From 0ad1a333f5d5d6d16ad0963a4422f7d3e0fa2092 Mon Sep 17 00:00:00 2001 From: Isa Date: Fri, 6 Oct 2023 10:24:20 +0200 Subject: [PATCH 1/6] nextcloud27: 27.1.1 -> 27.1.2 --- pkgs/servers/nextcloud/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/servers/nextcloud/default.nix b/pkgs/servers/nextcloud/default.nix index ec45f7565667f..33668b4ad937a 100644 --- a/pkgs/servers/nextcloud/default.nix +++ b/pkgs/servers/nextcloud/default.nix @@ -72,8 +72,8 @@ in { }; nextcloud27 = generic { - version = "27.1.1"; - hash = "sha256-OpFQBWaHRnVnb6O1v64lh6g5zeQd+sUxgEOxYsExH6s="; + version = "27.1.2"; + hash = "sha256-B0KyR6ruC3BE2wBi8KkUqnczjHp9j+faCRcUfXZolyE="; packages = nextcloud27Packages; }; From efc5c80e18def8a81f06e1da8bd584f3fa8a5ab8 Mon Sep 17 00:00:00 2001 From: Maximilian Bosch Date: Sat, 7 Oct 2023 16:16:42 +0200 Subject: [PATCH 2/6] nextcloud25: remove EOL of Nextcloud v25 is scheduled by the end of this month. --- nixos/modules/services/web-apps/nextcloud.nix | 2 +- nixos/tests/nextcloud/default.nix | 6 +- nixos/tests/nextcloud/openssl-sse.nix | 109 ------- pkgs/servers/nextcloud/default.nix | 26 +- pkgs/servers/nextcloud/packages/25.json | 292 ------------------ ...move-custom-dbuser-creation-behavior.patch | 149 --------- pkgs/top-level/all-packages.nix | 7 +- 7 files changed, 11 insertions(+), 580 deletions(-) delete mode 100644 nixos/tests/nextcloud/openssl-sse.nix delete mode 100644 pkgs/servers/nextcloud/packages/25.json delete mode 100644 pkgs/servers/nextcloud/patches/v25/0001-Setup-remove-custom-dbuser-creation-behavior.patch diff --git a/nixos/modules/services/web-apps/nextcloud.nix b/nixos/modules/services/web-apps/nextcloud.nix index e0a7e7d4859c8..5f09179faed8d 100644 --- a/nixos/modules/services/web-apps/nextcloud.nix +++ b/nixos/modules/services/web-apps/nextcloud.nix @@ -225,7 +225,7 @@ in { package = mkOption { type = types.package; description = lib.mdDoc "Which package to use for the Nextcloud instance."; - relatedPackages = [ "nextcloud25" "nextcloud26" "nextcloud27" ]; + relatedPackages = [ "nextcloud26" "nextcloud27" ]; }; phpPackage = mkOption { type = types.package; diff --git a/nixos/tests/nextcloud/default.nix b/nixos/tests/nextcloud/default.nix index b9f35b398cfec..19d04b28b4f99 100644 --- a/nixos/tests/nextcloud/default.nix +++ b/nixos/tests/nextcloud/default.nix @@ -8,10 +8,6 @@ with pkgs.lib; foldl (matrix: ver: matrix // { "basic${toString ver}" = import ./basic.nix { inherit system pkgs; nextcloudVersion = ver; }; - "openssl-sse${toString ver}" = import ./openssl-sse.nix { - inherit system pkgs; - nextcloudVersion = ver; - }; "with-postgresql-and-redis${toString ver}" = import ./with-postgresql-and-redis.nix { inherit system pkgs; nextcloudVersion = ver; @@ -26,4 +22,4 @@ foldl }; }) { } - [ 25 26 27 ] + [ 26 27 ] diff --git a/nixos/tests/nextcloud/openssl-sse.nix b/nixos/tests/nextcloud/openssl-sse.nix deleted file mode 100644 index d6ea39c6155a5..0000000000000 --- a/nixos/tests/nextcloud/openssl-sse.nix +++ /dev/null @@ -1,109 +0,0 @@ -args@{ pkgs, nextcloudVersion ? 25, ... }: - -(import ../make-test-python.nix ({ pkgs, ...}: let - adminuser = "root"; - adminpass = "notproduction"; - nextcloudBase = { - networking.firewall.allowedTCPPorts = [ 80 ]; - system.stateVersion = "22.05"; # stateVersions <22.11 use openssl 1.1 by default - services.nextcloud = { - enable = true; - config.adminpassFile = "${pkgs.writeText "adminpass" adminpass}"; - database.createLocally = true; - package = pkgs.${"nextcloud" + (toString nextcloudVersion)}; - }; - }; -in { - name = "nextcloud-openssl"; - meta = with pkgs.lib.maintainers; { - maintainers = [ ma27 ]; - }; - nodes.nextcloudwithopenssl1 = { - imports = [ nextcloudBase ]; - services.nextcloud.hostName = "nextcloudwithopenssl1"; - }; - nodes.nextcloudwithopenssl3 = { - imports = [ nextcloudBase ]; - services.nextcloud = { - hostName = "nextcloudwithopenssl3"; - enableBrokenCiphersForSSE = false; - }; - }; - testScript = { nodes, ... }: let - withRcloneEnv = host: pkgs.writeScript "with-rclone-env" '' - #!${pkgs.runtimeShell} - export RCLONE_CONFIG_NEXTCLOUD_TYPE=webdav - export RCLONE_CONFIG_NEXTCLOUD_URL="http://${host}/remote.php/dav/files/${adminuser}" - export RCLONE_CONFIG_NEXTCLOUD_VENDOR="nextcloud" - export RCLONE_CONFIG_NEXTCLOUD_USER="${adminuser}" - export RCLONE_CONFIG_NEXTCLOUD_PASS="$(${pkgs.rclone}/bin/rclone obscure ${adminpass})" - "''${@}" - ''; - withRcloneEnv1 = withRcloneEnv "nextcloudwithopenssl1"; - withRcloneEnv3 = withRcloneEnv "nextcloudwithopenssl3"; - copySharedFile1 = pkgs.writeScript "copy-shared-file" '' - #!${pkgs.runtimeShell} - echo 'hi' | ${withRcloneEnv1} ${pkgs.rclone}/bin/rclone rcat nextcloud:test-shared-file - ''; - copySharedFile3 = pkgs.writeScript "copy-shared-file" '' - #!${pkgs.runtimeShell} - echo 'bye' | ${withRcloneEnv3} ${pkgs.rclone}/bin/rclone rcat nextcloud:test-shared-file2 - ''; - openssl1-node = nodes.nextcloudwithopenssl1.system.build.toplevel; - openssl3-node = nodes.nextcloudwithopenssl3.system.build.toplevel; - in '' - nextcloudwithopenssl1.start() - nextcloudwithopenssl1.wait_for_unit("multi-user.target") - nextcloudwithopenssl1.succeed("nextcloud-occ status") - nextcloudwithopenssl1.succeed("curl -sSf http://nextcloudwithopenssl1/login") - nextcloud_version = ${toString nextcloudVersion} - - with subtest("With OpenSSL 1 SSE can be enabled and used"): - nextcloudwithopenssl1.succeed("nextcloud-occ app:enable encryption") - nextcloudwithopenssl1.succeed("nextcloud-occ encryption:enable") - - with subtest("Upload file and ensure it's encrypted"): - nextcloudwithopenssl1.succeed("${copySharedFile1}") - nextcloudwithopenssl1.succeed("grep -E '^HBEGIN:oc_encryption_module' /var/lib/nextcloud/data/root/files/test-shared-file") - nextcloudwithopenssl1.succeed("${withRcloneEnv1} ${pkgs.rclone}/bin/rclone cat nextcloud:test-shared-file | grep hi") - - with subtest("Switch to OpenSSL 3"): - nextcloudwithopenssl1.succeed("${openssl3-node}/bin/switch-to-configuration test") - nextcloudwithopenssl1.wait_for_open_port(80) - nextcloudwithopenssl1.succeed("nextcloud-occ status") - - with subtest("Existing encrypted files cannot be read, but new files can be added"): - # This will succeed starting NC26 because of their custom implementation of openssl_seal - read_existing_file_test = nextcloudwithopenssl1.fail if nextcloud_version < 26 else nextcloudwithopenssl1.succeed - read_existing_file_test("${withRcloneEnv3} ${pkgs.rclone}/bin/rclone cat nextcloud:test-shared-file >&2") - nextcloudwithopenssl1.succeed("nextcloud-occ encryption:disable") - nextcloudwithopenssl1.succeed("${copySharedFile3}") - nextcloudwithopenssl1.succeed("grep bye /var/lib/nextcloud/data/root/files/test-shared-file2") - nextcloudwithopenssl1.succeed("${withRcloneEnv3} ${pkgs.rclone}/bin/rclone cat nextcloud:test-shared-file2 | grep bye") - - with subtest("Switch back to OpenSSL 1.1 and ensure that encrypted files are readable again"): - nextcloudwithopenssl1.succeed("${openssl1-node}/bin/switch-to-configuration test") - nextcloudwithopenssl1.wait_for_open_port(80) - nextcloudwithopenssl1.succeed("nextcloud-occ status") - nextcloudwithopenssl1.succeed("nextcloud-occ encryption:enable") - nextcloudwithopenssl1.succeed("${withRcloneEnv1} ${pkgs.rclone}/bin/rclone cat nextcloud:test-shared-file2 | grep bye") - nextcloudwithopenssl1.succeed("${withRcloneEnv1} ${pkgs.rclone}/bin/rclone cat nextcloud:test-shared-file | grep hi") - nextcloudwithopenssl1.succeed("grep -E '^HBEGIN:oc_encryption_module' /var/lib/nextcloud/data/root/files/test-shared-file") - nextcloudwithopenssl1.succeed("grep bye /var/lib/nextcloud/data/root/files/test-shared-file2") - - with subtest("Ensure that everything can be decrypted"): - nextcloudwithopenssl1.succeed("echo y | nextcloud-occ encryption:decrypt-all >&2") - nextcloudwithopenssl1.succeed("${withRcloneEnv1} ${pkgs.rclone}/bin/rclone cat nextcloud:test-shared-file2 | grep bye") - nextcloudwithopenssl1.succeed("${withRcloneEnv1} ${pkgs.rclone}/bin/rclone cat nextcloud:test-shared-file | grep hi") - nextcloudwithopenssl1.succeed("grep -vE '^HBEGIN:oc_encryption_module' /var/lib/nextcloud/data/root/files/test-shared-file") - - with subtest("Switch to OpenSSL 3 ensure that all files are usable now"): - nextcloudwithopenssl1.succeed("${openssl3-node}/bin/switch-to-configuration test") - nextcloudwithopenssl1.wait_for_open_port(80) - nextcloudwithopenssl1.succeed("nextcloud-occ status") - nextcloudwithopenssl1.succeed("${withRcloneEnv3} ${pkgs.rclone}/bin/rclone cat nextcloud:test-shared-file2 | grep bye") - nextcloudwithopenssl1.succeed("${withRcloneEnv3} ${pkgs.rclone}/bin/rclone cat nextcloud:test-shared-file | grep hi") - - nextcloudwithopenssl1.shutdown() - ''; -})) args diff --git a/pkgs/servers/nextcloud/default.nix b/pkgs/servers/nextcloud/default.nix index 33668b4ad937a..b87242f163030 100644 --- a/pkgs/servers/nextcloud/default.nix +++ b/pkgs/servers/nextcloud/default.nix @@ -1,7 +1,6 @@ { lib, stdenv, fetchurl, nixosTests , nextcloud27Packages , nextcloud26Packages -, nextcloud25Packages }: let @@ -9,9 +8,7 @@ let version, hash , eol ? false, extraVulnerabilities ? [] , packages - }: let - major = lib.versions.major version; - in stdenv.mkDerivation rec { + }: stdenv.mkDerivation rec { pname = "nextcloud"; inherit version; @@ -20,9 +17,6 @@ let inherit hash; }; - # This patch is only necessary for NC version <26. - patches = lib.optional (lib.versionOlder major "26") (./patches + "/v${major}/0001-Setup-remove-custom-dbuser-creation-behavior.patch"); - passthru = { tests = nixosTests.nextcloud; inherit packages; @@ -47,24 +41,18 @@ let }; }; in { - nextcloud24 = throw '' - Nextcloud v24 has been removed from `nixpkgs` as the support for is dropped - by upstream in 2023-04. Please upgrade to at least Nextcloud v25 by declaring + nextcloud25 = throw '' + Nextcloud v25 has been removed from `nixpkgs` as the support for is dropped + by upstream in 2023-10. Please upgrade to at least Nextcloud v26 by declaring - services.nextcloud.package = pkgs.nextcloud25; + services.nextcloud.package = pkgs.nextcloud26; in your NixOS config. - WARNING: if you were on Nextcloud 23 you have to upgrade to Nextcloud 24 - first on 22.11 because Nextcloud doesn't support upgrades across multiple major versions! + WARNING: if you were on Nextcloud 24 you have to upgrade to Nextcloud 25 + first on 23.05 because Nextcloud doesn't support upgrades across multiple major versions! ''; - nextcloud25 = generic { - version = "25.0.12"; - hash = "sha256-UgMYQkEdh7hjL47EEq14y0K9VIi+LT77/OSmhRykTYw="; - packages = nextcloud25Packages; - }; - nextcloud26 = generic { version = "26.0.7"; hash = "sha256-vtJEqLlNE7YWqSdAUhZwwdZ9Q8SAR3I/sTGAv/bUjpI="; diff --git a/pkgs/servers/nextcloud/packages/25.json b/pkgs/servers/nextcloud/packages/25.json deleted file mode 100644 index 9838732d8ad49..0000000000000 --- a/pkgs/servers/nextcloud/packages/25.json +++ /dev/null @@ -1,292 +0,0 @@ -{ - "bookmarks": { - "sha256": "1kdpma5f3rb9g29j364lqv6bkar5qgwlvcxmhpmzllwlkmjpc9w8", - "url": "https://github.com/nextcloud/bookmarks/releases/download/v12.1.0/bookmarks-12.1.0.tar.gz", - "version": "12.1.0", - "description": "- πŸ“‚ Sort bookmarks into folders\n- 🏷 Add tags and personal notes\n- πŸ” Full-text search\n- πŸ“² Synchronize with all your browsers and devices\n- πŸ‘ͺ Share bookmarks with other users and publicly\n- ☠ Find broken links\n- βš› Generate RSS feeds of your collections\n- πŸ“” Read archived versions of your links in case they are depublished\n- πŸ’¬ Create new bookmarks directly from within Nextcloud Talk\n- πŸ’Ό Built-in Dashboard widgets for frequent and recent links\n\nRequirements:\n - PHP extensions:\n - intl: *\n - mbstring: *\n - when using MySQL, use at least v8.0", - "homepage": "https://github.com/nextcloud/bookmarks", - "licenses": [ - "agpl" - ] - }, - "calendar": { - "sha256": "14jf0vrjkscz6j2xsf2xn18v3vwqkd8qi47iyyz2wlzdgi25zl6v", - "url": "https://github.com/nextcloud-releases/calendar/releases/download/v4.5.1/calendar-v4.5.1.tar.gz", - "version": "4.5.1", - "description": "The Calendar app is a user interface for Nextcloud's CalDAV server. Easily sync events from various devices with your Nextcloud and edit them online.\n\n* πŸš€ **Integration with other Nextcloud apps!** Currently Contacts - more to come.\n* 🌐 **WebCal Support!** Want to see your favorite team’s matchdays in your calendar? No problem!\n* πŸ™‹ **Attendees!** Invite people to your events\n* ⌚️ **Free/Busy!** See when your attendees are available to meet\n* ⏰ **Reminders!** Get alarms for events inside your browser and via email\n* πŸ” Search! Find your events at ease\n* β˜‘οΈ Tasks! See tasks with a due date directly in the calendar\n* πŸ™ˆ **We’re not reinventing the wheel!** Based on the great [c-dav library](https://github.com/nextcloud/cdav-library), [ical.js](https://github.com/mozilla-comm/ical.js) and [fullcalendar](https://github.com/fullcalendar/fullcalendar) libraries.", - "homepage": "https://github.com/nextcloud/calendar/", - "licenses": [ - "agpl" - ] - }, - "contacts": { - "sha256": "1pz2px5amk3byn4pq86cyyjv4hrqhsjz61xfm7cl7z8qfckqfhi2", - "url": "https://github.com/nextcloud-releases/contacts/releases/download/v5.4.2/contacts-v5.4.2.tar.gz", - "version": "5.4.2", - "description": "The Nextcloud contacts app is a user interface for Nextcloud's CardDAV server. Easily sync contacts from various devices with your Nextcloud and edit them online.\n\n* πŸš€ **Integration with other Nextcloud apps!** Currently Mail and Calendar – more to come.\n* πŸŽ‰ **Never forget a birthday!** You can sync birthdays and other recurring events with your Nextcloud Calendar.\n* πŸ‘₯ **Sharing of Adressbooks!** You want to share your contacts with your friends or coworkers? No problem!\n* πŸ™ˆ **We’re not reinventing the wheel!** Based on the great and open SabreDAV library.", - "homepage": "https://github.com/nextcloud/contacts#readme", - "licenses": [ - "agpl" - ] - }, - "cospend": { - "sha256": "189hgyxc2qz4w3l0351ssmbvblf2s78f6ckql8pncbgimw4x171a", - "url": "https://github.com/julien-nc/cospend-nc/releases/download/v1.5.8/cospend-1.5.8.tar.gz", - "version": "1.5.8", - "description": "# Nextcloud Cospend πŸ’°\n\nNextcloud Cospend is a group/shared budget manager. It was inspired by the great [IHateMoney](https://github.com/spiral-project/ihatemoney/).\n\nYou can use it when you share a house, when you go on vacation with friends, whenever you share money with others.\n\nIt lets you create projects with members and bills. Each member has a balance computed from the project bills. This way you can see who owes the group and who the group owes. Ultimately you can ask for a settlement plan telling you which payments to make to reset members balances.\n\nProject members are independent from Nextcloud users. Projects can be accessed and modified by people without a Nextcloud account. Each project has an ID and a password for guest access.\n\n[MoneyBuster](https://gitlab.com/eneiluj/moneybuster) Android client is [available in F-Droid](https://f-droid.org/packages/net.eneiluj.moneybuster/) and on the [Play store](https://play.google.com/store/apps/details?id=net.eneiluj.moneybuster).\n\n[PayForMe](https://github.com/mayflower/PayForMe) iOS client is currently being developped!\n\n## Features\n\n* ✎ create/edit/delete projects, members, bills, bill categories, currencies\n* βš– check member balances\n* πŸ—  display project statistics\n* β™» display settlement plan\n* πŸŽ‡ automatically create reimbursement bills from settlement plan\n* πŸ—“ create recurring bills (daily/weekly/monthly/yearly)\n* πŸ“Š optionally provide custom amount for each member in new bills\n* πŸ”— link bills with personal files (picture of physical bill for example)\n* πŸ‘© guest access for people outside Nextcloud\n* πŸ‘« share projects with Nextcloud users/groups/circles\n* πŸ–« import/export projects as csv (compatible with csv files from IHateMoney)\n* πŸ”— generate link/QRCode to easily import projects in MoneyBuster\n* πŸ—² implement Nextcloud notifications and activity stream\n\nThis app is tested on Nextcloud 20+ with Firefox 57+ and Chromium.\n\nThis app is under development.\n\n🌍 Help us to translate this app on [Nextcloud-Cospend/MoneyBuster Crowdin project](https://crowdin.com/project/moneybuster).\n\nβš’ Check out other ways to help in the [contribution guidelines](https://gitlab.com/eneiluj/cospend-nc/blob/master/CONTRIBUTING.md).\n\n## Documentation\n\n* [User documentation](https://github.com/eneiluj/cospend-nc/blob/master/docs/user.md)\n* [Admin documentation](https://github.com/eneiluj/cospend-nc/blob/master/docs/admin.md)\n* [Developer documentation](https://github.com/eneiluj/cospend-nc/blob/master/docs/dev.md)\n* [CHANGELOG](https://github.com/eneiluj/cospend-nc/blob/master/CHANGELOG.md#change-log)\n* [AUTHORS](https://github.com/eneiluj/cospend-nc/blob/master/AUTHORS.md#authors)\n\n## Known issues\n\n* it does not make you rich\n\nAny feedback will be appreciated.\n\n\n\n## Donation\n\nI develop this app during my free time.\n\n* [Donate with Paypal](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=66PALMY8SF5JE) (you don't need a paypal account)\n* [Donate with Liberapay : ![Donate using Liberapay](https://liberapay.com/assets/widgets/donate.svg)](https://liberapay.com/eneiluj/donate)", - "homepage": "https://github.com/julien-nc/cospend-nc", - "licenses": [ - "agpl" - ] - }, - "deck": { - "sha256": "01bpcq96y1yp4cmkssjcpqamk3wsg99jbsyhich2kjj9a33d0a5v", - "url": "https://github.com/nextcloud-releases/deck/releases/download/v1.8.6/deck-v1.8.6.tar.gz", - "version": "1.8.6", - "description": "Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud.\n\n\n- πŸ“₯ Add your tasks to cards and put them in order\n- πŸ“„ Write down additional notes in Markdown\n- πŸ”– Assign labels for even better organization\n- πŸ‘₯ Share with your team, friends or family\n- πŸ“Ž Attach files and embed them in your Markdown description\n- πŸ’¬ Discuss with your team using comments\n- ⚑ Keep track of changes in the activity stream\n- πŸš€ Get your project organized", - "homepage": "https://github.com/nextcloud/deck", - "licenses": [ - "agpl" - ] - }, - "files_markdown": { - "sha256": "0p97ha6x3czzbflavmjn4jmz3z706h5f84spg4j7dwq3nc9bqrf7", - "url": "https://github.com/icewind1991/files_markdown/releases/download/v2.4.1/files_markdown-v2.4.1.tar.gz", - "version": "2.4.1", - "description": "Markdown Editor extends the Nextcloud text editor with a live preview for markdown files.\n\nA full list of features can be found [in the README](https://github.com/icewind1991/files_markdown)", - "homepage": "https://github.com/icewind1991/files_markdown", - "licenses": [ - "agpl" - ] - }, - "files_texteditor": { - "sha256": "1irvxz29fj9ccplgizwkchc885fqvqsmk9rj4gfwgpa8bgkya1y6", - "url": "https://github.com/nextcloud-releases/files_texteditor/releases/download/v2.15.1/files_texteditor-v2.15.1.tar.gz", - "version": "2.15.1", - "description": "This application enables Nextcloud users to open, save and edit text files in the web browser. If enabled, an entry called \"Text file\" in the \"New\" button menu at the top of the web browser appears. When clicked, a new text file opens in the browser and the file can be saved into the current Nextcloud directory. Further, when a text file is clicked in the web browser, it will be opened and editable. If the privileges allow, a user can also edit shared files and save these changes back into the web browser.\nMore information is available in the text editor documentation.", - "homepage": "https://github.com/nextcloud/files_texteditor", - "licenses": [ - "agpl" - ] - }, - "forms": { - "sha256": "155z87wyv2p06c3kpy9zaw6qf5s7s0ah4wfw022s4cc21i3rcwxv", - "url": "https://github.com/nextcloud-releases/forms/releases/download/v3.3.1/forms-v3.3.1.tar.gz", - "version": "3.3.1", - "description": "**Simple surveys and questionnaires, self-hosted!**\n\n- **πŸ“ Simple design:** No mass of options, only the essentials. Works well on mobile of course.\n- **πŸ“Š View & export results:** Results are visualized and can also be exported as CSV in the same format used by Google Forms.\n- **πŸ”’ Data under your control!** Unlike in Google Forms, Typeform, Doodle and others, the survey info and responses are kept private on your instance.\n- **πŸ§‘β€πŸ’» Connect to your software:** Easily integrate Forms into your service with our full-fledged [REST-API](https://github.com/nextcloud/forms/blob/main/docs/API.md).\n- **πŸ™‹ Get involved!** We have lots of stuff planned like more question types, collaboration on forms, [and much more](https://github.com/nextcloud/forms/milestones)!", - "homepage": "https://github.com/nextcloud/forms", - "licenses": [ - "agpl" - ] - }, - "groupfolders": { - "sha256": "0mkw8w3miq14ky3c04d3pli1n1jcrsf47005pv8ny170zyhai943", - "url": "https://github.com/nextcloud-releases/groupfolders/releases/download/v13.1.6/groupfolders-v13.1.6.tar.gz", - "version": "13.1.6", - "description": "Admin configured folders shared with everyone in a group.\n\nFolders can be configured from *Group folders* in the admin settings.\n\nAfter a folder is created, the admin can give access to the folder to one or more groups, control their write/sharing permissions and assign a quota for the folder.\n\nNote: Encrypting the contents of group folders is currently not supported.", - "homepage": "https://github.com/nextcloud/groupfolders", - "licenses": [ - "agpl" - ] - }, - "impersonate": { - "sha256": "0mlr2dcsbf0njbywcq5vrjjfrac3wk6z9zrcsd39pjznq5l4qky7", - "url": "https://github.com/nextcloud-releases/impersonate/releases/download/v1.12.1/impersonate-v1.12.1.tar.gz", - "version": "1.12.1", - "description": "By installing the impersonate app of your Nextcloud you enable administrators to impersonate other users on the Nextcloud server. This is especially useful for debugging issues reported by users.\n\nTo impersonate a user an administrator has to simply follow the following four steps:\n\n1. Login as administrator to Nextcloud.\n2. Open users administration interface.\n3. Select the impersonate button on the affected user.\n4. Confirm the impersonation.\n\nThe administrator is then logged-in as the user, to switch back to the regular user account they simply have to press the logout button.\n\n**Note:**\n\n- This app is not compatible with instances that have encryption enabled.\n- While impersonate actions are logged note that actions performed impersonated will be logged as the impersonated user.\n- Impersonating a user is only possible after their first login.", - "homepage": "https://github.com/nextcloud/impersonate", - "licenses": [ - "agpl" - ] - }, - "keeweb": { - "sha256": "11q15ajg1357y5y5a640dvsy6hhvvar7wp34zfsb07n7hqlmyci0", - "url": "https://github.com/jhass/nextcloud-keeweb/releases/download/v0.6.13/keeweb-0.6.13.tar.gz", - "version": "0.6.13", - "description": "Open Keepass stores inside Nextcloud with Keeweb just by clicking on an *.kdbx file in your Nextcloud.", - "homepage": "https://github.com/jhass/nextcloud-keeweb", - "licenses": [ - "agpl" - ] - }, - "mail": { - "sha256": "1i05dbdhbsg6pmzs7w9dh0wmfd4irv4d44v1gwsfmr00w4mwn9v1", - "url": "https://github.com/nextcloud-releases/mail/releases/download/v2.2.7/mail-v2.2.7.tar.gz", - "version": "2.2.7", - "description": "**πŸ’Œ A mail app for Nextcloud**\n\n- **πŸš€ Integration with other Nextcloud apps!** Currently Contacts, Calendar & Files – more to come.\n- **πŸ“₯ Multiple mail accounts!** Personal and company account? No problem, and a nice unified inbox. Connect any IMAP account.\n- **πŸ”’ Send & receive encrypted mails!** Using the great [Mailvelope](https://mailvelope.com) browser extension.\n- **πŸ™ˆ We’re not reinventing the wheel!** Based on the great [Horde](https://horde.org) libraries.\n- **πŸ“¬ Want to host your own mail server?** We do not have to reimplement this as you could set up [Mail-in-a-Box](https://mailinabox.email)!\n\n## Ethical AI Rating\n\n### Priority Inbox\n\nPositive:\n* The software for training and inferencing of this model is open source.\n* The model is created and trained on-premises based on the user's own data.\n* The training data is accessible to the user, making it possible to check or correct for bias or optimise the performance and CO2 usage.\n\n### Thread Summaries (opt-in)\n\n**Rating:** 🟒/🟑/🟠/πŸ”΄\n\nThe rating depends on the installed text processing backend. See [the rating overview](https://docs.nextcloud.com/server/latest/admin_manual/ai/index.html) for details.\n\nLearn more about the Nextcloud Ethical AI Rating [in our blog](https://nextcloud.com/blog/nextcloud-ethical-ai-rating/).", - "homepage": "https://github.com/nextcloud/mail#readme", - "licenses": [ - "agpl" - ] - }, - "maps": { - "sha256": "0517kakkk7lr7ays6rrnl276709kcm5yvkp8g6cwjnfih7pmnkn9", - "url": "https://github.com/nextcloud/maps/releases/download/v1.1.0-2a-nightly/maps-1.1.0-2a-nightly.tar.gz", - "version": "1.1.0", - "description": "**The whole world fits inside your cloud!**\n\n- **πŸ—Ί Beautiful map:** Using [OpenStreetMap](https://www.openstreetmap.org) and [Leaflet](https://leafletjs.com), you can choose between standard map, satellite, topographical, dark mode or even watercolor! 🎨\n- **⭐ Favorites:** Save your favorite places, privately! Sync with [GNOME Maps](https://github.com/nextcloud/maps/issues/30) and mobile apps is planned.\n- **🧭 Routing:** Possible using either [OSRM](http://project-osrm.org), [GraphHopper](https://www.graphhopper.com) or [Mapbox](https://www.mapbox.com).\n- **πŸ–Ό Photos on the map:** No more boring slideshows, just show directly where you were!\n- **πŸ™‹ Contacts on the map:** See where your friends live and plan your next visit.\n- **πŸ“± Devices:** Lost your phone? Check the map!\n- **γ€° Tracks:** Load GPS tracks or past trips. Recording with [PhoneTrack](https://f-droid.org/en/packages/net.eneiluj.nextcloud.phonetrack/) or [OwnTracks](https://owntracks.org) is planned.", - "homepage": "https://github.com/nextcloud/maps", - "licenses": [ - "agpl" - ] - }, - "memories": { - "sha256": "1w17cy5ciybq2yf42rmiim77mkfdrjg49l2l3b2v2dxpfv36is1s", - "url": "https://github.com/pulsejet/memories/releases/download/v5.4.1/memories.tar.gz", - "version": "5.4.1", - "description": "# Memories: Photo Management for Nextcloud\n\nMemories is a *batteries-included* photo management solution for Nextcloud with advanced features including:\n\n- **πŸ“Έ Timeline**: Sort photos and videos by date taken, parsed from Exif data.\n- **βͺ Rewind**: Jump to any time in the past instantly and relive your memories.\n- **πŸ€– AI Tagging**: Group photos by people and objects, powered by [recognize](https://github.com/nextcloud/recognize) and [facerecognition](https://github.com/matiasdelellis/facerecognition).\n- **πŸ–ΌοΈ Albums**: Create albums to group photos and videos together. Then share these albums with others.\n- **πŸ«±πŸ»β€πŸ«²πŸ» External Sharing**: Share photos and videos with people outside of your Nextcloud instance.\n- **πŸ“± Mobile Support**: Work from any device, of any shape and size through the web app.\n- **✏️ Edit Metadata**: Edit dates and other metadata on photos quickly and in bulk.\n- **πŸ“¦ Archive**: Store photos you don't want to see in your timeline in a separate folder.\n- **πŸ“Ή Video Transcoding**: Transcode videos and use HLS for maximal performance.\n- **πŸ—ΊοΈ Map**: View your photos on a map, tagged with accurate reverse geocoding.\n- **πŸ“¦ Migration**: Migrate easily from Nextcloud Photos and Google Takeout.\n- **⚑️ Performance**: Do all this very fast.\n\n## πŸš€ Installation\n\n1. Install the app from the Nextcloud app store (try a demo [here](https://demo.memories.gallery/apps/memories/)).\n1. Perform the recommended [configuration steps](https://memories.gallery/config/).\n1. Run `php occ memories:index` to generate metadata indices for existing photos.\n1. Open the πŸ“· Memories app in Nextcloud and set the directory containing your photos.", - "homepage": "https://memories.gallery", - "licenses": [ - "agpl" - ] - }, - "news": { - "sha256": "1j9dhqz5anwsmw3f8hbhvqc2h1fp15zmxzdbpnz1p3vwqf8f5cjs", - "url": "https://github.com/nextcloud/news/releases/download/23.0.0/news.tar.gz", - "version": "23.0.0", - "description": "πŸ“° A RSS/Atom Feed reader App for Nextcloud\n\n- πŸ“² Synchronize your feeds with multiple mobile or desktop [clients](https://nextcloud.github.io/news/clients/)\n- πŸ”„ Automatic updates of your news feeds\n- πŸ†“ Free and open source under AGPLv3, no ads or premium functions\n\n**System Cron is currently required for this app to work**\n\nRequirements can be found [here](https://nextcloud.github.io/news/install/#dependencies)\n\nThe Changelog is available [here](https://github.com/nextcloud/news/blob/master/CHANGELOG.md)\n\nCreate a [bug report](https://github.com/nextcloud/news/issues/new/choose)\n\nCreate a [feature request](https://github.com/nextcloud/news/discussions/new)\n\nReport a [feed issue](https://github.com/nextcloud/news/discussions/new)", - "homepage": "https://github.com/nextcloud/news", - "licenses": [ - "agpl" - ] - }, - "notes": { - "sha256": "1g4ibrymsfd2bcvmyfyrl23z2kh4bgkwrgyacvdx1glk44di6sgc", - "url": "https://github.com/nextcloud-releases/notes/releases/download/v4.8.1/notes.tar.gz", - "version": "4.8.1", - "description": "The Notes app is a distraction free notes taking app for [Nextcloud](https://www.nextcloud.com/). It provides categories for better organization and supports formatting using [Markdown](https://en.wikipedia.org/wiki/Markdown) syntax. Notes are saved as files in your Nextcloud, so you can view and edit them with every Nextcloud client. Furthermore, a separate [REST API](https://github.com/nextcloud/notes/blob/master/docs/api/README.md) allows for an easy integration into third-party apps (currently, there are notes apps for [Android](https://github.com/nextcloud/notes-android), [iOS](https://github.com/nextcloud/notes-ios) and the [console](https://git.danielmoch.com/nncli/about) which allow convenient access to your Nextcloud notes). Further features include marking notes as favorites.", - "homepage": "https://github.com/nextcloud/notes", - "licenses": [ - "agpl" - ] - }, - "notify_push": { - "sha256": "0hdxnkar2ibis5p0gp3yr1i6894la9wxq4pzrbqdrq2cgvsj6a18", - "url": "https://github.com/nextcloud-releases/notify_push/releases/download/v0.6.3/notify_push-v0.6.3.tar.gz", - "version": "0.6.3", - "description": "Push update support for desktop app.\n\nOnce the app is installed, the push binary needs to be setup. You can either use the setup wizard with `occ notify_push:setup` or see the [README](http://github.com/nextcloud/notify_push) for detailed setup instructions", - "homepage": "", - "licenses": [ - "agpl" - ] - }, - "onlyoffice": { - "sha256": "12hzmngps86ha4lcfwaf62svfz41aywykq0z419r644g5i4v7raq", - "url": "https://github.com/ONLYOFFICE/onlyoffice-nextcloud/releases/download/v7.9.0/onlyoffice.tar.gz", - "version": "7.9.0", - "description": "ONLYOFFICE connector allows you to view, edit and collaborate on text documents, spreadsheets and presentations within Nextcloud using ONLYOFFICE Docs. This will create a new Edit in ONLYOFFICE action within the document library for Office documents. This allows multiple users to co-author documents in real time from the familiar web interface and save the changes back to your file storage.", - "homepage": "https://www.onlyoffice.com", - "licenses": [ - "apache" - ] - }, - "polls": { - "sha256": "1v5zb164f60qskfiv02l9x2v0d4rayacg5qivd70dawmyqnz4vmd", - "url": "https://github.com/nextcloud/polls/releases/download/v5.3.2/polls.tar.gz", - "version": "5.3.2", - "description": "A polls app, similar to Doodle/Dudle with the possibility to restrict access (members, certain groups/users, hidden and public).", - "homepage": "https://github.com/nextcloud/polls", - "licenses": [ - "agpl" - ] - }, - "previewgenerator": { - "sha256": "0ziyl7kqgivk9xvkd12byps6bb3fvcvdgprfa9ffy1zrgpl9syhk", - "url": "https://github.com/nextcloud-releases/previewgenerator/releases/download/v5.3.0/previewgenerator-v5.3.0.tar.gz", - "version": "5.3.0", - "description": "The Preview Generator app allows admins to pre-generate previews. The app listens to edit events and stores this information. Once a cron job is triggered it will generate start preview generation. This means that you can better utilize your system by pre-generating previews when your system is normally idle and thus putting less load on your machine when the requests are actually served.\n\nThe app does not replace on demand preview generation so if a preview is requested before it is pre-generated it will still be shown.\nThe first time you install this app, before using a cron job, you properly want to generate all previews via:\n**./occ preview:generate-all -vvv**\n\n**Important**: To enable pre-generation of previews you must add **php /var/www/nextcloud/occ preview:pre-generate** to a system cron job that runs at times of your choosing.", - "homepage": "https://github.com/nextcloud/previewgenerator", - "licenses": [ - "agpl" - ] - }, - "qownnotesapi": { - "sha256": "1hkcqcc6y7x0zrc88qqmsf7mz0dl1kk06gsl6la3kr33fxr0cp0k", - "url": "https://github.com/pbek/qownnotesapi/releases/download/v23.6.0/qownnotesapi-nc.tar.gz", - "version": "23.6.0", - "description": "QOwnNotesAPI is the Nextcloud/ownCloud API for [QOwnNotes](http://www.qownnotes.org), the open source notepad for Linux, macOS and Windows, that works together with the notes application of Nextcloud/ownCloud.\n\nThe only purpose of this App is to provide API access to your Nextcloud/ownCloud server for your QOwnNotes desktop installation, you cannot use this App for anything else, if you don't have QOwnNotes installed on your desktop computer!", - "homepage": "https://github.com/pbek/qownnotesapi", - "licenses": [ - "agpl" - ] - }, - "registration": { - "sha256": "0x1x5mk83qh5lffcs7h0gjjihzsphc6iqmbch1ni76h9pw4zxrw1", - "url": "https://github.com/nextcloud-releases/registration/releases/download/v2.2.0/registration-v2.2.0.tar.gz", - "version": "2.2.0", - "description": "User registration\n\nThis app allows users to register a new account.\n\n# Features\n\n- Add users to a given group\n- Allow-list with email domains (including wildcard) to register with\n- Administrator will be notified via email for new user creation or require approval\n- Supports Nextcloud's Client Login Flow v1 and v2 - allowing registration in the mobile Apps and Desktop clients\n\n# Web form registration flow\n\n1. User enters their email address\n2. Verification link is sent to the email address\n3. User clicks on the verification link\n4. User is lead to a form where they can choose their username and password\n5. New account is created and is logged in automatically", - "homepage": "https://github.com/nextcloud/registration", - "licenses": [ - "agpl" - ] - }, - "spreed": { - "sha256": "0n6dbvfmasyrrpzqp5i5k6bcp6ipwawkvn7hl557nhy2d60k0ffs", - "url": "https://github.com/nextcloud-releases/spreed/releases/download/v15.0.8/spreed-v15.0.8.tar.gz", - "version": "15.0.8", - "description": "Chat, video & audio-conferencing using WebRTC\n\n* πŸ’¬ **Chat integration!** Nextcloud Talk comes with a simple text chat. Allowing you to share files from your Nextcloud and mentioning other participants.\n* πŸ‘₯ **Private, group, public and password protected calls!** Just invite somebody, a whole group or send a public link to invite to a call.\n* πŸ’» **Screen sharing!** Share your screen with participants of your call. You just need to use Firefox version 66 (or newer), latest Edge or Chrome 72 (or newer, also possible using Chrome 49 with this [Chrome extension](https://chrome.google.com/webstore/detail/screensharing-for-nextclo/kepnpjhambipllfmgmbapncekcmabkol)).\n* πŸš€ **Integration with other Nextcloud apps** like Files, Contacts and Deck. More to come.\n\nAnd in the works for the [coming versions](https://github.com/nextcloud/spreed/milestones/):\n* βœ‹ [Federated calls](https://github.com/nextcloud/spreed/issues/21), to call people on other Nextclouds", - "homepage": "https://github.com/nextcloud/spreed", - "licenses": [ - "agpl" - ] - }, - "tasks": { - "sha256": "0a1wpb9f08iqxl9vjp0slxwzn0w67ilpk21dsi0nhpm28ns2mhyc", - "url": "https://github.com/nextcloud/tasks/releases/download/v0.15.0/tasks.tar.gz", - "version": "0.15.0", - "description": "Once enabled, a new Tasks menu will appear in your Nextcloud apps menu. From there you can add and delete tasks, edit their title, description, start and due dates and mark them as important. Tasks can be shared between users. Tasks can be synchronized using CalDav (each task list is linked to an Nextcloud calendar, to sync it to your local client: Thunderbird, Evolution, KDE Kontact, iCal … - just add the calendar as a remote calendar in your client). You can download your tasks as ICS files using the download button for each calendar.", - "homepage": "https://github.com/nextcloud/tasks/", - "licenses": [ - "agpl" - ] - }, - "twofactor_nextcloud_notification": { - "sha256": "03fp8wcwhyp8ivrcf20klgg17sxc9fia5sa44rbrv3cicmwmw50b", - "url": "https://github.com/nextcloud-releases/twofactor_nextcloud_notification/releases/download/v3.7.0/twofactor_nextcloud_notification-v3.7.0.tar.gz", - "version": "3.7.0", - "description": "Allows using any of your logged in devices as second factor", - "homepage": "https://github.com/nextcloud/twofactor_nextcloud_notification", - "licenses": [ - "agpl" - ] - }, - "twofactor_totp": { - "sha256": "189cwq78dqanqxhsl69dahdkh230zhz2r285lvf0b7pg0sxcs0yc", - "url": "https://github.com/nextcloud-releases/twofactor_totp/releases/download/v6.4.1/twofactor_totp-v6.4.1.tar.gz", - "version": "6.4.1", - "description": "A Two-Factor-Auth Provider for TOTP (RFC 6238)", - "homepage": "https://github.com/nextcloud/twofactor_totp#readme", - "licenses": [ - "agpl" - ] - }, - "twofactor_webauthn": { - "sha256": "1lqcw74rsnl8c4sirw9208ra3c8zl8zp93scs7y8fv2n4n60l465", - "url": "https://github.com/nextcloud-releases/twofactor_webauthn/releases/download/v1.2.0/twofactor_webauthn-v1.2.0.tar.gz", - "version": "1.2.0", - "description": "A two-factor provider for WebAuthn devices", - "homepage": "https://github.com/nextcloud/twofactor_webauthn#readme", - "licenses": [ - "agpl" - ] - }, - "unsplash": { - "sha256": "1ya1h4nb9cyj1hdgb5l5isx7a43a7ri92cm0h8nwih20hi6a9wzx", - "url": "https://github.com/nextcloud/unsplash/releases/download/v2.2.1/unsplash.tar.gz", - "version": "2.2.1", - "description": "Show a new random featured nature photo in your nextcloud. Now with choosable motives!", - "homepage": "https://github.com/nextcloud/unsplash/", - "licenses": [ - "agpl" - ] - }, - "user_saml": { - "sha256": "1gsq5mcn5nnxd56jlp4j2610gqq2gk3ma9yvhgy74wl0sqil98jd", - "url": "https://github.com/nextcloud-releases/user_saml/releases/download/v5.2.2/user_saml-v5.2.2.tar.gz", - "version": "5.2.2", - "description": "Using the SSO & SAML app of your Nextcloud you can make it easily possible to integrate your existing Single-Sign-On solution with Nextcloud. In addition, you can use the Nextcloud LDAP user provider to keep the convenience for users. (e.g. when sharing)\nThe following providers are supported and tested at the moment:\n\n* **SAML 2.0**\n\t* OneLogin\n\t* Shibboleth\n\t* Active Directory Federation Services (ADFS)\n\n* **Authentication via Environment Variable**\n\t* Kerberos (mod_auth_kerb)\n\t* Any other provider that authenticates using the environment variable\n\nWhile theoretically any other authentication provider implementing either one of those standards is compatible, we like to note that they are not part of any internal test matrix.", - "homepage": "https://github.com/nextcloud/user_saml", - "licenses": [ - "agpl" - ] - } -} diff --git a/pkgs/servers/nextcloud/patches/v25/0001-Setup-remove-custom-dbuser-creation-behavior.patch b/pkgs/servers/nextcloud/patches/v25/0001-Setup-remove-custom-dbuser-creation-behavior.patch deleted file mode 100644 index f4f1f748d9f74..0000000000000 --- a/pkgs/servers/nextcloud/patches/v25/0001-Setup-remove-custom-dbuser-creation-behavior.patch +++ /dev/null @@ -1,149 +0,0 @@ -From 1adc542ca1d7f60067febd692596eb6e8f334f9c Mon Sep 17 00:00:00 2001 -From: Maximilian Bosch -Date: Sat, 10 Sep 2022 15:18:05 +0200 -Subject: [PATCH] Setup: remove custom dbuser creation behavior - -Both PostgreSQL and MySQL can be authenticated against from Nextcloud by -supplying a database password. Now, during setup the following things -happen: - -* When using postgres and the db user has elevated permissions, a new - unprivileged db user is created and the settings `dbuser`/`dbpass` are - altered in `config.php`. - -* When using MySQL, the password is **always** regenerated since - 24.0.5/23.0.9[1]. - -I consider both cases problematic: the reason why people do configuration -management is to have it as single source of truth! So, IMHO any -application that silently alters config and thus causes deployed -nodes to diverge from the configuration is harmful for that. - -I guess it was sheer luck that it worked for so long in NixOS because -nobody has apparently used password authentication with a privileged -user to operate Nextcloud (which is a good thing in fact). - -[1] https://github.com/nextcloud/server/pull/33513 ---- - lib/private/Setup/MySQL.php | 56 -------------------------------- - lib/private/Setup/PostgreSQL.php | 37 --------------------- - 2 files changed, 93 deletions(-) - -diff --git a/lib/private/Setup/MySQL.php b/lib/private/Setup/MySQL.php -index caa73edccec..bc958e84e44 100644 ---- a/lib/private/Setup/MySQL.php -+++ b/lib/private/Setup/MySQL.php -@@ -141,62 +141,6 @@ class MySQL extends AbstractDatabase { - $rootUser = $this->dbUser; - $rootPassword = $this->dbPassword; - -- //create a random password so we don't need to store the admin password in the config file -- $saveSymbols = str_replace(['\"', '\\', '\'', '`'], '', ISecureRandom::CHAR_SYMBOLS); -- $password = $this->random->generate(22, ISecureRandom::CHAR_ALPHANUMERIC . $saveSymbols) -- . $this->random->generate(2, ISecureRandom::CHAR_UPPER) -- . $this->random->generate(2, ISecureRandom::CHAR_LOWER) -- . $this->random->generate(2, ISecureRandom::CHAR_DIGITS) -- . $this->random->generate(2, $saveSymbols) -- ; -- $this->dbPassword = str_shuffle($password); -- -- try { -- //user already specified in config -- $oldUser = $this->config->getValue('dbuser', false); -- -- //we don't have a dbuser specified in config -- if ($this->dbUser !== $oldUser) { -- //add prefix to the admin username to prevent collisions -- $adminUser = substr('oc_' . $username, 0, 16); -- -- $i = 1; -- while (true) { -- //this should be enough to check for admin rights in mysql -- $query = 'SELECT user FROM mysql.user WHERE user=?'; -- $result = $connection->executeQuery($query, [$adminUser]); -- -- //current dbuser has admin rights -- $data = $result->fetchAll(); -- $result->closeCursor(); -- //new dbuser does not exist -- if (count($data) === 0) { -- //use the admin login data for the new database user -- $this->dbUser = $adminUser; -- $this->createDBUser($connection); -- -- break; -- } else { -- //repeat with different username -- $length = strlen((string)$i); -- $adminUser = substr('oc_' . $username, 0, 16 - $length) . $i; -- $i++; -- } -- } -- } else { -- // Reuse existing password if a database config is already present -- $this->dbPassword = $rootPassword; -- } -- } catch (\Exception $ex) { -- $this->logger->info('Can not create a new MySQL user, will continue with the provided user.', [ -- 'exception' => $ex, -- 'app' => 'mysql.setup', -- ]); -- // Restore the original credentials -- $this->dbUser = $rootUser; -- $this->dbPassword = $rootPassword; -- } -- - $this->config->setValues([ - 'dbuser' => $this->dbUser, - 'dbpassword' => $this->dbPassword, -diff --git a/lib/private/Setup/PostgreSQL.php b/lib/private/Setup/PostgreSQL.php -index af816c7ad04..e49e5508e15 100644 ---- a/lib/private/Setup/PostgreSQL.php -+++ b/lib/private/Setup/PostgreSQL.php -@@ -45,43 +45,6 @@ class PostgreSQL extends AbstractDatabase { - $connection = $this->connect([ - 'dbname' => 'postgres' - ]); -- //check for roles creation rights in postgresql -- $builder = $connection->getQueryBuilder(); -- $builder->automaticTablePrefix(false); -- $query = $builder -- ->select('rolname') -- ->from('pg_roles') -- ->where($builder->expr()->eq('rolcreaterole', new Literal('TRUE'))) -- ->andWhere($builder->expr()->eq('rolname', $builder->createNamedParameter($this->dbUser))); -- -- try { -- $result = $query->execute(); -- $canCreateRoles = $result->rowCount() > 0; -- } catch (DatabaseException $e) { -- $canCreateRoles = false; -- } -- -- if ($canCreateRoles) { -- $connectionMainDatabase = $this->connect(); -- //use the admin login data for the new database user -- -- //add prefix to the postgresql user name to prevent collisions -- $this->dbUser = 'oc_' . strtolower($username); -- //create a new password so we don't need to store the admin config in the config file -- $this->dbPassword = \OC::$server->getSecureRandom()->generate(30, ISecureRandom::CHAR_ALPHANUMERIC); -- -- $this->createDBUser($connection); -- -- // Go to the main database and grant create on the public schema -- // The code below is implemented to make installing possible with PostgreSQL version 15: -- // https://www.postgresql.org/docs/release/15.0/ -- // From the release notes: For new databases having no need to defend against insider threats, granting CREATE permission will yield the behavior of prior releases -- // Therefore we assume that the database is only used by one user/service which is Nextcloud -- // Additional services should get installed in a separate database in order to stay secure -- // Also see https://www.postgresql.org/docs/15/ddl-schemas.html#DDL-SCHEMAS-PATTERNS -- $connectionMainDatabase->executeQuery('GRANT CREATE ON SCHEMA public TO "' . addslashes($this->dbUser) . '"'); -- $connectionMainDatabase->close(); -- } - - $this->config->setValues([ - 'dbuser' => $this->dbUser, --- -2.39.1 - diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index fb1e6b072d3ac..e8f844535cfda 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -11145,12 +11145,9 @@ with pkgs; grocy = callPackage ../servers/grocy { }; inherit (callPackage ../servers/nextcloud {}) - nextcloud24 nextcloud25 nextcloud26 nextcloud27; + nextcloud25 nextcloud26 nextcloud27; - nextcloud24Packages = throw "Nextcloud24 is EOL!"; - nextcloud25Packages = callPackage ../servers/nextcloud/packages { - apps = lib.importJSON ../servers/nextcloud/packages/25.json; - }; + nextcloud25Packages = throw "Nextcloud25 is EOL!"; nextcloud26Packages = callPackage ../servers/nextcloud/packages { apps = lib.importJSON ../servers/nextcloud/packages/26.json; }; From bbc7d496667ff32b67071d30bf9b9402d29c6e39 Mon Sep 17 00:00:00 2001 From: Maximilian Bosch Date: Sat, 7 Oct 2023 16:18:27 +0200 Subject: [PATCH 3/6] nextcloud*Packages: update --- pkgs/servers/nextcloud/packages/26.json | 30 ++++++++++++------------- pkgs/servers/nextcloud/packages/27.json | 30 ++++++++++++------------- 2 files changed, 30 insertions(+), 30 deletions(-) diff --git a/pkgs/servers/nextcloud/packages/26.json b/pkgs/servers/nextcloud/packages/26.json index dbdd35e814fca..949191e55b4b6 100644 --- a/pkgs/servers/nextcloud/packages/26.json +++ b/pkgs/servers/nextcloud/packages/26.json @@ -10,9 +10,9 @@ ] }, "calendar": { - "sha256": "14jf0vrjkscz6j2xsf2xn18v3vwqkd8qi47iyyz2wlzdgi25zl6v", - "url": "https://github.com/nextcloud-releases/calendar/releases/download/v4.5.1/calendar-v4.5.1.tar.gz", - "version": "4.5.1", + "sha256": "1827l5hxsvfnyc2m78rs95cnb2fwi14nl7ricpl25ndh1j0a7ccz", + "url": "https://github.com/nextcloud-releases/calendar/releases/download/v4.5.2/calendar-v4.5.2.tar.gz", + "version": "4.5.2", "description": "The Calendar app is a user interface for Nextcloud's CalDAV server. Easily sync events from various devices with your Nextcloud and edit them online.\n\n* πŸš€ **Integration with other Nextcloud apps!** Currently Contacts - more to come.\n* 🌐 **WebCal Support!** Want to see your favorite team’s matchdays in your calendar? No problem!\n* πŸ™‹ **Attendees!** Invite people to your events\n* ⌚️ **Free/Busy!** See when your attendees are available to meet\n* ⏰ **Reminders!** Get alarms for events inside your browser and via email\n* πŸ” Search! Find your events at ease\n* β˜‘οΈ Tasks! See tasks with a due date directly in the calendar\n* πŸ™ˆ **We’re not reinventing the wheel!** Based on the great [c-dav library](https://github.com/nextcloud/cdav-library), [ical.js](https://github.com/mozilla-comm/ical.js) and [fullcalendar](https://github.com/fullcalendar/fullcalendar) libraries.", "homepage": "https://github.com/nextcloud/calendar/", "licenses": [ @@ -110,9 +110,9 @@ ] }, "mail": { - "sha256": "1n5z683ws6206vcy0qza342ihwv4wl5kvr1nscji84hvl18ccdfr", - "url": "https://github.com/nextcloud-releases/mail/releases/download/v3.4.0/mail-v3.4.0.tar.gz", - "version": "3.4.0", + "sha256": "0p9iv172ivypyr6ccsmkfnb7b77nyghqbva24g8ymphw95pirwag", + "url": "https://github.com/nextcloud-releases/mail/releases/download/v3.4.1/mail-v3.4.1.tar.gz", + "version": "3.4.1", "description": "**πŸ’Œ A mail app for Nextcloud**\n\n- **πŸš€ Integration with other Nextcloud apps!** Currently Contacts, Calendar & Files – more to come.\n- **πŸ“₯ Multiple mail accounts!** Personal and company account? No problem, and a nice unified inbox. Connect any IMAP account.\n- **πŸ”’ Send & receive encrypted mails!** Using the great [Mailvelope](https://mailvelope.com) browser extension.\n- **πŸ™ˆ We’re not reinventing the wheel!** Based on the great [Horde](https://horde.org) libraries.\n- **πŸ“¬ Want to host your own mail server?** We do not have to reimplement this as you could set up [Mail-in-a-Box](https://mailinabox.email)!\n\n## Ethical AI Rating\n\n### Priority Inbox\n\nPositive:\n* The software for training and inferencing of this model is open source.\n* The model is created and trained on-premises based on the user's own data.\n* The training data is accessible to the user, making it possible to check or correct for bias or optimise the performance and CO2 usage.\n\n### Thread Summaries (opt-in)\n\n**Rating:** 🟒/🟑/🟠/πŸ”΄\n\nThe rating depends on the installed text processing backend. See [the rating overview](https://docs.nextcloud.com/server/latest/admin_manual/ai/index.html) for details.\n\nLearn more about the Nextcloud Ethical AI Rating [in our blog](https://nextcloud.com/blog/nextcloud-ethical-ai-rating/).", "homepage": "https://github.com/nextcloud/mail#readme", "licenses": [ @@ -120,9 +120,9 @@ ] }, "maps": { - "sha256": "1rcmqnm5364h5gaq1yy6b6d7k17napgn0yc9ymrnn75bps9s71v9", - "url": "https://github.com/nextcloud/maps/releases/download/v1.1.1/maps-1.1.1.tar.gz", - "version": "1.1.1", + "sha256": "19zx3fhv8dil7vm84lhnhlxzd2zyab7h8j20hiwsd4rrj0gzhjdf", + "url": "https://github.com/nextcloud/maps/releases/download/v1.2.0-1-nightly/maps-1.2.0-1-nightly.tar.gz", + "version": "1.2.0", "description": "**The whole world fits inside your cloud!**\n\n- **πŸ—Ί Beautiful map:** Using [OpenStreetMap](https://www.openstreetmap.org) and [Leaflet](https://leafletjs.com), you can choose between standard map, satellite, topographical, dark mode or even watercolor! 🎨\n- **⭐ Favorites:** Save your favorite places, privately! Sync with [GNOME Maps](https://github.com/nextcloud/maps/issues/30) and mobile apps is planned.\n- **🧭 Routing:** Possible using either [OSRM](http://project-osrm.org), [GraphHopper](https://www.graphhopper.com) or [Mapbox](https://www.mapbox.com).\n- **πŸ–Ό Photos on the map:** No more boring slideshows, just show directly where you were!\n- **πŸ™‹ Contacts on the map:** See where your friends live and plan your next visit.\n- **πŸ“± Devices:** Lost your phone? Check the map!\n- **γ€° Tracks:** Load GPS tracks or past trips. Recording with [PhoneTrack](https://f-droid.org/en/packages/net.eneiluj.nextcloud.phonetrack/) or [OwnTracks](https://owntracks.org) is planned.", "homepage": "https://github.com/nextcloud/maps", "licenses": [ @@ -130,9 +130,9 @@ ] }, "memories": { - "sha256": "1w17cy5ciybq2yf42rmiim77mkfdrjg49l2l3b2v2dxpfv36is1s", - "url": "https://github.com/pulsejet/memories/releases/download/v5.4.1/memories.tar.gz", - "version": "5.4.1", + "sha256": "10qd41lkvmgv5bw15gfzivjwf9asn22gv43f1k9l9158rrpzsgph", + "url": "https://github.com/pulsejet/memories/releases/download/v5.5.1/memories.tar.gz", + "version": "5.5.1", "description": "# Memories: Photo Management for Nextcloud\n\nMemories is a *batteries-included* photo management solution for Nextcloud with advanced features including:\n\n- **πŸ“Έ Timeline**: Sort photos and videos by date taken, parsed from Exif data.\n- **βͺ Rewind**: Jump to any time in the past instantly and relive your memories.\n- **πŸ€– AI Tagging**: Group photos by people and objects, powered by [recognize](https://github.com/nextcloud/recognize) and [facerecognition](https://github.com/matiasdelellis/facerecognition).\n- **πŸ–ΌοΈ Albums**: Create albums to group photos and videos together. Then share these albums with others.\n- **πŸ«±πŸ»β€πŸ«²πŸ» External Sharing**: Share photos and videos with people outside of your Nextcloud instance.\n- **πŸ“± Mobile Support**: Work from any device, of any shape and size through the web app.\n- **✏️ Edit Metadata**: Edit dates and other metadata on photos quickly and in bulk.\n- **πŸ“¦ Archive**: Store photos you don't want to see in your timeline in a separate folder.\n- **πŸ“Ή Video Transcoding**: Transcode videos and use HLS for maximal performance.\n- **πŸ—ΊοΈ Map**: View your photos on a map, tagged with accurate reverse geocoding.\n- **πŸ“¦ Migration**: Migrate easily from Nextcloud Photos and Google Takeout.\n- **⚑️ Performance**: Do all this very fast.\n\n## πŸš€ Installation\n\n1. Install the app from the Nextcloud app store (try a demo [here](https://demo.memories.gallery/apps/memories/)).\n1. Perform the recommended [configuration steps](https://memories.gallery/config/).\n1. Run `php occ memories:index` to generate metadata indices for existing photos.\n1. Open the πŸ“· Memories app in Nextcloud and set the directory containing your photos.", "homepage": "https://memories.gallery", "licenses": [ @@ -140,9 +140,9 @@ ] }, "news": { - "sha256": "1j9dhqz5anwsmw3f8hbhvqc2h1fp15zmxzdbpnz1p3vwqf8f5cjs", - "url": "https://github.com/nextcloud/news/releases/download/23.0.0/news.tar.gz", - "version": "23.0.0", + "sha256": "1bkh73h0ibxyjpy3cmvhnlr7isvgqkcxdw2dw15mxksj2cln9wki", + "url": "https://github.com/nextcloud/news/releases/download/24.0.0/news.tar.gz", + "version": "24.0.0", "description": "πŸ“° A RSS/Atom Feed reader App for Nextcloud\n\n- πŸ“² Synchronize your feeds with multiple mobile or desktop [clients](https://nextcloud.github.io/news/clients/)\n- πŸ”„ Automatic updates of your news feeds\n- πŸ†“ Free and open source under AGPLv3, no ads or premium functions\n\n**System Cron is currently required for this app to work**\n\nRequirements can be found [here](https://nextcloud.github.io/news/install/#dependencies)\n\nThe Changelog is available [here](https://github.com/nextcloud/news/blob/master/CHANGELOG.md)\n\nCreate a [bug report](https://github.com/nextcloud/news/issues/new/choose)\n\nCreate a [feature request](https://github.com/nextcloud/news/discussions/new)\n\nReport a [feed issue](https://github.com/nextcloud/news/discussions/new)", "homepage": "https://github.com/nextcloud/news", "licenses": [ diff --git a/pkgs/servers/nextcloud/packages/27.json b/pkgs/servers/nextcloud/packages/27.json index a8bb03bc6962d..07071fc4fef07 100644 --- a/pkgs/servers/nextcloud/packages/27.json +++ b/pkgs/servers/nextcloud/packages/27.json @@ -10,9 +10,9 @@ ] }, "calendar": { - "sha256": "14jf0vrjkscz6j2xsf2xn18v3vwqkd8qi47iyyz2wlzdgi25zl6v", - "url": "https://github.com/nextcloud-releases/calendar/releases/download/v4.5.1/calendar-v4.5.1.tar.gz", - "version": "4.5.1", + "sha256": "1827l5hxsvfnyc2m78rs95cnb2fwi14nl7ricpl25ndh1j0a7ccz", + "url": "https://github.com/nextcloud-releases/calendar/releases/download/v4.5.2/calendar-v4.5.2.tar.gz", + "version": "4.5.2", "description": "The Calendar app is a user interface for Nextcloud's CalDAV server. Easily sync events from various devices with your Nextcloud and edit them online.\n\n* πŸš€ **Integration with other Nextcloud apps!** Currently Contacts - more to come.\n* 🌐 **WebCal Support!** Want to see your favorite team’s matchdays in your calendar? No problem!\n* πŸ™‹ **Attendees!** Invite people to your events\n* ⌚️ **Free/Busy!** See when your attendees are available to meet\n* ⏰ **Reminders!** Get alarms for events inside your browser and via email\n* πŸ” Search! Find your events at ease\n* β˜‘οΈ Tasks! See tasks with a due date directly in the calendar\n* πŸ™ˆ **We’re not reinventing the wheel!** Based on the great [c-dav library](https://github.com/nextcloud/cdav-library), [ical.js](https://github.com/mozilla-comm/ical.js) and [fullcalendar](https://github.com/fullcalendar/fullcalendar) libraries.", "homepage": "https://github.com/nextcloud/calendar/", "licenses": [ @@ -110,9 +110,9 @@ ] }, "mail": { - "sha256": "1n5z683ws6206vcy0qza342ihwv4wl5kvr1nscji84hvl18ccdfr", - "url": "https://github.com/nextcloud-releases/mail/releases/download/v3.4.0/mail-v3.4.0.tar.gz", - "version": "3.4.0", + "sha256": "0p9iv172ivypyr6ccsmkfnb7b77nyghqbva24g8ymphw95pirwag", + "url": "https://github.com/nextcloud-releases/mail/releases/download/v3.4.1/mail-v3.4.1.tar.gz", + "version": "3.4.1", "description": "**πŸ’Œ A mail app for Nextcloud**\n\n- **πŸš€ Integration with other Nextcloud apps!** Currently Contacts, Calendar & Files – more to come.\n- **πŸ“₯ Multiple mail accounts!** Personal and company account? No problem, and a nice unified inbox. Connect any IMAP account.\n- **πŸ”’ Send & receive encrypted mails!** Using the great [Mailvelope](https://mailvelope.com) browser extension.\n- **πŸ™ˆ We’re not reinventing the wheel!** Based on the great [Horde](https://horde.org) libraries.\n- **πŸ“¬ Want to host your own mail server?** We do not have to reimplement this as you could set up [Mail-in-a-Box](https://mailinabox.email)!\n\n## Ethical AI Rating\n\n### Priority Inbox\n\nPositive:\n* The software for training and inferencing of this model is open source.\n* The model is created and trained on-premises based on the user's own data.\n* The training data is accessible to the user, making it possible to check or correct for bias or optimise the performance and CO2 usage.\n\n### Thread Summaries (opt-in)\n\n**Rating:** 🟒/🟑/🟠/πŸ”΄\n\nThe rating depends on the installed text processing backend. See [the rating overview](https://docs.nextcloud.com/server/latest/admin_manual/ai/index.html) for details.\n\nLearn more about the Nextcloud Ethical AI Rating [in our blog](https://nextcloud.com/blog/nextcloud-ethical-ai-rating/).", "homepage": "https://github.com/nextcloud/mail#readme", "licenses": [ @@ -120,9 +120,9 @@ ] }, "maps": { - "sha256": "1rcmqnm5364h5gaq1yy6b6d7k17napgn0yc9ymrnn75bps9s71v9", - "url": "https://github.com/nextcloud/maps/releases/download/v1.1.1/maps-1.1.1.tar.gz", - "version": "1.1.1", + "sha256": "19zx3fhv8dil7vm84lhnhlxzd2zyab7h8j20hiwsd4rrj0gzhjdf", + "url": "https://github.com/nextcloud/maps/releases/download/v1.2.0-1-nightly/maps-1.2.0-1-nightly.tar.gz", + "version": "1.2.0", "description": "**The whole world fits inside your cloud!**\n\n- **πŸ—Ί Beautiful map:** Using [OpenStreetMap](https://www.openstreetmap.org) and [Leaflet](https://leafletjs.com), you can choose between standard map, satellite, topographical, dark mode or even watercolor! 🎨\n- **⭐ Favorites:** Save your favorite places, privately! Sync with [GNOME Maps](https://github.com/nextcloud/maps/issues/30) and mobile apps is planned.\n- **🧭 Routing:** Possible using either [OSRM](http://project-osrm.org), [GraphHopper](https://www.graphhopper.com) or [Mapbox](https://www.mapbox.com).\n- **πŸ–Ό Photos on the map:** No more boring slideshows, just show directly where you were!\n- **πŸ™‹ Contacts on the map:** See where your friends live and plan your next visit.\n- **πŸ“± Devices:** Lost your phone? Check the map!\n- **γ€° Tracks:** Load GPS tracks or past trips. Recording with [PhoneTrack](https://f-droid.org/en/packages/net.eneiluj.nextcloud.phonetrack/) or [OwnTracks](https://owntracks.org) is planned.", "homepage": "https://github.com/nextcloud/maps", "licenses": [ @@ -130,9 +130,9 @@ ] }, "memories": { - "sha256": "1w17cy5ciybq2yf42rmiim77mkfdrjg49l2l3b2v2dxpfv36is1s", - "url": "https://github.com/pulsejet/memories/releases/download/v5.4.1/memories.tar.gz", - "version": "5.4.1", + "sha256": "10qd41lkvmgv5bw15gfzivjwf9asn22gv43f1k9l9158rrpzsgph", + "url": "https://github.com/pulsejet/memories/releases/download/v5.5.1/memories.tar.gz", + "version": "5.5.1", "description": "# Memories: Photo Management for Nextcloud\n\nMemories is a *batteries-included* photo management solution for Nextcloud with advanced features including:\n\n- **πŸ“Έ Timeline**: Sort photos and videos by date taken, parsed from Exif data.\n- **βͺ Rewind**: Jump to any time in the past instantly and relive your memories.\n- **πŸ€– AI Tagging**: Group photos by people and objects, powered by [recognize](https://github.com/nextcloud/recognize) and [facerecognition](https://github.com/matiasdelellis/facerecognition).\n- **πŸ–ΌοΈ Albums**: Create albums to group photos and videos together. Then share these albums with others.\n- **πŸ«±πŸ»β€πŸ«²πŸ» External Sharing**: Share photos and videos with people outside of your Nextcloud instance.\n- **πŸ“± Mobile Support**: Work from any device, of any shape and size through the web app.\n- **✏️ Edit Metadata**: Edit dates and other metadata on photos quickly and in bulk.\n- **πŸ“¦ Archive**: Store photos you don't want to see in your timeline in a separate folder.\n- **πŸ“Ή Video Transcoding**: Transcode videos and use HLS for maximal performance.\n- **πŸ—ΊοΈ Map**: View your photos on a map, tagged with accurate reverse geocoding.\n- **πŸ“¦ Migration**: Migrate easily from Nextcloud Photos and Google Takeout.\n- **⚑️ Performance**: Do all this very fast.\n\n## πŸš€ Installation\n\n1. Install the app from the Nextcloud app store (try a demo [here](https://demo.memories.gallery/apps/memories/)).\n1. Perform the recommended [configuration steps](https://memories.gallery/config/).\n1. Run `php occ memories:index` to generate metadata indices for existing photos.\n1. Open the πŸ“· Memories app in Nextcloud and set the directory containing your photos.", "homepage": "https://memories.gallery", "licenses": [ @@ -140,9 +140,9 @@ ] }, "news": { - "sha256": "1j9dhqz5anwsmw3f8hbhvqc2h1fp15zmxzdbpnz1p3vwqf8f5cjs", - "url": "https://github.com/nextcloud/news/releases/download/23.0.0/news.tar.gz", - "version": "23.0.0", + "sha256": "1bkh73h0ibxyjpy3cmvhnlr7isvgqkcxdw2dw15mxksj2cln9wki", + "url": "https://github.com/nextcloud/news/releases/download/24.0.0/news.tar.gz", + "version": "24.0.0", "description": "πŸ“° A RSS/Atom Feed reader App for Nextcloud\n\n- πŸ“² Synchronize your feeds with multiple mobile or desktop [clients](https://nextcloud.github.io/news/clients/)\n- πŸ”„ Automatic updates of your news feeds\n- πŸ†“ Free and open source under AGPLv3, no ads or premium functions\n\n**System Cron is currently required for this app to work**\n\nRequirements can be found [here](https://nextcloud.github.io/news/install/#dependencies)\n\nThe Changelog is available [here](https://github.com/nextcloud/news/blob/master/CHANGELOG.md)\n\nCreate a [bug report](https://github.com/nextcloud/news/issues/new/choose)\n\nCreate a [feature request](https://github.com/nextcloud/news/discussions/new)\n\nReport a [feed issue](https://github.com/nextcloud/news/discussions/new)", "homepage": "https://github.com/nextcloud/news", "licenses": [ From 8702ae01109216bddb9b05e3dae2fe6fb15ce117 Mon Sep 17 00:00:00 2001 From: Maximilian Bosch Date: Mon, 9 Oct 2023 10:47:17 +0200 Subject: [PATCH 4/6] nixos/nextcloud: drop enableBrokenCiphersForSSE MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit πŸŽ‰ --- .../manual/release-notes/rl-2211.section.md | 2 +- nixos/modules/services/web-apps/nextcloud.md | 8 +-- nixos/modules/services/web-apps/nextcloud.nix | 68 ++----------------- 3 files changed, 8 insertions(+), 70 deletions(-) diff --git a/nixos/doc/manual/release-notes/rl-2211.section.md b/nixos/doc/manual/release-notes/rl-2211.section.md index 97a305573501c..37079c20967bd 100644 --- a/nixos/doc/manual/release-notes/rl-2211.section.md +++ b/nixos/doc/manual/release-notes/rl-2211.section.md @@ -130,7 +130,7 @@ In addition to numerous new and upgraded packages, this release includes the fol don't lose access to their files. In any other case, it's safe to use OpenSSL 3 for PHP's OpenSSL extension. This can be done by setting - [](#opt-services.nextcloud.enableBrokenCiphersForSSE) to `false`. + `services.nextcloud.enableBrokenCiphersForSSE` to `false`. - The `coq` package and versioned variants starting at `coq_8_14` no longer include CoqIDE, which is now available through diff --git a/nixos/modules/services/web-apps/nextcloud.md b/nixos/modules/services/web-apps/nextcloud.md index cbd7b5b3d066b..a25bed30e47fd 100644 --- a/nixos/modules/services/web-apps/nextcloud.md +++ b/nixos/modules/services/web-apps/nextcloud.md @@ -119,13 +119,7 @@ Auto updates for Nextcloud apps can be enabled using - **Server-side encryption.** Nextcloud supports [server-side encryption (SSE)](https://docs.nextcloud.com/server/latest/admin_manual/configuration_files/encryption_configuration.html). This is not an end-to-end encryption, but can be used to encrypt files that will be persisted - to external storage such as S3. Please note that this won't work anymore when using OpenSSL 3 - for PHP's openssl extension and **Nextcloud 25 or older** because this is implemented using the - legacy cipher RC4. For Nextcloud26 this isn't relevant anymore, because Nextcloud has an RC4 implementation - written in native PHP and thus doesn't need `ext-openssl` for that anymore. - If [](#opt-system.stateVersion) is *above* `22.05`, - this is disabled by default. To turn it on again and for further information please refer to - [](#opt-services.nextcloud.enableBrokenCiphersForSSE). + to external storage such as S3. ## Using an alternative webserver as reverse-proxy (e.g. `httpd`) {#module-services-nextcloud-httpd} diff --git a/nixos/modules/services/web-apps/nextcloud.nix b/nixos/modules/services/web-apps/nextcloud.nix index 5f09179faed8d..241b2b9b82164 100644 --- a/nixos/modules/services/web-apps/nextcloud.nix +++ b/nixos/modules/services/web-apps/nextcloud.nix @@ -27,13 +27,7 @@ let phpPackage = cfg.phpPackage.buildEnv { extensions = { enabled, all }: - (with all; - # disable default openssl extension - (lib.filter (e: e.pname != "php-openssl") enabled) - # use OpenSSL 1.1 for RC4 Nextcloud encryption if user - # has acknowledged the brokenness of the ciphers (RC4). - # TODO: remove when https://github.com/nextcloud/server/issues/32003 is fixed. - ++ (if cfg.enableBrokenCiphersForSSE then [ cfg.phpPackage.extensions.openssl-legacy ] else [ cfg.phpPackage.extensions.openssl ]) + (with all; enabled ++ optional cfg.enableImagemagick imagick # Optionally enabled depending on caching settings ++ optional cfg.caching.apcu apcu @@ -87,6 +81,10 @@ in { Further details about this can be found in the `Nextcloud`-section of the NixOS-manual (which can be opened e.g. by running `nixos-help`). '') + (mkRemovedOptionModule [ "services" "nextcloud" "enableBrokenCiphersForSSE" ] '' + This option has no effect since there's no supported Nextcloud version packaged here + using OpenSSL for RC4 SSE. + '') (mkRemovedOptionModule [ "services" "nextcloud" "disableImagemagick" ] '' Use services.nextcloud.enableImagemagick instead. '') @@ -95,39 +93,6 @@ in { options.services.nextcloud = { enable = mkEnableOption (lib.mdDoc "nextcloud"); - enableBrokenCiphersForSSE = mkOption { - type = types.bool; - default = versionOlder stateVersion "22.11"; - defaultText = literalExpression "versionOlder system.stateVersion \"22.11\""; - description = lib.mdDoc '' - This option enables using the OpenSSL PHP extension linked against OpenSSL 1.1 - rather than latest OpenSSL (β‰₯Β 3), this is not recommended unless you need - it for server-side encryption (SSE). SSE uses the legacy RC4 cipher which is - considered broken for several years now. See also [RFC7465](https://datatracker.ietf.org/doc/html/rfc7465). - - This cipher has been disabled in OpenSSL β‰₯ 3 and requires - a specific legacy profile to re-enable it. - - If you deploy Nextcloud using OpenSSL β‰₯Β 3 for PHP and have - server-side encryption configured, you will not be able to access - your files anymore. Enabling this option can restore access to your files. - Upon testing we didn't encounter any data corruption when turning - this on and off again, but this cannot be guaranteed for - each Nextcloud installation. - - It is `true` by default for systems with a [](#opt-system.stateVersion) below - `22.11` to make sure that existing installations won't break on update. On newer - NixOS systems you have to explicitly enable it on your own. - - Please note that this only provides additional value when using - external storage such as S3 since it's not an end-to-end encryption. - If this is not the case, - it is advised to [disable server-side encryption](https://docs.nextcloud.com/server/latest/admin_manual/configuration_files/encryption_configuration.html#disabling-encryption) and set this to `false`. - - In the future, Nextcloud may move to AES-256-GCM, by then, - this option will be removed. - ''; - }; hostName = mkOption { type = types.str; description = lib.mdDoc "FQDN for the nextcloud instance."; @@ -740,28 +705,7 @@ in { '') ++ (optional (versionOlder cfg.package.version "25") (upgradeWarning 24 "22.11")) ++ (optional (versionOlder cfg.package.version "26") (upgradeWarning 25 "23.05")) - ++ (optional (versionOlder cfg.package.version "27") (upgradeWarning 26 "23.11")) - ++ (optional cfg.enableBrokenCiphersForSSE '' - You're using PHP's openssl extension built against OpenSSL 1.1 for Nextcloud. - This is only necessary if you're using Nextcloud's server-side encryption. - Please keep in mind that it's using the broken RC4 cipher. - - If you don't use that feature, you can switch to OpenSSL 3 and get - rid of this warning by declaring - - services.nextcloud.enableBrokenCiphersForSSE = false; - - If you need to use server-side encryption you can ignore this warning. - Otherwise you'd have to disable server-side encryption first in order - to be able to safely disable this option and get rid of this warning. - See on how to achieve this. - - For more context, here is the implementing pull request: https://github.com/NixOS/nixpkgs/pull/198470 - '') - ++ (optional (cfg.enableBrokenCiphersForSSE && versionAtLeast cfg.package.version "26") '' - Nextcloud26 supports RC4 without requiring legacy OpenSSL, so - `services.nextcloud.enableBrokenCiphersForSSE` can be set to `false`. - ''); + ++ (optional (versionOlder cfg.package.version "27") (upgradeWarning 26 "23.11")); services.nextcloud.package = with pkgs; mkDefault ( From ad57ad1ff5de0ce095d9627ce5ce70c318dd3881 Mon Sep 17 00:00:00 2001 From: Maximilian Bosch Date: Mon, 9 Oct 2023 11:27:40 +0200 Subject: [PATCH 5/6] nixos/nextcloud: update / clean up the nginx configuration First of all, a few cleanups were made to make it more readable: * Reordered the sections by their priority so what you're reading in Nix is also what you get in the final nginx.conf. * Unified media/asset locations Most notably, this fixes the Your web server is not properly set up to resolve "/ocm-provider/". warning since 27.1.2 where `ocm-provider` was moved from a static directory in the source tarball to a dynamic HTTP route[1]. Additionally, the following things were fixed: * The 404 checks for build/tests/etc. are now guaranteed to be before the `.php` location match and it's not implicitly relied upon Nix's internal attribute sorting anymore. * `.wasm` files are supported properly and a correct `Content-Type` is set. * For "legacy" routes (e.g. `ocs-provider`/`cron`/etc) a `rewrite` rule inside the location for fastcgi is used as recommended by upstream[2]. This also makes it easier to understand the purpose of the location itself (i.e. use fastcgi for PHP code). [1] https://github.com/nextcloud/documentation/pull/11179 [2] https://docs.nextcloud.com/server/27/admin_manual/installation/nginx.html --- nixos/modules/services/web-apps/nextcloud.nix | 52 +++++++++++++------ 1 file changed, 35 insertions(+), 17 deletions(-) diff --git a/nixos/modules/services/web-apps/nextcloud.nix b/nixos/modules/services/web-apps/nextcloud.nix index 241b2b9b82164..f9713cac47e94 100644 --- a/nixos/modules/services/web-apps/nextcloud.nix +++ b/nixos/modules/services/web-apps/nextcloud.nix @@ -60,6 +60,9 @@ let mysqlLocal = cfg.database.createLocally && cfg.config.dbtype == "mysql"; pgsqlLocal = cfg.database.createLocally && cfg.config.dbtype == "pgsql"; + # https://github.com/nextcloud/documentation/pull/11179 + ocmProviderIsNotAStaticDirAnymore = versionAtLeast cfg.package.version "27.1.2"; + in { imports = [ @@ -1080,10 +1083,6 @@ in { } ''; }; - "/" = { - priority = 900; - extraConfig = "rewrite ^ /index.php;"; - }; "~ ^/store-apps" = { priority = 201; extraConfig = "root ${cfg.home};"; @@ -1108,15 +1107,23 @@ in { try_files $uri $uri/ =404; ''; }; - "~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/)".extraConfig = '' - return 404; - ''; - "~ ^/(?:\\.(?!well-known)|autotest|occ|issue|indie|db_|console)".extraConfig = '' - return 404; - ''; - "~ ^\\/(?:index|remote|public|cron|core\\/ajax\\/update|status|ocs\\/v[12]|updater\\/.+|oc[ms]-provider\\/.+|.+\\/richdocumentscode\\/proxy)\\.php(?:$|\\/)" = { + "~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/)" = { + priority = 450; + extraConfig = '' + return 404; + ''; + }; + "~ ^/(?:\\.|autotest|occ|issue|indie|db_|console)" = { + priority = 450; + extraConfig = '' + return 404; + ''; + }; + "~ \\.php(?:$|/)" = { priority = 500; extraConfig = '' + # legacy support (i.e. static files and directories in cfg.package) + rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[s${optionalString (!ocmProviderIsNotAStaticDirAnymore) "m"}]-provider\/.+|.+\/richdocumentscode\/proxy) /index.php$request_uri; include ${config.services.nginx.package}/conf/fastcgi.conf; fastcgi_split_path_info ^(.+?\.php)(\\/.*)$; set $path_info $fastcgi_path_info; @@ -1132,19 +1139,30 @@ in { fastcgi_read_timeout ${builtins.toString cfg.fastcgiTimeout}s; ''; }; - "~ \\.(?:css|js|woff2?|svg|gif|map)$".extraConfig = '' + "~ \\.(?:css|js|mjs|svg|gif|png|jpg|jpeg|ico|wasm|tflite|map|html|ttf|bcmap|mp4|webm)$".extraConfig = '' try_files $uri /index.php$request_uri; expires 6M; access_log off; + location ~ \.wasm$ { + default_type application/wasm; + } ''; - "~ ^\\/(?:updater|ocs-provider|ocm-provider)(?:$|\\/)".extraConfig = '' + "~ ^\\/(?:updater|ocs-provider${optionalString (!ocmProviderIsNotAStaticDirAnymore) "|ocm-provider"})(?:$|\\/)".extraConfig = '' try_files $uri/ =404; index index.php; ''; - "~ \\.(?:png|html|ttf|ico|jpg|jpeg|bcmap|mp4|webm)$".extraConfig = '' - try_files $uri /index.php$request_uri; - access_log off; - ''; + "/remote" = { + priority = 1500; + extraConfig = '' + return 301 /remote.php$request_uri; + ''; + }; + "/" = { + priority = 1600; + extraConfig = '' + try_files $uri $uri/ /index.php$request_uri; + ''; + }; }; extraConfig = '' index index.php index.html /index.php$request_uri; From 391a1245b6d9b04abb8c42d9145593a15e4e2d56 Mon Sep 17 00:00:00 2001 From: Maximilian Bosch Date: Mon, 9 Oct 2023 17:43:06 +0200 Subject: [PATCH 6/6] nextcloud: stdenv -> stdenvNoCC --- pkgs/servers/nextcloud/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/servers/nextcloud/default.nix b/pkgs/servers/nextcloud/default.nix index b87242f163030..37b01b7387355 100644 --- a/pkgs/servers/nextcloud/default.nix +++ b/pkgs/servers/nextcloud/default.nix @@ -1,4 +1,4 @@ -{ lib, stdenv, fetchurl, nixosTests +{ lib, stdenvNoCC, fetchurl, nixosTests , nextcloud27Packages , nextcloud26Packages }: @@ -8,7 +8,7 @@ let version, hash , eol ? false, extraVulnerabilities ? [] , packages - }: stdenv.mkDerivation rec { + }: stdenvNoCC.mkDerivation rec { pname = "nextcloud"; inherit version;