[perso/Immae/Config/Nix.git] / virtual / packages / nextcloud.nix

with import ../../libs.nix;
with nixpkgs_unstable;
let
  nextcloud = let
    # FIXME: initial sync
    # FIXME: backup
    buildApp = { appName, version, url, sha256, installPhase ? "mkdir -p $out && cp -R . $out/" }:
      pkgs.stdenv.mkDerivation rec {
        name = "nextcloud-app-${appName}-${version}";
        inherit version;
        phases = "unpackPhase installPhase";
        inherit installPhase;
        src = fetchurl { inherit url sha256; };
      };
    apps = {
      # FIXME: nextcloud complains that he cannot write into config
      # directory when an app needs upgrade
      # /!\ Attention, just changing the version number is not
      # sufficient when the downloaded file doesn’t contain the version
      # number in it, sha256 needs to be recomputed
      audioplayer = buildApp rec {
        appName = "audioplayer";
        version = "2.5.0";
        url = "https://github.com/Rello/${appName}/releases/download/${version}/${appName}-${version}.tar.gz";
        sha256 = "1pg4y51cv3agy28n4gfc8i7x1ya1yijxrmhpblm1n846vhmwdcm8";
      };
      bookmarks = buildApp rec {
        appName = "bookmarks";
        version = "0.14.3";
        url = "https://github.com/nextcloud/${appName}/releases/download/v${version}/${appName}-${version}.tar.gz";
        sha256 = "0s7lkcl70izlkihnml1par0cac0wvckllyyga3jkb7k9vdg7d40c";
      };
      calendar = buildApp rec {
        appName = "calendar";
        version = "1.6.4";
        url = "https://github.com/nextcloud/${appName}/releases/download/v${version}/${appName}.tar.gz";
        sha256 = "00dijvcvy7snsjslfbyzvpp9anhms22zp1f0zkj89ln33jmana63";
      };
      contacts = buildApp rec {
        appName = "contacts";
        version = "3.0.0";
        url = "https://github.com/nextcloud/${appName}/releases/download/v${version}/${appName}.tar.gz";
        sha256 = "0fafy5kgzr5ldr3hxxxgmnw4y3qpjnv5ha1f1dlmqbc65s8frw7s";
      };
      deck = buildApp rec {
        appName = "deck";
        version = "0.5.2";
        url = "https://github.com/nextcloud/${appName}/releases/download/v${version}/${appName}.tar.gz";
        sha256 = "1kygzixxdkp3dbma009p3pw0fj8wgcqcv39n7pay78lh6zi3nic7";
      };
      files_markdown = buildApp rec {
        appName = "files_markdown";
        version = "2.0.5";
        url = "https://github.com/icewind1991/${appName}/releases/download/v${version}/${appName}.tar.gz";
        sha256 = "1dzvy4c6vff2qmkwqw13dx92xdkafaxgnipswjw44mh0ncc2n9ym";
      };
      gpxedit = buildApp rec {
        appName = "gpxedit";
        version = "0.0.10";
        url = "https://gitlab.com/eneiluj/gpxedit-oc/wikis/uploads/33d187268c5f6f6a55350d656305701c/${appName}-${version}.tar.gz";
        sha256 = "0ynpaxm0xhvcj8xax6rm1w0p6j57wbqidhi7bhn268n483gwl2sw";
      };
      gpxpod = buildApp rec {
        appName = "gpxpod";
        version = "3.0.0";
        url = "https://gitlab.com/eneiluj/gpxpod-oc/-/archive/v${version}/${appName}-oc-v${version}.tar.gz";
        sha256 = "0smpi4r3z7zfl1612fb30cwm1xmpiq95c81zzqiwzjf288iys74k";
      };
      keeweb = buildApp rec {
        appName = "keeweb";
        version = "0.4.0";
        url = "https://github.com/jhass/nextcloud-keeweb/releases/download/v${version}/${appName}-${version}.tar.gz";
        sha256 = "0453kkb0a8vfivmibpwpx4bvhyn64jhns6cdfjacmnvbm6d75nj1";
      };
      notes = buildApp rec {
        appName = "notes";
        version = "2.5.1";
        url = "https://github.com/nextcloud/${appName}/releases/download/v${version}/${appName}.tar.gz";
        sha256 = "1albzqqsdirzyw8vhvs7r0qm2wqp8vm9vmxm4crhncd85bk01hmh";
      };
      ocsms = buildApp rec {
        appName = "ocsms";
        version = "2.1.0";
        url = "https://github.com/nextcloud/${appName}/releases/download/${version}/${appName}-${version}.tar.gz";
        sha256 = "19xgs82js4sdf6j9478vg9li7za7csvcaa1hbq9nmrq441sbxk9c";
      };
      spreed = buildApp rec {
        appName = "spreed";
        version = "5.0.0";
        url = "https://github.com/nextcloud/${appName}/releases/download/v${version}/${appName}-${version}.tar.gz";
        sha256 = "1d48mak1fnf1b28r2687yqamm4pxfg3qyxcj9ny31a6xg2cm0xa7";
      };
      tasks = buildApp rec {
        appName = "tasks";
        version = "0.9.8";
        url = "https://github.com/nextcloud/${appName}/releases/download/v${version}/${appName}.tar.gz";
        sha256 = "089m124lfsfk09fqj50x9n7zndq97jp5afgb8s001rpmzym4g6ny";
      };
    };
  in rec {
    varDir = "/var/lib/nextcloud";
    config_php =
      assert checkEnv "NIXOPS_NEXTCLOUD_PASSWORD_SALT";
      assert checkEnv "NIXOPS_NEXTCLOUD_DB_USER";
      assert checkEnv "NIXOPS_NEXTCLOUD_DB_PASSWORD";
      assert checkEnv "NIXOPS_NEXTCLOUD_INSTANCE_ID";
      assert checkEnv "NIXOPS_NEXTCLOUD_SECRET";
      assert checkEnv "NIXOPS_NEXTCLOUD_REDIS_DB_INDEX";
      pkgs.writeText "config.php" ''
      <?php
      $CONFIG = array (
        'instanceid' => '${builtins.getEnv "NIXOPS_NEXTCLOUD_INSTANCE_ID"}',
        'datadirectory' => '/var/lib/nextcloud/',
        'passwordsalt' => '${builtins.getEnv "NIXOPS_NEXTCLOUD_PASSWORD_SALT"}',
        'debug' => false,
        'dbtype' => 'pgsql',
        'version' => '15.0.0.10',
        'dbname' => 'webapps',
        'dbhost' => '/tmp',
        'dbtableprefix' => 'oc_',
        'dbuser' => '${builtins.getEnv "NIXOPS_NEXTCLOUD_DB_USER"}',
        'dbpassword' => '${builtins.getEnv "NIXOPS_NEXTCLOUD_DB_PASSWORD"}',
        'installed' => true,
        'maxZipInputSize' => 0,
        'allowZipDownload' => true,
        'forcessl' => true,
        'theme' => ${"''"},
        'maintenance' => false,
        'trusted_domains' =>
        array (
          0 => 'cloud.immae.eu',
        ),
        'secret' => '${builtins.getEnv "NIXOPS_NEXTCLOUD_SECRET"}',
        'appstoreenabled' => false,
        'appstore.experimental.enabled' => true,
        'loglevel' => 0,
        'trashbin_retention_obligation' => 'auto',
        'htaccess.RewriteBase' => '/',
        'mail_smtpmode' => 'smtp',
        'mail_smtphost' => 'mail.immae.eu',
        'mail_smtpname' => ${"''"},
        'mail_smtppassword' => ${"''"},
        'mail_from_address' => 'owncloud',
        'mail_smtpauth' => false,
        'mail_domain' => 'immae.eu',
        'memcache.local' => '\\OC\\Memcache\\APCu',
        'memcache.locking' => '\\OC\\Memcache\\Redis',
        'filelocking.enabled' => true,
        'redis' =>
        array (
          'host' => 'localhost',
          'port' => 6379,
          'dbindex' => ${builtins.getEnv "NIXOPS_NEXTCLOUD_REDIS_DB_INDEX"},
        ),
        'overwrite.cli.url' => 'https://cloud.immae.eu',
        'ldapIgnoreNamingRules' => false,
        'ldapProviderFactory' => '\\OCA\\User_LDAP\\LDAPProviderFactory',
        'config_is_read_only' => true,
      );
      '';
    config = stdenv.mkDerivation rec {
      name = "nextcloud-config";
      src = ./nextcloud-config;
      phases = "installPhase";
      installPhase = ''
        mkdir -p $out
        cp -r $src/* $out
        cp ${config_php} $out/config.php
      '';
    };
    webRoot = stdenv.mkDerivation rec {
      name = "nextcloud-${version}";
      version = "15.0.0";

      src = fetchurl {
        url = "https://download.nextcloud.com/server/releases/${name}.tar.bz2";
        sha256 = "0y7bk1588n5rmmranmmrkajh50074460hr4v052ahg9mf60wbc2v";
      };

      installPhase = ''
        mkdir -p $out/
        cp -R . $out/
        rm -r $out/config
        ln -sf ${config} $out/config
        ${builtins.concatStringsSep "\n" (
          pkgs.lib.attrsets.mapAttrsToList (name: value: "ln -sf ${value} $out/apps/${name}") apps
        )}
      '';

      meta = {
        description = "Sharing solution for files, calendars, contacts and more";
        homepage = https://nextcloud.com;
        maintainers = with stdenv.lib.maintainers; [ schneefux bachp globin fpletz ];
        license = stdenv.lib.licenses.agpl3Plus;
        platforms = with stdenv.lib.platforms; unix;
      };
    };
    activationScript = {
      deps = [ ];
      text = ''
        install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir}
      '';
    };
    apache = {
      user = "wwwrun";
      group = "wwwrun";
      modules = [ "proxy_fcgi" ];
      vhostConf = ''
        SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
        <Directory ${webRoot}>
          AcceptPathInfo On
          DirectoryIndex index.php
          Options FollowSymlinks
          Require all granted
          AllowOverride all

          <IfModule mod_headers.c>
            Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains; preload"
          </IfModule>
          <FilesMatch "\.php$">
            CGIPassAuth on
            SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost"
          </FilesMatch>

        </Directory>

        '';
    };
    phpFpm = rec {
      basedir = builtins.concatStringsSep ":" (
        [ webRoot varDir config ]
        ++ pkgs.lib.attrsets.mapAttrsToList (name: value: value) apps);
      socket = "/var/run/phpfpm/nextcloud.sock";
      pool = ''
        listen = ${socket}
        user = ${apache.user}
        group = ${apache.group}
        listen.owner = ${apache.user}
        listen.group = ${apache.group}
        pm = ondemand
        pm.max_children = 60
        pm.process_idle_timeout = 60

        php_admin_value[output_buffering] = 0
        php_admin_value[max_execution_time] = 1800
        php_admin_value[zend_extension] = "opcache"
        ;php_value[opcache.enable] = 1
        php_value[opcache.enable_cli] = 1
        php_value[opcache.interned_strings_buffer] = 8
        php_value[opcache.max_accelerated_files] = 10000
        php_value[opcache.memory_consumption] = 128
        php_value[opcache.save_comments] = 1
        php_value[opcache.revalidate_freq] = 1
        php_admin_value[memory_limit] = 512M

        php_admin_value[open_basedir] = "${basedir}:/proc/meminfo:/dev/urandom:/proc/self/fd:/tmp"
        '';
    };
  };
in
  nextcloud
Commit	Line	Data
940f1834 IB	1	with import ../../libs.nix;
	2	with nixpkgs_unstable;
	3	let
	4	nextcloud = let
	5	# FIXME: initial sync
	6	# FIXME: backup
	7	buildApp = { appName, version, url, sha256, installPhase ? "mkdir -p $out && cp -R . $out/" }:
	8	pkgs.stdenv.mkDerivation rec {
	9	name = "nextcloud-app-${appName}-${version}";
	10	inherit version;
	11	phases = "unpackPhase installPhase";
	12	inherit installPhase;
	13	src = fetchurl { inherit url sha256; };
	14	};
	15	apps = {
	16	# FIXME: nextcloud complains that he cannot write into config
	17	# directory when an app needs upgrade
	18	# /!\ Attention, just changing the version number is not
	19	# sufficient when the downloaded file doesn’t contain the version
	20	# number in it, sha256 needs to be recomputed
	21	audioplayer = buildApp rec {
	22	appName = "audioplayer";
	23	version = "2.5.0";
	24	url = "https://github.com/Rello/${appName}/releases/download/${version}/${appName}-${version}.tar.gz";
	25	sha256 = "1pg4y51cv3agy28n4gfc8i7x1ya1yijxrmhpblm1n846vhmwdcm8";
	26	};
	27	bookmarks = buildApp rec {
	28	appName = "bookmarks";
	29	version = "0.14.3";
	30	url = "https://github.com/nextcloud/${appName}/releases/download/v${version}/${appName}-${version}.tar.gz";
	31	sha256 = "0s7lkcl70izlkihnml1par0cac0wvckllyyga3jkb7k9vdg7d40c";
	32	};
	33	calendar = buildApp rec {
	34	appName = "calendar";
	35	version = "1.6.4";
	36	url = "https://github.com/nextcloud/${appName}/releases/download/v${version}/${appName}.tar.gz";
	37	sha256 = "00dijvcvy7snsjslfbyzvpp9anhms22zp1f0zkj89ln33jmana63";
	38	};
	39	contacts = buildApp rec {
	40	appName = "contacts";
	41	version = "3.0.0";
	42	url = "https://github.com/nextcloud/${appName}/releases/download/v${version}/${appName}.tar.gz";
	43	sha256 = "0fafy5kgzr5ldr3hxxxgmnw4y3qpjnv5ha1f1dlmqbc65s8frw7s";
	44	};
	45	deck = buildApp rec {
	46	appName = "deck";
	47	version = "0.5.2";
	48	url = "https://github.com/nextcloud/${appName}/releases/download/v${version}/${appName}.tar.gz";
	49	sha256 = "1kygzixxdkp3dbma009p3pw0fj8wgcqcv39n7pay78lh6zi3nic7";
	50	};
	51	files_markdown = buildApp rec {
	52	appName = "files_markdown";
	53	version = "2.0.5";
	54	url = "https://github.com/icewind1991/${appName}/releases/download/v${version}/${appName}.tar.gz";
	55	sha256 = "1dzvy4c6vff2qmkwqw13dx92xdkafaxgnipswjw44mh0ncc2n9ym";
	56	};
	57	gpxedit = buildApp rec {
	58	appName = "gpxedit";
	59	version = "0.0.10";
	60	url = "https://gitlab.com/eneiluj/gpxedit-oc/wikis/uploads/33d187268c5f6f6a55350d656305701c/${appName}-${version}.tar.gz";
	61	sha256 = "0ynpaxm0xhvcj8xax6rm1w0p6j57wbqidhi7bhn268n483gwl2sw";
	62	};
	63	gpxpod = buildApp rec {
	64	appName = "gpxpod";
65	version = "3.0.0";
66	url = "https://gitlab.com/eneiluj/gpxpod-oc/-/archive/v${version}/${appName}-oc-v${version}.tar.gz";
67	sha256 = "0smpi4r3z7zfl1612fb30cwm1xmpiq95c81zzqiwzjf288iys74k";
68	};
69	keeweb = buildApp rec {
70	appName = "keeweb";
71	version = "0.4.0";
72	url = "https://github.com/jhass/nextcloud-keeweb/releases/download/v${version}/${appName}-${version}.tar.gz";
73	sha256 = "0453kkb0a8vfivmibpwpx4bvhyn64jhns6cdfjacmnvbm6d75nj1";
74	};
75	notes = buildApp rec {
76	appName = "notes";
77	version = "2.5.1";
78	url = "https://github.com/nextcloud/${appName}/releases/download/v${version}/${appName}.tar.gz";
79	sha256 = "1albzqqsdirzyw8vhvs7r0qm2wqp8vm9vmxm4crhncd85bk01hmh";
80	};
81	ocsms = buildApp rec {
82	appName = "ocsms";
83	version = "2.1.0";
84	url = "https://github.com/nextcloud/${appName}/releases/download/${version}/${appName}-${version}.tar.gz";
85	sha256 = "19xgs82js4sdf6j9478vg9li7za7csvcaa1hbq9nmrq441sbxk9c";
86	};
87	spreed = buildApp rec {
88	appName = "spreed";
89	version = "5.0.0";
90	url = "https://github.com/nextcloud/${appName}/releases/download/v${version}/${appName}-${version}.tar.gz";
91	sha256 = "1d48mak1fnf1b28r2687yqamm4pxfg3qyxcj9ny31a6xg2cm0xa7";
92	};
93	tasks = buildApp rec {
94	appName = "tasks";
95	version = "0.9.8";
96	url = "https://github.com/nextcloud/${appName}/releases/download/v${version}/${appName}.tar.gz";
97	sha256 = "089m124lfsfk09fqj50x9n7zndq97jp5afgb8s001rpmzym4g6ny";
98	};
99	};
100	in rec {
101	varDir = "/var/lib/nextcloud";
102	config_php =
103	assert checkEnv "NIXOPS_NEXTCLOUD_PASSWORD_SALT";
104	assert checkEnv "NIXOPS_NEXTCLOUD_DB_USER";
105	assert checkEnv "NIXOPS_NEXTCLOUD_DB_PASSWORD";
106	assert checkEnv "NIXOPS_NEXTCLOUD_INSTANCE_ID";
107	assert checkEnv "NIXOPS_NEXTCLOUD_SECRET";
108	assert checkEnv "NIXOPS_NEXTCLOUD_REDIS_DB_INDEX";
109	pkgs.writeText "config.php" ''
110	<?php
111	$CONFIG = array (
112	'instanceid' => '${builtins.getEnv "NIXOPS_NEXTCLOUD_INSTANCE_ID"}',
113	'datadirectory' => '/var/lib/nextcloud/',
114	'passwordsalt' => '${builtins.getEnv "NIXOPS_NEXTCLOUD_PASSWORD_SALT"}',
115	'debug' => false,
116	'dbtype' => 'pgsql',
117	'version' => '15.0.0.10',
118	'dbname' => 'webapps',
119	'dbhost' => '/tmp',
120	'dbtableprefix' => 'oc_',
121	'dbuser' => '${builtins.getEnv "NIXOPS_NEXTCLOUD_DB_USER"}',
122	'dbpassword' => '${builtins.getEnv "NIXOPS_NEXTCLOUD_DB_PASSWORD"}',
123	'installed' => true,
124	'maxZipInputSize' => 0,
125	'allowZipDownload' => true,
126	'forcessl' => true,
127	'theme' => ${"''"},
128	'maintenance' => false,
129	'trusted_domains' =>
130	array (
131	0 => 'cloud.immae.eu',
132	),
133	'secret' => '${builtins.getEnv "NIXOPS_NEXTCLOUD_SECRET"}',
134	'appstoreenabled' => false,
135	'appstore.experimental.enabled' => true,
136	'loglevel' => 0,
137	'trashbin_retention_obligation' => 'auto',
138	'htaccess.RewriteBase' => '/',
139	'mail_smtpmode' => 'smtp',
140	'mail_smtphost' => 'mail.immae.eu',
141	'mail_smtpname' => ${"''"},
142	'mail_smtppassword' => ${"''"},
143	'mail_from_address' => 'owncloud',
144	'mail_smtpauth' => false,
145	'mail_domain' => 'immae.eu',
146	'memcache.local' => '\\OC\\Memcache\\APCu',
147	'memcache.locking' => '\\OC\\Memcache\\Redis',
148	'filelocking.enabled' => true,
149	'redis' =>
150	array (
151	'host' => 'localhost',
152	'port' => 6379,
153	'dbindex' => ${builtins.getEnv "NIXOPS_NEXTCLOUD_REDIS_DB_INDEX"},
154	),
155	'overwrite.cli.url' => 'https://cloud.immae.eu',
156	'ldapIgnoreNamingRules' => false,
157	'ldapProviderFactory' => '\\OCA\\User_LDAP\\LDAPProviderFactory',
158	'config_is_read_only' => true,
159	);
160	'';
161	config = stdenv.mkDerivation rec {
162	name = "nextcloud-config";
163	src = ./nextcloud-config;
164	phases = "installPhase";
165	installPhase = ''
166	mkdir -p $out
167	cp -r $src/* $out
168	cp ${config_php} $out/config.php
169	'';
170	};
171	webRoot = stdenv.mkDerivation rec {
172	name = "nextcloud-${version}";
173	version = "15.0.0";
174
175	src = fetchurl {
176	url = "https://download.nextcloud.com/server/releases/${name}.tar.bz2";
177	sha256 = "0y7bk1588n5rmmranmmrkajh50074460hr4v052ahg9mf60wbc2v";
178	};
179
180	installPhase = ''
181	mkdir -p $out/
182	cp -R . $out/
183	rm -r $out/config
184	ln -sf ${config} $out/config
185	${builtins.concatStringsSep "\n" (
186	pkgs.lib.attrsets.mapAttrsToList (name: value: "ln -sf ${value} $out/apps/${name}") apps
187	)}
188	'';
189
190	meta = {
191	description = "Sharing solution for files, calendars, contacts and more";
192	homepage = https://nextcloud.com;
193	maintainers = with stdenv.lib.maintainers; [ schneefux bachp globin fpletz ];
194	license = stdenv.lib.licenses.agpl3Plus;
195	platforms = with stdenv.lib.platforms; unix;
196	};
197	};
198	activationScript = {
199	deps = [ ];
200	text = ''
201	install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir}
202	'';
203	};
204	apache = {
205	user = "wwwrun";
206	group = "wwwrun";
207	modules = [ "proxy_fcgi" ];
208	vhostConf = ''
51fe5ffb	209	SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
940f1834 IB	210	<Directory ${webRoot}>
	211	AcceptPathInfo On
	212	DirectoryIndex index.php
	213	Options FollowSymlinks
	214	Require all granted
	215	AllowOverride all
	216
	217	<IfModule mod_headers.c>
	218	Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains; preload"
	219	</IfModule>
	220	<FilesMatch "\.php$">
	221	CGIPassAuth on
	222	SetHandler "proxy:unix:${phpFpm.socket}\|fcgi://localhost"
	223	</FilesMatch>
	224
	225	</Directory>
	226
	227	'';
	228	};
	229	phpFpm = rec {
	230	basedir = builtins.concatStringsSep ":" (
	231	[ webRoot varDir config ]
	232	++ pkgs.lib.attrsets.mapAttrsToList (name: value: value) apps);
	233	socket = "/var/run/phpfpm/nextcloud.sock";
	234	pool = ''
	235	listen = ${socket}
	236	user = ${apache.user}
	237	group = ${apache.group}
	238	listen.owner = ${apache.user}
	239	listen.group = ${apache.group}
	240	pm = ondemand
	241	pm.max_children = 60
	242	pm.process_idle_timeout = 60
	243
	244	php_admin_value[output_buffering] = 0
	245	php_admin_value[max_execution_time] = 1800
	246	php_admin_value[zend_extension] = "opcache"
	247	;php_value[opcache.enable] = 1
	248	php_value[opcache.enable_cli] = 1
	249	php_value[opcache.interned_strings_buffer] = 8
	250	php_value[opcache.max_accelerated_files] = 10000
	251	php_value[opcache.memory_consumption] = 128
	252	php_value[opcache.save_comments] = 1
	253	php_value[opcache.revalidate_freq] = 1
	254	php_admin_value[memory_limit] = 512M
	255
	256	php_admin_value[open_basedir] = "${basedir}:/proc/meminfo:/dev/urandom:/proc/self/fd:/tmp"
	257	'';
	258	};
	259	};
	260	in
	261	nextcloud