feat: Delete nextcloud admin user (#133)

Co-authored-by: Alexander Tomokhov <alexoundos@selfprivacy.org> Reviewed-on: https://git.selfprivacy.org/SelfPrivacy/selfprivacy-nixos-config/pulls/133
2025-04-25 14:21:44 +03:00
parent 72472e8edf
commit 547eb00544
3 changed files with 21 additions and 1 deletions
--- a/sp-modules/nextcloud/config-paths-needed.json
+++ b/sp-modules/nextcloud/config-paths-needed.json
@@ -13,6 +13,7 @@
  [ "selfprivacy", "passthru", "auth", "oauth2-discovery-url" ],
  [ "selfprivacy", "passthru", "auth", "oauth2-provider-name" ],
  [ "selfprivacy", "passthru", "auth", "oauth2-systemd-service" ],
+  [ "selfprivacy", "workarounds", "deleteNextcloudAdmin" ],
  [ "selfprivacy", "sso", "enable" ],
  [ "selfprivacy", "useBinds" ],
  [ "services", "nextcloud" ],
--- a/sp-modules/nextcloud/module.nix
+++ b/sp-modules/nextcloud/module.nix
@@ -11,6 +11,7 @@ let

  hostName = "${cfg.subdomain}.${sp.domain}";
  auth-passthru = config.selfprivacy.passthru.auth;
+  deleteNextcloudAdmin = config.selfprivacy.workarounds.deleteNextcloudAdmin;
  cfg = sp.modules.nextcloud;
  is-auth-enabled = cfg.enableSso && config.selfprivacy.sso.enable;
  ldap_scheme_and_host = "ldaps://${auth-passthru.ldap-host}";
@@ -89,7 +90,7 @@ in
    }) // {
      meta = {
        type = "bool";
-        weight = 3;
+        weight = 4;
      };
    };
  };
@@ -317,6 +318,12 @@ in
          --mapping-groups=groups \
          --group-provisioning=1 \
          -vvv
+
+        '' + lib.optionalString deleteNextcloudAdmin ''
+          if [[ ! -f /var/lib/nextcloud/.admin-user-deleted ]]; then
+            ${occ} user:delete admin
+            touch /var/lib/nextcloud/.admin-user-deleted
+          fi
        '';
      };
      selfprivacy.auth.clients."${oauthClientID}" = {