From 3944aa051ca503e255a9da5cf03a58faf6dec268 Mon Sep 17 00:00:00 2001 From: Maximilian Bosch Date: Fri, 28 Jun 2019 17:54:11 +0200 Subject: [PATCH] nixos/nextcloud: write config to additional config file One of the main problems of the Nextcloud module is that it's currently not possible to alter e.g. database configuration after the initial setup as it's written by their imperative installer to a file. After some research[1] it turned out that it's possible to override all values with an additional config file. The documentation has been slightly updated to remain up-to-date, but the warnings should remain there as the imperative configuration is still used and may cause unwanted side-effects. Also simplified the postgresql test which uses `ensure{Databases,Users}` to configure the database. Fixes #49783 [1] https://github.com/NixOS/nixpkgs/issues/49783#issuecomment-483063922 --- nixos/doc/manual/release-notes/rl-1909.xml | 9 +++ nixos/modules/services/web-apps/nextcloud.nix | 33 ++++++++-- nixos/modules/services/web-apps/nextcloud.xml | 64 +++++++++---------- .../nextcloud/with-postgresql-and-redis.nix | 15 ++--- 4 files changed, 74 insertions(+), 47 deletions(-) diff --git a/nixos/doc/manual/release-notes/rl-1909.xml b/nixos/doc/manual/release-notes/rl-1909.xml index 8cb8bba6263d..77ba31811648 100644 --- a/nixos/doc/manual/release-notes/rl-1909.xml +++ b/nixos/doc/manual/release-notes/rl-1909.xml @@ -354,6 +354,15 @@ The tomcat-connector httpd.extraSubservice has been removed from nixpkgs. + + + It's now possible to change configuration in + services.nextcloud after the initial deploy + since all config parameters are persisted in an additional config file generated by the module. + Previously core configuration like database parameters were set using their imperative + installer after creating /var/lib/nextcloud. + + diff --git a/nixos/modules/services/web-apps/nextcloud.nix b/nixos/modules/services/web-apps/nextcloud.nix index fa9a36d11892..7051b73fb57c 100644 --- a/nixos/modules/services/web-apps/nextcloud.nix +++ b/nixos/modules/services/web-apps/nextcloud.nix @@ -297,8 +297,23 @@ in { systemd.services = { "nextcloud-setup" = let + c = cfg.config; + writePhpArrary = a: "[${concatMapStringsSep "," (val: ''"${toString val}"'') a}]"; overrideConfig = pkgs.writeText "nextcloud-config.php" '' [ [ 'path' => '${cfg.home}/apps', 'url' => '/apps', 'writable' => false ], @@ -309,19 +324,27 @@ in { ${optionalString cfg.caching.apcu "'memcache.local' => '\\OC\\Memcache\\APCu',"} 'log_type' => 'syslog', 'log_level' => '${builtins.toString cfg.logLevel}', - ${optionalString (cfg.config.overwriteProtocol != null) "'overwriteprotocol' => '${cfg.config.overwriteProtocol}',"} + ${optionalString (c.overwriteProtocol != null) "'overwriteprotocol' => '${c.overwriteProtocol}',"} + ${optionalString (c.dbname != null) "'dbname' => '${c.dbname}',"} + ${optionalString (c.dbhost != null) "'dbhost' => '${c.dbhost}',"} + ${optionalString (c.dbport != null) "'dbport' => '${toString c.dbport}',"} + ${optionalString (c.dbuser != null) "'dbuser' => '${c.dbuser}',"} + ${optionalString (c.dbtableprefix != null) "'dbtableprefix' => '${toString c.dbtableprefix}',"} + ${optionalString (c.dbpass != null) "'dbpassword' => '${c.dbpass}',"} + ${optionalString (c.dbpassFile != null) "'dbpassword' => nix_read_pwd(),"} + 'dbtype' => '${c.dbtype}', + 'trusted_domains' => ${writePhpArrary c.extraTrustedDomains}, ]; ''; occInstallCmd = let - c = cfg.config; - adminpass = if c.adminpassFile != null - then ''"$(<"${toString c.adminpassFile}")"'' - else ''"${toString c.adminpass}"''; dbpass = if c.dbpassFile != null then ''"$(<"${toString c.dbpassFile}")"'' else if c.dbpass != null then ''"${toString c.dbpass}"'' else null; + adminpass = if c.adminpassFile != null + then ''"$(<"${toString c.adminpassFile}")"'' + else ''"${toString c.adminpass}"''; installFlags = concatStringsSep " \\\n " (mapAttrsToList (k: v: "${k} ${toString v}") { "--database" = ''"${c.dbtype}"''; diff --git a/nixos/modules/services/web-apps/nextcloud.xml b/nixos/modules/services/web-apps/nextcloud.xml index d78d866086a6..d66e0f0c2997 100644 --- a/nixos/modules/services/web-apps/nextcloud.xml +++ b/nixos/modules/services/web-apps/nextcloud.xml @@ -42,10 +42,12 @@ services.postgresql = { enable = true; - initialScript = pkgs.writeText "psql-init" '' - CREATE ROLE nextcloud WITH LOGIN; - CREATE DATABASE nextcloud WITH OWNER nextcloud; - ''; + ensureDatabases = [ "nextcloud" ]; + ensureUsers = [ + { name = "nextcloud"; + ensurePermissions."DATABASE nextcloud" = "ALL PRIVILEGES"; + } + ]; }; # ensure that postgres is running *before* running the setup @@ -63,17 +65,22 @@ are used internally to configure an HTTP server using PHP-FPM and nginx. The config attribute set is - used for the config.php which is used for the - application's configuration. Beware: this isn't entirely pure - since the config is modified by the application's runtime! + used by the imperative installer and all values are written to an additional file + to ensure that changes can be applied by changing the module's options. - In case the application serves multiple hosts (those are checked with + In case the application serves multiple domains (those are checked with $_SERVER['HTTP_HOST']) - those can be added using + it's needed to add them to services.nextcloud.config.extraTrustedDomains. + + + Auto updates for Nextcloud apps can be enabled using + services.nextcloud.autoUpdateApps. + +
Pitfalls @@ -87,35 +94,24 @@ - Right now changes to the services.nextcloud.config - attribute set won't take effect after the first install (except - services.nextcloud.config.extraTrustedDomains) - since the actual configuration file is generated by the NextCloud installer - which also sets up critical parts such as the database structure. + All configuration parameters are also stored in + /var/lib/nextcloud/config/override.config.php which is generated by + the module and linked from the store to ensure that all values from config.php + can be modified by the module. + However config.php manages the application's state and shouldn't be touched + manually because of that. - - Warning: don't delete config.php! This file + + Don't delete config.php! This file tracks the application's state and a deletion can cause unwanted - side-effects! - + side-effects! + - - Warning: don't rerun nextcloud-occ + + Don't rerun nextcloud-occ maintenance:install! This command tries to install the application - and can cause unwanted side-effects! - - - - The issues are known and reported in - #49783, - for now it's unfortunately necessary to manually work around these issues. - - - - Right now app installation and configuration is done imperatively in the nextcloud web ui or via the nextcloud-occ command line utility. - You can activate auto updates for your apps via - services.nextcloud.autoUpdateApps. - + and can cause unwanted side-effects! +
diff --git a/nixos/tests/nextcloud/with-postgresql-and-redis.nix b/nixos/tests/nextcloud/with-postgresql-and-redis.nix index 0351d4db69ac..8a840a608753 100644 --- a/nixos/tests/nextcloud/with-postgresql-and-redis.nix +++ b/nixos/tests/nextcloud/with-postgresql-and-redis.nix @@ -27,10 +27,7 @@ in { dbtype = "pgsql"; dbname = "nextcloud"; dbuser = "nextcloud"; - dbhost = "localhost"; - dbpassFile = toString (pkgs.writeText "db-pass-file" '' - hunter2 - ''); + dbhost = "/run/postgresql"; inherit adminuser; adminpassFile = toString (pkgs.writeText "admin-pass-file" '' ${adminpass} @@ -84,10 +81,12 @@ in { services.postgresql = { enable = true; - initialScript = pkgs.writeText "psql-init" '' - create role nextcloud with login password 'hunter2'; - create database nextcloud with owner nextcloud; - ''; + ensureDatabases = [ "nextcloud" ]; + ensureUsers = [ + { name = "nextcloud"; + ensurePermissions."DATABASE nextcloud" = "ALL PRIVILEGES"; + } + ]; }; }; };