NixOS Wiki

Nextcloud: Difference between revisions

← Older editNewer edit →
VisualWikitext
imported>Onny
Add note on managing secrets
imported>Onny
Add section on secret management
Line 15: Line 15:


After that you will be able to login into your Nextcloud instance at http://localhost with user <code>root</code> and password <code>test123</code> as configured above.  
After that you will be able to login into your Nextcloud instance at http://localhost with user <code>root</code> and password <code>test123</code> as configured above.  
Please note that this example is for demonstration purpose and passwords should be not supplied like this, consider reference a local file containing the secrets and use a [[Comparison of secret managing schemes|secret management tool]].


== Configuration ==
== Configuration ==
Line 114: Line 112:


Test mails can be send via administration interface in the menu section "Basic settings".
Test mails can be send via administration interface in the menu section "Basic settings".
=== Secrets management ===
Do not suply passwords, hashes or keys via <code>extraOptions</code> option, since they will be copied into the world-readable Nix store. Instead reference a JSON file containing secrets using the <code>secretFile</code> option.
<syntaxHighlight lang="nix">
services.nextcloud = {
  [...]
  secretFile = "/etc/nextcloud-secrets.json";
};
environment.etc."nextcloud-secrets.json".text = ''
  {
    "passwordsalt": "12345678910",
    "secret": "12345678910",
    "instanceid": "10987654321"
    "redis": {
      "password": "secret"
    }
  }
'';
</syntaxHighlight>
Consider using a  [[Comparison of secret managing schemes|secret management tool]] instead of referencing an unencrypted local secrets file.


== Maintenance ==
== Maintenance ==
Retrieved from "https://wiki.nixos.org/wiki/Nextcloud"