diff --git a/nixos/modules/services/web-apps/nextcloud.nix b/nixos/modules/services/web-apps/nextcloud.nix
index f74b6bda0caf..a4b886821ebf 100644
--- a/nixos/modules/services/web-apps/nextcloud.nix
+++ b/nixos/modules/services/web-apps/nextcloud.nix
@@ -522,6 +522,29 @@ in {
The nextcloud-occ program preconfigured to target this Nextcloud instance.
'';
};
+ globalProfiles = mkEnableOption "global profiles" // {
+ description = ''
+ Makes user-profiles globally available under nextcloud.tld/u/user.name.
+ Even though it's enabled by default in Nextcloud, it must be explicitly enabled
+ here because it has the side-effect that personal information is even accessible to
+ unauthenticated users by default.
+
+ By default, the following properties are set to Show to everyone
+ if this flag is enabled:
+
+ About
+ Full name
+ Headline
+ Organisation
+ Profile picture
+ Role
+ Twitter
+ Website
+
+
+ Only has an effect in Nextcloud 23 and later.
+ '';
+ };
nginx.recommendedHttpHeaders = mkOption {
type = types.bool;
@@ -650,6 +673,8 @@ in {
if x == null then "false"
else boolToString x;
+ nextcloudGreaterOrEqualThan = req: versionAtLeast cfg.package.version req;
+
overrideConfig = pkgs.writeText "nextcloud-config.php" ''
${writePhpArrary ([ cfg.hostName ] ++ c.extraTrustedDomains)},
'trusted_proxies' => ${writePhpArrary (c.trustedProxies)},
${optionalString (c.defaultPhoneRegion != null) "'default_phone_region' => '${c.defaultPhoneRegion}',"}
+ ${optionalString (nextcloudGreaterOrEqualThan "23") "'profile.enabled' => ${boolToString cfg.globalProfiles}"}
${objectstoreConfig}
];
'';