' => '\\OC\\Memcache\\APCu', - 'memcache.locking' => '\\OC\\Memcache\\Redis', - 'filelocking.enabled' => true, - 'redis' => - array ( - 'host' => '${env.redis.socket}', - 'port' => 0, - 'dbindex' => ${env.redis.db_index}, - ), - 'overwrite.cli.url' => 'https://cloud.immae.eu', - 'ldapIgnoreNamingRules' => false, - 'ldapProviderFactory' => '\\OCA\\User_LDAP\\LDAPProviderFactory', - ); - ''; - config = stdenv.mkDerivation rec { - name = "nextcloud-config"; - src = ./nextcloud-config; - phases = "installPhase"; - installPhase = '' - mkdir -p $out - cp -r $src/* $out - cp ${config_php} $out/config.php + keys = [{ + dest = "webapps/tools-nextcloud"; + user = apache.user; + group = apache.group; + permissions = "0600"; + text = '' + '${env.instance_id}1', + 'datadirectory' => '/var/lib/nextcloud/', + 'passwordsalt' => '${env.password_salt}', + 'debug' => false, + 'dbtype' => 'pgsql', + 'version' => '15.0.4.0', + 'dbname' => '${env.postgresql.database}', + 'dbhost' => '${env.postgresql.socket}', + 'dbtableprefix' => 'oc_', + 'dbuser' => '${env.postgresql.user}', + 'dbpassword' => '${env.postgresql.password}', + 'installed' => true, + 'maxZipInputSize' => 0, + 'allowZipDownload' => true, + 'forcessl' => true, + 'theme' => ${"''"}, + 'maintenance' => false, + 'trusted_domains' => + array ( + 0 => 'cloud.immae.eu', + ), + 'secret' => '${env.secret}', + 'appstoreenabled' => false, + 'appstore.experimental.enabled' => true, + 'loglevel' => 2, + 'trashbin_retention_obligation' => 'auto', + 'htaccess.RewriteBase' => '/', + 'mail_smtpmode' => 'sendmail', + 'mail_smtphost' => '127.0.0.1', + 'mail_smtpname' => ''', + 'mail_smtppassword' => ''', + 'mail_from_address' => 'nextcloud', + 'mail_smtpauth' => false, + 'mail_domain' => 'tools.immae.eu', + 'memcache.local' => '\\OC\\Memcache\\APCu', + 'memcache.locking' => '\\OC\\Memcache\\Redis', + 'filelocking.enabled' => true, + 'redis' => + array ( + 'host' => '${env.redis.socket}', + 'port' => 0, + 'dbindex' => ${env.redis.db_index}, + ), + 'overwrite.cli.url' => 'https://cloud.immae.eu', + 'ldapIgnoreNamingRules' => false, + 'ldapProviderFactory' => '\\OCA\\User_LDAP\\LDAPProviderFactory', + ); ''; - }; + }]; webRoot = stdenv.mkDerivation rec { name = "nextcloud-${version}"; version = "15.0.4"; @@ -188,7 +184,7 @@ let mkdir -p $out/ cp -R . $out/ rm -r $out/config - ln -sf ../../../../../${varDir}/config $out/config + ln -sf ${varDir}/config $out/config ${builtins.concatStringsSep "\n" ( lib.attrsets.mapAttrsToList (name: value: "ln -sf ${value} $out/apps/${name}") apps )} @@ -207,20 +203,19 @@ let text = '' install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir} install -m 0750 -o ${apache.user} -g ${apache.group} -d ${varDir}/phpSessions - if [ ! -e ${varDir}/config ]; then - cp -a ${config} ${varDir}/config - chown -R ${apache.user}:${apache.group} ${varDir}/config - chmod -R u+w ${varDir}/config - fi + install -D -m 0644 -o ${apache.user} -g ${apache.group} ${./nextcloud-config}/* -t ${varDir}/config + install -D -m 0600 -o ${apache.user} -g ${apache.group} -T /var/secrets/webapps/tools-nextcloud ${varDir}/config/config.php ''; }; - apache = { + apache = rec { user = "wwwrun"; group = "wwwrun"; modules = [ "proxy_fcgi" ]; + webappName = "tools_nextcloud"; + root = "/run/current-system/webapps/${webappName}"; vhostConf = '' SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1 - + AcceptPathInfo On DirectoryIndex index.php Options FollowSymlinks @@ -241,7 +236,7 @@ let }; phpFpm = rec { basedir = builtins.concatStringsSep ":" ( - [ webRoot varDir config ] + [ webRoot varDir ] ++ lib.attrsets.mapAttrsToList (name: value: value) apps); socket = "/var/run/phpfpm/nextcloud.sock"; phpConfig = '' @@ -262,7 +257,8 @@ let php_admin_value[output_buffering] = 0 php_admin_value[max_execution_time] = 1800 php_admin_value[zend_extension] = "opcache" - php_value[opcache.enable] = 1 + ;already enabled by default? + ;php_value[opcache.enable] = 1 php_value[opcache.enable_cli] = 1 php_value[opcache.interned_strings_buffer] = 8 php_value[opcache.max_accelerated_files] = 10000