Nextcloud: Difference between revisions

(9 intermediate revisions by 4 users not shown)

Line 24:

=== Apps ===

[https://github.com/NixOS/nixpkgs/blob/~~master~~/pkgs/servers/nextcloud/packages/~~nextcloud-apps~~.json Some apps] which are already packaged on NixOS can be installed directly with the following example configuration

[https://github.com/NixOS/nixpkgs/blob/2852f35f477e0f55e68b5f5e6d5a92242c215efc/pkgs/servers/nextcloud/packages/31.json Some apps] (use the file named <code><version>.json</code>, where version is the installed Nextcloud version), which are already packaged on NixOS, can be installed directly with the following example configuration:

{{file|/etc/nixos/configuration.nix|nix|<nowiki>

Line 115:

</nowiki>}}

=== ~~Caching~~ ===

=== Data storage ===

Nextcloud stores metadata in the database and files either on a local filesystem, external storage, or in an object storage.

~~[[Redis]] can be enabled as a performant caching backend using following configuration. This will bring faster page loads to your Nextcloud instance.~~

==== Local filesystem ====

Using a filesystem with snapshot support, such as btrfs or zfs, may be useful for backup purposes

~~{{file|/etc/nixos/configuration.nix|nix|<nowiki>~~

~~services.nextcloud~~ = {

~~enable~~ = ~~true;~~

~~configureRedis~~ = ~~true;~~

~~[...]~~

};

~~</nowiki>}}~~

~~Note that APCu will still be used for local caching, as recommended by Nextcloud upstream.~~

==== External storage ====

https://docs.nextcloud.com/server/stable/admin_manual/configuration_files/external_storage_configuration_gui.html

=== ~~Object store~~ ===

==== Object store ====

In this example we'll configure a local S3-compatible object store using Minio and connect it to Nextcloud

Line 176:

Line 170:

mc ~~config host add~~ minio http://localhost:9000 ${accessKey} ${secretKey} --api s3v4

mc alias set minio http://localhost:9000 ${accessKey} ${secretKey} --api s3v4

mc mb minio/nextcloud

</syntaxhighlight>

Line 208:

Line 202:

Do not suply passwords, hashes or keys via the settings option, since they will be copied into the world-readable Nix store. Instead reference a JSON file containing secrets using the <code>secretFile</code> option.

<~~syntaxHighlight~~ lang="nix">

services.nextcloud = {

[...]

secretFile = "/etc/nextcloud-secrets.json";

};

</syntaxhighlight>

~~environment.etc."nextcloud-secrets.json".text = ''~~

{

~~"passwordsalt": "12345678910",~~

~~"secret": "12345678910",~~

~~"instanceid": "10987654321",~~

~~"redis": {~~

~~"password": "secret"~~

}

~~'';~~

</~~syntaxHighlight~~>

Consider using a [[Comparison of secret managing schemes|secret management tool]] instead of referencing an unencrypted local secrets file.

Line 268:

Line 251:

No password is required.

=== Migration ===

If you want to migrate your Nextcloud instance from one place to another, keep in mind:

* Distribution-agnostic instructions are at https://docs.nextcloud.com/server/stable/admin_manual/maintenance/migrating.html

* You can use the [https://search.nixos.org/options?show=services.nextcloud.secretFile services.nextcloud.secretFile] option to set secrets. Notably you'll likely want to inherit the following values from your old to your new instance:

** [https://docs.nextcloud.com/server/stable/admin_manual/configuration_server/config_sample_php_parameters.html#instanceid instanceid]

** [https://docs.nextcloud.com/server/stable/admin_manual/configuration_server/config_sample_php_parameters.html#passwordsalt passwordsalt]

** [https://docs.nextcloud.com/server/stable/admin_manual/configuration_server/config_sample_php_parameters.html#secret secret]

* To be able to configure TLS for your new instance before you've updated your DNS record, you can use [[ACME#DNS challenge|ACME DNS Challenge]]. Don't forget to clear <code>acmeRoot</code>:

{{file|/etc/nixos/configuration.nix|nix|<nowiki>

services.nginx.virtualHosts.${config.services.nextcloud.hostName} = {

forceSSL = true;

enableACME = true;

# force DNS-01 validation

acmeRoot = null;

};

</nowiki>}}

=== Backups ===

You should make backups of both the database and your storage.

For the database, [https://search.nixos.org/options?show=services.mysqlBackup services.mysqlBackup] or [https://search.nixos.org/options?show=services.postgresqlBackup services.postgresqlBackup] may come in handy. For local storage backups, periodically taking a snapshot of a snapshot-enabled filesystem such as btrfs or zfs may be a good first step. Remember to also make off-site copies.

== Clients ==

Line 327:

Line 334:

services.nginx.virtualHosts."${config.services.nextcloud.hostName}".listen = [ { addr = "127.0.0.1"; port = 8080; } ];

</nowiki>}}

=== Enable Two-factor authentication ===

Two-factor authentication can be enabled for your server via the administration interface in your browser. There is no way to declare this setting via nix configuration, so you should follow the [https://docs.nextcloud.com/server/latest/admin_manual/configuration_user/two_factor-auth.html official documentation] to set up Two-factor authentication.

=== Enable HEIC image preview ===

Line 511:

Line 522:

===== services.onlyoffice =====

~~Due to https://github.com/ONLYOFFICE/~~onlyoffice~~-nextcloud/issues/931 you need to apply the workaround from https://github.com/NixOS/nixpkgs/pull/338794~~.

Install the onlyoffice documentserver as described in [[ONLYOFFICE_DocumentServer]].

~~Then point~~ the app to the document server from within the Nextcloud UI ("Administration Settings" -> Administration -> ONLYOFFICE), and make sure the 'services.onlyoffice.jwtSecretFile points to a file containing the same key as entered in the configuration of the Nextcloud app.

Point the app to the document server from within the Nextcloud UI ("Administration Settings" -> Administration -> ONLYOFFICE), and make sure the 'services.onlyoffice.jwtSecretFile points to a file containing the same key as entered in the configuration of the Nextcloud app.

===== the documentserver_community Nextcloud app =====

@@ Line 24: / Line 24: @@
 === Apps ===
-[https://github.com/NixOS/nixpkgs/blob/master/pkgs/servers/nextcloud/packages/nextcloud-apps.json Some apps] which are already packaged on NixOS can be installed directly with the following example configuration
+[https://github.com/NixOS/nixpkgs/blob/2852f35f477e0f55e68b5f5e6d5a92242c215efc/pkgs/servers/nextcloud/packages/31.json Some apps] (use the file named <code><version>.json</code>, where version is the installed Nextcloud version), which are already packaged on NixOS, can be installed directly with the following example configuration:
 {{file|/etc/nixos/configuration.nix|nix|<nowiki>
@@ Line 115: / Line 115: @@
 </nowiki>}}
-=== Caching ===
+=== Data storage ===
+Nextcloud stores metadata in the database and files either on a local filesystem, external storage, or in an object storage.
-[[Redis]] can be enabled as a performant caching backend using following configuration. This will bring faster page loads to your Nextcloud instance.
+==== Local filesystem ====
+Using a filesystem with snapshot support, such as btrfs or zfs, may be useful for backup purposes
-{{file|/etc/nixos/configuration.nix|nix|<nowiki>
-services.nextcloud = {
-  enable = true;
-  configureRedis = true;
-  [...]
-};
-</nowiki>}}
-Note that APCu will still be used for local caching, as recommended by Nextcloud upstream.
+==== External storage ====
+https://docs.nextcloud.com/server/stable/admin_manual/configuration_files/external_storage_configuration_gui.html
-=== Object store ===
+==== Object store ====
 In this example we'll configure a local S3-compatible object store using Minio and connect it to Nextcloud
@@ Line 176: / Line 170: @@
 <syntaxhighlight lang="bash">
-mc config host add minio http://localhost:9000 ${accessKey} ${secretKey} --api s3v4
+mc alias set minio http://localhost:9000 ${accessKey} ${secretKey} --api s3v4
 mc mb minio/nextcloud
 </syntaxhighlight>
@@ Line 208: / Line 202: @@
 Do not suply passwords, hashes or keys via the settings option, since they will be copied into the world-readable Nix store. Instead reference a JSON file containing secrets using the <code>secretFile</code> option.
-<syntaxHighlight lang="nix">
+<syntaxhighlight lang="nix">
 services.nextcloud = {
    [...]
    secretFile = "/etc/nextcloud-secrets.json";
 };
+</syntaxhighlight>
-environment.etc."nextcloud-secrets.json".text = ''
-  {
-    "passwordsalt": "12345678910",
-    "secret": "12345678910",
-    "instanceid": "10987654321",
-    "redis": {
-      "password": "secret"
-    }
-  }
-'';
-</syntaxHighlight>
 Consider using a  [[Comparison of secret managing schemes|secret management tool]] instead of referencing an unencrypted local secrets file.
@@ Line 268: / Line 251: @@
 No password is required.
+=== Migration ===
+If you want to migrate your Nextcloud instance from one place to another, keep in mind:
+* Distribution-agnostic instructions are at https://docs.nextcloud.com/server/stable/admin_manual/maintenance/migrating.html
+* You can use the [https://search.nixos.org/options?show=services.nextcloud.secretFile services.nextcloud.secretFile] option to set secrets. Notably you'll likely want to inherit the following values from your old to your new instance:
+** [https://docs.nextcloud.com/server/stable/admin_manual/configuration_server/config_sample_php_parameters.html#instanceid instanceid]
+** [https://docs.nextcloud.com/server/stable/admin_manual/configuration_server/config_sample_php_parameters.html#passwordsalt passwordsalt]
+** [https://docs.nextcloud.com/server/stable/admin_manual/configuration_server/config_sample_php_parameters.html#secret secret]
+* To be able to configure TLS for your new instance before you've updated your DNS record, you can use [[ACME#DNS challenge|ACME DNS Challenge]]. Don't forget to clear <code>acmeRoot</code>:
+{{file|/etc/nixos/configuration.nix|nix|<nowiki>
+services.nginx.virtualHosts.${config.services.nextcloud.hostName} = {
+  forceSSL = true;
+  enableACME = true;
+  # force DNS-01 validation
+  acmeRoot = null;
+};
+</nowiki>}}
+=== Backups ===
+You should make backups of both the database and your storage.
+For the database, [https://search.nixos.org/options?show=services.mysqlBackup services.mysqlBackup] or [https://search.nixos.org/options?show=services.postgresqlBackup services.postgresqlBackup] may come in handy. For local storage backups, periodically taking a snapshot of a snapshot-enabled filesystem such as btrfs or zfs may be a good first step. Remember to also make off-site copies.
 == Clients ==
@@ Line 327: / Line 334: @@
 services.nginx.virtualHosts."${config.services.nextcloud.hostName}".listen = [ { addr = "127.0.0.1"; port = 8080; } ];
 </nowiki>}}
+=== Enable Two-factor authentication ===
+Two-factor authentication can be enabled for your server via the administration interface in your browser. There is no way to declare this setting via nix configuration, so you should follow the [https://docs.nextcloud.com/server/latest/admin_manual/configuration_user/two_factor-auth.html official documentation] to set up Two-factor authentication.
 === Enable HEIC image preview ===
@@ Line 511: / Line 522: @@
 ===== services.onlyoffice =====
-Due to https://github.com/ONLYOFFICE/onlyoffice-nextcloud/issues/931 you need to apply the workaround from https://github.com/NixOS/nixpkgs/pull/338794.
+Install the onlyoffice documentserver as described in [[ONLYOFFICE_DocumentServer]].
-Then point the app to the document server from within the Nextcloud UI ("Administration Settings" -> Administration -> ONLYOFFICE), and make sure the 'services.onlyoffice.jwtSecretFile points to a file containing the same key as entered in the configuration of the Nextcloud app.
+Point the app to the document server from within the Nextcloud UI ("Administration Settings" -> Administration -> ONLYOFFICE), and make sure the 'services.onlyoffice.jwtSecretFile points to a file containing the same key as entered in the configuration of the Nextcloud app.
 ===== the documentserver_community Nextcloud app =====