feat: declarative password salt, secret config

[karaolidis]

Summary

Adds --password-salt and --secret options to maintenance:install for fully declarative deployments (e.g., sops-nix, Ansible Vault). Values are validated for minimum length and fall back to random generation if not provided.

Running this in my homelab for months without issues.

TODO

I have not added unit tests to this commit as the main change is in the install function that has a lot of side effects. Looking for comments in regards to how to implement this, if at all.

Checklist

• Code is properly formatted
• Sign-off message is added to all commits
• Tests (unit, integration, api and/or acceptance) are included
• Screenshots before/after for front-end changes
• Documentation (manuals or wiki) has been updated or is not required
• Backports requested where applicable (ex: critical bugfixes)
• Labels added where applicable (ex: bug/enhancement, 3. to review, feature component)
• Milestone added for target branch/version (ex: 32.x for stable32)

[provokateurin]

I also use Nextcloud in a declarative environment using NixOS and I'm not 100% sure if this is needed or not. If you restore a backup, you'd have those values in your config.php. The backup would always contain the config.php and your database, so they would be in sync anyway.

Maybe you can explain a bit what this fixes? I'm not against merging it, just wondering what pain point this removes.

[karaolidis]

I also use Nextcloud in a declarative environment using NixOS and I'm not 100% sure if this is needed or not. If you restore a backup, you'd have those values in your config.php. The backup would always contain the config.php and your database, so they would be in sync anyway.

Maybe you can explain a bit what this fixes? I'm not against merging it, just wondering what pain point this removes.

This is not necessarily a "fix", I'd just like to be able to fully control the values of all parameters instead of having Nextcloud generate them randomly, to make it easier to pre-generate a reproducible config.php/deployment.

[provokateurin]

LGTM, just one minor change.

[provokateurin]

Cool, thanks!

[nickvergessen]

Would be good to run the PR from within our repo to see CI
So the cypress setup and others still pass.

[provokateurin]

I'll do a local copy 👍

[provokateurin]

#57994

[provokateurin]

Rebased to fix CI

[welcome]

Thanks for your first pull request and welcome to the community! Feel free to keep them coming! If you are looking for issues to tackle then have a look at this selection: https://github.com/nextcloud/server/issues?q=is%3Aopen+is%3Aissue+label%3A%22good+first+issue%22

[github-actions]

Hello there,
Thank you so much for taking the time and effort to create a pull request to our Nextcloud project.

We hope that the review process is going smooth and is helpful for you. We want to ensure your pull request is reviewed to your satisfaction. If you have a moment, our community management team would very much appreciate your feedback on your experience with this PR review process.

Your feedback is valuable to us as we continuously strive to improve our community developer experience. Please take a moment to complete our short survey by clicking on the following link: https://cloud.nextcloud.com/apps/forms/s/i9Ago4EQRZ7TWxjfmeEpPkf6

Thank you for contributing to Nextcloud and we hope to hear from you soon!

(If you believe you should not receive this message, you can add yourself to the blocklist.)