Nextcloud: Difference between revisions

(6 intermediate revisions by 3 users not shown)

Line 3:

This article extends the documentation in the [https://nixos.org/manual/nixos/stable/#module-services-nextcloud NixOS manual].

== ~~Installation~~ ==

== Setup ==

A minimal example to get the latest Nextcloud version (for your specific NixOS release) running on localhost should look like this, replacing <code>PWD</code> with a 10+ char password that meets [https://docs.nextcloud.com/server/latest/admin_manual/configuration_user/user_password_policy.html Nextcloud's default password policy].

Line 50:

inherit (config.services.nextcloud.package.packages.apps) news contacts calendar tasks;

memories = pkgs.fetchNextcloudApp {

~~sha256 = "sha256-Xr1SRSmXo2r8yOGuoMyoXhD0oPVm/0/ISHlmNZpJYsg=";~~

url = "https://github.com/pulsejet/memories/releases/download/v6.2.2/memories.tar.gz";

hash = "sha256-Xr1SRSmXo2r8yOGuoMyoXhD0oPVm/0/ISHlmNZpJYsg=";

license = "agpl3Only";

};

Line 206:

=== Secrets management ===

Do not suply passwords, hashes or keys via ~~<code>extraOptions</code>~~ option, since they will be copied into the world-readable Nix store. Instead reference a JSON file containing secrets using the <code>secretFile</code> option.

Do not suply passwords, hashes or keys via the settings option, since they will be copied into the world-readable Nix store. Instead reference a JSON file containing secrets using the <code>secretFile</code> option.

Line 227:

Consider using a [[Comparison of secret managing schemes|secret management tool]] instead of referencing an unencrypted local secrets file.

=== Dynamic configuration ===

Unfortunately, some options can only be set 'interactively' in the database (either through the nextcloud-occ command line tool or the web UI), and not via the configuration file. One way to manage them "semi-declaratively" is to register a systemd script to reset the options on each redeploy:

systemd.services.nextcloud-custom-config = {

path = [

config.services.nextcloud.occ

];

script = ''

nextcloud-occ theming:config name "My Cloud"

nextcloud-occ theming:config url "https://cloud.mine.com";

nextcloud-occ theming:config privacyUrl "https://www.mine.com/privacy";

nextcloud-occ theming:config color "#3253a5";

nextcloud-occ theming:config logo ${./logo.png}

'';

after = [ "nextcloud-setup.service" ];

wantedBy = [ "multi-user.target" ];

};

</syntaxHighlight>Of course this is not ideal: changes through the web interface or occ client are still possible but will be overwritten the next redeploy, and removing a line from the script will not remove it from the configuration.

== Maintenance ==

Line 305:

Line 325:

{{file|/etc/nixos/configuration.nix|nix|<nowiki>

services.nginx.virtualHosts."~~localhost~~".listen = [ { addr = "127.0.0.1"; port = 8080; } ];

services.nginx.virtualHosts."yourHostName".listen = [ { addr = "127.0.0.1"; port = 8080; } ];

</nowiki>}}

=== Enable HEIC image preview ===

HEIC image preview needs to be explicitly enabled. This is done by adjusting the <code>enabledPreviewProviders</code> option. Beside the default list of supported formats, add an additional line <code>"OC\\Preview\\HEIC"</code> for HEIC image support.

HEIC image preview needs to be explicitly enabled. This is done by adjusting the <code>enabledPreviewProviders</code> option. Beside the default list of supported formats, add an additional line <code>"OC\\Preview\\HEIC"</code> for HEIC image support. See also [https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/config_sample_php_parameters.html#enabledpreviewproviders this list of preview providers] for additional file types.

{{file|/etc/nixos/configuration.nix|nix|<nowiki>

Line 330:

Line 350:

</nowiki>}}

=== Run ~~nextcloud~~ in a sub-directory ===

=== Run Nextcloud in a sub-directory ===

Say, you don't want to run nextcloud at <code>your.site/</code> but in a sub-directory <code>your.site/nextcloud/</code>. To do so, we are going to add more configurations to nextcloud and to nginx to [[Nginx#TLS_reverse_proxy|make]] it a [https://docs.nginx.com/nginx/admin-guide/web-server/reverse-proxy/ reverse-proxy].

Line 455:

Line 475:

</syntaxhighlight>

== ~~Plugins~~ ==

== App specific configuration ==

=== Whiteboard ===

The [https://github.com/nextcloud/whiteboard Whiteboard app] requires a running backend server which is also packaged in NixOS.<syntaxhighlight lang="nix">

environment.etc."nextcloud-whiteboard-secret".text = ''

JWT_SECRET_KEY=test123

'';

services.nextcloud-whiteboard-server = {

enable = true;

settings.NEXTCLOUD_URL = "http://localhost";

secrets = [ /etc/nextcloud-whiteboard-secret ];

};

</syntaxhighlight>After applying the configuration configure the Nextcloud app to use it<syntaxhighlight lang="bash">

nextcloud-occ config:app:set whiteboard collabBackendUrl --value="http://localhost:3002"

nextcloud-occ config:app:set whiteboard jwt_secret_key --value="test123"

</syntaxhighlight>

=== NextCloud Office ===

Line 471:

Line 507:

</syntaxhighlight>

==== ONLYOFFICE ====

=== ONLYOFFICE ===

You need to install both a document server and the [https://apps.nextcloud.com/apps/onlyoffice ONLYOFFICE Nextcloud plug-in]. There are several ways to install onlyoffice:

@@ Line 3: / Line 3: @@
 This article extends the documentation in the [https://nixos.org/manual/nixos/stable/#module-services-nextcloud NixOS manual].
-== Installation ==
+== Setup ==
 A minimal example to get the latest Nextcloud version (for your specific NixOS release) running on localhost should look like this, replacing  <code>PWD</code> with a 10+ char password that meets [https://docs.nextcloud.com/server/latest/admin_manual/configuration_user/user_password_policy.html Nextcloud's default password policy].
@@ Line 50: / Line 50: @@
      inherit (config.services.nextcloud.package.packages.apps) news contacts calendar tasks;
      memories = pkgs.fetchNextcloudApp {
-        sha256 = "sha256-Xr1SRSmXo2r8yOGuoMyoXhD0oPVm/0/ISHlmNZpJYsg=";
+      url = "https://github.com/pulsejet/memories/releases/download/v6.2.2/memories.tar.gz";
-        url = "https://github.com/pulsejet/memories/releases/download/v6.2.2/memories.tar.gz";
+      hash = "sha256-Xr1SRSmXo2r8yOGuoMyoXhD0oPVm/0/ISHlmNZpJYsg=";
-        license = "agpl3Only";
+      license = "agpl3Only";
      };
@@ Line 206: / Line 206: @@
 === Secrets management ===
-Do not suply passwords, hashes or keys via <code>extraOptions</code> option, since they will be copied into the world-readable Nix store. Instead reference a JSON file containing secrets using the <code>secretFile</code> option.
+Do not suply passwords, hashes or keys via the settings option, since they will be copied into the world-readable Nix store. Instead reference a JSON file containing secrets using the <code>secretFile</code> option.
 <syntaxHighlight lang="nix">
@@ Line 227: / Line 227: @@
 Consider using a  [[Comparison of secret managing schemes|secret management tool]] instead of referencing an unencrypted local secrets file.
+=== Dynamic configuration ===
+Unfortunately, some options can only be set 'interactively' in the database (either through the nextcloud-occ command line tool or the web UI), and not via the configuration file. One way to manage them "semi-declaratively" is to register a systemd script to reset the options on each redeploy:
+<syntaxHighlight lang="nix">
+  systemd.services.nextcloud-custom-config = {
+    path = [
+      config.services.nextcloud.occ
+    ];
+    script = ''
+      nextcloud-occ theming:config name "My Cloud"
+      nextcloud-occ theming:config url "https://cloud.mine.com";
+      nextcloud-occ theming:config privacyUrl "https://www.mine.com/privacy";
+      nextcloud-occ theming:config color "#3253a5";
+      nextcloud-occ theming:config logo ${./logo.png}
+    '';
+    after = [ "nextcloud-setup.service" ];
+    wantedBy = [ "multi-user.target" ];
+  };
+</syntaxHighlight>Of course this is not ideal: changes through the web interface or occ client are still possible but will be overwritten the next redeploy, and removing a line from the script will not remove it from the configuration.
 == Maintenance ==
@@ Line 305: / Line 325: @@
 {{file|/etc/nixos/configuration.nix|nix|<nowiki>
-services.nginx.virtualHosts."localhost".listen = [ { addr = "127.0.0.1"; port = 8080; } ];
+services.nginx.virtualHosts."yourHostName".listen = [ { addr = "127.0.0.1"; port = 8080; } ];
 </nowiki>}}
 === Enable HEIC image preview ===
-HEIC image preview needs to be explicitly enabled. This is done by adjusting the <code>enabledPreviewProviders</code> option. Beside the default list of supported formats, add an additional line <code>"OC\\Preview\\HEIC"</code> for HEIC image support.
+HEIC image preview needs to be explicitly enabled. This is done by adjusting the <code>enabledPreviewProviders</code> option. Beside the default list of supported formats, add an additional line <code>"OC\\Preview\\HEIC"</code> for HEIC image support. See also [https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/config_sample_php_parameters.html#enabledpreviewproviders this list of preview providers] for additional file types.
 {{file|/etc/nixos/configuration.nix|nix|<nowiki>
@@ Line 330: / Line 350: @@
 </nowiki>}}
-=== Run nextcloud in a sub-directory ===
+=== Run Nextcloud in a sub-directory ===
 Say, you don't want to run nextcloud at <code>your.site/</code> but in a sub-directory <code>your.site/nextcloud/</code>. To do so, we are going to add more configurations to nextcloud and to nginx to [[Nginx#TLS_reverse_proxy|make]] it a [https://docs.nginx.com/nginx/admin-guide/web-server/reverse-proxy/ reverse-proxy].
@@ Line 455: / Line 475: @@
 </syntaxhighlight>
-== Plugins ==
+== App specific configuration ==
+=== Whiteboard ===
+The [https://github.com/nextcloud/whiteboard Whiteboard app] requires a running backend server which is also packaged in NixOS.<syntaxhighlight lang="nix">
+environment.etc."nextcloud-whiteboard-secret".text = ''
+  JWT_SECRET_KEY=test123
+'';
+services.nextcloud-whiteboard-server = {
+  enable = true;
+  settings.NEXTCLOUD_URL = "http://localhost";
+  secrets = [ /etc/nextcloud-whiteboard-secret ];
+};
+</syntaxhighlight>After applying the configuration configure the Nextcloud app to use it<syntaxhighlight lang="bash">
+nextcloud-occ config:app:set whiteboard collabBackendUrl --value="http://localhost:3002"
+nextcloud-occ config:app:set whiteboard jwt_secret_key --value="test123"
+</syntaxhighlight>
 === NextCloud Office ===
@@ Line 471: / Line 507: @@
 </syntaxhighlight>
-==== ONLYOFFICE ====
+=== ONLYOFFICE ===
 You need to install both a document server and the [https://apps.nextcloud.com/apps/onlyoffice ONLYOFFICE Nextcloud plug-in]. There are several ways to install onlyoffice: