additional question: nextcloud seems to enable by default a bunch of plugins like “weather” / “user status”.
Not entirely sure. IIRC these apps are in a different directory, so one could disable them from the app search-path. Not sure how that would behave though, but feel free to try it out, not sure if I’d get to it soonish.
However I’d like to note one thing: I don’t want to have an approach as it was pursued with Wordpress in nixpkgs where every theme delivered by default etc. was removed at some point. This is just confusing when you’re used to non-Nix deployments (and the actual upstream defaults because of that!) and migrating to such a change is also rather unpleasant.
The administrative check also had a warning about unset default_phone_region. Could we convert this from the machine locale or set a default ? Solved by setting config.defaultPhoneRegion = “FR”;` .
I don’t think that machine locale is a good default: I guess almost every server will have en_US or something similar to that set, so this is wrong in most of the cases. Also, the warning is for exactly that purpose, to inform about such a problem.
It refused to send the email because the root user had to configure an email first. My thinking is: should we mandate an email for the admin and send the validation email via occ ?
You were logged in as root to be able to see these checks, correct? And Nextcloud is sending emails to that user when testing the feature with this button, so I don’t think that we should mandate this just to make a test work. Also, not only root, but an arbitrary user can become admin (relevant when e.g. syncing a user directory via LDAP to nextcloud).
and one of the closest to my heart is: what’s the best way to declare users ?
While the NixOS wiki isn’t an official source (and thus I’m not responsible for the nextcloud section there), I don’t think that this is a good idea: you’re running a service once and you can’t do that afterwords because the user already exists. Even worse, if you ever rotate your password, you have two options:
- either rotate it in your deployment (assuming that
/run/secrets/...comes from e.g. sops-nix) even though this won’t have any effect - or keep it as-is and have outdated information in your deployment, even though it’s supposed to be your source of truth.
My recommendation is to just create users manually if your instance is small enough to not use any sofisticated methods such as syncing your LDAP directory (which is the way to go IMHO if you have an amount of users where this is an actual problem) for the following reasons:
- If you ever have to setup a new Nextcloud, you’ll probably re-apply a database dump and restore your backup of
/var/lib/nextcloudto regain your old state. - Setting up such a service (which isn’t even a very nice solution IMHO) will take way more time than filling out a form once (and the benefit of being declarative isn’t provided in that case, so it’s not worth the hassle IMHO).
The administrative check also mentioned something that I am eager to fix but got scared to change:
How to you reverse-proxy nginx? Do you use the https settings from the module or do you use a reverse-proxy on another machine?
Could the nix setting disable the theming app as well ? I am curious how to do it via nix anyway ?
As mentioned above, feel free to explore ways to disable default apps. But given that imagemagick isn’t available, this won’t work by default, so this warning should be OK to ignore IMHO.