The Nextcloud admin guide says that output buffering must be turned off
or otherwise PHP will return memory-related errors [1]. As the default
value for this PHP setting is 4096 and thus enabled the Nextcloud setup
is thus misconfigured by default. This misconfiguration will be shown in
the "Security & setup warnings" dialog for the administrator.
Fix this misconfiguration by setting "output_buffering=0" by default.
[1]: https://docs.nextcloud.com/server/stable/admin_manual/configuration_files/big_file_upload_configuration.html#configuring-php
Closes#277206
The bug mentioned above was a symptom of the issue fixed here: when
opening the `forms` app which is installed via `extraApps` (or the
app store) the site wouldn't work because `.mjs` files had the wrong
Content-Type.
The actual problem got fixed already[1], however this config was not
used for stuff from `/nix-apps` & `/store-apps` which had their own
location section with only a `root ;` statement.
In fact, this setup isn't strictly supported by Nextcloud upstream[2],
so to fix this for good, I decided to follow the upstream suggestion for
app directories outside the server root, i.e. linking them back into the
store path.
This means that the module generates a new derivation now with
* `services.nextcloud.package` linked into it via `lndir`.
* under `nix-apps` is a symlink to the link farm containing all apps
from `services.nextcloud.extraApps`.
* under `store-apps` is a symlink to `/var/lib/nextcloud/store-apps`.
Since this is only used in the NixOS module that also configures this
location for imperatively installed apps, this seems an OK thing to
do.
Successfully tested the change on a productive Nextcloud 28.0.1 with
several apps installed via `extraApps` (`forms`, `cospend`, `maps`,
`user_saml` and a few more).
[1] 292c74c7a9
[2] https://docs.nextcloud.com/server/28/admin_manual/apps_management.html#using-custom-app-directories
This makes sure we don't need any workarounds for running Invidious with a local
PostgreSQL database.
Changing the default user should be fine as the new init script for PostgreSQL automatically
creates the new user and changes the existing database's owner to the new user. The old user
will still linger and must be removed manually.
See also: https://github.com/NixOS/nixpkgs/pull/266270
This fixes the following eval error:
```
error: nodePackages.node-red cannot be found in pkgs
```
when having `services.node-red.enable = true;` without specifying
`services.node-red.package`, just like the nixos VM test.
Follow-up of f509382c11, which attempted
to fix this as well.
Breakage introduced in 0a37316d6c.
* Always use PHP 8.2: at the time of writing, Nextcloud also suggests to
use 8.2 rather than 8.3 in the manual for v28.
One contributing factor is probably that all plugins need new releases
to declare PHP 8.3 support.
* Fix upgradeWarning for installing v27 now that v28 is out.
* Drop upgrade warning for v24. This one is EOL for quite a while
already, so right now everybody should've switched (or carefully
studied the release notes in case they were upgrading from <23.05) and
we can clean up the module a little bit.
v25 was dropped not so long ago, so if it's still referenced (because
somebody didn't declare `services.nextcloud.package` and has
`system.stateVersion = "22.11";`) it's appropriate to still give a
specialized error.
This commit introduces the possibility to optionally enable the Jitsi
Gateway to SIP (jigasi) module. SIP credentials can be defined in
`services.jigasi.environmentFile`.
I was using a 23.11 package on a NixOS 23.05 system and this caused the
python that was used in gunicorn to differ from the python the postgres
lib was linked against.
Probably no one ever tested this, mediawiki tries to create the database inside the read-only
package. There might be a proper fix but for now it's better to not advertise unsupported options.
Invidious uses a strange setup where the database name is different from the system username
for non-explicit reasons.
Because of that, it makes it hard to migrate it to use `ensureDBOwnership`, we leave it to Invidious' maintainers
to pick up the pieces.
Mobilizon can have a custom database username and it is not trivial to sort out how to remove this.
In the meantime, for the upcoming 23.11 release, I apply the classical workaround
and defer to Mobilizon's maintainers.
This changes
* the plausible HTTP web server
to be listening on localhost only, explicitly.
This makes Plausible have an explicit safe default configuration,
like all other networked services in NixOS.
For background discussion, see: https://github.com/NixOS/nixpkgs/issues/130244
As per my upstream Plausible contribution
(https://github.com/plausible/analytics/pull/1190)
Plausible >= 1.5 also defaults to listening to localhost only;
nevertheless, this default should be stated explicitly in nixpkgs
for easier review and independence from upstream changes, and
a NixOS user must be able to configure the
`listenAddress`, as there are valid use cases for that.
Also, disable
* the Erlang Beam VM inter-node RPC port
* the Erlang EPMD port
because Plausible does not use them (see added comment).
This is done by setting `RELEASE_DISTRIBUTION=none`.
Thus, this commit also removes the NixOS setting `releaseCookiePath`,
because it now has no effect.
Closes#216989
First of all, a bit of context: in PostgreSQL, newly created users don't
have the CREATE privilege on the public schema of a database even with
`ALL PRIVILEGES` granted via `ensurePermissions` which is how most of
the DB users are currently set up "declaratively"[1]. This means e.g. a
freshly deployed Nextcloud service will break early because Nextcloud
itself cannot CREATE any tables in the public schema anymore.
The other issue here is that `ensurePermissions` is a mere hack. It's
effectively a mixture of SQL code (e.g. `DATABASE foo` is relying on how
a value is substituted in a query. You'd have to parse a subset of SQL
to actually know which object are permissions granted to for a user).
After analyzing the existing modules I realized that in every case with
a single exception[2] the UNIX system user is equal to the db user is
equal to the db name and I don't see a compelling reason why people
would change that in 99% of the cases. In fact, some modules would even
break if you'd change that because the declarations of the system user &
the db user are mixed up[3].
So I decided to go with something new which restricts the ways to use
`ensure*` options rather than expanding those[4]. Effectively this means
that
* The DB user _must_ be equal to the DB name.
* Permissions are granted via `ensureDBOwnerhip` for an attribute-set in
`ensureUsers`. That way, the user is actually the owner and can
perform `CREATE`.
* For such a postgres user, a database must be declared in
`ensureDatabases`.
For anything else, a custom state management should be implemented. This
can either be `initialScript`, doing it manual, outside of the module or
by implementing proper state management for postgresql[5], but the
current state of `ensure*` isn't even declarative, but a convergent tool
which is what Nix actually claims to _not_ do.
Regarding existing setups: there are effectively two options:
* Leave everything as-is (assuming that system user == db user == db
name): then the DB user will automatically become the DB owner and
everything else stays the same.
* Drop the `createDatabase = true;` declarations: nothing will change
because a removal of `ensure*` statements is ignored, so it doesn't
matter at all whether this option is kept after the first deploy (and
later on you'd usually restore from backups anyways).
The DB user isn't the owner of the DB then, but for an existing setup
this is irrelevant because CREATE on the public schema isn't revoked
from existing users (only not granted for new users).
[1] not really declarative though because removals of these statements
are simply ignored for instance: https://github.com/NixOS/nixpkgs/issues/206467
[2] `services.invidious`: I removed the `ensure*` part temporarily
because it IMHO falls into the category "manage the state on your
own" (see the commit message). See also
https://github.com/NixOS/nixpkgs/pull/265857
[3] e.g. roundcube had `"DATABASE ${cfg.database.username}" = "ALL PRIVILEGES";`
[4] As opposed to other changes that are considered a potential fix, but
also add more things like collation for DBs or passwords that are
_never_ touched again when changing those.
[5] As suggested in e.g. https://github.com/NixOS/nixpkgs/issues/206467
