From 7f8620900afb8247254e804e16d742cfdcce7fcc Mon Sep 17 00:00:00 2001 From: Pascal Bach Date: Wed, 27 Feb 2019 14:36:11 +0100 Subject: [PATCH 1/4] nixos/nextcloud: update recommended nginx settings This updates the configuration to the recommendations in https://docs.nextcloud.com/server/15/admin_manual/installation/nginx.html --- nixos/modules/services/web-apps/nextcloud.nix | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/nixos/modules/services/web-apps/nextcloud.nix b/nixos/modules/services/web-apps/nextcloud.nix index 49d8836b8ad..b499782da9d 100644 --- a/nixos/modules/services/web-apps/nextcloud.nix +++ b/nixos/modules/services/web-apps/nextcloud.nix @@ -13,6 +13,7 @@ let ${optionalString cfg.caching.apcu "extension=${cfg.phpPackages.apcu}/lib/php/extensions/apcu.so"} ${optionalString cfg.caching.redis "extension=${cfg.phpPackages.redis}/lib/php/extensions/redis.so"} ${optionalString cfg.caching.memcached "extension=${cfg.phpPackages.memcached}/lib/php/extensions/memcached.so"} + extension=${cfg.phpPackages.imagick}/lib/php/extensions/imagick.so zend_extension = opcache.so opcache.enable = 1 ''; @@ -407,7 +408,7 @@ in { }; "/" = { priority = 200; - extraConfig = "rewrite ^ /index.php$uri;"; + extraConfig = "rewrite ^ /index.php$request_uri;"; }; "~ ^/store-apps" = { priority = 201; @@ -444,22 +445,23 @@ in { fastcgi_read_timeout 120s; ''; }; - "~ ^/(?:updater|ocs-provider)(?:$|/)".extraConfig = '' + "~ ^/(?:updater|ocs-provider|ocm-provider)(?:$|\/)".extraConfig = '' try_files $uri/ =404; index index.php; ''; - "~ \\.(?:css|js|woff|svg|gif)$".extraConfig = '' - try_files $uri /index.php$uri$is_args$args; + "~ \\.(?:css|js|woff2?|svg|gif)$".extraConfig = '' + try_files $uri /index.php$request_uri; add_header Cache-Control "public, max-age=15778463"; add_header X-Content-Type-Options nosniff; add_header X-XSS-Protection "1; mode=block"; add_header X-Robots-Tag none; add_header X-Download-Options noopen; add_header X-Permitted-Cross-Domain-Policies none; + add_header Referrer-Policy no-referrer; access_log off; ''; "~ \\.(?:png|html|ttf|ico|jpg|jpeg)$".extraConfig = '' - try_files $uri /index.php$uri$is_args$args; + try_files $uri /index.php$request_uri; access_log off; ''; }; @@ -469,10 +471,12 @@ in { add_header X-Robots-Tag none; add_header X-Download-Options noopen; add_header X-Permitted-Cross-Domain-Policies none; + add_header Referrer-Policy no-referrer; error_page 403 /core/templates/403.php; error_page 404 /core/templates/404.php; client_max_body_size ${cfg.maxUploadSize}; fastcgi_buffers 64 4K; + fastcgi_hide_header X-Powered-By; gzip on; gzip_vary on; gzip_comp_level 4; From 8f1b163b003aa315b8d9e071df9a013875218769 Mon Sep 17 00:00:00 2001 From: Pascal Bach Date: Wed, 27 Feb 2019 22:20:42 +0100 Subject: [PATCH 2/4] nixos/nextcloud: use PHP 7.3 instead of 7.1 by default --- nixos/modules/services/web-apps/nextcloud.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/nixos/modules/services/web-apps/nextcloud.nix b/nixos/modules/services/web-apps/nextcloud.nix index b499782da9d..f1ef9aa3593 100644 --- a/nixos/modules/services/web-apps/nextcloud.nix +++ b/nixos/modules/services/web-apps/nextcloud.nix @@ -97,8 +97,8 @@ in { phpPackages = mkOption { type = types.attrs; - default = pkgs.php71Packages; - defaultText = "pkgs.php71Packages"; + default = pkgs.php73Packages; + defaultText = "pkgs.php73Packages"; description = '' Overridable attribute of the PHP packages set to use. If any caching module is enabled, it will be taken from here. Therefore it should @@ -361,7 +361,7 @@ in { services.phpfpm = { phpOptions = phpOptionsExtensions; - phpPackage = pkgs.php71; + phpPackage = pkgs.php73; pools.nextcloud = let phpAdminValues = (toKeyValue (foldr (a: b: a // b) {} From f0c0b8d949c753d53e9f04ecfb43583fb44c20b2 Mon Sep 17 00:00:00 2001 From: Pascal Bach Date: Fri, 1 Mar 2019 16:32:41 +0100 Subject: [PATCH 3/4] nixos/nextcloud: move phpPackage and phpOptions into pool This allows to have a php configuration for nextcloud that is independent of the global configuration. --- nixos/modules/services/web-apps/nextcloud.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/nixos/modules/services/web-apps/nextcloud.nix b/nixos/modules/services/web-apps/nextcloud.nix index f1ef9aa3593..64e4a25037f 100644 --- a/nixos/modules/services/web-apps/nextcloud.nix +++ b/nixos/modules/services/web-apps/nextcloud.nix @@ -360,14 +360,14 @@ in { }; services.phpfpm = { - phpOptions = phpOptionsExtensions; - phpPackage = pkgs.php73; pools.nextcloud = let phpAdminValues = (toKeyValue (foldr (a: b: a // b) {} (mapAttrsToList (k: v: { "php_admin_value[${k}]" = v; }) phpOptions))); in { + phpOptions = phpOptionsExtensions; + phpPackage = pkgs.php73; listen = "/run/phpfpm/nextcloud"; extraConfig = '' listen.owner = nginx From 390b6108a2cd3cea1134e9dd547dedacc9c13f36 Mon Sep 17 00:00:00 2001 From: Pascal Bach Date: Fri, 1 Mar 2019 16:37:00 +0100 Subject: [PATCH 4/4] nixos/nextcloud: don't make phpPackages configurable It needs to match the version in phpfm which is hard coded. So there is no point in being able to change it. --- nixos/modules/services/web-apps/nextcloud.nix | 25 ++++++------------- 1 file changed, 8 insertions(+), 17 deletions(-) diff --git a/nixos/modules/services/web-apps/nextcloud.nix b/nixos/modules/services/web-apps/nextcloud.nix index 64e4a25037f..7c6b0ae81c8 100644 --- a/nixos/modules/services/web-apps/nextcloud.nix +++ b/nixos/modules/services/web-apps/nextcloud.nix @@ -5,15 +5,18 @@ with lib; let cfg = config.services.nextcloud; + phpPackage = pkgs.php73; + phpPackages = pkgs.php73Packages; + toKeyValue = generators.toKeyValue { mkKeyValue = generators.mkKeyValueDefault {} " = "; }; phpOptionsExtensions = '' - ${optionalString cfg.caching.apcu "extension=${cfg.phpPackages.apcu}/lib/php/extensions/apcu.so"} - ${optionalString cfg.caching.redis "extension=${cfg.phpPackages.redis}/lib/php/extensions/redis.so"} - ${optionalString cfg.caching.memcached "extension=${cfg.phpPackages.memcached}/lib/php/extensions/memcached.so"} - extension=${cfg.phpPackages.imagick}/lib/php/extensions/imagick.so + ${optionalString cfg.caching.apcu "extension=${phpPackages.apcu}/lib/php/extensions/apcu.so"} + ${optionalString cfg.caching.redis "extension=${phpPackages.redis}/lib/php/extensions/redis.so"} + ${optionalString cfg.caching.memcached "extension=${phpPackages.memcached}/lib/php/extensions/memcached.so"} + extension=${phpPackages.imagick}/lib/php/extensions/imagick.so zend_extension = opcache.so opcache.enable = 1 ''; @@ -95,18 +98,6 @@ in { ''; }; - phpPackages = mkOption { - type = types.attrs; - default = pkgs.php73Packages; - defaultText = "pkgs.php73Packages"; - description = '' - Overridable attribute of the PHP packages set to use. If any caching - module is enabled, it will be taken from here. Therefore it should - match the version of PHP given to - services.phpfpm.phpPackage. - ''; - }; - phpOptions = mkOption { type = types.attrsOf types.str; default = { @@ -367,7 +358,7 @@ in { phpOptions))); in { phpOptions = phpOptionsExtensions; - phpPackage = pkgs.php73; + phpPackage = phpPackage; listen = "/run/phpfpm/nextcloud"; extraConfig = '' listen.owner = nginx