3
0
Fork 0
forked from mirrors/nixpkgs
Commit graph

980 commits

Author SHA1 Message Date
figsoda d48c2fd1ca
nixos/pgpkeyserver-lite: fix typo
Co-authored-by: Valentin Gagarin <valentin.gagarin@tweag.io>
2022-12-18 11:35:23 -05:00
figsoda 6bb0dbf91f nixos: fix typos 2022-12-17 19:31:14 -05:00
Giulio De Pasquale b2742248e8
miniflux: Add package option 2022-12-16 16:11:40 +01:00
Izorkin 8e14bf10c2
nixos/mastodon: update database configuration 2022-12-16 16:19:39 +03:00
Izorkin e2cebf2134
nixos/mastodon: fix init db on remote postgresql 2022-12-16 16:14:39 +03:00
Vladimir Pouzanov 65aed3b37f
Allow to override the https settings 2022-12-09 19:23:50 +00:00
Naïm Favier 0ff3b35356 nixos/doc: fix some options 2022-12-08 17:52:52 +01:00
Daniel Nagy ad866e565d
treewide: switch to port type for nixos modules 2022-12-08 00:00:00 +01:00
Lin Yinfeng 56099e008e nixos/mastodon: allow appending other env files to serviceConfig.EnvironmentFile 2022-12-07 15:07:17 +01:00
Yureka 56d4e1ec67 nixos/peering-manager: init 2022-12-07 12:54:55 +01:00
Sandro e38618a657
Merge pull request #203825 from SuperSandro2000/mastodon-tootctl
Closes https://github.com/NixOS/nixpkgs/issues/199029
2022-12-04 11:29:45 +01:00
Sandro Jäckel 6e845a8491
nixos/mastodon: replace mastodon-env with a proper wrapper mastodon-tootctl 2022-12-03 02:59:39 +01:00
Daniel Nagy dbe8182e74
treewide: switch to port type for nixos modules 2022-12-01 22:30:00 +01:00
figsoda 5195ca2346
Merge pull request #203826 from figsoda/lint
nixos/*: apply some lints from statix and nil
2022-12-01 11:20:11 -05:00
Ryan Lahfa 94ac413379
Merge pull request #140840 from erdnaxe/isso_hardening
nixos/isso: systemd unit hardening
2022-12-01 15:52:54 +01:00
figsoda b865b96b97 nixos/invoiceplane: remove unnecessary parentheses 2022-11-30 18:13:58 -05:00
figsoda 1ecbafd0a2 nixos/discourse: remove unnecessary parentheses 2022-11-30 18:01:29 -05:00
Minijackson 31f1a9a2a9 nixos/netbox: fix ldap configuration 2022-11-30 10:10:28 +01:00
Minijackson 01932120ab nixos/netbox: set path of dynamic content
By default this paths are set in the Nix store, and so no media,
reports, or scripts could be added / modified
2022-11-30 10:10:28 +01:00
Izorkin 93de6bf9ed nixos/mastodon: add smtp assertions 2022-11-28 12:07:32 +01:00
Sandro 4991514dbd
Merge pull request #200114 from SuperSandro2000/changedetection-io 2022-11-28 02:54:54 +01:00
Maximilian Bosch 71b00e8112
Merge pull request #202816 from mayflower/fix-hedgedoc-docs
nixos/hedgedoc: configuration -> settings in option's description
2022-11-25 12:45:33 +01:00
Maximilian Bosch df50f73b57
nixos/hedgedoc: configuration -> settings in option's description
`configuration` has been renamed to `settings` and our docs should
reflect that.
2022-11-25 10:32:34 +01:00
Martin Weinelt a4e5468bc0
Merge pull request #202187 from hmenke/alps 2022-11-25 01:34:53 +01:00
Cabia Rangris a19d805696
Merge pull request #202160 from yrd/outline
outline: 0.66.3 -> 0.67.0
2022-11-21 23:30:08 +04:00
Henri Menke 384293bbbb
nixos/alps: fixes for service hardening 2022-11-21 13:21:44 +01:00
Izorkin 17933082cc nixos/mastodon: fix emoji import 2022-11-21 11:43:28 +01:00
Yannik Rödel 4de63c6750 outline: 0.66.3 -> 0.67.0 2022-11-21 09:33:08 +01:00
Maximilian Bosch 2580440389
Merge pull request #198470 from RaitoBezarius/nc25-openssl
nextcloud25: use openssl 1.1 as a PHP extension to fix RC4 encryption
2022-11-20 18:32:41 +01:00
Martin Weinelt 2714a22521
Merge pull request #198820 from talyz/keycloak-admin-password 2022-11-19 15:03:03 +01:00
Henri Menke aeb5a692c3
nixos/alps: add hardening, extensible options, test 2022-11-17 17:12:54 +01:00
Sandro 655ab77b16
Merge pull request #198724 from Izorkin/update-peertube 2022-11-16 02:51:47 +01:00
Justinas Stankevicius 3f6eb10dbd nixos/mastodon: fix definition of mastodon-media-auto-remove 2022-11-12 22:22:41 +01:00
Maximilian Bosch 35b146ca31
nixos/nextcloud: fixup openssl compat change
Upon testing the change itself I realized that it doesn't build properly
because

* the `pname` of a php extension is `php-<name>`, not `<name>`.
* calling the extension `openssl-legacy` resulted in PHP trying to compile
  `ext/openssl-legacy` which broke since it doesn't exist:

      source root is php-8.1.12
      setting SOURCE_DATE_EPOCH to timestamp 1666719000 of file php-8.1.12/win32/wsyslog.c
      patching sources
      cdToExtensionRootPhase
      /nix/store/48mnkga4kh84xyiqwzx8v7iv090i7z66-stdenv-linux/setup: line 1399: cd: ext/openssl-legacy: No such file or directory

I didn't encounter that one before because I was mostly interested in
having a sane behavior for everyone not using this "feature" and the
documentation around this. My findings about the behavior with turning
openssl1.1 on/off are still valid because I tested this on `master` with
manually replacing `openssl` by `openssl_1_1` in `php-packages.nix`.

To work around the issue I had to slightly modify the extension
build-system for PHP:

* The attribute `extensionName` is now relevant to determine the output
  paths (e.g. `lib/openssl.so`). This is not a behavioral change for
  existing extensions because then `extensionName==name`.

  However when specifying `extName` in `php-packages.nix` this value is
  overridden and it is made sure that the extension called `extName` NOT
  `name` (i.e. `openssl` vs `openssl-legacy`) is built and installed.

  The `name` still has to be kept to keep the legacy openssl available
  as `php.extensions.openssl-legacy`.

Additionally I implemented a small VM test to check the behavior with
server-side encryption:

* For `stateVersion` below 22.11, OpenSSL 1.1 is used (in `basic.nix`
  it's checked that OpenSSL 3 is used). With that the "default"
  behavior of the module is checked.

* It is ensured that the PHP interpreter for Nextcloud's php-fpm
  actually loads the correct openssl extension.

* It is tested that (encrypted) files remain usable when (temporarily)
  installing OpenSSL3 (of course then they're not decryptable, but on a
  rollback that should still be possible).

Finally, a few more documentation changes:

* I also mentioned the issue in `nextcloud.xml` to make sure the issue
  is at least mentioned in the manual section about Nextcloud. Not too
  much detail here, but the relevant option `enableBrokenCiphersForSSE`
  is referenced.

* I fixed a few minor wording issues to also give the full context
  (we're talking about Nextcloud; we're talking about the PHP extension
  **only**; please check if you really need this even though it's
  enabled by default).

  This is because I felt that sometimes it might be hard to understand
  what's going on when e.g. an eval-warning appears without telling where
  exactly it comes from.
2022-11-11 14:45:46 +01:00
Maximilian Bosch 61128cba67
nixos/nextcloud: minor docs cleanup for openssl change
* s/NextCloud/Nextcloud/g
* `enableBrokenCiphersForSSE` should be enabled by default for any NixOS
  installation from before 22.11 to make sure existing installations
  don't run into the issue. Not the other way round.
* Update release notes to reflect on that.
* Improve wording of the warning a bit: explain which option to change
  to get rid of it.
* Ensure that basic tests w/o `enableBrokenCiphersForSSE` run with
  OpenSSL 3.
2022-11-10 12:17:43 +01:00
Raito Bezarius 394d4de877
nextcloud25: enable by default broken ciphers for NixOS ≤ 22.11 2022-11-10 12:17:43 +01:00
Raito Bezarius 7eefaeb5e3
nextcloud25: use openssl 1.1 as a PHP extension to fix RC4 encryption 2022-11-10 12:17:43 +01:00
Daniel Nagy b4674b39c1
treewide: use mkEnableOption in nixos modules 2022-11-10 09:30:00 +01:00
Daniel Nagy 095269c862
treewide: use types.port in nixos modules 2022-11-10 09:30:00 +01:00
Jonas Heinrich f7f9442695 nixos/invoiceplane: Enable clean url 2022-11-09 08:17:52 -05:00
Robert Hensing 93a905ec4f
Merge pull request #194759 from hercules-ci/fqdn-or-hostname
nixos: Add `networking.fqdnOrHostName`
2022-11-09 13:53:57 +01:00
Maximilian Bosch 176676c4cf
Merge pull request #192890 from Enzime/fix/nextcloud-space-passwords
nixos/nextcloud: handle passwords with spaces
2022-11-08 18:02:04 +01:00
Jonas Heinrich fd76db7cb4 nixos/invoiceplane: Add cron option 2022-11-08 09:59:10 -05:00
Sandro Jäckel 677d6f1623
nixos/changedetection-io: hide referer by default 2022-11-08 01:37:46 +01:00
Manuel Bärenz 891dfb1b63 nixos/mastodon: add option mediaAutoRemove 2022-11-07 18:58:58 +01:00
Maximilian Bosch 94046425a0
Merge pull request #199997 from mayflower/wp-create-font-dir
nixos/wordpress: ensure that fonts already exists
2022-11-07 13:25:16 +01:00
Maximilian Bosch b40b8b92e2
nixos/wordpress: ensure that fonts already exists
Not a big deal in most of the cases because wordpress ensures that this
directory exists on its own, but with our twentig customizations that's
actually causing issues.

(cherry picked from commit 3285342bfe5f401dda84c13c834e73154928a61c)
2022-11-07 10:08:01 +01:00
booklearner 59bd411df9
alps: fix default smtp port 2022-11-06 16:00:34 -05:00
Maximilian Bosch ad21c759d4
nixos/nextcloud: fix upgrade warning 2022-11-03 14:32:21 +01:00
talyz d65910761c
nixos/keycloak: Escape database password properly 2022-11-03 14:15:53 +01:00