diff options
Diffstat (limited to 'nixpkgs/nixos/modules/services/web-apps/nextcloud.nix')
| -rw-r--r-- | nixpkgs/nixos/modules/services/web-apps/nextcloud.nix | 70 |
1 files changed, 59 insertions, 11 deletions
diff --git a/nixpkgs/nixos/modules/services/web-apps/nextcloud.nix b/nixpkgs/nixos/modules/services/web-apps/nextcloud.nix index 60d403553352..9a541aba6e43 100644 --- a/nixpkgs/nixos/modules/services/web-apps/nextcloud.nix +++ b/nixpkgs/nixos/modules/services/web-apps/nextcloud.nix @@ -10,7 +10,7 @@ let extensions = { enabled, all }: (with all; enabled - ++ [ imagick ] # Always enabled + ++ optional (!cfg.disableImagemagick) imagick # Optionally enabled depending on caching settings ++ optional cfg.caching.apcu apcu ++ optional cfg.caching.redis redis @@ -28,7 +28,10 @@ let upload_max_filesize = cfg.maxUploadSize; post_max_size = cfg.maxUploadSize; memory_limit = cfg.maxUploadSize; - } // cfg.phpOptions; + } // cfg.phpOptions + // optionalAttrs cfg.caching.apcu { + "apc.enable_cli" = "1"; + }; occ = pkgs.writeScriptBin "nextcloud-occ" '' #! ${pkgs.runtimeShell} @@ -86,7 +89,7 @@ in { package = mkOption { type = types.package; description = "Which package to use for the Nextcloud instance."; - relatedPackages = [ "nextcloud18" "nextcloud19" "nextcloud20" ]; + relatedPackages = [ "nextcloud19" "nextcloud20" "nextcloud21" ]; }; maxUploadSize = mkOption { @@ -280,6 +283,36 @@ in { may be served via HTTPS. ''; }; + + defaultPhoneRegion = mkOption { + default = null; + type = types.nullOr types.str; + example = "DE"; + description = '' + <warning> + <para>This option exists since Nextcloud 21! If older versions are used, + this will throw an eval-error!</para> + </warning> + + <link xlink:href="https://www.iso.org/iso-3166-country-codes.html">ISO 3611-1</link> + country codes for automatic phone-number detection without a country code. + + With e.g. <literal>DE</literal> set, the <literal>+49</literal> can be omitted for + phone-numbers. + ''; + }; + }; + + disableImagemagick = mkOption { + type = types.bool; + default = false; + description = '' + Whether to not load the ImageMagick module into PHP. + This is used by the theming app and for generating previews of certain images (e.g. SVG and HEIF). + You may want to disable it for increased security. In that case, previews will still be available + for some images (e.g. JPEG and PNG). + See https://github.com/nextcloud/server/issues/13099 + ''; }; caching = { @@ -345,10 +378,13 @@ in { && !(acfg.adminpass != null && acfg.adminpassFile != null)); message = "Please specify exactly one of adminpass or adminpassFile"; } + { assertion = versionOlder cfg.package.version "21" -> cfg.config.defaultPhoneRegion == null; + message = "The `defaultPhoneRegion'-setting is only supported for Nextcloud >=21!"; + } ]; warnings = let - latest = 20; + latest = 21; upgradeWarning = major: nixos: '' A legacy Nextcloud install (from before NixOS ${nixos}) may be installed. @@ -366,9 +402,9 @@ in { Using config.services.nextcloud.poolConfig is deprecated and will become unsupported in a future release. Please migrate your configuration to config.services.nextcloud.poolSettings. '') - ++ (optional (versionOlder cfg.package.version "18") (upgradeWarning 17 "20.03")) ++ (optional (versionOlder cfg.package.version "19") (upgradeWarning 18 "20.09")) - ++ (optional (versionOlder cfg.package.version "20") (upgradeWarning 19 "21.05")); + ++ (optional (versionOlder cfg.package.version "20") (upgradeWarning 19 "21.05")) + ++ (optional (versionOlder cfg.package.version "21") (upgradeWarning 20 "21.05")); services.nextcloud.package = with pkgs; mkDefault ( @@ -378,14 +414,13 @@ in { nextcloud defined in an overlay, please set `services.nextcloud.package` to `pkgs.nextcloud`. '' - else if versionOlder stateVersion "20.03" then nextcloud17 else if versionOlder stateVersion "20.09" then nextcloud18 # 21.03 will not be an official release - it was instead 21.05. # This versionOlder statement remains set to 21.03 for backwards compatibility. # See https://github.com/NixOS/nixpkgs/pull/108899 and # https://github.com/NixOS/rfcs/blob/master/rfcs/0080-nixos-release-schedule.md. else if versionOlder stateVersion "21.03" then nextcloud19 - else nextcloud20 + else nextcloud21 ); } @@ -443,6 +478,7 @@ in { 'dbtype' => '${c.dbtype}', 'trusted_domains' => ${writePhpArrary ([ cfg.hostName ] ++ c.extraTrustedDomains)}, 'trusted_proxies' => ${writePhpArrary (c.trustedProxies)}, + ${optionalString (c.defaultPhoneRegion != null) "'default_phone_region' => '${c.defaultPhoneRegion}',"} ]; ''; occInstallCmd = let @@ -591,6 +627,14 @@ in { access_log off; ''; }; + "= /" = { + priority = 100; + extraConfig = '' + if ( $http_user_agent ~ ^DavClnt ) { + return 302 /remote.php/webdav/$is_args$args; + } + ''; + }; "/" = { priority = 900; extraConfig = "rewrite ^ /index.php;"; @@ -602,11 +646,15 @@ in { "^~ /.well-known" = { priority = 210; extraConfig = '' + absolute_redirect off; location = /.well-known/carddav { - return 301 $scheme://$host/remote.php/dav; + return 301 /remote.php/dav; } location = /.well-known/caldav { - return 301 $scheme://$host/remote.php/dav; + return 301 /remote.php/dav; + } + location ~ ^/\.well-known/(?!acme-challenge|pki-validation) { + return 301 /index.php$request_uri; } try_files $uri $uri/ =404; ''; @@ -614,7 +662,7 @@ in { "~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/)".extraConfig = '' return 404; ''; - "~ ^/(?:\\.|autotest|occ|issue|indie|db_|console)".extraConfig = '' + "~ ^/(?:\\.(?!well-known)|autotest|occ|issue|indie|db_|console)".extraConfig = '' return 404; ''; "~ ^\\/(?:index|remote|public|cron|core\\/ajax\\/update|status|ocs\\/v[12]|updater\\/.+|oc[ms]-provider\\/.+|.+\\/richdocumentscode\\/proxy)\\.php(?:$|\\/)" = { |