Merge pull request #63900 from Ma27/nextcloud-declarative-dbconfig

nixos/nextcloud: write config to additional config file
This commit is contained in:
Robin Gloster 2019-07-22 16:50:02 +00:00 committed by GitHub
commit e891178dde
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 74 additions and 47 deletions

View File

@ -354,6 +354,15 @@
The <literal>tomcat-connector</literal> <literal>httpd.extraSubservice</literal> has been removed from nixpkgs. The <literal>tomcat-connector</literal> <literal>httpd.extraSubservice</literal> has been removed from nixpkgs.
</para> </para>
</listitem> </listitem>
<listitem>
<para>
It's now possible to change configuration in
<link linkend="opt-services.nextcloud.enable">services.nextcloud</link> after the initial deploy
since all config parameters are persisted in an additional config file generated by the module.
Previously core configuration like database parameters were set using their imperative
installer after creating <literal>/var/lib/nextcloud</literal>.
</para>
</listitem>
</itemizedlist> </itemizedlist>
</section> </section>
</section> </section>

View File

@ -297,8 +297,23 @@ in {
systemd.services = { systemd.services = {
"nextcloud-setup" = let "nextcloud-setup" = let
c = cfg.config;
writePhpArrary = a: "[${concatMapStringsSep "," (val: ''"${toString val}"'') a}]";
overrideConfig = pkgs.writeText "nextcloud-config.php" '' overrideConfig = pkgs.writeText "nextcloud-config.php" ''
<?php <?php
${optionalString (c.dbpassFile != null) ''
function nix_read_pwd() {
$file = "${c.dbpassFile}";
if (!file_exists($file)) {
throw new \RuntimeException(sprintf(
"Cannot start Nextcloud, dbpass file %s set by NixOS doesn't exist!",
$file
));
}
return trim(file_get_contents($file));
}
''}
$CONFIG = [ $CONFIG = [
'apps_paths' => [ 'apps_paths' => [
[ 'path' => '${cfg.home}/apps', 'url' => '/apps', 'writable' => false ], [ 'path' => '${cfg.home}/apps', 'url' => '/apps', 'writable' => false ],
@ -309,19 +324,27 @@ in {
${optionalString cfg.caching.apcu "'memcache.local' => '\\OC\\Memcache\\APCu',"} ${optionalString cfg.caching.apcu "'memcache.local' => '\\OC\\Memcache\\APCu',"}
'log_type' => 'syslog', 'log_type' => 'syslog',
'log_level' => '${builtins.toString cfg.logLevel}', 'log_level' => '${builtins.toString cfg.logLevel}',
${optionalString (cfg.config.overwriteProtocol != null) "'overwriteprotocol' => '${cfg.config.overwriteProtocol}',"} ${optionalString (c.overwriteProtocol != null) "'overwriteprotocol' => '${c.overwriteProtocol}',"}
${optionalString (c.dbname != null) "'dbname' => '${c.dbname}',"}
${optionalString (c.dbhost != null) "'dbhost' => '${c.dbhost}',"}
${optionalString (c.dbport != null) "'dbport' => '${toString c.dbport}',"}
${optionalString (c.dbuser != null) "'dbuser' => '${c.dbuser}',"}
${optionalString (c.dbtableprefix != null) "'dbtableprefix' => '${toString c.dbtableprefix}',"}
${optionalString (c.dbpass != null) "'dbpassword' => '${c.dbpass}',"}
${optionalString (c.dbpassFile != null) "'dbpassword' => nix_read_pwd(),"}
'dbtype' => '${c.dbtype}',
'trusted_domains' => ${writePhpArrary c.extraTrustedDomains},
]; ];
''; '';
occInstallCmd = let occInstallCmd = let
c = cfg.config;
adminpass = if c.adminpassFile != null
then ''"$(<"${toString c.adminpassFile}")"''
else ''"${toString c.adminpass}"'';
dbpass = if c.dbpassFile != null dbpass = if c.dbpassFile != null
then ''"$(<"${toString c.dbpassFile}")"'' then ''"$(<"${toString c.dbpassFile}")"''
else if c.dbpass != null else if c.dbpass != null
then ''"${toString c.dbpass}"'' then ''"${toString c.dbpass}"''
else null; else null;
adminpass = if c.adminpassFile != null
then ''"$(<"${toString c.adminpassFile}")"''
else ''"${toString c.adminpass}"'';
installFlags = concatStringsSep " \\\n " installFlags = concatStringsSep " \\\n "
(mapAttrsToList (k: v: "${k} ${toString v}") { (mapAttrsToList (k: v: "${k} ${toString v}") {
"--database" = ''"${c.dbtype}"''; "--database" = ''"${c.dbtype}"'';

View File

@ -42,10 +42,12 @@
services.postgresql = { services.postgresql = {
<link linkend="opt-services.postgresql.enable">enable</link> = true; <link linkend="opt-services.postgresql.enable">enable</link> = true;
<link linkend="opt-services.postgresql.initialScript">initialScript</link> = pkgs.writeText "psql-init" '' <link linkend="opt-services.postgresql.ensureDatabases">ensureDatabases</link> = [ "nextcloud" ];
CREATE ROLE nextcloud WITH LOGIN; <link linkend="opt-services.postgresql.ensureUsers">ensureUsers</link> = [
CREATE DATABASE nextcloud WITH OWNER nextcloud; { name = "nextcloud";
''; ensurePermissions."DATABASE nextcloud" = "ALL PRIVILEGES";
}
];
}; };
# ensure that postgres is running *before* running the setup # ensure that postgres is running *before* running the setup
@ -63,17 +65,22 @@
are used internally to configure an HTTP server using are used internally to configure an HTTP server using
<literal><link xlink:href="https://php-fpm.org/">PHP-FPM</link></literal> <literal><link xlink:href="https://php-fpm.org/">PHP-FPM</link></literal>
and <literal>nginx</literal>. The <literal>config</literal> attribute set is and <literal>nginx</literal>. The <literal>config</literal> attribute set is
used for the <literal>config.php</literal> which is used for the used by the imperative installer and all values are written to an additional file
application's configuration. <emphasis>Beware: this isn't entirely pure to ensure that changes can be applied by changing the module's options.
since the config is modified by the application's runtime!</emphasis>
</para> </para>
<para> <para>
In case the application serves multiple hosts (those are checked with In case the application serves multiple domains (those are checked with
<literal><link xlink:href="http://php.net/manual/en/reserved.variables.server.php">$_SERVER['HTTP_HOST']</link></literal>) <literal><link xlink:href="http://php.net/manual/en/reserved.variables.server.php">$_SERVER['HTTP_HOST']</link></literal>)
those can be added using it's needed to add them to
<literal><link linkend="opt-services.nextcloud.config.extraTrustedDomains">services.nextcloud.config.extraTrustedDomains</link></literal>. <literal><link linkend="opt-services.nextcloud.config.extraTrustedDomains">services.nextcloud.config.extraTrustedDomains</link></literal>.
</para> </para>
<para>
Auto updates for Nextcloud apps can be enabled using
<literal><link linkend="opt-services.nextcloud.autoUpdateApps.enable">services.nextcloud.autoUpdateApps</link></literal>.
</para>
</section> </section>
<section xml:id="module-services-nextcloud-pitfalls-during-upgrade"> <section xml:id="module-services-nextcloud-pitfalls-during-upgrade">
<title>Pitfalls</title> <title>Pitfalls</title>
@ -87,35 +94,24 @@
</para> </para>
<para> <para>
Right now changes to the <literal>services.nextcloud.config</literal> All configuration parameters are also stored in
attribute set won't take effect after the first install (except <literal>/var/lib/nextcloud/config/override.config.php</literal> which is generated by
<literal><link linkend="opt-services.nextcloud.config.extraTrustedDomains">services.nextcloud.config.extraTrustedDomains</link></literal>) the module and linked from the store to ensure that all values from <literal>config.php</literal>
since the actual configuration file is generated by the NextCloud installer can be modified by the module.
which also sets up critical parts such as the database structure. However <literal>config.php</literal> manages the application's state and shouldn't be touched
manually because of that.
</para> </para>
<para> <warning>
<emphasis>Warning: don't delete <literal>config.php</literal>! This file <para>Don't delete <literal>config.php</literal>! This file
tracks the application's state and a deletion can cause unwanted tracks the application's state and a deletion can cause unwanted
side-effects!</emphasis> side-effects!</para>
</para> </warning>
<para> <warning>
<emphasis>Warning: don't rerun <literal>nextcloud-occ <para>Don't rerun <literal>nextcloud-occ
maintenance:install</literal>! This command tries to install the application maintenance:install</literal>! This command tries to install the application
and can cause unwanted side-effects!</emphasis> and can cause unwanted side-effects!</para>
</para> </warning>
<para>
The issues are known and reported in
<link xlink:href="https://github.com/NixOS/nixpkgs/issues/49783">#49783</link>,
for now it's unfortunately necessary to manually work around these issues.
</para>
<para>
Right now app installation and configuration is done imperatively in the nextcloud web ui or via the <literal>nextcloud-occ</literal> command line utility.
You can activate auto updates for your apps via
<literal><link linkend="opt-services.nextcloud.autoUpdateApps.enable">services.nextcloud.autoUpdateApps</link></literal>.
</para>
</section> </section>
</chapter> </chapter>

View File

@ -27,10 +27,7 @@ in {
dbtype = "pgsql"; dbtype = "pgsql";
dbname = "nextcloud"; dbname = "nextcloud";
dbuser = "nextcloud"; dbuser = "nextcloud";
dbhost = "localhost"; dbhost = "/run/postgresql";
dbpassFile = toString (pkgs.writeText "db-pass-file" ''
hunter2
'');
inherit adminuser; inherit adminuser;
adminpassFile = toString (pkgs.writeText "admin-pass-file" '' adminpassFile = toString (pkgs.writeText "admin-pass-file" ''
${adminpass} ${adminpass}
@ -84,10 +81,12 @@ in {
services.postgresql = { services.postgresql = {
enable = true; enable = true;
initialScript = pkgs.writeText "psql-init" '' ensureDatabases = [ "nextcloud" ];
create role nextcloud with login password 'hunter2'; ensureUsers = [
create database nextcloud with owner nextcloud; { name = "nextcloud";
''; ensurePermissions."DATABASE nextcloud" = "ALL PRIVILEGES";
}
];
}; };
}; };
}; };