diff --git a/selfprivacy-module.nix b/selfprivacy-module.nix index a90435b..7aeba84 100644 --- a/selfprivacy-module.nix +++ b/selfprivacy-module.nix @@ -159,5 +159,17 @@ with lib; You can put whatever you want here. ''; }; + ################# + # Workarounds # + ################# + workarounds = { + deleteNextcloudAdmin = mkOption { + description = '' + Whether to delete an admin user, which is initially created + ''; + type = types.bool; + default = false; + }; + }; }; } diff --git a/sp-modules/nextcloud/config-paths-needed.json b/sp-modules/nextcloud/config-paths-needed.json index ca7356a..0964f8d 100644 --- a/sp-modules/nextcloud/config-paths-needed.json +++ b/sp-modules/nextcloud/config-paths-needed.json @@ -13,6 +13,7 @@ [ "selfprivacy", "passthru", "auth", "oauth2-discovery-url" ], [ "selfprivacy", "passthru", "auth", "oauth2-provider-name" ], [ "selfprivacy", "passthru", "auth", "oauth2-systemd-service" ], + [ "selfprivacy", "workarounds", "deleteNextcloudAdmin" ], [ "selfprivacy", "sso", "enable" ], [ "selfprivacy", "useBinds" ], [ "services", "nextcloud" ], diff --git a/sp-modules/nextcloud/module.nix b/sp-modules/nextcloud/module.nix index c762efd..c58c036 100644 --- a/sp-modules/nextcloud/module.nix +++ b/sp-modules/nextcloud/module.nix @@ -11,6 +11,7 @@ let hostName = "${cfg.subdomain}.${sp.domain}"; auth-passthru = config.selfprivacy.passthru.auth; + deleteNextcloudAdmin = config.selfprivacy.workarounds.deleteNextcloudAdmin; cfg = sp.modules.nextcloud; is-auth-enabled = cfg.enableSso && config.selfprivacy.sso.enable; ldap_scheme_and_host = "ldaps://${auth-passthru.ldap-host}"; @@ -89,7 +90,7 @@ in }) // { meta = { type = "bool"; - weight = 3; + weight = 4; }; }; }; @@ -317,6 +318,12 @@ in --mapping-groups=groups \ --group-provisioning=1 \ -vvv + + '' + lib.optionalString deleteNextcloudAdmin '' + if [[ ! -f /var/lib/nextcloud/.admin-user-deleted ]]; then + ${occ} user:delete admin + touch /var/lib/nextcloud/.admin-user-deleted + fi ''; }; selfprivacy.auth.clients."${oauthClientID}" = {