Update to NixOS 23.11
Most of the release notes we have the luxury of not caring about, however
for some we needed to make changes
- postgresql ensurePermissions was deprecated. We have replaced it with a
combination of the new ensureDBOwner, and manual permissions grants
where that is not applicable
- fetchPypi should now be used at top-level. We used it once to install
jishaku for ClicksForms. We have replaced the usage. There should be a
broader conversation about the future of ClicksForms, but while
upgrading to 23.11 is probably not the time for that
- fail2ban configs for things we no longer run have been removed
Additionally, the following things were looked at in-detail and deemed
non-important
- passwordFile changes (we do not use passwords, at all)
- matrix changes (we believe this will need no module changes for our
use-case)
- nextcloud phpOptions changes (this may reintroduce some default PHP
options. We didn't realize we were clobbering them and consider this to
be a good thing)
- vaultwarden default host change (we already specify a host)
- RAID changes (neither a1d1 or a1d2 currently use software RAID)
- nixpkgs.config with external packages warnings (we don't use any
nixpkgs.config options, but if we did we could remove them and) keep
the same behavior
- nextcloud upgrade to 27 (we already use nextcloud 27)
- matrix workers and redis configuration (redis doesn't provide a benefit
outside of workers, our deployment is too small to need workers)
- several services have improved requirements. In particular, lots of
dependencies around postgres have been improved
We haven't yet updated mongodb, it may be a good idea to migrate to
ferretdb but this is better placed in a later change as migration will
require migrating all the data which will likely get messy
Change-Id: I8db3cc5bfa68bc591ef5e467e8c7de0cae30b300
Reviewed-on: https://git.clicks.codes/c/Clicks/NixFiles/+/122
Tested-by: Samuel Shuert <coded@clicks.codes>
Reviewed-by: Samuel Shuert <coded@clicks.codes>
diff --git a/modules/common/nextcloud.nix b/modules/common/nextcloud.nix
index e98c5f4..29fc69a 100644
--- a/modules/common/nextcloud.nix
+++ b/modules/common/nextcloud.nix
@@ -51,61 +51,75 @@
"overwrite.cli.url" = "https://nextcloud.clicks.codes";
};
+ services.nextcloud.notify_push.enable = false;
+ services.nextcloud.configureRedis = true;
+
services.nextcloud.extraApps = {
sociallogin = pkgs.fetchNextcloudApp {
url =
"https://github.com/zorn-v/nextcloud-social-login/releases/download/v5.5.3/release.tar.gz";
sha256 = "sha256-96/wtK7t23fXVRcntDONjgb5bYtZuaNZzbvQCa5Gsj4=";
+ license = "agpl3Only";
};
richdocuments = pkgs.fetchNextcloudApp {
url =
"https://github.com/nextcloud-releases/richdocuments/releases/download/v8.2.0/richdocuments-v8.2.0.tar.gz";
sha256 = "sha256-PKw7FXSWvden2+6XjnUDOvbTF71slgeTF/ktS/l2+Dk=";
+ license = "agpl3Only";
};
calendar = pkgs.fetchNextcloudApp {
url =
"https://github.com/nextcloud-releases/calendar/releases/download/v4.5.2/calendar-v4.5.2.tar.gz";
sha256 = "sha256-n7GjgAyw2SLoZTEfakmI3IllWUk6o1MF89Zt3WGhR6A=";
+ license = "agpl3Only";
};
contacts = pkgs.fetchNextcloudApp {
url =
"https://github.com/nextcloud-releases/contacts/releases/download/v5.4.2/contacts-v5.4.2.tar.gz";
sha256 = "sha256-IkKHJ3MY/UPZqa4H86WGOEOypffMIHyJ9WvMqkq/4t8=";
+ license = "agpl3Only";
};
tasks = pkgs.fetchNextcloudApp {
url =
"https://github.com/nextcloud/tasks/releases/download/v0.15.0/tasks.tar.gz";
sha256 = "sha256-zMMqtEWiXmhB1C2IeWk8hgP7eacaXLkT7Tgi4NK6PCg=";
+ license = "agpl3Only";
};
appointments = pkgs.fetchNextcloudApp {
url =
"https://github.com/SergeyMosin/Appointments/raw/v1.15.4/build/artifacts/appstore/appointments.tar.gz";
sha256 = "sha256-2Oo7MJBPiBUBf4kti4or5nX+QiXT1Tkw3KowUGCj67E=";
+ license = "agpl3Only";
};
mail = pkgs.fetchNextcloudApp {
url =
"https://github.com/nextcloud-releases/mail/releases/download/v3.4.4/mail-v3.4.4.tar.gz";
sha256 = "sha256-2+EUVjeFW0mrnR23aU5UHZtGjqpDE11qHXu6PWhUTCs=";
+ license = "agpl3Only";
};
spreed = pkgs.fetchNextcloudApp { # nextcloud talk
url =
"https://github.com/nextcloud-releases/spreed/releases/download/v17.1.2/spreed-v17.1.2.tar.gz";
sha256 = "sha256-OvZD/k1t4MAJ/BXbHzli6+V/bsgzE6iZQGrC9cG3b8E=";
+ license = "agpl3Only";
};
notes = pkgs.fetchNextcloudApp {
url =
"https://github.com/nextcloud-releases/notes/releases/download/v4.8.1/notes.tar.gz";
sha256 = "sha256-7GkTGyGTvtDbZsq/zOdbBE7xh6DZO183W6I5XX1ekbw=";
+ license = "agpl3Only";
};
files_3dmodelviewer = pkgs.fetchNextcloudApp {
url =
"https://github.com/WARP-LAB/files_3dmodelviewer/releases/download/v0.0.12/files_3dmodelviewer.tar.gz";
sha256 = "sha256-JKlHDB6VFUXv7V+TzWSgJeuvR2Z+oXGKFZgZtX2A9pA=";
+ license = "agpl3Only";
};
external = pkgs.fetchNextcloudApp {
url =
"https://github.com/nextcloud-releases/external/releases/download/v5.2.1/external-v5.2.1.tar.gz";
sha256 = "sha256-X7eC8T8wSZGVwCQp6U/WxjMC7aIj39osgHotaUoRNSQ=";
+ license = "agpl3Only";
};
};
@@ -117,5 +131,7 @@
format = "json";
};
+ systemd.services.nextcloud-setup.requires = [ "postgresql.service" ];
systemd.services.nextcloud-cron.requires = [ "postgresql.service" ];
+ systemd.services.nextcloud-notify_push.requires = [ "postgresql.service" ];
}