alioth/nixpkgs
3
0
Fork 0
forked from mirrors/nixpkgs
Code Releases Activity
236808 commits 217 branches 121 tags 4.5 GiB
Commit graph

309 commits

Author SHA1 Message Date
Maximilian Bosch 702f645aa8
nixos/nextcloud: implement a safe upgrade-path between 19.09 and 20.03 
It's impossible to move two major-versions forward when upgrading
Nextcloud. This is an issue when comming from 19.09 (using Nextcloud 16)
and trying to upgrade to 20.03 (using Nextcloud 18 by default).

This patch implements the measurements discussed in #82056 and #82353 to
improve the update process and to circumvent similar issues in the
future:

* `pkgs.nextcloud` has been removed in favor of versioned attributes
  (currently `pkgs.nextcloud17` and `pkgs.nextcloud18`). With that
  approach we can safely backport major-releases in the future to
  simplify those upgrade-paths and we can select one of the
  major-releases as default depending on the configuration (helpful to
  decide whether e.g. `pkgs.nextcloud17` or `pkgs.nextcloud18` should be
  used on 20.03 and `master` atm).

* If `system.stateVersion` is older than `20.03`, `nextcloud17` will be
  used (which is one major-release behind v16 from 19.09). When using a
  package older than the latest major-release available (currently v18),
  the evaluation will cause a warning which describes the issue and
  suggests next steps.

  To make those package-selections easier, a new option to define the
  package to be used for the service (namely
  `services.nextcloud.package`) was introduced.

* If `pkgs.nextcloud` exists (e.g. due to an overlay which was used to
  provide more recent Nextcloud versions on older NixOS-releases), an
  evaluation error will be thrown by default: this is to make sure that
  `services.nextcloud.package` doesn't use an older version by accident
  after checking the state-version. If `pkgs.nextcloud` is added
  manually, it needs to be declared explicitly in
  `services.nextcloud.package`.

* The `nixos/nextcloud`-documentation contains a
  "Maintainer information"-chapter  which describes how to roll out new
  Nextcloud releases and how to deal with old (and probably unsafe)
  versions.

Closes #82056
 2020-03-25 22:07:29 +01:00
WilliButz 68410b08be
nixos/codimd: update useCDN default to false 2020-02-28 14:36:46 +01:00
Aaron Andersen 4d67db3101
Merge pull request #80849 from BBBSnowball/pull-load-imagick-once 
nixos/nextcloud: avoid loading imagick extension more than once
 2020-02-26 17:17:55 -05:00
Pascal Bach 119a7aae50 nixos/nextcloud: prevent warning about missing X-Frame-Option 2020-02-24 22:07:24 +01:00
Benjamin Koch db32158bbd nixos/nextcloud: avoid loading imagick extension more than once 
This avoids the following error message:
  Module 'imagick' already loaded at Unknown#0
 2020-02-23 00:40:49 +00:00
David Wood 60a3d9dd6b nixos/jirefeau: add services.jirafeau module 
Signed-off-by: David Wood <david.wood@codeplay.com>
 2020-02-18 09:37:44 -08:00
Ryan Mulligan 5a358eade8
Merge pull request #69125 from jslight90/mattermost-5.15 
mattermost: 5.9.0 -> 5.15.0
 2020-02-12 20:56:00 -08:00
Maximilian Bosch 13f7b75553
nixos/grocy: init module 
Co-authored-by: elseym <elseym@me.com>
 2020-02-09 21:55:27 +01:00
Aaron Andersen 01ccb67598 nixos/httpd: code cleanup 2020-01-31 20:39:12 -05:00
Marek Mahut 942568b8ea
Merge pull request #77830 from 1000101/dokuwiki 
nixos/dokuwiki: init module
 2020-01-25 10:08:14 +01:00
Jan Hrnko 8bab2dec10 nixos/dokuwiki: init module at 2018-04-22b 2020-01-24 13:27:10 +01:00
Lennart 4e6e94417c nixos/nextcloud: added trusted_proxies setting (#77480) 2020-01-11 15:43:43 +01:00
Léo Gaspard b31660e5bb
Merge branch 'master' into ihatemoney 2020-01-09 03:49:03 +01:00
rnhmjoj 1d61efb7f1 treewide: use attrs instead of list for types.loaOf options 2020-01-06 10:39:18 -05:00
Daniel Frank 6d671372b5
nextcloud module: https is important not only for proxies 2019-12-31 13:01:46 +01:00
Aaron Andersen 79215f0df1 nixos/httpd: limit serving web content to virtual hosts, convert virtualHosts option type from listOf to attrsOf, add ACME integration 2019-12-24 20:27:48 -05:00
Aaron Andersen 133a5c345c
Merge pull request #74763 from nek0/restya-board-config-fix 
restya-board: Restya board config fix
 2019-12-23 07:42:37 -05:00
nek0 acd1240fd1 restya-board: fix configuration option and switch to file based password provisioning 2019-12-23 05:45:15 +01:00
Christian Kampka 9f97485399
trilium-server: Add nginx reverse proxy configuration to module 2019-12-19 10:14:13 +01:00
Christian Kampka 82f038d468
trilium-server: Add module 2019-12-19 10:14:12 +01:00
Silvan Mosberger 4ee3e8b21d
nixos/treewide: Move rename.nix imports to their respective modules 
A centralized list for these renames is not good because:
- It breaks disabledModules for modules that have a rename defined
- Adding/removing renames for a module means having to find them in the
central file
- Merge conflicts due to multiple people editing the central file
 2019-12-10 02:51:19 +01:00
Janne Heß d21f5cf36f nixos/nextcloud: Do not run sudo if not needed 
Only use sudo if we are currently not running as the nextcloud user.
This is problematic when occ is called from a systemd service with
NoNewPrivileges=true
 2019-12-07 21:10:34 +01:00
Jason Samsa 7e564ae162 remove vulgarity from wordpress nixos module 2019-12-04 12:45:40 -06:00
Aaron Andersen 5988940ca7
Merge pull request #73577 from helsinki-systems/matomo-consistency 
matomo: Fix consistency check
 2019-11-27 18:07:20 -05:00
Jean-Philippe Braun 4ea4408b9c nixos/nextcloud: add occ in path of nextcloud-setup 
This makes possible to use nextcloud-occ for setting extra
configuration options.

Example:

  systemd.services.nextcloud-setup = {
    script = mkAfter ''
      nextcloud-occ config:system:set redis 'host' --value '/var/run/redis/redis.sock' --type string
      nextcloud-occ config:system:set redis 'port' --value 0 --type integer
    '';
  };
 2019-11-19 23:59:26 +01:00
Janne Heß 08b9cac6d5 matomo: Fix consistency check 
This is done by recalculating sizes and md5 hashes and inserting them
into the manifest.
 2019-11-18 14:52:47 +01:00
Marek Mahut e51f707437
Merge pull request #72729 from mmahut/trac 
nixos/trac: init
 2019-11-04 17:53:49 +01:00
Marek Mahut 794c919765
Merge pull request #68327 from mmilata/moin 
nixos/moinmoin: init module
 2019-11-03 21:36:12 +01:00
Marek Mahut f3b8d9bae3 nixos/trac: service init 2019-11-03 17:24:08 +01:00
Symphorien Gibol 32d2266d0d ihatemoney: init at 4.1 plus module and test 2019-11-02 12:00:00 +00:00
Silvan Mosberger dd0a47e7ae
treewide: Switch to system users (#71055) 
treewide: Switch to system users
 2019-11-01 13:26:43 +01:00
Renaud e69fd930ed
Merge pull request #72193 from Ma27/bump-nexus 
nexus: 3.18.1-01 -> 3.19.1-01
 2019-11-01 08:55:24 +01:00
Maximilian Bosch df7727042f
nexus: 3.18.1-01 -> 3.19.1-01 
Relevant release notes:

* https://help.sonatype.com/repomanager3/release-notes/2019-release-notes#id-2019ReleaseNotes-RepositoryManager3.19.1
* https://help.sonatype.com/repomanager3/release-notes/2019-release-notes#id-2019ReleaseNotes-RepositoryManager3.19.0

Also added `preferLocalBuild = true;` to prevent builds on remote
machines as this only means elevated network access (tarball is fetched
locally and uploaded to the builder) and the build is fairly trivial.

To fix the startup I had to add the JVM parameter `java.endorsed.dirs`
to ensure that all libraries are loaded properly[1].

[1] https://issues.sonatype.org/browse/NEXUS-21603
 2019-10-28 21:34:55 +01:00
Robert Djubek 6ea626d3e2
nixos/matomo: fix deprecation warnings 
Fixes the phpfpm deprecation warnings about listen and extraConfig by
using fpm.socket and settings. Removes phpfpmProcessManagerConfig.
 2019-10-28 05:07:27 +00:00
Aaron Andersen 33474166e3
Merge pull request #69436 from tshaynik/fix/nextcloud-nginx-sts 
nixos/nextcloud: add Strict-Transport-Security
 2019-10-26 12:34:36 -04:00
Maximilian Bosch 4a5c0e029d
Merge pull request #71963 from dtzWill/security/nextcloud17-php-and-nginx-config 
Address nextcloud "urgent security issue" w/nginx per upstream recs
 2019-10-25 19:12:18 +02:00
Martin Milata ad034104cc nixos/moin: init 2019-10-25 17:51:09 +02:00
Maximilian Bosch 3461ec2ffd
nixos/gotify: init module and test 2019-10-25 16:19:41 +02:00
Will Dietz f6c45bff6d
nixos/nextcloud: update config for "urgent security issue" 
https://nextcloud.com/blog/urgent-security-issue-in-nginx-php-fpm/
 2019-10-25 06:50:29 -05:00
Janne Heß d6c08776ba treewide: Switch to system users 2019-10-12 22:25:28 +02:00
Mario Rodas af4351ab85
Merge pull request #69255 from minijackson/init-shiori 
Init shiori
 2019-10-12 09:01:58 -05:00
elseym 93fa16f939
documize: introduce state directory 2019-10-05 00:40:44 +02:00
Daniel KT 4590a2380e nixos/nextcloud: add Strict-Transport-Security 
This commit adds a Strict-Transport-Security header to
the nginx config file generated by the nextcloud module.

The Strict-Transport-Security header is recommended in
official guide for hardening Nextcloud installations:
https://docs.nextcloud.com/server/16/admin_manual/installation/harden_server.html

Further, if it is not set, we see a warning in the security scan results
in the Nextcloud admin panel:

```
The "Strict-Transport-Security" HTTP header is not set to at least "15552000" seconds. For enhanced security, it is recommended to enable HSTS as described in the security tips

```
 2019-09-25 16:56:53 -04:00
Jörg Thalheim bfed455de3
Merge pull request #68946 from volth/escape 
treewide: fix string escapes
 2019-09-24 04:19:12 +01:00
Jeff Slight 346a6ce265 nixos/mattermost: use database config if set to immutable 2019-09-23 14:56:41 -07:00
Minijackson 367cd2c7f8
nixos/shiori: init with test 2019-09-22 18:48:07 +02:00
Martin Milata 2adb03fdae nixos/wordpress: generate secrets locally 
Use /dev/urandom to generate keys and salts instead of downloading them
from https://api.wordpress.org/secret-key/1.1/salt/
 2019-09-22 14:33:08 +02:00
Jeff Slight 366be2ea32 nixos/mattermost: unescape unicode characters in config.json 2019-09-19 16:41:37 -07:00
Eelco Dolstra b0ccd6dd16
Revert "nixos/doc: re-format" 
This reverts commit ea6e8775bd. The new
format is not an improvement.
 2019-09-19 19:17:30 +02:00
Jan Tojnar ea6e8775bd
nixos/doc: re-format 2019-09-18 22:13:35 +02:00
volth 48086fbd70
nixos/matomo: fix escape 2019-09-17 00:27:13 +00:00
volth 432a2d73be
nixos/tt-rss: fix string escape 2019-09-17 00:23:51 +00:00
volth 4641b683f6
nixos/restya-board: fix string escape 2019-09-17 00:22:56 +00:00
volth 08195254aa
nixos/matomo: fix string escape 2019-09-17 00:22:11 +00:00
Aaron Andersen 7491f85e4f nixos/moodle: add extraConfig option 2019-09-16 08:03:37 -04:00
Maximilian Bosch 80e2c41b87
Merge pull request #68435 from averelld/nextcloud-fix-deprecation-warning 
nextcloud: fix deprecation warning
 2019-09-15 15:35:32 +02:00
Vincent Bernat cf3e491cef nginx: remove gzip_disable directive 
IE6 is long gone and this directive is not useful anymore. We can
spare a few CPU cycles (and maybe skip some bugs) by not trying to
disable gzip for MSIE6.
 2019-09-12 11:55:32 -05:00
Averell Dalton 56e5dddf7c nextcloud: fix deprecation warning 2019-09-12 14:19:42 +02:00
Aaron Andersen a0edbc5b4d nixos/zabbixWeb: fix a string reference as well as the phpfpm socket path 2019-09-09 12:24:39 -04:00
volth 7b8fb5c06c treewide: remove redundant quotes 2019-09-08 23:38:31 +00:00
Vladimír Čunát f21211ebfe
Merge branch 'master' into staging 2019-09-02 23:25:24 +02:00
Silvan Mosberger 478e7184f8
nixos/modules: Remove all usages of types.string 
And replace them with a more appropriate type

Also fix up some minor module problems along the way
 2019-08-31 18:19:00 +02:00
volth 08f68313a4 treewide: remove redundant rec 2019-08-28 11:07:32 +00:00
Frederik Rietdijk 5061fe0c2c Merge staging-next into staging 2019-08-28 08:26:42 +02:00
Marek Mahut 3a9d17ef04 nixos/matomo: fixing the configuration path 2019-08-27 11:44:34 +02:00
volth 35d68ef143 treewide: remove redundant quotes 2019-08-26 21:40:19 +00:00
Aaron Andersen 3bd03d2c0a nixos/moodle: init service 2019-08-25 08:12:28 -04:00
Aaron Andersen 400c6aac71 nixos/phpfpm: deprecate extraConfig options in favor of settings options 2019-08-23 07:56:27 -04:00
Aaron Andersen a30a1e2795 nixos/phpfpm: add user and group option to each pool 2019-08-23 07:56:27 -04:00
Aaron Andersen 62b774a700 nixos/phpfpm: add socket option to replace the listen option 2019-08-23 07:56:21 -04:00
Aaron Andersen 0ce8317c46 nixos/phpfpm: deprecate poolConfigs option 2019-08-23 07:54:51 -04:00
Marek Mahut 3b6258946f
Merge pull request #64407 from dasJ/icingaweb-test 
nixos/icingaweb: Fix module path; Add test
 2019-08-19 21:27:16 +02:00
Aaron Andersen 6f6468bef3
Merge pull request #65728 from Infinisil/types-eithers 
lib/types: Add oneOf, extension of either to a list of types
 2019-08-13 11:48:42 -04:00
Silvan Mosberger 88bb9fa403
nixos/modules: Replace all nested types.either's with types.oneOf's 2019-08-08 23:35:52 +02:00
Aaron Andersen a1f738ba87
Merge pull request #62748 from aanderse/mediawiki 
nixos/mediawiki: init service to replace httpd subservice
 2019-07-31 22:12:23 -04:00
Aaron Andersen 455d33f514 nixos/mediawiki: init service to replace httpd subservice 2019-07-23 22:02:33 -04:00
Maximilian Bosch c5e515f5c7
nixos/nextcloud: fix inclusion of trusted_domains in override config 
Regression I caused with 3944aa051c, sorry
for this! The Nextcloud installer broke back then because
`trusted_domains` was an empty value by default (a.k.a an empty array)
which seemed to break the config merger of Nextcloud as Nextcloud
doesn't do recursive merging and now no domain was trusted because of
that, hence Nextcloud was unreachable for the `curl` call.
 2019-07-23 13:29:43 +02:00
Maximilian Bosch 3944aa051c
nixos/nextcloud: write config to additional config file 
One of the main problems of the Nextcloud module is that it's currently
not possible to alter e.g. database configuration after the initial
setup as it's written by their imperative installer to a file.

After some research[1] it turned out that it's possible to override all values
with an additional config file. The documentation has been
slightly updated to remain up-to-date, but the warnings should
remain there as the imperative configuration is still used and may cause
unwanted side-effects.

Also simplified the postgresql test which uses `ensure{Databases,Users}` to
configure the database.

Fixes #49783

[1] https://github.com/NixOS/nixpkgs/issues/49783#issuecomment-483063922
 2019-07-22 18:29:52 +02:00
Aaron Andersen faf884ca9b
Merge pull request #64365 from aanderse/tt-rss 
nixos/tt-rss: remove deprecated usage of PermissionsStartOnly, specify a group to run service as, and fix local pgsql database creation
 2019-07-20 08:23:48 -04:00
Aaron Andersen 6891fb4103 nixos/zabbixWeb: replace httpd subservice with new module 2019-07-11 18:45:46 -04:00
Janne Heß 9e2a8f5023 nixos/icingaweb: Fix module path; Add test 2019-07-07 03:03:59 +02:00
Aaron Andersen 1cd3b98c3a nixos/tt-rss: remove deprecated usage of PermissionsStartOnly, specify a group to run service as, and fix local pgsql database creation 2019-07-05 22:04:56 -04:00
Silvan Mosberger 944e21cf7c
Merge pull request #63339 from Slabity/master 
Fix restya-board's phpfpm.pools option
 2019-07-06 03:00:52 +02:00
Tyler Slabinski 120cf906a6 nixos/restya-board: Fix phpfpm.pools option 2019-07-05 20:16:13 -04:00
Aaron Andersen 5da6d04840 nixos/limesurvey: module fixes & cleanup 2019-07-04 06:16:59 -04:00
Aaron Andersen aa05aad470 nixos/wordpress: create module to replace the httpd subservice 2019-07-03 11:47:33 -04:00
Aaron Andersen 278d867a9b Revert "Merge pull request #63156 from Izorkin/phpfpm-rootless" 
This reverts commit b5478fd1a2, reversing
changes made to dbb00bfcbf.
 2019-06-28 21:47:43 -04:00
Elis Hirwing b5478fd1a2
Merge pull request #63156 from Izorkin/phpfpm-rootless 
phpfpm: do not run anything as root
 2019-06-27 19:13:53 +02:00
Graham Christensen 38c28ef10c
Merge pull request #56265 from aanderse/permissions-start-only 
replace deprecated usage of PermissionsStartOnly (part 2)
 2019-06-25 18:04:22 -04:00
Jan Tojnar 11cb382a4c
nixos/doc: Fix spurious indentation 2019-06-17 12:28:26 +02:00
Izorkin 6093c04b67 nixos/tt-rss: fix work with phpfpm-rootless mode 2019-06-17 09:15:48 +03:00
volth f3282c8d1e treewide: remove unused variables (#63177) 
* treewide: remove unused variables

* making ofborg happy
 2019-06-16 19:59:05 +00:00
Izorkin 6290bf9067 nixos/selfoss: fix work with phpfpm-rootless mode 2019-06-16 12:33:51 +03:00
Izorkin d44f759b55 nixos/restya-board: fix work with phpfpm-rootless mode 2019-06-16 12:33:51 +03:00
Izorkin 5b1a4730bc nixos/nextcloud: fix work with phpfpm-rootless mode 2019-06-16 12:33:51 +03:00
Izorkin 08dae69741 nixos/matomo: fix work with phpfpm-rootless mode 2019-06-16 12:33:51 +03:00
Izorkin 2172419101 nixos/icingaweb2: fix work with phpfpm-rootless mode 2019-06-16 12:33:51 +03:00
Izorkin d49857a885 nixos/limesurvey: fix work with phpfpm-rootless mode 2019-06-16 12:33:51 +03:00
zimbatm 18ae1ecf03
nixos/cryptpad: add module 2019-06-07 13:02:51 +02:00
Matthew Bauer f21b846afe
Merge pull request #57752 from aanderse/limesurvey 
limesurvey: 2.05_plus_141210 -> 3.17.1+190408, init module
 2019-06-01 17:31:15 -04:00