feat: declarative password salt, secret config

[karaolidis]

Summary

Adds --password-salt and --secret options to maintenance:install for fully declarative deployments (e.g., sops-nix, Ansible Vault). Values are validated for minimum length and fall back to random generation if not provided.

Running this in my homelab for months without issues.

TODO

I have not added unit tests to this commit as the main change is in the install function that has a lot of side effects. Looking for comments in regards to how to implement this, if at all.

Checklist

• Code is properly formatted
• Sign-off message is added to all commits
• Tests (unit, integration, api and/or acceptance) are included
• Screenshots before/after for front-end changes
• Documentation (manuals or wiki) has been updated or is not required
• Backports requested where applicable (ex: critical bugfixes)
• Labels added where applicable (ex: bug/enhancement, 3. to review, feature component)
• Milestone added for target branch/version (ex: 32.x for stable32)

[provokateurin]

I also use Nextcloud in a declarative environment using NixOS and I'm not 100% sure if this is needed or not. If you restore a backup, you'd have those values in your config.php. The backup would always contain the config.php and your database, so they would be in sync anyway.

Maybe you can explain a bit what this fixes? I'm not against merging it, just wondering what pain point this removes.

[karaolidis]

I also use Nextcloud in a declarative environment using NixOS and I'm not 100% sure if this is needed or not. If you restore a backup, you'd have those values in your config.php. The backup would always contain the config.php and your database, so they would be in sync anyway.

Maybe you can explain a bit what this fixes? I'm not against merging it, just wondering what pain point this removes.

This is not necessarily a "fix", I'd just like to be able to fully control the values of all parameters instead of having Nextcloud generate them randomly, to make it easier to pre-generate a reproducible config.php/deployment.

[provokateurin]

LGTM, just one minor change.

[provokateurin]

Cool, thanks!

[nickvergessen]

Would be good to run the PR from within our repo to see CI
So the cypress setup and others still pass.

[provokateurin]

I'll do a local copy 👍

[provokateurin]

#57994

[provokateurin]

Rebased to fix CI

[welcome]

Thanks for your first pull request and welcome to the community! Feel free to keep them coming! If you are looking for issues to tackle then have a look at this selection: https://github.com/nextcloud/server/issues?q=is%3Aopen+is%3Aissue+label%3A%22good+first+issue%22