From 66b5bbf6214e8b2f599c394c442638257b149b55 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Isma=C3=ABl=20Bouya?= Date: Mon, 31 Dec 2018 15:35:31 +0100 Subject: [PATCH] Add Nextcloud configuration --- virtual/eldiron.nix | 33 ++- virtual/nextcloudConfig/mimetypealiases.json | 4 + virtual/nextcloudConfig/mimetypemapping.json | 4 + virtual/packages.nix | 257 +++++++++++++++++++ 4 files changed, 297 insertions(+), 1 deletion(-) create mode 100644 virtual/nextcloudConfig/mimetypealiases.json create mode 100644 virtual/nextcloudConfig/mimetypemapping.json diff --git a/virtual/eldiron.nix b/virtual/eldiron.nix index d90e722..36b765c 100644 --- a/virtual/eldiron.nix +++ b/virtual/eldiron.nix @@ -36,9 +36,21 @@ }; }; - environment.systemPackages = [ + environment.systemPackages = let + # FIXME: move it to nextcloud + occ = pkgs.writeScriptBin "nextcloud-occ" '' + #! ${pkgs.stdenv.shell} + cd ${mypkgs.nextcloud.webRoot} + NEXTCLOUD_CONFIG_DIR="${mypkgs.nextcloud.webRoot}/config" \ + exec \ + ${config.services.phpfpm.phpPackage}/bin/php \ + -c ${config.services.phpfpm.phpPackage}/etc/php.ini \ + occ $* + ''; + in [ pkgs.telnet pkgs.vim + occ ]; security.acme.certs = { @@ -55,6 +67,7 @@ "tools.immae.eu" = null; "connexionswing.immae.eu" = null; "sandetludo.immae.eu" = null; + "cloud.immae.eu" = null; }; }; # "connexionswing" = { @@ -76,6 +89,13 @@ services.ympd = mypkgs.ympd.config // { enable = true; }; services.phpfpm = { + # /!\ phppackage is used in nextcloud configuation + phpOptions = '' + ; For nextcloud + extension=${pkgs.phpPackages.redis}/lib/php/extensions/redis.so + ; For nextcloud + extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so + ''; extraConfig = '' log_level = notice ''; @@ -83,12 +103,14 @@ adminer = mypkgs.adminer.phpFpm.pool; connexionswing_dev = mypkgs.connexionswing_dev.phpFpm.pool; connexionswing_prod = mypkgs.connexionswing_prod.phpFpm.pool; + nextcloud = mypkgs.nextcloud.phpFpm.pool; }; }; system.activationScripts = { connexionswing_dev = mypkgs.connexionswing_dev.activationScript; connexionswing_prod = mypkgs.connexionswing_prod.activationScript; + nextcloud = mypkgs.nextcloud.activationScript; httpd = '' install -d -m 0755 /var/lib/acme/acme-challenge ''; @@ -160,6 +182,7 @@ extraModules = pkgs.lib.lists.unique ( mypkgs.adminer.apache.modules ++ + mypkgs.nextcloud.apache.modules ++ mypkgs.connexionswing_dev.apache.modules ++ mypkgs.connexionswing_prod.apache.modules ++ mypkgs.ympd.apache.modules ++ @@ -202,6 +225,14 @@ mypkgs.connexionswing_dev.apache.vhostConf ]; }) + (withSSL "eldiron" // { + listen = [ { ip = "*"; port = 443; } ]; + hostName = "cloud.immae.eu"; + documentRoot = mypkgs.nextcloud.webRoot; + extraConfig = builtins.concatStringsSep "\n" [ + mypkgs.nextcloud.apache.vhostConf + ]; + }) { # Should go last, default fallback listen = [ { ip = "*"; port = 80; } ]; hostName = "redirectSSL"; diff --git a/virtual/nextcloudConfig/mimetypealiases.json b/virtual/nextcloudConfig/mimetypealiases.json new file mode 100644 index 0000000..3806e53 --- /dev/null +++ b/virtual/nextcloudConfig/mimetypealiases.json @@ -0,0 +1,4 @@ +{ + "application/gpx+xml": "gpx", + "x-application/kdbx": "kdbx" +} diff --git a/virtual/nextcloudConfig/mimetypemapping.json b/virtual/nextcloudConfig/mimetypemapping.json new file mode 100644 index 0000000..2db4691 --- /dev/null +++ b/virtual/nextcloudConfig/mimetypemapping.json @@ -0,0 +1,4 @@ +{ + "gpx": ["application/gpx+xml"], + "kdbx": ["x-application/kdbx"] +} diff --git a/virtual/packages.nix b/virtual/packages.nix index 336caac..a80c29c 100644 --- a/virtual/packages.nix +++ b/virtual/packages.nix @@ -167,6 +167,262 @@ let webRoot = "${webappDir}/web"; }; + nextcloud = let + # FIXME: initial sync + # FIXME: backup + buildApp = { appName, version, url, sha256, installPhase ? "mkdir -p $out && cp -R . $out/" }: + pkgs.stdenv.mkDerivation rec { + name = "nextcloud-app-${appName}-${version}"; + inherit version; + phases = "unpackPhase installPhase"; + inherit installPhase; + src = fetchurl { inherit url sha256; }; + }; + apps = { + # FIXME: nextcloud complains that he cannot write into config + # directory when an app needs upgrade + # /!\ Attention, just changing the version number is not + # sufficient when the downloaded file doesn’t contain the version + # number in it, sha256 needs to be recomputed + audioplayer = buildApp rec { + appName = "audioplayer"; + version = "2.5.0"; + url = "https://github.com/Rello/${appName}/releases/download/${version}/${appName}-${version}.tar.gz"; + sha256 = "1pg4y51cv3agy28n4gfc8i7x1ya1yijxrmhpblm1n846vhmwdcm8"; + }; + bookmarks = buildApp rec { + appName = "bookmarks"; + version = "0.14.3"; + url = "https://github.com/nextcloud/${appName}/releases/download/v${version}/${appName}-${version}.tar.gz"; + sha256 = "0s7lkcl70izlkihnml1par0cac0wvckllyyga3jkb7k9vdg7d40c"; + }; + calendar = buildApp rec { + appName = "calendar"; + version = "1.6.4"; + url = "https://github.com/nextcloud/${appName}/releases/download/v${version}/${appName}.tar.gz"; + sha256 = "00dijvcvy7snsjslfbyzvpp9anhms22zp1f0zkj89ln33jmana63"; + }; + contacts = buildApp rec { + appName = "contacts"; + version = "3.0.0"; + url = "https://github.com/nextcloud/${appName}/releases/download/v${version}/${appName}.tar.gz"; + sha256 = "0fafy5kgzr5ldr3hxxxgmnw4y3qpjnv5ha1f1dlmqbc65s8frw7s"; + }; + deck = buildApp rec { + appName = "deck"; + version = "0.5.2"; + url = "https://github.com/nextcloud/${appName}/releases/download/v${version}/${appName}.tar.gz"; + sha256 = "1kygzixxdkp3dbma009p3pw0fj8wgcqcv39n7pay78lh6zi3nic7"; + }; + files_markdown = buildApp rec { + appName = "files_markdown"; + version = "2.0.5"; + url = "https://github.com/icewind1991/${appName}/releases/download/v${version}/${appName}.tar.gz"; + sha256 = "1dzvy4c6vff2qmkwqw13dx92xdkafaxgnipswjw44mh0ncc2n9ym"; + }; + gpxedit = buildApp rec { + appName = "gpxedit"; + version = "0.0.10"; + url = "https://gitlab.com/eneiluj/gpxedit-oc/wikis/uploads/33d187268c5f6f6a55350d656305701c/${appName}-${version}.tar.gz"; + sha256 = "0ynpaxm0xhvcj8xax6rm1w0p6j57wbqidhi7bhn268n483gwl2sw"; + }; + gpxpod = buildApp rec { + appName = "gpxpod"; + version = "3.0.0"; + url = "https://gitlab.com/eneiluj/gpxpod-oc/-/archive/v${version}/${appName}-oc-v${version}.tar.gz"; + sha256 = "0smpi4r3z7zfl1612fb30cwm1xmpiq95c81zzqiwzjf288iys74k"; + }; + keeweb = buildApp rec { + appName = "keeweb"; + version = "0.4.0"; + url = "https://github.com/jhass/nextcloud-keeweb/releases/download/v${version}/${appName}-${version}.tar.gz"; + sha256 = "0453kkb0a8vfivmibpwpx4bvhyn64jhns6cdfjacmnvbm6d75nj1"; + }; + notes = buildApp rec { + appName = "notes"; + version = "2.5.1"; + url = "https://github.com/nextcloud/${appName}/releases/download/v${version}/${appName}.tar.gz"; + sha256 = "1albzqqsdirzyw8vhvs7r0qm2wqp8vm9vmxm4crhncd85bk01hmh"; + }; + ocsms = buildApp rec { + appName = "ocsms"; + version = "2.1.0"; + url = "https://github.com/nextcloud/${appName}/releases/download/${version}/${appName}-${version}.tar.gz"; + sha256 = "19xgs82js4sdf6j9478vg9li7za7csvcaa1hbq9nmrq441sbxk9c"; + }; + spreed = buildApp rec { + appName = "spreed"; + version = "5.0.0"; + url = "https://github.com/nextcloud/${appName}/releases/download/v${version}/${appName}-${version}.tar.gz"; + sha256 = "1d48mak1fnf1b28r2687yqamm4pxfg3qyxcj9ny31a6xg2cm0xa7"; + }; + tasks = buildApp rec { + appName = "tasks"; + version = "0.9.8"; + url = "https://github.com/nextcloud/${appName}/releases/download/v${version}/${appName}.tar.gz"; + sha256 = "089m124lfsfk09fqj50x9n7zndq97jp5afgb8s001rpmzym4g6ny"; + }; + }; + in rec { + varDir = "/var/lib/nextcloud"; + config_php = + assert checkEnv "NIXOPS_NEXTCLOUD_PASSWORD_SALT"; + assert checkEnv "NIXOPS_NEXTCLOUD_DB_USER"; + assert checkEnv "NIXOPS_NEXTCLOUD_DB_PASSWORD"; + assert checkEnv "NIXOPS_NEXTCLOUD_INSTANCE_ID"; + assert checkEnv "NIXOPS_NEXTCLOUD_SECRET"; + assert checkEnv "NIXOPS_NEXTCLOUD_REDIS_DB_INDEX"; + pkgs.writeText "config.php" '' + '${builtins.getEnv "NIXOPS_NEXTCLOUD_INSTANCE_ID"}', + 'datadirectory' => '/var/lib/nextcloud/', + 'passwordsalt' => '${builtins.getEnv "NIXOPS_NEXTCLOUD_PASSWORD_SALT"}', + 'debug' => false, + 'dbtype' => 'pgsql', + 'version' => '15.0.0.10', + 'dbname' => 'webapps', + 'dbhost' => '/tmp', + 'dbtableprefix' => 'oc_', + 'dbuser' => '${builtins.getEnv "NIXOPS_NEXTCLOUD_DB_USER"}', + 'dbpassword' => '${builtins.getEnv "NIXOPS_NEXTCLOUD_DB_PASSWORD"}', + 'installed' => true, + 'maxZipInputSize' => 0, + 'allowZipDownload' => true, + 'forcessl' => true, + 'theme' => ${"''"}, + 'maintenance' => false, + 'trusted_domains' => + array ( + 0 => 'cloud.immae.eu', + ), + 'secret' => '${builtins.getEnv "NIXOPS_NEXTCLOUD_SECRET"}', + 'appstoreenabled' => false, + 'appstore.experimental.enabled' => true, + 'loglevel' => 0, + 'trashbin_retention_obligation' => 'auto', + 'htaccess.RewriteBase' => '/', + 'mail_smtpmode' => 'smtp', + 'mail_smtphost' => 'mail.immae.eu', + 'mail_smtpname' => ${"''"}, + 'mail_smtppassword' => ${"''"}, + 'mail_from_address' => 'owncloud', + 'mail_smtpauth' => false, + 'mail_domain' => 'immae.eu', + 'memcache.local' => '\\OC\\Memcache\\APCu', + 'memcache.locking' => '\\OC\\Memcache\\Redis', + 'filelocking.enabled' => true, + 'redis' => + array ( + 'host' => 'localhost', + 'port' => 6379, + 'dbindex' => ${builtins.getEnv "NIXOPS_NEXTCLOUD_REDIS_DB_INDEX"}, + ), + 'overwrite.cli.url' => 'https://cloud.immae.eu', + 'ldapIgnoreNamingRules' => false, + 'ldapProviderFactory' => '\\OCA\\User_LDAP\\LDAPProviderFactory', + 'config_is_read_only' => true, + ); + ''; + config = stdenv.mkDerivation rec { + name = "nextcloud-config"; + src = ./nextcloudConfig; + phases = "installPhase"; + installPhase = '' + mkdir -p $out + cp -r $src/* $out + cp ${config_php} $out/config.php + ''; + }; + webRoot = stdenv.mkDerivation rec { + name = "nextcloud-${version}"; + version = "15.0.0"; + + src = fetchurl { + url = "https://download.nextcloud.com/server/releases/${name}.tar.bz2"; + sha256 = "0y7bk1588n5rmmranmmrkajh50074460hr4v052ahg9mf60wbc2v"; + }; + + installPhase = '' + mkdir -p $out/ + cp -R . $out/ + rm -r $out/config + ln -sf ${config} $out/config + ${builtins.concatStringsSep "\n" ( + pkgs.lib.attrsets.mapAttrsToList (name: value: "ln -sf ${value} $out/apps/${name}") apps + )} + ''; + + meta = { + description = "Sharing solution for files, calendars, contacts and more"; + homepage = https://nextcloud.com; + maintainers = with stdenv.lib.maintainers; [ schneefux bachp globin fpletz ]; + license = stdenv.lib.licenses.agpl3Plus; + platforms = with stdenv.lib.platforms; unix; + }; + }; + activationScript = { + deps = [ ]; + text = '' + install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir} + ''; + }; + apache = { + user = "wwwrun"; + group = "wwwrun"; + modules = [ "proxy_fcgi" ]; + vhostConf = '' + + AcceptPathInfo On + DirectoryIndex index.php + Options FollowSymlinks + Require all granted + AllowOverride all + + + Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains; preload" + + + CGIPassAuth on + SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost" + + + + + ''; + }; + phpFpm = rec { + basedir = builtins.concatStringsSep ":" ( + [ webRoot varDir config ] + ++ pkgs.lib.attrsets.mapAttrsToList (name: value: value) apps); + socket = "/var/run/phpfpm/nextcloud.sock"; + pool = '' + listen = ${socket} + user = ${apache.user} + group = ${apache.group} + listen.owner = ${apache.user} + listen.group = ${apache.group} + pm = ondemand + pm.max_children = 60 + pm.process_idle_timeout = 60 + + php_admin_value[output_buffering] = 0 + php_admin_value[max_execution_time] = 1800 + php_admin_value[zend_extension] = "opcache" + ;php_value[opcache.enable] = 1 + php_value[opcache.enable_cli] = 1 + php_value[opcache.interned_strings_buffer] = 8 + php_value[opcache.max_accelerated_files] = 10000 + php_value[opcache.memory_consumption] = 128 + php_value[opcache.save_comments] = 1 + php_value[opcache.revalidate_freq] = 1 + php_admin_value[memory_limit] = 512M + + php_admin_value[open_basedir] = "${basedir}:/proc/meminfo:/dev/urandom:/proc/self/fd:/tmp" + ''; + }; + }; + adminer = rec { webRoot = pkgs.stdenv.mkDerivation rec { version = "4.7.0"; @@ -262,4 +518,5 @@ in inherit ympd; connexionswing_dev = connexionswing { environment = "dev"; }; connexionswing_prod = connexionswing { environment = "prod"; }; + inherit nextcloud; } -- 2.41.0