First draft for a nextcloud deployment on nix

Things to note:
 - DO NOT DEPLOY THIS
 - use nixos-container for testing instead

I've played around with nextcloud on NixOS, essentially following the
examples given in the NixOS manual and searching through some of the
other options. Nextcloud itself works fine with this setup, as does
its database (postgres), and most of the other basic stuff.

However, the nextcloud module as it currently exists appears to be fairly
limited and incomplete in its capabilities, e.g. lack of options for redis
or multiple php pools; in general, it lacks extraOptions-hooks. For redis
the documentation even explicitely notes (in caching.redis) that redis
requires additional options set in `config.php`, but it appears these cannot
currently be set using nix.

I guess we have as options:
 - I missed something and it does in fact work
 - we can wait for later versions; looks like 21.03 will add at least *some* more
 - we can fork the module and add options ourselves
 - we can configure it nextcloud by manually editing `config.php`, as it's not
   actually inside the nix store but at /var/lib/nextcloud/config (veto)

See comments for additional notes and todos.
This commit is contained in:
stuebinm 2021-02-12 00:05:57 +01:00
parent d5cf2abccc
commit 0882960b9a
No known key found for this signature in database
GPG key ID: 8FBE8AAD32FA12B7

View file

@ -0,0 +1,82 @@
# TODOs before actually using this
# - change root auth to use adminpassFile
# - figure out how to enable redis caching
# - figure out how to use multiple pools (do we need this?)
# - how to enable ldap?
# - move this into a container (only reason it's not in one already is
# to make testing easy; just run the following for a local test:
# `nixos-container create nextcloud --config-file nextcloud.nix`
#
# Additional notes:
# - there is a services.nextcloud.phpExtraExtensions, which may be
# useful for this, but it's only in nixos-unstable for now
# - there's a services.nextcloud.autoUpdateApps do we trust nextcloud
# enough to enable it, or will everything break if we do?
{ pkgs, ... }:
{
environment.systemPackages = [ pkgs.htop ];
services.nextcloud = {
enable = true;
# must be set manually; may not be incremented by more than one at
# a time, otherwise nextcloud WILL break
package = pkgs.nextcloud20;
hostName = "10.233.2.2";
config = {
dbtype = "pgsql";
dbuser = "nextcloud";
dbhost = "/run/postgresql"; # nextcloud will add /.s.PGSQL.5432 by itself
dbname = "nextcloud";
# there's also a adminpassFile option, but for testing this seems
# enough (less fiddling with getting the file into a nixos
# container for ad-hoc setups)
adminpass = "root";
adminuser = "root";
};
caching.redis = true;
# multiple pools may be doable using services.phpfpm.pools,
# but i have not tried this yet. The nextcloud module defines a
# pool "nextcloud"
poolSettings = {
pm = "dynamic";
"pm.max_children" = "32";
"pm.max_requests" = "500";
"pm.max_spare_servers" = "4";
"pm.min_spare_servers" = "2";
"pm.start_servers" = "2";
};
};
# TODO: this needs extra stuff in config.php, which right now can't
# be configured using this module. Perhaps we could fork it?
services.redis = {
enable = true;
};
services.postgresql = {
enable = true;
ensureDatabases = [ "nextcloud" ];
ensureUsers = [
{ # by default, postgres has unix sockets enabled, and allows a
# system user `nextcloud` to log in without other authentication
name = "nextcloud";
ensurePermissions."DATABASE nextcloud" = "ALL PRIVILEGES";
}
];
};
# ensure that postgres is running *before* running the setup
systemd.services."nextcloud-setup" = {
requires = ["postgresql.service"];
after = ["postgresql.service"];
};
networking.firewall.allowedTCPPorts = [ 80 443 ];
}