Merge pull request 'Upgrade nextcloud to 31' (#105) from nextcloud_upgrade_31 into master

Reviewed-on: #105
Reviewed-by: kalipso <kalipso@c3d2.de>

doc/src/anleitung/updates.md

@@ -1 +1,11 @@
 # Updates
+## Nextcloud
+Update nextcloud to a new major version:
+- create state directories: `mkdir /tmp/var /tmp/data`
+- run vm state dirs to initialize state `sudo run-vm nextcloud --dummy-secrets --networking --var /tmp/var --data /tmp/data`
+- Update lock file `nix flake update --commit-lock-file`
+- Change services.nextcloud.package to the next version (do not skip major version upgrades)
+- change custom `extraApps` to the new version
+- TEST!
+- run vm again, it should successfully upgrade nextcloud from old to new version
+- run vm state dirs to initialize state `sudo run-vm nextcloud --dummy-secrets --networking --var /tmp/var --data /tmp/data`

flake.lock

@@ -67,11 +67,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1736373539,
+        "lastModified": 1744117652,
-        "narHash": "sha256-dinzAqCjenWDxuy+MqUQq0I4zUSfaCvN9rzuCmgMZJY=",
+        "narHash": "sha256-t7dFCDl4vIOOUMhEZnJF15aAzkpaup9x4ZRGToDFYWI=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "bd65bc3cde04c16755955630b344bc9e35272c56",
+        "rev": "b4e98224ad1336751a2ac7493967a4c9f6d9cb3f",
         "type": "github"
       },
       "original": {
@@ -109,11 +109,11 @@
         "spectrum": "spectrum"
       },
       "locked": {
-        "lastModified": 1739104176,
+        "lastModified": 1743083165,
-        "narHash": "sha256-bNvtud2PUcbYM0i5Uq1v01Dcgq7RuhVKfjaSKkW2KRI=",
+        "narHash": "sha256-Fz7AiCJWtoWZ2guJwO3B1h3RuJxYWaCzFIqY0Kmkyrs=",
         "owner": "astro",
         "repo": "microvm.nix",
-        "rev": "d3a9b7504d420a1ffd7c83c1bb8fe57deaf939d2",
+        "rev": "773d5a04e2e10ca7b412270dea11276a496e1b61",
         "type": "github"
       },
       "original": {
@@ -145,11 +145,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1737057290,
+        "lastModified": 1742568034,
-        "narHash": "sha256-3Pe0yKlCc7EOeq1X/aJVDH0CtNL+tIBm49vpepwL1MQ=",
+        "narHash": "sha256-QaMEhcnscfF2MqB7flZr+sLJMMYZPnvqO4NYf9B4G38=",
         "owner": "nix-community",
         "repo": "nixos-generators",
-        "rev": "d002ce9b6e7eb467cd1c6bb9aef9c35d191b5453",
+        "rev": "42ee229088490e3777ed7d1162cb9e9d8c3dbb11",
         "type": "github"
       },
       "original": {
@@ -160,11 +160,11 @@
     },
     "nixos-hardware": {
       "locked": {
-        "lastModified": 1738816619,
+        "lastModified": 1744366945,
-        "narHash": "sha256-5yRlg48XmpcX5b5HesdGMOte+YuCy9rzQkJz+imcu6I=",
+        "narHash": "sha256-OuLhysErPHl53BBifhesrRumJNhrlSgQDfYOTXfgIMg=",
         "owner": "NixOS",
         "repo": "nixos-hardware",
-        "rev": "2eccff41bab80839b1d25b303b53d339fbb07087",
+        "rev": "1fe3cc2bc5d2dc9c81cb4e63d2f67c1543340df1",
         "type": "github"
       },
       "original": {
@@ -192,11 +192,11 @@
     },
     "nixpkgs-unstable": {
       "locked": {
-        "lastModified": 1739020877,
+        "lastModified": 1744232761,
-        "narHash": "sha256-mIvECo/NNdJJ/bXjNqIh8yeoSjVLAuDuTUzAo7dzs8Y=",
+        "narHash": "sha256-gbl9hE39nQRpZaLjhWKmEu5ejtQsgI5TWYrIVVJn30U=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "a79cfe0ebd24952b580b1cf08cd906354996d547",
+        "rev": "f675531bc7e6657c10a18b565cfebd8aa9e24c14",
         "type": "github"
       },
       "original": {
@@ -208,11 +208,11 @@
     },
     "nixpkgs_2": {
       "locked": {
-        "lastModified": 1739206421,
+        "lastModified": 1744309437,
-        "narHash": "sha256-PwQASeL2cGVmrtQYlrBur0U20Xy07uSWVnFup2PHnDs=",
+        "narHash": "sha256-QZnNHM823am8apCqKSPdtnzPGTy2ZB4zIXOVoBp5+W0=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "44534bc021b85c8d78e465021e21f33b856e2540",
+        "rev": "f9ebe33a928b5d529c895202263a5ce46bdf12f7",
         "type": "github"
       },
       "original": {
@@ -246,11 +246,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1739262228,
+        "lastModified": 1744103455,
-        "narHash": "sha256-7JAGezJ0Dn5qIyA2+T4Dt/xQgAbhCglh6lzCekTVMeU=",
+        "narHash": "sha256-SR6+qjkPjGQG+8eM4dCcVtss8r9bre/LAxFMPJpaZeU=",
         "owner": "Mic92",
         "repo": "sops-nix",
-        "rev": "07af005bb7d60c7f118d9d9f5530485da5d1e975",
+        "rev": "69d5a5a4635c27dae5a742f36108beccc506c1ba",
         "type": "github"
       },
       "original": {

machines/modules/host_builder.nix

@@ -133,6 +133,13 @@ rec {
           mountPoint = "/var";
           tag = "var";
         }
+      ] ++ pkgs.lib.optionals (options.dataPath != "") [
+        {
+          source = "${options.dataPath}";
+          securityModel = "mapped";
+          mountPoint = "/data";
+          tag = "data";
+        }
       ]);
 
       interfaces = pkgs.lib.mkIf (!options.withNetworking) (pkgs.lib.mkForce [{
@@ -209,6 +216,7 @@ rec {
             (vmMicroVMOverwrites name { 
               withNetworking = true; 
               varPath = ""; 
+              dataPath = "";
               writableStore = false; })
             (if sopsDummy then (vmSopsOverwrites name) else {})
           ]);
@@ -218,11 +226,12 @@ rec {
     builtins.listToAttrs (map mapperFunc self.nixosConfigurations.${host}.config.services.malobeo.microvm.deployHosts));
   };
 
-  buildVM = host: networking: sopsDummy: disableDisko: varPath: writableStore: fwdPort: (self.nixosConfigurations.${host}.extendModules {
+  buildVM = host: networking: sopsDummy: disableDisko: varPath: dataPath: writableStore: fwdPort: (self.nixosConfigurations.${host}.extendModules {
       modules = [
           (vmMicroVMOverwrites host { 
             withNetworking = networking; 
             varPath = "${varPath}"; 
+            dataPath = "${dataPath}"; 
             writableStore = writableStore;
             fwdPort = fwdPort; })
           (if sopsDummy then (vmSopsOverwrites host) else {})

machines/nextcloud/configuration.nix

@@ -33,7 +33,7 @@ with lib;
 
   services.nextcloud = {
     enable = true;
-    package = pkgs.nextcloud30;
+    package = pkgs.nextcloud31;
     hostName = "cloud.malobeo.org";
     config.adminpassFile = config.sops.secrets.nextcloudAdminPass.path;
     #https = true; #disable for testing
@@ -47,10 +47,10 @@ with lib;
     };
     extraAppsEnable = true;
     extraApps = {
-      inherit (config.services.nextcloud.package.packages.apps) contacts calendar deck polls registration;
+      inherit (config.services.nextcloud.package.packages.apps) contacts calendar deck polls registration collectives forms;
-      collectives = pkgs.fetchNextcloudApp {
+      appointments = pkgs.fetchNextcloudApp {
-        sha256 = "sha256-cj/8FhzxOACJaUEu0eG9r7iAQmnOG62yFHeyUICalFY=";
+        sha256 = "sha256-ls1rLnsX7U9wo2WkEtzhrvliTcWUl6LWXolE/9etJ78=";
-        url = "https://github.com/nextcloud/collectives/releases/download/v2.15.2/collectives-2.15.2.tar.gz";
+        url = "https://github.com/SergeyMosin/Appointments/raw/refs/tags/v2.4.3/build/artifacts/appstore/appointments.tar.gz";
         license = "agpl3Plus";
       };
     };
@@ -62,7 +62,7 @@ with lib;
     };
     phpOptions = {
       "realpath_cache_size" = "0";
-      "opcache.interned_strings_buffer" = "23";
+      "opcache.interned_strings_buffer" = "32";
     };
   };
 

scripts/run-vm.sh

@@ -6,6 +6,7 @@ usage() {
     echo "--no-disko disable disko and initrd secrets. needed for real hosts like fanny"
     echo "--writable-store enables writable store. necessary for host with nested imperative microvms like fanny"
     echo "--var path to directory that should be shared as /var. may require root otherwise some systemd units fail within vm. if dir is empty vm will populate"
+    echo "--data path to directory that should be shared as /data"
     echo "--fwd-port forwards the given port to port 80 on vm"
     exit 1
 }
@@ -23,6 +24,7 @@ DUMMY_SECRETS=false
 NO_DISKO=false
 RW_STORE=false
 VAR_PATH=""
+DATA_PATH=""
 FWD_PORT=0
 
 # check argws
@@ -42,6 +44,15 @@ while [[ "$#" -gt 0 ]]; do
               usage
           fi
           ;;
+        --data) 
+          if [[ -n "$2" && ! "$2" =~ ^- ]]; then
+              DATA_PATH="$2"
+              shift
+          else
+              echo "Error: --data requires a non-empty string argument."
+              usage
+          fi
+          ;;
         --fwd-port) 
           if [[ -n "$2" && ! "$2" =~ ^- ]]; then
               FWD_PORT="$2"
@@ -64,4 +75,8 @@ if [ -n "$VAR_PATH" ]; then
   echo "sharing var directory: $VAR_PATH"
 fi
 
-nix run --show-trace --impure --expr "((builtins.getFlake \"$(pwd)\").vmBuilder.x86_64-linux \"$HOSTNAME\" $NETWORK $DUMMY_SECRETS $NO_DISKO \"$VAR_PATH\" $RW_STORE $FWD_PORT).config.microvm.declaredRunner"
+if [ -n "$DATA_PATH" ]; then
+  echo "sharing data directory: $DATA_PATH"
+fi
+
+nix run --show-trace --impure --expr "((builtins.getFlake \"$(pwd)\").vmBuilder.x86_64-linux \"$HOSTNAME\" $NETWORK $DUMMY_SECRETS $NO_DISKO \"$VAR_PATH\" \"$DATA_PATH\" $RW_STORE $FWD_PORT).config.microvm.declaredRunner"