ilyakooo0/nixpkgs
1
0
Fork 0
mirror of https://github.com/ilyakooo0/nixpkgs.git synced 2025-01-04 01:42:53 +03:00
Code Issues Projects Releases Wiki Activity

nextcloud: restrict web server support to nginx only

Browse Source
This commit is contained in:
DavHau 2020-07-27 12:06:04 +07:00
parent 6ee3004132
commit fd9eb16b24
1 changed files with 100 additions and 129 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
nixos/modules/services/web-apps/nextcloud.nix
View File

@ -6,9 +6,6 @@ let
cfg = config.services.nextcloud; cfg = config.services.nextcloud;
fpm = config.services.phpfpm.pools.nextcloud; fpm = config.services.phpfpm.pools.nextcloud;
group = if cfg.nginx.enable then config.services.nginx.group else cfg.group;
serverUser = if cfg.nginx.enable then config.services.nginx.user else cfg.serverUser;
phpPackage = phpPackage =
let let
base = pkgs.php74; base = pkgs.php74;
@ -74,10 +71,6 @@ in {
description = "Which package to use for the Nextcloud instance."; description = "Which package to use for the Nextcloud instance.";
relatedPackages = [ "nextcloud17" "nextcloud18" "nextcloud19" ]; relatedPackages = [ "nextcloud17" "nextcloud18" "nextcloud19" ];
}; };
serverUser = mkOption {
type = types.str;
description = "Must be set to the user of the webserver if nginx is not used.";
};
maxUploadSize = mkOption { maxUploadSize = mkOption {
default = "512M"; default = "512M";
@ -98,16 +91,6 @@ in {
''; '';
}; };
nginx.enable = mkOption {
type = types.bool;
default = true;
description = ''
Whether to enable nginx virtual host management.
Further nginx configuration can be done by adapting <literal>services.nginx.virtualHosts.&lt;name&gt;</literal>.
See <xref linkend="opt-services.nginx.virtualHosts"/> for further information.
'';
};
webfinger = mkOption { webfinger = mkOption {
type = types.bool; type = types.bool;
default = false; default = false;
@ -329,12 +312,6 @@ in {
&& !(acfg.adminpass != null && acfg.adminpassFile != null)); && !(acfg.adminpass != null && acfg.adminpassFile != null));
message = "Please specify exactly one of adminpass or adminpassFile"; message = "Please specify exactly one of adminpass or adminpassFile";
} }
{ assertion = cfg.nginx.enable -> (cfg.serverUser == null);
message = "serverUser cannot be set if nginx is used";
}
{ assertion = ! cfg.nginx.enable -> ( hasAttr cfg.serverUser config.users.users);
message = "configured serverUser '${cfg.serverUser}' doesn't exist";
}
]; ];
warnings = [] warnings = []
@ -522,8 +499,8 @@ in {
PATH = "/run/wrappers/bin:/nix/var/nix/profiles/default/bin:/run/current-system/sw/bin:/usr/bin:/bin"; PATH = "/run/wrappers/bin:/nix/var/nix/profiles/default/bin:/run/current-system/sw/bin:/usr/bin:/bin";
}; };
settings = mapAttrs (name: mkDefault) { settings = mapAttrs (name: mkDefault) {
"listen.owner" = serverUser; "listen.owner" = config.services.nginx.user;
"listen.group" = config.users.users.${serverUser}.group; "listen.group" = config.users.users.${config.services.nginx.user}.group;
} // cfg.poolSettings; } // cfg.poolSettings;
extraConfig = cfg.poolConfig; extraConfig = cfg.poolConfig;
}; };
@ -534,16 +511,12 @@ in {
group = "nextcloud"; group = "nextcloud";
createHome = true; createHome = true;
}; };
users.groups.nextcloud.members = [ "nextcloud" "${serverUser}" ]; users.groups.nextcloud.members = [ "nextcloud" config.services.nginx.user ];
environment.systemPackages = [ occ ]; environment.systemPackages = [ occ ];
}
(mkIf cfg.nginx.enable { services.nginx.enable = true;
services.nginx = { services.nginx.virtualHosts.${cfg.hostName} = {
enable = true;
virtualHosts = {
${cfg.hostName} = {
root = cfg.package; root = cfg.package;
locations = { locations = {
"= /robots.txt" = { "= /robots.txt" = {
@ -642,9 +615,7 @@ in {
''} ''}
''; '';
}; };
}; }
};
})
]); ]);
meta.doc = ./nextcloud.xml; meta.doc = ./nextcloud.xml;