From 702f645aa8de543fa813aba07b11c26067d6094b Mon Sep 17 00:00:00 2001 From: Maximilian Bosch Date: Sat, 14 Mar 2020 04:07:30 +0100 Subject: [PATCH] nixos/nextcloud: implement a safe upgrade-path between 19.09 and 20.03 It's impossible to move two major-versions forward when upgrading Nextcloud. This is an issue when comming from 19.09 (using Nextcloud 16) and trying to upgrade to 20.03 (using Nextcloud 18 by default). This patch implements the measurements discussed in #82056 and #82353 to improve the update process and to circumvent similar issues in the future: * `pkgs.nextcloud` has been removed in favor of versioned attributes (currently `pkgs.nextcloud17` and `pkgs.nextcloud18`). With that approach we can safely backport major-releases in the future to simplify those upgrade-paths and we can select one of the major-releases as default depending on the configuration (helpful to decide whether e.g. `pkgs.nextcloud17` or `pkgs.nextcloud18` should be used on 20.03 and `master` atm). * If `system.stateVersion` is older than `20.03`, `nextcloud17` will be used (which is one major-release behind v16 from 19.09). When using a package older than the latest major-release available (currently v18), the evaluation will cause a warning which describes the issue and suggests next steps. To make those package-selections easier, a new option to define the package to be used for the service (namely `services.nextcloud.package`) was introduced. * If `pkgs.nextcloud` exists (e.g. due to an overlay which was used to provide more recent Nextcloud versions on older NixOS-releases), an evaluation error will be thrown by default: this is to make sure that `services.nextcloud.package` doesn't use an older version by accident after checking the state-version. If `pkgs.nextcloud` is added manually, it needs to be declared explicitly in `services.nextcloud.package`. * The `nixos/nextcloud`-documentation contains a "Maintainer information"-chapter which describes how to roll out new Nextcloud releases and how to deal with old (and probably unsafe) versions. Closes #82056 --- nixos/doc/manual/release-notes/rl-2003.xml | 49 +++++++++++++++++++ nixos/modules/services/web-apps/nextcloud.nix | 44 ++++++++++++++--- nixos/modules/services/web-apps/nextcloud.xml | 48 ++++++++++++++++++ pkgs/servers/nextcloud/default.nix | 47 +++++++++++------- pkgs/top-level/all-packages.nix | 3 +- 5 files changed, 165 insertions(+), 26 deletions(-) diff --git a/nixos/doc/manual/release-notes/rl-2003.xml b/nixos/doc/manual/release-notes/rl-2003.xml index e5351519f8dad6..02d05dec0a2b88 100644 --- a/nixos/doc/manual/release-notes/rl-2003.xml +++ b/nixos/doc/manual/release-notes/rl-2003.xml @@ -648,6 +648,55 @@ auth required pam_succeed_if.so uid >= 1000 quiet . + + + nextcloud has been updated to v18.0.2. This means + that users from NixOS 19.09 can't upgrade directly since you can only move one version + forward and 19.09 uses v16.0.8. + + + To provide a safe upgrade-path and to circumvent similar issues in the future, the following + measures were taken: + + + + The pkgs.nextcloud-attribute has been removed and replaced with + versioned attributes (currently pkgs.nextcloud17 and + pkgs.nextcloud18). With this change major-releases can be backported + without breaking stuff and to make upgrade-paths easier. + + + + + Existing setups will be detected using + system.stateVersion: by default, + nextcloud17 will be used, but will raise a warning which notes + that after that deploy it's recommended to update to the latest stable version + (nextcloud18) by declaring the newly introduced setting + services.nextcloud.package. + + + + + Users with an overlay (e.g. to use nextcloud at version + v18 on 19.09) will get an evaluation error + by default. This is done to ensure that our + package-option doesn't select an + older version by accident. It's recommended to use pkgs.nextcloud18 + or to set package to + pkgs.nextcloud explicitly. + + + + + + + Please note that if you're comming from 19.03 or older, you have + to manually upgrade to 19.09 first to upgrade your server + to Nextcloud v16. + + + diff --git a/nixos/modules/services/web-apps/nextcloud.nix b/nixos/modules/services/web-apps/nextcloud.nix index 912e05d6d4005d..087bd0e5df3e43 100644 --- a/nixos/modules/services/web-apps/nextcloud.nix +++ b/nixos/modules/services/web-apps/nextcloud.nix @@ -30,7 +30,7 @@ let occ = pkgs.writeScriptBin "nextcloud-occ" '' #! ${pkgs.stdenv.shell} - cd ${pkgs.nextcloud} + cd ${cfg.package} sudo=exec if [[ "$USER" != nextcloud ]]; then sudo='exec /run/wrappers/bin/sudo -u nextcloud --preserve-env=NEXTCLOUD_CONFIG_DIR' @@ -42,6 +42,8 @@ let occ $* ''; + inherit (config.system) stateVersion; + in { options.services.nextcloud = { enable = mkEnableOption "nextcloud"; @@ -64,6 +66,11 @@ in { default = false; description = "Use https for generated links."; }; + package = mkOption { + type = types.package; + description = "Which package to use for the Nextcloud instance."; + relatedPackages = [ "nextcloud17" "nextcloud18" ]; + }; maxUploadSize = mkOption { default = "512M"; @@ -309,10 +316,31 @@ in { } ]; - warnings = optional (cfg.poolConfig != null) '' - Using config.services.nextcloud.poolConfig is deprecated and will become unsupported in a future release. - Please migrate your configuration to config.services.nextcloud.poolSettings. - ''; + warnings = [] + ++ (optional (cfg.poolConfig != null) '' + Using config.services.nextcloud.poolConfig is deprecated and will become unsupported in a future release. + Please migrate your configuration to config.services.nextcloud.poolSettings. + '') + ++ (optional (versionOlder cfg.package.version "18") '' + You're currently deploying an older version of Nextcloud. This may be needed + since Nextcloud doesn't allow major version upgrades across multiple versions (i.e. an + upgrade from 16 is possible to 17, but not to 18). + + Please deploy this to your server and wait until the migration is finished. After + that you can deploy to the latest Nextcloud version available. + ''); + + services.nextcloud.package = with pkgs; + mkDefault ( + if pkgs ? nextcloud + then throw '' + The `pkgs.nextcloud`-attribute has been removed. If it's supposed to be the default + nextcloud defined in an overlay, please set `services.nextcloud.package` to + `pkgs.nextcloud`. + '' + else if versionOlder stateVersion "20.03" then nextcloud17 + else nextcloud18 + ); } { systemd.timers.nextcloud-cron = { @@ -407,7 +435,7 @@ in { path = [ occ ]; script = '' chmod og+x ${cfg.home} - ln -sf ${pkgs.nextcloud}/apps ${cfg.home}/ + ln -sf ${cfg.package}/apps ${cfg.home}/ mkdir -p ${cfg.home}/config ${cfg.home}/data ${cfg.home}/store-apps ln -sf ${overrideConfig} ${cfg.home}/config/override.config.php @@ -429,7 +457,7 @@ in { environment.NEXTCLOUD_CONFIG_DIR = "${cfg.home}/config"; serviceConfig.Type = "oneshot"; serviceConfig.User = "nextcloud"; - serviceConfig.ExecStart = "${phpPackage}/bin/php -f ${pkgs.nextcloud}/cron.php"; + serviceConfig.ExecStart = "${phpPackage}/bin/php -f ${cfg.package}/cron.php"; }; nextcloud-update-plugins = mkIf cfg.autoUpdateApps.enable { serviceConfig.Type = "oneshot"; @@ -471,7 +499,7 @@ in { enable = true; virtualHosts = { ${cfg.hostName} = { - root = pkgs.nextcloud; + root = cfg.package; locations = { "= /robots.txt" = { priority = 100; diff --git a/nixos/modules/services/web-apps/nextcloud.xml b/nixos/modules/services/web-apps/nextcloud.xml index d66e0f0c29973e..fc454f8ba25496 100644 --- a/nixos/modules/services/web-apps/nextcloud.xml +++ b/nixos/modules/services/web-apps/nextcloud.xml @@ -113,5 +113,53 @@ maintenance:install! This command tries to install the application and can cause unwanted side-effects! + + + Nextcloud doesn't allow to move more than one major-version forward. If you're e.g. on + v16, you cannot upgrade to v18, you need to upgrade to + v17 first. This is ensured automatically as long as the + stateVersion is declared properly. In that case + the oldest version available (one major behind the one from the previous NixOS + release) will be selected by default and the module will generate a warning that reminds + the user to upgrade to latest Nextcloud after that deploy. + + + +
+ Maintainer information + + + As stated in the previous paragraph, we must provide a clean upgrade-path for Nextcloud + since it cannot move more than one major version forward on a single upgrade. This chapter + adds some notes how Nextcloud updates should be rolled out in the future. + + + + While minor and patch-level updates are no problem and can be done directly in the + package-expression (and should be backported to supported stable branches after that), + major-releases should be added in a new attribute (e.g. Nextcloud v19.0.0 + should be available in nixpkgs as pkgs.nextcloud19). + To provide simple upgrade paths it's generally useful to backport those as well to stable + branches. As long as the package-default isn't altered, this won't break existing setups. + After that, the versioning-warning in the nextcloud-module should be + updated to make sure that the + package-option selects the latest version + on fresh setups. + + + + If major-releases will be abandoned by upstream, we should check first if those are needed + in NixOS for a safe upgrade-path before removing those. In that case we shold keep those + packages, but mark them as insecure in an expression like this (in + <nixpkgs/pkgs/servers/nextcloud/default.nix>): +/* ... */ +{ + nextcloud17 = generic { + version = "17.0.x"; + sha256 = "0000000000000000000000000000000000000000000000000000"; + insecure = true; + }; +} +
diff --git a/pkgs/servers/nextcloud/default.nix b/pkgs/servers/nextcloud/default.nix index 9b23e9ac501fd1..008d6bbde398d9 100644 --- a/pkgs/servers/nextcloud/default.nix +++ b/pkgs/servers/nextcloud/default.nix @@ -1,24 +1,37 @@ { stdenv, fetchurl }: -stdenv.mkDerivation rec { - pname = "nextcloud"; - version = "18.0.2"; +let + generic = { version, sha256, insecure ? false }: stdenv.mkDerivation rec { + pname = "nextcloud"; + inherit version; - src = fetchurl { - url = "https://download.nextcloud.com/server/releases/${pname}-${version}.tar.bz2"; - sha256 = "10fbdq0366iai2kpw6v6p78mnn9gz8x0xzsbqrp109yx4c4nccyh"; - }; + src = fetchurl { + url = "https://download.nextcloud.com/server/releases/${pname}-${version}.tar.bz2"; + inherit sha256; + }; + + installPhase = '' + mkdir -p $out/ + cp -R . $out/ + ''; - installPhase = '' - mkdir -p $out/ - cp -R . $out/ - ''; + meta = with stdenv.lib; { + description = "Sharing solution for files, calendars, contacts and more"; + homepage = https://nextcloud.com; + maintainers = with maintainers; [ schneefux bachp globin fpletz ma27 ]; + license = licenses.agpl3Plus; + platforms = with platforms; unix; + knownVulnerabilities = optional insecure "Nextcloud version ${version} is EOL"; + }; + }; +in { + nextcloud17 = generic { + version = "17.0.4"; + sha256 = "0cj5mng0nmj3hz30pyz3g19kj3mkm5ca8si3sw3arv61dmw6c5g6"; + }; - meta = { - description = "Sharing solution for files, calendars, contacts and more"; - homepage = https://nextcloud.com; - maintainers = with stdenv.lib.maintainers; [ schneefux bachp globin fpletz ]; - license = stdenv.lib.licenses.agpl3Plus; - platforms = with stdenv.lib.platforms; unix; + nextcloud18 = generic { + version = "18.0.2"; + sha256 = "10fbdq0366iai2kpw6v6p78mnn9gz8x0xzsbqrp109yx4c4nccyh"; }; } diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 901313d8e6325c..ef6f8404c7941b 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -5356,7 +5356,8 @@ in grocy = callPackage ../servers/grocy { }; - nextcloud = callPackage ../servers/nextcloud { }; + inherit (callPackage ../servers/nextcloud {}) + nextcloud17 nextcloud18; nextcloud-client = libsForQt5.callPackage ../applications/networking/nextcloud-client { };