nextcloud25: use openssl 1.1 as a PHP extension to fix RC4 encryption

nixos/doc/manual/from_md/release-notes/rl-2211.section.xml

@@ -607,6 +607,22 @@
           binaries, use the <literal>p4d</literal> package instead.
         </para>
       </listitem>
+      <listitem>
+        <para>
+          The NextCloud NixOS module uses OpenSSL 3.x for its PHP’s
+          openssl extension, this breaks RC4-based server-side
+          encryption in NextCloud, making all your files unreadable upon
+          upgrade. Upon testing, we could not trigger any cases of
+          <emphasis role="strong">data loss</emphasis>, but we
+          <emphasis role="strong">cannot guarantee</emphasis> that for
+          every accidental OpenSSL upgrade. To restore functionality,
+          <link linkend="opt-services.nextcloud.enableBrokenCiphersForSSE"><literal>services.nextcloud.enableBrokenCiphersForSSE</literal></link>
+          has to be set to <literal>true</literal>. NextCloud is
+          planning to implement AES-256-GCM server-side encryption in
+          the future through
+          <link xlink:href="https://github.com/nextcloud/server/pull/25551">https://github.com/nextcloud/server/pull/25551</link>.
+        </para>
+      </listitem>
       <listitem>
         <para>
           The <literal>coq</literal> package and versioned variants

nixos/doc/manual/release-notes/rl-2211.section.md

@@ -196,6 +196,8 @@ Available as [services.patroni](options.html#opt-services.patroni.enable).
 
 - The `p4` package now only includes the open-source Perforce Helix Core command-line client and APIs. It no longer installs the unfree Helix Core Server binaries `p4d`, `p4broker`, and `p4p`. To install the Helix Core Server binaries, use the `p4d` package instead.
 
+- The NextCloud NixOS module uses OpenSSL 3.x for its PHP's openssl extension, this breaks RC4-based server-side encryption in NextCloud, making all your files unreadable upon upgrade. Upon testing, we could not trigger any cases of **data loss**, but we **cannot guarantee** that for every accidental OpenSSL upgrade. To restore functionality, [`services.nextcloud.enableBrokenCiphersForSSE`](#opt-services.nextcloud.enableBrokenCiphersForSSE) has to be set to `true`. NextCloud is planning to implement AES-256-GCM server-side encryption in the future through <https://github.com/nextcloud/server/pull/25551>.
+
 - The `coq` package and versioned variants starting at `coq_8_14` no
   longer include CoqIDE, which is now available through
   `coqPackages.coqide`. It is still possible to get CoqIDE as part of

nixos/modules/services/web-apps/nextcloud.nix

@@ -13,7 +13,12 @@ let
   phpPackage = cfg.phpPackage.buildEnv {
     extensions = { enabled, all }:
       (with all;
-        enabled
+        # disable default openssl extension
+        (lib.filter (e: e.pname != "openssl") enabled)
+        # use OpenSSL 1.1 for RC4 NextCloud encryption if user
+        # has acknowledged the brokeness of the ciphers (RC4).
+        # TODO: remove when https://github.com/nextcloud/server/issues/32003 is fixed.
+        ++ (if cfg.enableBrokenCiphersForSSE then [ cfg.phpPackage.extensions.openssl-legacy ] else [ cfg.phpPackage.extensions.openssl ])
         ++ optional cfg.enableImagemagick imagick
         # Optionally enabled depending on caching settings
         ++ optional cfg.caching.apcu apcu
@@ -80,6 +85,36 @@ in {
 
   options.services.nextcloud = {
     enable = mkEnableOption (lib.mdDoc "nextcloud");
+
+    enableBrokenCiphersForSSE = mkOption {
+      type = types.bool;
+      default = false;
+      description = lib.mdDoc ''
+        This option uses OpenSSL PHP extension linked against OpenSSL 1.x rather
+        than latest OpenSSL (≥ 3), this is not recommended except if you need
+        it.
+
+        Server-side encryption in NextCloud uses RC4 ciphers, a broken cipher
+        since ~2004.
+
+        This cipher has been disabled in OpenSSL ≥ 3 and requires
+        a specific legacy profile to re-enable it.
+
+        If you upgrade to a NextCloud using OpenSSL ≥ 3 and have
+        server-side encryption configured, you will not be able to access
+        your files anymore, enabling this option can restore access to your files.
+
+        Unless you are using external storage,
+        it is advised to [disable server-side encryption](https://docs.nextcloud.com/server/latest/admin_manual/configuration_files/encryption_configuration.html#disabling-encryption) as it is unclear
+        it provides any amount of security beyond encryption for external storage.
+        If you know more about this feature and is keen on it,
+        please chime in <https://github.com/NixOS/nixpkgs/pull/198470> or open
+        an issue in nixpkgs.
+
+        In the future, NextCloud may move to AES-256-GCM, by then,
+        this option will be deprecated.
+      '';
+    };
     hostName = mkOption {
       type = types.str;
       description = lib.mdDoc "FQDN for the nextcloud instance.";
@@ -649,6 +684,16 @@ in {
         ++ (optional (versionOlder cfg.package.version "23") (upgradeWarning 22 "22.05"))
         ++ (optional (versionOlder cfg.package.version "24") (upgradeWarning 23 "22.05"))
         ++ (optional (versionOlder cfg.package.version "25") (upgradeWarning 24 "22.11"))
+        ++ (optional cfg.enableBrokenCiphersForSSE ''
+          You're using PHP's openssl extension built against OpenSSL 1.1.
+          This is only necessary if you're using NextCloud's server-side encryption.
+          Please keep in mind that it's using the broken RC4 cipher.
+
+          In order to disable this option and remove this warning,
+          server-side encryption has to be disabled, see <https://docs.nextcloud.com/server/latest/admin_manual/configuration_files/encryption_configuration.html#disabling-encryption> on how to achieve this.
+
+          For more context, here is the implementing pull request: https://github.com/NixOS/nixpkgs/pull/198470
+        '')
         ++ (optional isUnsupportedMariadb ''
             You seem to be using MariaDB at an unsupported version (i.e. at least 10.6)!
             Please note that this isn't supported officially by Nextcloud. You can either

nixos/tests/nextcloud/basic.nix

@@ -41,6 +41,7 @@ in {
         enable = true;
         datadir = "/var/lib/nextcloud-data";
         hostName = "nextcloud";
+        enableBrokenCiphersForSSE = args.enableBrokenCiphersForSSE or false;
         config = {
           # Don't inherit adminuser since "root" is supposed to be the default
           adminpassFile = "${pkgs.writeText "adminpass" adminpass}"; # Don't try this at home!

nixos/tests/nextcloud/default.nix

@@ -8,6 +8,11 @@ with pkgs.lib;
 foldl
   (matrix: ver: matrix // {
     "basic${toString ver}" = import ./basic.nix { inherit system pkgs; nextcloudVersion = ver; };
+    "with-legacy-openssl${toString ver}" = import ./basic.nix {
+      inherit system pkgs;
+      nextcloudVersion = ver;
+      enableBrokenCiphersForSSE = true;
+    };
     "with-postgresql-and-redis${toString ver}" = import ./with-postgresql-and-redis.nix {
       inherit system pkgs;
       nextcloudVersion = ver;

pkgs/top-level/php-packages.nix

@@ -414,6 +414,15 @@ lib.makeScope pkgs.newScope (self: with self; {
           configureFlags = [ "--with-openssl" ];
           doCheck = false;
         }
+        # This provides a legacy OpenSSL PHP extension
+        # For situations where OpenSSL 3 do not support a set of features
+        # without a specific openssl.cnf file
+        {
+          name = "openssl-legacy";
+          buildInputs = [ openssl_1_1 ];
+          configureFlags = [ "--with-openssl" ];
+          doCheck = false;
+        }
         { name = "pcntl"; }
         { name = "pdo"; doCheck = false; }
         {