Nextcloud: Difference between revisions

(9 intermediate revisions by 4 users not shown)

Line 24:

=== Apps ===

[https://github.com/NixOS/nixpkgs/blob/~~master~~/pkgs/servers/nextcloud/packages/~~nextcloud-apps~~.json Some apps] which are already packaged on NixOS can be installed directly with the following example configuration

[https://github.com/NixOS/nixpkgs/blob/2852f35f477e0f55e68b5f5e6d5a92242c215efc/pkgs/servers/nextcloud/packages/31.json Some apps] (use the file named <code><version>.json</code>, where version is the installed Nextcloud version), which are already packaged on NixOS, can be installed directly with the following example configuration:

{{file|/etc/nixos/configuration.nix|nix|<nowiki>

Line 115:

</nowiki>}}

=== ~~Caching~~ ===

=== Data storage ===

Nextcloud stores metadata in the database and files either on a local filesystem, external storage, or in an object storage.

~~[[Redis]] can be enabled as a performant caching backend using following configuration. This will bring faster page loads to your Nextcloud instance.~~

==== Local filesystem ====

Using a filesystem with snapshot support, such as btrfs or zfs, may be useful for backup purposes

~~{{file|/etc/nixos/configuration.nix|nix|<nowiki>~~

~~services.nextcloud~~ = {

~~enable~~ = ~~true;~~

~~configureRedis~~ = ~~true;~~

~~[...]~~

};

~~</nowiki>}}~~

~~Note that APCu will still~~ be ~~used~~ for ~~local caching, as recommended by Nextcloud upstream.~~

=== ~~Object store~~ ===

==== External storage ====

https://docs.nextcloud.com/server/stable/admin_manual/configuration_files/external_storage_configuration_gui.html

==== Object store ====

In this example we'll configure a local S3-compatible object store using Minio and connect it to Nextcloud

Line 176:

Line 170:

mc ~~config host add~~ minio http://localhost:9000 ${accessKey} ${secretKey} --api s3v4

mc alias set minio http://localhost:9000 ${accessKey} ${secretKey} --api s3v4

mc mb minio/nextcloud

</syntaxhighlight>

Line 208:

Line 202:

Do not suply passwords, hashes or keys via the settings option, since they will be copied into the world-readable Nix store. Instead reference a JSON file containing secrets using the <code>secretFile</code> option.

<~~syntaxHighlight~~ lang="nix">

services.nextcloud = {

[...]

secretFile = "/etc/nextcloud-secrets.json";

};

</syntaxhighlight>

~~environment.etc."nextcloud-secrets.json".text = ''~~

{

~~"passwordsalt": "12345678910",~~

~~"secret": "12345678910",~~

~~"instanceid": "10987654321",~~

~~"redis": {~~

~~"password": "secret"~~

}

~~'';~~

</~~syntaxHighlight~~>

Consider using a [[Comparison of secret managing schemes|secret management tool]] instead of referencing an unencrypted local secrets file.

Line 268:

Line 251:

No password is required.

=== Migration ===

If you want to migrate your Nextcloud instance from one place to another, keep in mind:

* Distribution-agnostic instructions are at https://docs.nextcloud.com/server/stable/admin_manual/maintenance/migrating.html

* You can use the [https://search.nixos.org/options?show=services.nextcloud.secretFile services.nextcloud.secretFile] option to set secrets. Notably you'll likely want to inherit the following values from your old to your new instance:

** [https://docs.nextcloud.com/server/stable/admin_manual/configuration_server/config_sample_php_parameters.html#instanceid instanceid]

** [https://docs.nextcloud.com/server/stable/admin_manual/configuration_server/config_sample_php_parameters.html#passwordsalt passwordsalt]

** [https://docs.nextcloud.com/server/stable/admin_manual/configuration_server/config_sample_php_parameters.html#secret secret]

* To be able to configure TLS for your new instance before you've updated your DNS record, you can use [[ACME#DNS challenge|ACME DNS Challenge]]. Don't forget to clear <code>acmeRoot</code>:

{{file|/etc/nixos/configuration.nix|nix|<nowiki>

services.nginx.virtualHosts.${config.services.nextcloud.hostName} = {

forceSSL = true;

enableACME = true;

# force DNS-01 validation

acmeRoot = null;

};

</nowiki>}}

=== Backups ===

You should make backups of both the database and your storage.

For the database, [https://search.nixos.org/options?show=services.mysqlBackup services.mysqlBackup] or [https://search.nixos.org/options?show=services.postgresqlBackup services.postgresqlBackup] may come in handy. For local storage backups, periodically taking a snapshot of a snapshot-enabled filesystem such as btrfs or zfs may be a good first step. Remember to also make off-site copies.

== Clients ==

Line 325:

Line 332:

{{file|/etc/nixos/configuration.nix|nix|<nowiki>

services.nginx.virtualHosts."~~yourHostName~~".listen = [ { addr = "127.0.0.1"; port = 8080; } ];

services.nginx.virtualHosts."${config.services.nextcloud.hostName}".listen = [ { addr = "127.0.0.1"; port = 8080; } ];

</nowiki>}}

Line 511:

Line 518:

===== services.onlyoffice =====

~~Due to https://github.com/ONLYOFFICE/~~onlyoffice~~-nextcloud/issues/931 you need to apply the workaround from https://github.com/NixOS/nixpkgs/pull/338794~~.

Install the onlyoffice documentserver as described in [[ONLYOFFICE_DocumentServer]].

~~Then point~~ the app to the document server from within the Nextcloud UI ("Administration Settings" -> Administration -> ONLYOFFICE), and make sure the 'services.onlyoffice.jwtSecretFile points to a file containing the same key as entered in the configuration of the Nextcloud app.

Point the app to the document server from within the Nextcloud UI ("Administration Settings" -> Administration -> ONLYOFFICE), and make sure the 'services.onlyoffice.jwtSecretFile points to a file containing the same key as entered in the configuration of the Nextcloud app.

===== the documentserver_community Nextcloud app =====

@@ Line 24: / Line 24: @@
 === Apps ===
-[https://github.com/NixOS/nixpkgs/blob/master/pkgs/servers/nextcloud/packages/nextcloud-apps.json Some apps] which are already packaged on NixOS can be installed directly with the following example configuration
+[https://github.com/NixOS/nixpkgs/blob/2852f35f477e0f55e68b5f5e6d5a92242c215efc/pkgs/servers/nextcloud/packages/31.json Some apps] (use the file named <code><version>.json</code>, where version is the installed Nextcloud version), which are already packaged on NixOS, can be installed directly with the following example configuration:
 {{file|/etc/nixos/configuration.nix|nix|<nowiki>
@@ Line 115: / Line 115: @@
 </nowiki>}}
-=== Caching ===
+=== Data storage ===
+Nextcloud stores metadata in the database and files either on a local filesystem, external storage, or in an object storage.
-[[Redis]] can be enabled as a performant caching backend using following configuration. This will bring faster page loads to your Nextcloud instance.
+==== Local filesystem ====
+Using a filesystem with snapshot support, such as btrfs or zfs, may be useful for backup purposes
-{{file|/etc/nixos/configuration.nix|nix|<nowiki>
-services.nextcloud = {
-  enable = true;
-  configureRedis = true;
-  [...]
-};
-</nowiki>}}
-Note that APCu will still be used for local caching, as recommended by Nextcloud upstream.
-=== Object store ===
+==== External storage ====
+https://docs.nextcloud.com/server/stable/admin_manual/configuration_files/external_storage_configuration_gui.html
+==== Object store ====
 In this example we'll configure a local S3-compatible object store using Minio and connect it to Nextcloud
@@ Line 176: / Line 170: @@
 <syntaxhighlight lang="bash">
-mc config host add minio http://localhost:9000 ${accessKey} ${secretKey} --api s3v4
+mc alias set minio http://localhost:9000 ${accessKey} ${secretKey} --api s3v4
 mc mb minio/nextcloud
 </syntaxhighlight>
@@ Line 208: / Line 202: @@
 Do not suply passwords, hashes or keys via the settings option, since they will be copied into the world-readable Nix store. Instead reference a JSON file containing secrets using the <code>secretFile</code> option.
-<syntaxHighlight lang="nix">
+<syntaxhighlight lang="nix">
 services.nextcloud = {
    [...]
    secretFile = "/etc/nextcloud-secrets.json";
 };
+</syntaxhighlight>
-environment.etc."nextcloud-secrets.json".text = ''
-  {
-    "passwordsalt": "12345678910",
-    "secret": "12345678910",
-    "instanceid": "10987654321",
-    "redis": {
-      "password": "secret"
-    }
-  }
-'';
-</syntaxHighlight>
 Consider using a  [[Comparison of secret managing schemes|secret management tool]] instead of referencing an unencrypted local secrets file.
@@ Line 268: / Line 251: @@
 No password is required.
+=== Migration ===
+If you want to migrate your Nextcloud instance from one place to another, keep in mind:
+* Distribution-agnostic instructions are at https://docs.nextcloud.com/server/stable/admin_manual/maintenance/migrating.html
+* You can use the [https://search.nixos.org/options?show=services.nextcloud.secretFile services.nextcloud.secretFile] option to set secrets. Notably you'll likely want to inherit the following values from your old to your new instance:
+** [https://docs.nextcloud.com/server/stable/admin_manual/configuration_server/config_sample_php_parameters.html#instanceid instanceid]
+** [https://docs.nextcloud.com/server/stable/admin_manual/configuration_server/config_sample_php_parameters.html#passwordsalt passwordsalt]
+** [https://docs.nextcloud.com/server/stable/admin_manual/configuration_server/config_sample_php_parameters.html#secret secret]
+* To be able to configure TLS for your new instance before you've updated your DNS record, you can use [[ACME#DNS challenge|ACME DNS Challenge]]. Don't forget to clear <code>acmeRoot</code>:
+{{file|/etc/nixos/configuration.nix|nix|<nowiki>
+services.nginx.virtualHosts.${config.services.nextcloud.hostName} = {
+  forceSSL = true;
+  enableACME = true;
+  # force DNS-01 validation
+  acmeRoot = null;
+};
+</nowiki>}}
+=== Backups ===
+You should make backups of both the database and your storage.
+For the database, [https://search.nixos.org/options?show=services.mysqlBackup services.mysqlBackup] or [https://search.nixos.org/options?show=services.postgresqlBackup services.postgresqlBackup] may come in handy. For local storage backups, periodically taking a snapshot of a snapshot-enabled filesystem such as btrfs or zfs may be a good first step. Remember to also make off-site copies.
 == Clients ==
@@ Line 325: / Line 332: @@
 {{file|/etc/nixos/configuration.nix|nix|<nowiki>
-services.nginx.virtualHosts."yourHostName".listen = [ { addr = "127.0.0.1"; port = 8080; } ];
+services.nginx.virtualHosts."${config.services.nextcloud.hostName}".listen = [ { addr = "127.0.0.1"; port = 8080; } ];
 </nowiki>}}
@@ Line 511: / Line 518: @@
 ===== services.onlyoffice =====
-Due to https://github.com/ONLYOFFICE/onlyoffice-nextcloud/issues/931 you need to apply the workaround from https://github.com/NixOS/nixpkgs/pull/338794.
+Install the onlyoffice documentserver as described in [[ONLYOFFICE_DocumentServer]].
-Then point the app to the document server from within the Nextcloud UI ("Administration Settings" -> Administration -> ONLYOFFICE), and make sure the 'services.onlyoffice.jwtSecretFile points to a file containing the same key as entered in the configuration of the Nextcloud app.
+Point the app to the document server from within the Nextcloud UI ("Administration Settings" -> Administration -> ONLYOFFICE), and make sure the 'services.onlyoffice.jwtSecretFile points to a file containing the same key as entered in the configuration of the Nextcloud app.
 ===== the documentserver_community Nextcloud app =====