diff options
Diffstat (limited to 'nixos')
-rw-r--r-- | nixos/doc/manual/release-notes/rl-2305.section.md | 7 | ||||
-rw-r--r-- | nixos/modules/module-list.nix | 3 | ||||
-rw-r--r-- | nixos/modules/services/misc/etcd.nix | 3 | ||||
-rw-r--r-- | nixos/modules/services/misc/rshim.nix | 99 | ||||
-rw-r--r-- | nixos/modules/services/networking/alice-lg.nix | 101 | ||||
-rw-r--r-- | nixos/modules/services/networking/birdwatcher.nix | 129 | ||||
-rw-r--r-- | nixos/modules/services/web-apps/nextcloud.md | 10 | ||||
-rw-r--r-- | nixos/modules/services/web-apps/nextcloud.nix | 7 | ||||
-rw-r--r-- | nixos/tests/alice-lg.nix | 44 | ||||
-rw-r--r-- | nixos/tests/all-tests.nix | 2 | ||||
-rw-r--r-- | nixos/tests/birdwatcher.nix | 94 | ||||
-rw-r--r-- | nixos/tests/nextcloud/basic.nix | 1 | ||||
-rw-r--r-- | nixos/tests/nextcloud/openssl-sse.nix | 1 | ||||
-rw-r--r-- | nixos/tests/nextcloud/with-mysql-and-memcached.nix | 1 | ||||
-rw-r--r-- | nixos/tests/nextcloud/with-postgresql-and-redis.nix | 1 |
15 files changed, 493 insertions, 10 deletions
diff --git a/nixos/doc/manual/release-notes/rl-2305.section.md b/nixos/doc/manual/release-notes/rl-2305.section.md index e0f18cca17a11..c7e92beae9f9e 100644 --- a/nixos/doc/manual/release-notes/rl-2305.section.md +++ b/nixos/doc/manual/release-notes/rl-2305.section.md @@ -110,6 +110,8 @@ In addition to numerous new and upgraded packages, this release has the followin - [v2rayA](https://v2raya.org), a Linux web GUI client of Project V which supports V2Ray, Xray, SS, SSR, Trojan and Pingtunnel. Available as [services.v2raya](options.html#opt-services.v2raya.enable). +- [rshim](https://github.com/Mellanox/rshim-user-space), the user-space rshim driver for the BlueField SoC. Available as [services.rshim](options.html#opt-services.rshim.enable). + - [wstunnel](https://github.com/erebe/wstunnel), a proxy tunnelling arbitrary TCP or UDP traffic through a WebSocket connection. Instances may be configured via [services.wstunnel](options.html#opt-services.wstunnel.enable). - [ulogd](https://www.netfilter.org/projects/ulogd/index.html), a userspace logging daemon for netfilter/iptables related logging. Available as [services.ulogd](options.html#opt-services.ulogd.enable). @@ -124,6 +126,10 @@ In addition to numerous new and upgraded packages, this release has the followin - [photoprism](https://photoprism.app/), a AI-Powered Photos App for the Decentralized Web. Available as [services.photoprism](options.html#opt-services.photoprism.enable). +- [alice-lg](github.com/alice-lg/alice-lg), a looking-glass for BGP sessions. Available as [services.alice-lg](#opt-services.alice-lg.enable). + +- [birdwatcher](github.com/alice-lg/birdwatcher), a small HTTP server meant to provide an API defined by Barry O'Donovan's birds-eye to the BIRD internet routing daemon. Available as [services.birdwatcher](#opt-services.birdwatcher.enable). + - [peroxide](https://github.com/ljanyst/peroxide), a fork of the official [ProtonMail bridge](https://github.com/ProtonMail/proton-bridge) that aims to be similar to [Hydroxide](https://github.com/emersion/hydroxide). Available as [services.peroxide](#opt-services.peroxide.enable). - [autosuspend](https://github.com/languitar/autosuspend), a python daemon that suspends a system if certain conditions are met, or not met. @@ -237,7 +243,6 @@ In addition to numerous new and upgraded packages, this release has the followin - [`services.nextcloud.database.createLocally`](#opt-services.nextcloud.database.createLocally) now uses socket authentication and is no longer compatible with password authentication. - If you want the module to manage the database for you, unset [`services.nextcloud.config.dbpassFile`](#opt-services.nextcloud.config.dbpassFile) (and [`services.nextcloud.config.dbhost`](#opt-services.nextcloud.config.dbhost), if it's set). - - If your database is external, simply set [`services.nextcloud.database.createLocally`](#opt-services.nextcloud.database.createLocally) to `false`. - If you want to use password authentication **and** create the database locally, you will have to use [`services.mysql`](#opt-services.mysql.enable) to set it up. - `protonmail-bridge` package has been updated to major version 3. diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index 63c7d03573461..675f0925a4458 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -688,6 +688,7 @@ ./services/misc/ripple-data-api.nix ./services/misc/rippled.nix ./services/misc/rmfakecloud.nix + ./services/misc/rshim.nix ./services/misc/safeeyes.nix ./services/misc/sdrplay.nix ./services/misc/serviio.nix @@ -805,6 +806,7 @@ ./services/network-filesystems/yandex-disk.nix ./services/networking/3proxy.nix ./services/networking/adguardhome.nix + ./services/networking/alice-lg.nix ./services/networking/amuled.nix ./services/networking/antennas.nix ./services/networking/aria2.nix @@ -819,6 +821,7 @@ ./services/networking/bind.nix ./services/networking/bird-lg.nix ./services/networking/bird.nix + ./services/networking/birdwatcher.nix ./services/networking/bitcoind.nix ./services/networking/bitlbee.nix ./services/networking/blockbook-frontend.nix diff --git a/nixos/modules/services/misc/etcd.nix b/nixos/modules/services/misc/etcd.nix index 3343e94778a2b..17a7cca917f24 100644 --- a/nixos/modules/services/misc/etcd.nix +++ b/nixos/modules/services/misc/etcd.nix @@ -167,10 +167,11 @@ in { ETCD_LISTEN_CLIENT_URLS = concatStringsSep "," cfg.listenClientUrls; ETCD_LISTEN_PEER_URLS = concatStringsSep "," cfg.listenPeerUrls; ETCD_INITIAL_ADVERTISE_PEER_URLS = concatStringsSep "," cfg.initialAdvertisePeerUrls; + ETCD_PEER_CLIENT_CERT_AUTH = toString cfg.peerClientCertAuth; ETCD_PEER_TRUSTED_CA_FILE = cfg.peerTrustedCaFile; ETCD_PEER_CERT_FILE = cfg.peerCertFile; ETCD_PEER_KEY_FILE = cfg.peerKeyFile; - ETCD_CLIENT_CERT_AUTH = toString cfg.peerClientCertAuth; + ETCD_CLIENT_CERT_AUTH = toString cfg.clientCertAuth; ETCD_TRUSTED_CA_FILE = cfg.trustedCaFile; ETCD_CERT_FILE = cfg.certFile; ETCD_KEY_FILE = cfg.keyFile; diff --git a/nixos/modules/services/misc/rshim.nix b/nixos/modules/services/misc/rshim.nix new file mode 100644 index 0000000000000..169f1fa5793be --- /dev/null +++ b/nixos/modules/services/misc/rshim.nix @@ -0,0 +1,99 @@ +{ config, lib, pkgs, ... }: + +let + cfg = config.services.rshim; + + rshimCommand = lib.escapeShellArgs ([ "${cfg.package}/bin/rshim" ] + ++ lib.optionals (cfg.backend != null) [ "--backend ${cfg.backend}" ] + ++ lib.optionals (cfg.device != null) [ "--device ${cfg.device}" ] + ++ lib.optionals (cfg.index != null) [ "--index ${builtins.toString cfg.index}" ] + ++ [ "--log-level ${builtins.toString cfg.log-level}" ]) + ; +in +{ + options.services.rshim = { + enable = lib.mkEnableOption (lib.mdDoc "User-space rshim driver for the BlueField SoC"); + + package = lib.mkPackageOptionMD pkgs "rshim-user-space" { }; + + backend = lib.mkOption { + type = with lib.types; nullOr (enum [ "usb" "pcie" "pcie_lf" ]); + description = lib.mdDoc '' + Specify the backend to attach. If not specified, the driver will scan + all rshim backends unless the `device` option is given with a device + name specified. + ''; + default = null; + example = "pcie"; + }; + + device = lib.mkOption { + type = with lib.types; nullOr str; + description = lib.mdDoc '' + Specify the device name to attach. The backend driver can be deduced + from the device name, thus the `backend` option is not needed. + ''; + default = null; + example = "pcie-04:00.2"; + }; + + index = lib.mkOption { + type = with lib.types; nullOr int; + description = lib.mdDoc '' + Specify the index to create device path `/dev/rshim<index>`. It's also + used to create network interface name `tmfifo_net<index>`. This option + is needed when multiple rshim instances are running. + ''; + default = null; + example = 1; + }; + + log-level = lib.mkOption { + type = lib.types.int; + description = lib.mdDoc '' + Specify the log level (0:none, 1:error, 2:warning, 3:notice, 4:debug). + ''; + default = 2; + example = 4; + }; + + config = lib.mkOption { + type = with lib.types; attrsOf (oneOf [ int str ]); + description = lib.mdDoc '' + Structural setting for the rshim configuration file + (`/etc/rshim.conf`). It can be used to specify the static mapping + between rshim devices and rshim names. It can also be used to ignore + some rshim devices. + ''; + default = { }; + example = { + DISPLAY_LEVEL = 0; + rshim0 = "usb-2-1.7"; + none = "usb-1-1.4"; + }; + }; + }; + + config = lib.mkIf cfg.enable { + environment.etc = lib.mkIf (cfg.config != { }) { + "rshim.conf".text = lib.generators.toKeyValue + { mkKeyValue = lib.generators.mkKeyValueDefault { } " "; } + cfg.config; + }; + + systemd.services.rshim = { + after = [ "network.target" ]; + serviceConfig = { + Restart = "always"; + Type = "forking"; + ExecStart = [ + (lib.concatStringsSep " \\\n" rshimCommand) + ]; + KillMode = "control-group"; + }; + wantedBy = [ "multi-user.target" ]; + }; + }; + + meta.maintainers = with lib.maintainers; [ nikstur ]; +} diff --git a/nixos/modules/services/networking/alice-lg.nix b/nixos/modules/services/networking/alice-lg.nix new file mode 100644 index 0000000000000..06b9ac89f12fc --- /dev/null +++ b/nixos/modules/services/networking/alice-lg.nix @@ -0,0 +1,101 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + cfg = config.services.alice-lg; + settingsFormat = pkgs.formats.ini { }; +in +{ + options = { + services.alice-lg = { + enable = mkEnableOption (lib.mdDoc "Alice Looking Glass"); + + package = mkPackageOptionMD pkgs "alice-lg" { }; + + settings = mkOption { + type = settingsFormat.type; + default = { }; + description = lib.mdDoc '' + alice-lg configuration, for configuration options see the example on [github](https://github.com/alice-lg/alice-lg/blob/main/etc/alice-lg/alice.example.conf) + ''; + example = literalExpression '' + { + server = { + # configures the built-in webserver and provides global application settings + listen_http = "127.0.0.1:7340"; + enable_prefix_lookup = true; + asn = 9033; + store_backend = postgres; + routes_store_refresh_parallelism = 5; + neighbors_store_refresh_parallelism = 10000; + routes_store_refresh_interval = 5; + neighbors_store_refresh_interval = 5; + }; + postgres = { + url = "postgres://postgres:postgres@localhost:5432/alice"; + min_connections = 2; + max_connections = 128; + }; + pagination = { + routes_filtered_page_size = 250; + routes_accepted_page_size = 250; + routes_not_exported_page_size = 250; + }; + } + ''; + }; + }; + }; + + config = lib.mkIf cfg.enable { + environment = { + etc."alice-lg/alice.conf".source = settingsFormat.generate "alice-lg.conf" cfg.settings; + }; + systemd.services = { + alice-lg = { + wants = [ "network.target" ]; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + description = "Alice Looking Glass"; + serviceConfig = { + DynamicUser = true; + Type = "simple"; + Restart = "on-failure"; + RestartSec = 15; + ExecStart = "${cfg.package}/bin/alice-lg"; + StateDirectoryMode = "0700"; + UMask = "0007"; + CapabilityBoundingSet = ""; + NoNewPrivileges = true; + ProtectSystem = "strict"; + PrivateTmp = true; + PrivateDevices = true; + PrivateUsers = true; + ProtectHostname = true; + ProtectClock = true; + ProtectKernelTunables = true; + ProtectKernelModules = true; + ProtectKernelLogs = true; + ProtectControlGroups = true; + RestrictAddressFamilies = [ "AF_INET AF_INET6" ]; + LockPersonality = true; + MemoryDenyWriteExecute = true; + RestrictRealtime = true; + RestrictSUIDSGID = true; + PrivateMounts = true; + SystemCallArchitectures = "native"; + SystemCallFilter = "~@clock @privileged @cpu-emulation @debug @keyring @module @mount @obsolete @raw-io @reboot @setuid @swap"; + BindReadOnlyPaths = [ + "-/etc/resolv.conf" + "-/etc/nsswitch.conf" + "-/etc/ssl/certs" + "-/etc/static/ssl/certs" + "-/etc/hosts" + "-/etc/localtime" + ]; + }; + }; + }; + }; +} diff --git a/nixos/modules/services/networking/birdwatcher.nix b/nixos/modules/services/networking/birdwatcher.nix new file mode 100644 index 0000000000000..a129b7a2b4cf5 --- /dev/null +++ b/nixos/modules/services/networking/birdwatcher.nix @@ -0,0 +1,129 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + cfg = config.services.birdwatcher; +in +{ + options = { + services.birdwatcher = { + package = mkOption { + type = types.package; + default = pkgs.birdwatcher; + defaultText = literalExpression "pkgs.birdwatcher"; + description = lib.mdDoc "The Birdwatcher package to use."; + }; + enable = mkEnableOption (lib.mdDoc "Birdwatcher"); + flags = mkOption { + default = [ ]; + type = types.listOf types.str; + example = [ "-worker-pool-size 16" "-6" ]; + description = lib.mdDoc '' + Flags to append to the program call + ''; + }; + + settings = mkOption { + type = types.lines; + default = { }; + description = lib.mdDoc '' + birdwatcher configuration, for configuration options see the example on [github](https://github.com/alice-lg/birdwatcher/blob/master/etc/birdwatcher/birdwatcher.conf) + ''; + example = literalExpression '' + [server] + allow_from = [] + allow_uncached = false + modules_enabled = ["status", + "protocols", + "protocols_bgp", + "protocols_short", + "routes_protocol", + "routes_peer", + "routes_table", + "routes_table_filtered", + "routes_table_peer", + "routes_filtered", + "routes_prefixed", + "routes_noexport", + "routes_pipe_filtered_count", + "routes_pipe_filtered" + ] + + [status] + reconfig_timestamp_source = "bird" + reconfig_timestamp_match = "# created: (.*)" + + filter_fields = [] + + [bird] + listen = "0.0.0.0:29184" + config = "/etc/bird/bird2.conf" + birdc = "''${pkgs.bird}/bin/birdc" + ttl = 5 # time to live (in minutes) for caching of cli output + + [parser] + filter_fields = [] + + [cache] + use_redis = false # if not using redis cache, activate housekeeping to save memory! + + [housekeeping] + interval = 5 + force_release_memory = true + ''; + }; + }; + }; + + config = + let flagsStr = escapeShellArgs cfg.flags; + in lib.mkIf cfg.enable { + environment.etc."birdwatcher/birdwatcher.conf".source = pkgs.writeTextFile { + name = "birdwatcher.conf"; + text = cfg.settings; + }; + systemd.services = { + birdwatcher = { + wants = [ "network.target" ]; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + description = "Birdwatcher"; + serviceConfig = { + Type = "simple"; + Restart = "on-failure"; + RestartSec = 15; + ExecStart = "${cfg.package}/bin/birdwatcher"; + StateDirectoryMode = "0700"; + UMask = "0117"; + NoNewPrivileges = true; + ProtectSystem = "strict"; + PrivateTmp = true; + PrivateDevices = true; + ProtectHostname = true; + ProtectClock = true; + ProtectKernelTunables = true; + ProtectKernelModules = true; + ProtectKernelLogs = true; + ProtectControlGroups = true; + RestrictAddressFamilies = [ "AF_UNIX AF_INET AF_INET6" ]; + LockPersonality = true; + MemoryDenyWriteExecute = true; + RestrictRealtime = true; + RestrictSUIDSGID = true; + PrivateMounts = true; + SystemCallArchitectures = "native"; + SystemCallFilter = "~@clock @privileged @cpu-emulation @debug @keyring @module @mount @obsolete @raw-io @reboot @setuid @swap"; + BindReadOnlyPaths = [ + "-/etc/resolv.conf" + "-/etc/nsswitch.conf" + "-/etc/ssl/certs" + "-/etc/static/ssl/certs" + "-/etc/hosts" + "-/etc/localtime" + ]; + }; + }; + }; + }; +} diff --git a/nixos/modules/services/web-apps/nextcloud.md b/nixos/modules/services/web-apps/nextcloud.md index 6ecfc6ca7e473..5be81a18dfecd 100644 --- a/nixos/modules/services/web-apps/nextcloud.md +++ b/nixos/modules/services/web-apps/nextcloud.md @@ -17,11 +17,12 @@ and optionally supports For the database, you can set [`services.nextcloud.config.dbtype`](#opt-services.nextcloud.config.dbtype) to -either `sqlite` (the default), `mysql`, or `pgsql`. For the last two, by -default, a local database will be created and nextcloud will connect to it via -socket; this can be disabled by setting +either `sqlite` (the default), `mysql`, or `pgsql`. The simplest is `sqlite`, +which will be automatically created and managed by the application. For the +last two, you can easily create a local database by setting [`services.nextcloud.database.createLocally`](#opt-services.nextcloud.database.createLocally) -to `false`. +to `true`, Nextcloud will automatically be configured to connect to it through +socket. A very basic configuration may look like this: ``` @@ -30,6 +31,7 @@ A very basic configuration may look like this: services.nextcloud = { enable = true; hostName = "nextcloud.tld"; + database.createLocally = true; config = { dbtype = "pgsql"; adminpassFile = "/path/to/admin-pass-file"; diff --git a/nixos/modules/services/web-apps/nextcloud.nix b/nixos/modules/services/web-apps/nextcloud.nix index b7408c344aef4..01dca43776892 100644 --- a/nixos/modules/services/web-apps/nextcloud.nix +++ b/nixos/modules/services/web-apps/nextcloud.nix @@ -317,7 +317,7 @@ in { createLocally = mkOption { type = types.bool; - default = true; + default = false; description = lib.mdDoc '' Create the database and database user locally. ''; @@ -754,9 +754,8 @@ in { { assertions = [ { assertion = cfg.database.createLocally -> cfg.config.dbpassFile == null; message = '' - Using `services.nextcloud.database.createLocally` (that now defaults - to true) with database password authentication is no longer - supported. + Using `services.nextcloud.database.createLocally` with database + password authentication is no longer supported. If you use an external database (or want to use password auth for any other reason), set `services.nextcloud.database.createLocally` to diff --git a/nixos/tests/alice-lg.nix b/nixos/tests/alice-lg.nix new file mode 100644 index 0000000000000..640e60030a04e --- /dev/null +++ b/nixos/tests/alice-lg.nix @@ -0,0 +1,44 @@ +# This test does a basic functionality check for alice-lg + +{ system ? builtins.currentSystem +, pkgs ? import ../.. { inherit system; config = { }; } +}: + +let + inherit (import ../lib/testing-python.nix { inherit system pkgs; }) makeTest; + inherit (pkgs.lib) optionalString; +in +makeTest { + name = "birdwatcher"; + nodes = { + host1 = { + environment.systemPackages = with pkgs; [ jq ]; + services.alice-lg = { + enable = true; + settings = { + server = { + listen_http = "[::]:7340"; + enable_prefix_lookup = true; + asn = 1; + routes_store_refresh_parallelism = 5; + neighbors_store_refresh_parallelism = 10000; + routes_store_refresh_interval = 5; + neighbors_store_refresh_interval = 5; + }; + housekeeping = { + interval = 5; + force_release_memory = true; + }; + }; + }; + }; + }; + + testScript = '' + start_all() + + host1.wait_for_unit("alice-lg.service") + host1.wait_for_open_port(7340) + host1.succeed("curl http://[::]:7340 | grep 'Alice BGP Looking Glass'") + ''; +} diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix index 20b051c1880e9..2d45fbddbf01b 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix @@ -102,6 +102,7 @@ in { airsonic = handleTest ./airsonic.nix {}; akkoma = handleTestOn [ "x86_64-linux" "aarch64-linux" ] ./akkoma.nix {}; akkoma-confined = handleTestOn [ "x86_64-linux" "aarch64-linux" ] ./akkoma.nix { confined = true; }; + alice-lg = handleTest ./alice-lg.nix {}; allTerminfo = handleTest ./all-terminfo.nix {}; alps = handleTest ./alps.nix {}; amazon-init-shell = handleTest ./amazon-init-shell.nix {}; @@ -123,6 +124,7 @@ in { binary-cache = handleTest ./binary-cache.nix {}; bind = handleTest ./bind.nix {}; bird = handleTest ./bird.nix {}; + birdwatcher = handleTest ./birdwatcher.nix {}; bitcoind = handleTest ./bitcoind.nix {}; bittorrent = handleTest ./bittorrent.nix {}; blockbook-frontend = handleTest ./blockbook-frontend.nix {}; diff --git a/nixos/tests/birdwatcher.nix b/nixos/tests/birdwatcher.nix new file mode 100644 index 0000000000000..5c41b4d0e4f3a --- /dev/null +++ b/nixos/tests/birdwatcher.nix @@ -0,0 +1,94 @@ +# This test does a basic functionality check for birdwatcher + +{ system ? builtins.currentSystem +, pkgs ? import ../.. { inherit system; config = { }; } +}: + +let + inherit (import ../lib/testing-python.nix { inherit system pkgs; }) makeTest; + inherit (pkgs.lib) optionalString; +in +makeTest { + name = "birdwatcher"; + nodes = { + host1 = { + environment.systemPackages = with pkgs; [ jq ]; + services.bird2 = { + enable = true; + config = '' + log syslog all; + + debug protocols all; + + router id 10.0.0.1; + + protocol device { + } + + protocol kernel kernel4 { + ipv4 { + import none; + export all; + }; + } + + protocol kernel kernel6 { + ipv6 { + import none; + export all; + }; + } + ''; + }; + services.birdwatcher = { + enable = true; + settings = '' + [server] + allow_from = [] + allow_uncached = false + modules_enabled = ["status", + "protocols", + "protocols_bgp", + "protocols_short", + "routes_protocol", + "routes_peer", + "routes_table", + "routes_table_filtered", + "routes_table_peer", + "routes_filtered", + "routes_prefixed", + "routes_noexport", + "routes_pipe_filtered_count", + "routes_pipe_filtered" + ] + [status] + reconfig_timestamp_source = "bird" + reconfig_timestamp_match = "# created: (.*)" + filter_fields = [] + [bird] + listen = "0.0.0.0:29184" + config = "/etc/bird/bird2.conf" + birdc = "${pkgs.bird}/bin/birdc" + ttl = 5 # time to live (in minutes) for caching of cli output + [parser] + filter_fields = [] + [cache] + use_redis = false # if not using redis cache, activate housekeeping to save memory! + [housekeeping] + interval = 5 + force_release_memory = true + ''; + }; + }; + }; + + testScript = '' + start_all() + + host1.wait_for_unit("bird2.service") + host1.wait_for_unit("birdwatcher.service") + host1.wait_for_open_port(29184) + host1.succeed("curl http://[::]:29184/status | jq -r .status.message | grep 'Daemon is up and running'") + host1.succeed("curl http://[::]:29184/protocols | jq -r .protocols.device1.state | grep 'up'") + ''; +} diff --git a/nixos/tests/nextcloud/basic.nix b/nixos/tests/nextcloud/basic.nix index a475049e7b264..e17f701c54b7d 100644 --- a/nixos/tests/nextcloud/basic.nix +++ b/nixos/tests/nextcloud/basic.nix @@ -43,6 +43,7 @@ in { enable = true; datadir = "/var/lib/nextcloud-data"; hostName = "nextcloud"; + database.createLocally = true; config = { # Don't inherit adminuser since "root" is supposed to be the default adminpassFile = "${pkgs.writeText "adminpass" adminpass}"; # Don't try this at home! diff --git a/nixos/tests/nextcloud/openssl-sse.nix b/nixos/tests/nextcloud/openssl-sse.nix index 871947e1d2b20..e1f2706a7348b 100644 --- a/nixos/tests/nextcloud/openssl-sse.nix +++ b/nixos/tests/nextcloud/openssl-sse.nix @@ -9,6 +9,7 @@ args@{ pkgs, nextcloudVersion ? 25, ... }: services.nextcloud = { enable = true; config.adminpassFile = "${pkgs.writeText "adminpass" adminpass}"; + database.createLocally = true; package = pkgs.${"nextcloud" + (toString nextcloudVersion)}; }; }; diff --git a/nixos/tests/nextcloud/with-mysql-and-memcached.nix b/nixos/tests/nextcloud/with-mysql-and-memcached.nix index f673e5e75d3ba..e57aabfaf86b5 100644 --- a/nixos/tests/nextcloud/with-mysql-and-memcached.nix +++ b/nixos/tests/nextcloud/with-mysql-and-memcached.nix @@ -26,6 +26,7 @@ in { redis = false; memcached = true; }; + database.createLocally = true; config = { dbtype = "mysql"; # Don't inherit adminuser since "root" is supposed to be the default diff --git a/nixos/tests/nextcloud/with-postgresql-and-redis.nix b/nixos/tests/nextcloud/with-postgresql-and-redis.nix index 43892d39e9f0c..1cbb131042876 100644 --- a/nixos/tests/nextcloud/with-postgresql-and-redis.nix +++ b/nixos/tests/nextcloud/with-postgresql-and-redis.nix @@ -25,6 +25,7 @@ in { redis = true; memcached = false; }; + database.createLocally = true; config = { dbtype = "pgsql"; inherit adminuser; |