Nextcloud: Difference between revisions

(12 intermediate revisions by 5 users not shown)

Line 3:

This article extends the documentation in the [https://nixos.org/manual/nixos/stable/#module-services-nextcloud NixOS manual].

== ~~Installation~~ ==

== Setup ==

A minimal example to get the latest Nextcloud version (for your specific NixOS release) running on localhost should look like this, replacing <code>PWD</code> with a 10+ char password that meets [https://docs.nextcloud.com/server/latest/admin_manual/configuration_user/user_password_policy.html Nextcloud's default password policy].

Line 24:

=== Apps ===

[https://github.com/NixOS/nixpkgs/blob/~~master~~/pkgs/servers/nextcloud/packages/~~nextcloud-apps~~.json Some apps] which are already packaged on NixOS can be installed directly with the following example configuration

[https://github.com/NixOS/nixpkgs/blob/2852f35f477e0f55e68b5f5e6d5a92242c215efc/pkgs/servers/nextcloud/packages/31.json Some apps] (use the file named <code><version>.json</code>, where version is the installed Nextcloud version), which are already packaged on NixOS, can be installed directly with the following example configuration:

{{file|/etc/nixos/configuration.nix|nix|<nowiki>

Line 50:

inherit (config.services.nextcloud.package.packages.apps) news contacts calendar tasks;

memories = pkgs.fetchNextcloudApp {

~~sha256 = "sha256-Xr1SRSmXo2r8yOGuoMyoXhD0oPVm/0/ISHlmNZpJYsg=";~~

url = "https://github.com/pulsejet/memories/releases/download/v6.2.2/memories.tar.gz";

hash = "sha256-Xr1SRSmXo2r8yOGuoMyoXhD0oPVm/0/ISHlmNZpJYsg=";

license = "agpl3Only";

};

Line 176:

mc ~~config host add~~ minio http://localhost:9000 ${accessKey} ${secretKey} --api s3v4

mc alias set minio http://localhost:9000 ${accessKey} ${secretKey} --api s3v4

mc mb minio/nextcloud

</syntaxhighlight>

Line 206:

=== Secrets management ===

Do not suply passwords, hashes or keys via ~~<code>extraOptions</code>~~ option, since they will be copied into the world-readable Nix store. Instead reference a JSON file containing secrets using the <code>secretFile</code> option.

Do not suply passwords, hashes or keys via the settings option, since they will be copied into the world-readable Nix store. Instead reference a JSON file containing secrets using the <code>secretFile</code> option.

Line 227:

Consider using a [[Comparison of secret managing schemes|secret management tool]] instead of referencing an unencrypted local secrets file.

=== Dynamic configuration ===

Unfortunately, some options can only be set 'interactively' in the database (either through the nextcloud-occ command line tool or the web UI), and not via the configuration file. One way to manage them "semi-declaratively" is to register a systemd script to reset the options on each redeploy:

systemd.services.nextcloud-custom-config = {

path = [

config.services.nextcloud.occ

];

script = ''

nextcloud-occ theming:config name "My Cloud"

nextcloud-occ theming:config url "https://cloud.mine.com";

nextcloud-occ theming:config privacyUrl "https://www.mine.com/privacy";

nextcloud-occ theming:config color "#3253a5";

nextcloud-occ theming:config logo ${./logo.png}

'';

after = [ "nextcloud-setup.service" ];

wantedBy = [ "multi-user.target" ];

};

</syntaxHighlight>Of course this is not ideal: changes through the web interface or occ client are still possible but will be overwritten the next redeploy, and removing a line from the script will not remove it from the configuration.

== Maintenance ==

Line 305:

Line 325:

{{file|/etc/nixos/configuration.nix|nix|<nowiki>

services.nginx.virtualHosts."~~localhost~~".listen = [ { addr = "127.0.0.1"; port = 8080; } ];

services.nginx.virtualHosts."${config.services.nextcloud.hostName}".listen = [ { addr = "127.0.0.1"; port = 8080; } ];

</nowiki>}}

=== Enable HEIC image preview ===

HEIC image preview needs to be explicitly enabled. This is done by adjusting the <code>enabledPreviewProviders</code> option. Beside the default list of supported formats, add an additional line <code>"OC\\Preview\\HEIC"</code> for HEIC image support.

HEIC image preview needs to be explicitly enabled. This is done by adjusting the <code>enabledPreviewProviders</code> option. Beside the default list of supported formats, add an additional line <code>"OC\\Preview\\HEIC"</code> for HEIC image support. See also [https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/config_sample_php_parameters.html#enabledpreviewproviders this list of preview providers] for additional file types.

{{file|/etc/nixos/configuration.nix|nix|<nowiki>

services.nextcloud = {

~~extraOptions~~.enabledPreviewProviders = [

settings.enabledPreviewProviders = [

"OC\\Preview\\BMP"

"OC\\Preview\\GIF"

Line 330:

Line 350:

</nowiki>}}

=== Run ~~nextcloud~~ in a sub-directory ===

=== Run Nextcloud in a sub-directory ===

Say, you don't want to run nextcloud at <code>your.site/</code> but in a sub-directory <code>your.site/nextcloud/</code>. To do so, we are going to add more configurations to nextcloud and to nginx to [[Nginx#TLS_reverse_proxy|make]] it a [https://docs.nginx.com/nginx/admin-guide/web-server/reverse-proxy/ reverse-proxy].

Line 455:

Line 475:

</syntaxhighlight>

== ~~Plugins~~ ==

== App specific configuration ==

=== Whiteboard ===

The [https://github.com/nextcloud/whiteboard Whiteboard app] requires a running backend server which is also packaged in NixOS.<syntaxhighlight lang="nix">

environment.etc."nextcloud-whiteboard-secret".text = ''

JWT_SECRET_KEY=test123

'';

services.nextcloud-whiteboard-server = {

enable = true;

settings.NEXTCLOUD_URL = "http://localhost";

secrets = [ /etc/nextcloud-whiteboard-secret ];

};

</syntaxhighlight>After applying the configuration configure the Nextcloud app to use it<syntaxhighlight lang="bash">

nextcloud-occ config:app:set whiteboard collabBackendUrl --value="http://localhost:3002"

nextcloud-occ config:app:set whiteboard jwt_secret_key --value="test123"

</syntaxhighlight>

=== NextCloud Office ===

Line 471:

Line 507:

</syntaxhighlight>

==== ONLYOFFICE ====

=== ONLYOFFICE ===

You need to install both a document server and the [https://apps.nextcloud.com/apps/onlyoffice ONLYOFFICE Nextcloud plug-in]. There are several ways to install onlyoffice:

Line 480:

Line 516:

===== the documentserver_community Nextcloud app =====

~~(not tested)~~(not tested)

(not tested)

===== in a docker/podman container =====

Line 493:

Line 529:

As the name indicates the former two require a license, while the latter is free for evaluation and personal use.

For easy deployment, there's the [https://apps.nextcloud.com/apps/richdocumentscode richdocumentscode app] which bundles the CODE server. While being less performant than a standalone deployment of the CODE server, this solution does not require an additional service to be deployed and managed externally from NextCloud. Unfortunately the richdocumentscode app bundles the CODE server as an AppImage and therefore does not work out of the box on NixOS. Follow https://github.com/NixOS/nixpkgs/issues/339798 if you want to get informed about packaging progress. Also CODE standalone is currently not ~~packages~~ in nixpkgs (https://github.com/NixOS/nixpkgs/issues/218878).

For easy deployment, there's the [https://apps.nextcloud.com/apps/richdocumentscode richdocumentscode app] which bundles the CODE server. While being less performant than a standalone deployment of the CODE server, this solution does not require an additional service to be deployed and managed externally from NextCloud. Unfortunately the richdocumentscode app bundles the CODE server as an AppImage and therefore does not work out of the box on NixOS. Follow https://github.com/NixOS/nixpkgs/issues/339798 if you want to get informed about packaging progress. Also CODE standalone is currently not packaged in nixpkgs (https://github.com/NixOS/nixpkgs/issues/218878).

[[Category:Server]]

[[Category:Applications]]

[[Category:Web Applications]]

[[Category:NixOS Manual]]

@@ Line 3: / Line 3: @@
 This article extends the documentation in the [https://nixos.org/manual/nixos/stable/#module-services-nextcloud NixOS manual].
-== Installation ==
+== Setup ==
 A minimal example to get the latest Nextcloud version (for your specific NixOS release) running on localhost should look like this, replacing  <code>PWD</code> with a 10+ char password that meets [https://docs.nextcloud.com/server/latest/admin_manual/configuration_user/user_password_policy.html Nextcloud's default password policy].
@@ Line 24: / Line 24: @@
 === Apps ===
-[https://github.com/NixOS/nixpkgs/blob/master/pkgs/servers/nextcloud/packages/nextcloud-apps.json Some apps] which are already packaged on NixOS can be installed directly with the following example configuration
+[https://github.com/NixOS/nixpkgs/blob/2852f35f477e0f55e68b5f5e6d5a92242c215efc/pkgs/servers/nextcloud/packages/31.json Some apps] (use the file named <code><version>.json</code>, where version is the installed Nextcloud version), which are already packaged on NixOS, can be installed directly with the following example configuration:
 {{file|/etc/nixos/configuration.nix|nix|<nowiki>
@@ Line 50: / Line 50: @@
      inherit (config.services.nextcloud.package.packages.apps) news contacts calendar tasks;
      memories = pkgs.fetchNextcloudApp {
-        sha256 = "sha256-Xr1SRSmXo2r8yOGuoMyoXhD0oPVm/0/ISHlmNZpJYsg=";
+      url = "https://github.com/pulsejet/memories/releases/download/v6.2.2/memories.tar.gz";
-        url = "https://github.com/pulsejet/memories/releases/download/v6.2.2/memories.tar.gz";
+      hash = "sha256-Xr1SRSmXo2r8yOGuoMyoXhD0oPVm/0/ISHlmNZpJYsg=";
-        license = "agpl3Only";
+      license = "agpl3Only";
      };
@@ Line 176: / Line 176: @@
 <syntaxhighlight lang="bash">
-mc config host add minio http://localhost:9000 ${accessKey} ${secretKey} --api s3v4
+mc alias set minio http://localhost:9000 ${accessKey} ${secretKey} --api s3v4
 mc mb minio/nextcloud
 </syntaxhighlight>
@@ Line 206: / Line 206: @@
 === Secrets management ===
-Do not suply passwords, hashes or keys via <code>extraOptions</code> option, since they will be copied into the world-readable Nix store. Instead reference a JSON file containing secrets using the <code>secretFile</code> option.
+Do not suply passwords, hashes or keys via the settings option, since they will be copied into the world-readable Nix store. Instead reference a JSON file containing secrets using the <code>secretFile</code> option.
 <syntaxHighlight lang="nix">
@@ Line 227: / Line 227: @@
 Consider using a  [[Comparison of secret managing schemes|secret management tool]] instead of referencing an unencrypted local secrets file.
+=== Dynamic configuration ===
+Unfortunately, some options can only be set 'interactively' in the database (either through the nextcloud-occ command line tool or the web UI), and not via the configuration file. One way to manage them "semi-declaratively" is to register a systemd script to reset the options on each redeploy:
+<syntaxHighlight lang="nix">
+  systemd.services.nextcloud-custom-config = {
+    path = [
+      config.services.nextcloud.occ
+    ];
+    script = ''
+      nextcloud-occ theming:config name "My Cloud"
+      nextcloud-occ theming:config url "https://cloud.mine.com";
+      nextcloud-occ theming:config privacyUrl "https://www.mine.com/privacy";
+      nextcloud-occ theming:config color "#3253a5";
+      nextcloud-occ theming:config logo ${./logo.png}
+    '';
+    after = [ "nextcloud-setup.service" ];
+    wantedBy = [ "multi-user.target" ];
+  };
+</syntaxHighlight>Of course this is not ideal: changes through the web interface or occ client are still possible but will be overwritten the next redeploy, and removing a line from the script will not remove it from the configuration.
 == Maintenance ==
@@ Line 305: / Line 325: @@
 {{file|/etc/nixos/configuration.nix|nix|<nowiki>
-services.nginx.virtualHosts."localhost".listen = [ { addr = "127.0.0.1"; port = 8080; } ];
+services.nginx.virtualHosts."${config.services.nextcloud.hostName}".listen = [ { addr = "127.0.0.1"; port = 8080; } ];
 </nowiki>}}
 === Enable HEIC image preview ===
-HEIC image preview needs to be explicitly enabled. This is done by adjusting the <code>enabledPreviewProviders</code> option. Beside the default list of supported formats, add an additional line <code>"OC\\Preview\\HEIC"</code> for HEIC image support.
+HEIC image preview needs to be explicitly enabled. This is done by adjusting the <code>enabledPreviewProviders</code> option. Beside the default list of supported formats, add an additional line <code>"OC\\Preview\\HEIC"</code> for HEIC image support. See also [https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/config_sample_php_parameters.html#enabledpreviewproviders this list of preview providers] for additional file types.
 {{file|/etc/nixos/configuration.nix|nix|<nowiki>
 services.nextcloud = {
-   extraOptions.enabledPreviewProviders = [
+   settings.enabledPreviewProviders = [
      "OC\\Preview\\BMP"
      "OC\\Preview\\GIF"
@@ Line 330: / Line 350: @@
 </nowiki>}}
-=== Run nextcloud in a sub-directory ===
+=== Run Nextcloud in a sub-directory ===
 Say, you don't want to run nextcloud at <code>your.site/</code> but in a sub-directory <code>your.site/nextcloud/</code>. To do so, we are going to add more configurations to nextcloud and to nginx to [[Nginx#TLS_reverse_proxy|make]] it a [https://docs.nginx.com/nginx/admin-guide/web-server/reverse-proxy/ reverse-proxy].
@@ Line 455: / Line 475: @@
 </syntaxhighlight>
-== Plugins ==
+== App specific configuration ==
+=== Whiteboard ===
+The [https://github.com/nextcloud/whiteboard Whiteboard app] requires a running backend server which is also packaged in NixOS.<syntaxhighlight lang="nix">
+environment.etc."nextcloud-whiteboard-secret".text = ''
+  JWT_SECRET_KEY=test123
+'';
+services.nextcloud-whiteboard-server = {
+  enable = true;
+  settings.NEXTCLOUD_URL = "http://localhost";
+  secrets = [ /etc/nextcloud-whiteboard-secret ];
+};
+</syntaxhighlight>After applying the configuration configure the Nextcloud app to use it<syntaxhighlight lang="bash">
+nextcloud-occ config:app:set whiteboard collabBackendUrl --value="http://localhost:3002"
+nextcloud-occ config:app:set whiteboard jwt_secret_key --value="test123"
+</syntaxhighlight>
 === NextCloud Office ===
@@ Line 471: / Line 507: @@
 </syntaxhighlight>
-==== ONLYOFFICE ====
+=== ONLYOFFICE ===
 You need to install both a document server and the [https://apps.nextcloud.com/apps/onlyoffice ONLYOFFICE Nextcloud plug-in]. There are several ways to install onlyoffice:
@@ Line 480: / Line 516: @@
 ===== the documentserver_community Nextcloud app =====
-(not tested)(not tested)
+(not tested)
 ===== in a docker/podman container =====
@@ Line 493: / Line 529: @@
 As the name indicates the former two require a license, while the latter is free for evaluation and personal use.
-For easy deployment, there's the [https://apps.nextcloud.com/apps/richdocumentscode richdocumentscode app] which bundles the CODE server. While being less performant than a standalone deployment of the CODE server, this solution does not require an additional service to be deployed and managed externally from NextCloud. Unfortunately the richdocumentscode app bundles the CODE server as an AppImage and therefore does not work out of the box on NixOS. Follow https://github.com/NixOS/nixpkgs/issues/339798 if you want to get informed about packaging progress. Also CODE standalone is currently not packages in nixpkgs (https://github.com/NixOS/nixpkgs/issues/218878).
+For easy deployment, there's the [https://apps.nextcloud.com/apps/richdocumentscode richdocumentscode app] which bundles the CODE server. While being less performant than a standalone deployment of the CODE server, this solution does not require an additional service to be deployed and managed externally from NextCloud. Unfortunately the richdocumentscode app bundles the CODE server as an AppImage and therefore does not work out of the box on NixOS. Follow https://github.com/NixOS/nixpkgs/issues/339798 if you want to get informed about packaging progress. Also CODE standalone is currently not packaged in nixpkgs (https://github.com/NixOS/nixpkgs/issues/218878).
 [[Category:Server]]
 [[Category:Applications]]
 [[Category:Web Applications]]
 [[Category:NixOS Manual]]