mirror of
https://github.com/SebastianWendel/nixpkgs.git
synced 2024-09-21 04:49:01 +02:00
nixos/nextcloud: make profile.enabled
configurable
I recently learned that Nextcloud 23's new profile feature — basically a way for users to share personal contact details — has a problematic default setting, profile data is shared with **everyone** by default. This means that an unauthenticated user can access personal information by accessing `nextcloud.tld/u/user.name`. The announcement of v23 states[1]: > We go a step further and introduce a profile page. Here you can put a > description of yourself, show links to, for example, social media, what > department you are in and information on how to contact you. All these > are of course entirely optional and you can choose what is visible to who! > The profile and user status are accessible also from our mobile and desktop clients. It's not mentioned that by default you share personal information[3] with everyone and personally I think that's somewhat problematic. To work around that, I decided to add an option for the recently added[2] and even set it to `false` by default to make an explicit opt-in for that feature. [1] https://nextcloud.com/blog/nextcloud-hub-2-brings-major-overhaul-introducing-nextcloud-office-p2p-backup-and-more/ [2] https://github.com/nextcloud/server/pull/31624/files [3] By default, this affects the following properties: * About * Full name * Headline * Organisation * Profile picture * Role * Twitter * Website Phone, Address and Email are not affected and only shown to authenticated users by default.
This commit is contained in:
parent
d40bc361cc
commit
9931c4a407
|
@ -522,6 +522,29 @@ in {
|
||||||
The nextcloud-occ program preconfigured to target this Nextcloud instance.
|
The nextcloud-occ program preconfigured to target this Nextcloud instance.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
globalProfiles = mkEnableOption "global profiles" // {
|
||||||
|
description = ''
|
||||||
|
Makes user-profiles globally available under <literal>nextcloud.tld/u/user.name</literal>.
|
||||||
|
Even though it's enabled by default in Nextcloud, it must be explicitly enabled
|
||||||
|
here because it has the side-effect that personal information is even accessible to
|
||||||
|
unauthenticated users by default.
|
||||||
|
|
||||||
|
By default, the following properties are set to <quote>Show to everyone</quote>
|
||||||
|
if this flag is enabled:
|
||||||
|
<itemizedlist>
|
||||||
|
<listitem><para>About</para></listitem>
|
||||||
|
<listitem><para>Full name</para></listitem>
|
||||||
|
<listitem><para>Headline</para></listitem>
|
||||||
|
<listitem><para>Organisation</para></listitem>
|
||||||
|
<listitem><para>Profile picture</para></listitem>
|
||||||
|
<listitem><para>Role</para></listitem>
|
||||||
|
<listitem><para>Twitter</para></listitem>
|
||||||
|
<listitem><para>Website</para></listitem>
|
||||||
|
</itemizedlist>
|
||||||
|
|
||||||
|
Only has an effect in Nextcloud 23 and later.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
nginx.recommendedHttpHeaders = mkOption {
|
nginx.recommendedHttpHeaders = mkOption {
|
||||||
type = types.bool;
|
type = types.bool;
|
||||||
|
@ -650,6 +673,8 @@ in {
|
||||||
if x == null then "false"
|
if x == null then "false"
|
||||||
else boolToString x;
|
else boolToString x;
|
||||||
|
|
||||||
|
nextcloudGreaterOrEqualThan = req: versionAtLeast cfg.package.version req;
|
||||||
|
|
||||||
overrideConfig = pkgs.writeText "nextcloud-config.php" ''
|
overrideConfig = pkgs.writeText "nextcloud-config.php" ''
|
||||||
<?php
|
<?php
|
||||||
${optionalString requiresReadSecretFunction ''
|
${optionalString requiresReadSecretFunction ''
|
||||||
|
@ -689,6 +714,7 @@ in {
|
||||||
'trusted_domains' => ${writePhpArrary ([ cfg.hostName ] ++ c.extraTrustedDomains)},
|
'trusted_domains' => ${writePhpArrary ([ cfg.hostName ] ++ c.extraTrustedDomains)},
|
||||||
'trusted_proxies' => ${writePhpArrary (c.trustedProxies)},
|
'trusted_proxies' => ${writePhpArrary (c.trustedProxies)},
|
||||||
${optionalString (c.defaultPhoneRegion != null) "'default_phone_region' => '${c.defaultPhoneRegion}',"}
|
${optionalString (c.defaultPhoneRegion != null) "'default_phone_region' => '${c.defaultPhoneRegion}',"}
|
||||||
|
${optionalString (nextcloudGreaterOrEqualThan "23") "'profile.enabled' => ${boolToString cfg.globalProfiles}"}
|
||||||
${objectstoreConfig}
|
${objectstoreConfig}
|
||||||
];
|
];
|
||||||
'';
|
'';
|
||||||
|
|
Loading…
Reference in a new issue