Commit graph

246 commits

Author SHA1 Message Date
Lennart
4e6e94417c nixos/nextcloud: added trusted_proxies setting (#77480) 2020-01-11 15:43:43 +01:00
Léo Gaspard
b31660e5bb
Merge branch 'master' into ihatemoney 2020-01-09 03:49:03 +01:00
rnhmjoj
1d61efb7f1 treewide: use attrs instead of list for types.loaOf options 2020-01-06 10:39:18 -05:00
Daniel Frank
6d671372b5
nextcloud module: https is important not only for proxies 2019-12-31 13:01:46 +01:00
Aaron Andersen
79215f0df1 nixos/httpd: limit serving web content to virtual hosts, convert virtualHosts option type from listOf to attrsOf, add ACME integration 2019-12-24 20:27:48 -05:00
Aaron Andersen
133a5c345c
Merge pull request #74763 from nek0/restya-board-config-fix
restya-board: Restya board config fix
2019-12-23 07:42:37 -05:00
nek0
acd1240fd1 restya-board: fix configuration option and switch to file based password provisioning 2019-12-23 05:45:15 +01:00
Christian Kampka
9f97485399
trilium-server: Add nginx reverse proxy configuration to module 2019-12-19 10:14:13 +01:00
Christian Kampka
82f038d468
trilium-server: Add module 2019-12-19 10:14:12 +01:00
Silvan Mosberger
4ee3e8b21d
nixos/treewide: Move rename.nix imports to their respective modules
A centralized list for these renames is not good because:
- It breaks disabledModules for modules that have a rename defined
- Adding/removing renames for a module means having to find them in the
central file
- Merge conflicts due to multiple people editing the central file
2019-12-10 02:51:19 +01:00
Janne Heß
d21f5cf36f nixos/nextcloud: Do not run sudo if not needed
Only use sudo if we are currently not running as the nextcloud user.
This is problematic when occ is called from a systemd service with
NoNewPrivileges=true
2019-12-07 21:10:34 +01:00
Jason Samsa
7e564ae162 remove vulgarity from wordpress nixos module 2019-12-04 12:45:40 -06:00
Aaron Andersen
5988940ca7
Merge pull request #73577 from helsinki-systems/matomo-consistency
matomo: Fix consistency check
2019-11-27 18:07:20 -05:00
Jean-Philippe Braun
4ea4408b9c nixos/nextcloud: add occ in path of nextcloud-setup
This makes possible to use nextcloud-occ for setting extra
configuration options.

Example:

  systemd.services.nextcloud-setup = {
    script = mkAfter ''
      nextcloud-occ config:system:set redis 'host' --value '/var/run/redis/redis.sock' --type string
      nextcloud-occ config:system:set redis 'port' --value 0 --type integer
    '';
  };
2019-11-19 23:59:26 +01:00
Janne Heß
08b9cac6d5 matomo: Fix consistency check
This is done by recalculating sizes and md5 hashes and inserting them
into the manifest.
2019-11-18 14:52:47 +01:00
Marek Mahut
e51f707437
Merge pull request #72729 from mmahut/trac
nixos/trac: init
2019-11-04 17:53:49 +01:00
Marek Mahut
794c919765
Merge pull request #68327 from mmilata/moin
nixos/moinmoin: init module
2019-11-03 21:36:12 +01:00
Marek Mahut
f3b8d9bae3 nixos/trac: service init 2019-11-03 17:24:08 +01:00
Symphorien Gibol
32d2266d0d ihatemoney: init at 4.1 plus module and test 2019-11-02 12:00:00 +00:00
Silvan Mosberger
dd0a47e7ae
treewide: Switch to system users (#71055)
treewide: Switch to system users
2019-11-01 13:26:43 +01:00
Renaud
e69fd930ed
Merge pull request #72193 from Ma27/bump-nexus
nexus: 3.18.1-01 -> 3.19.1-01
2019-11-01 08:55:24 +01:00
Maximilian Bosch
df7727042f
nexus: 3.18.1-01 -> 3.19.1-01
Relevant release notes:

* https://help.sonatype.com/repomanager3/release-notes/2019-release-notes#id-2019ReleaseNotes-RepositoryManager3.19.1
* https://help.sonatype.com/repomanager3/release-notes/2019-release-notes#id-2019ReleaseNotes-RepositoryManager3.19.0

Also added `preferLocalBuild = true;` to prevent builds on remote
machines as this only means elevated network access (tarball is fetched
locally and uploaded to the builder) and the build is fairly trivial.

To fix the startup I had to add the JVM parameter `java.endorsed.dirs`
to ensure that all libraries are loaded properly[1].

[1] https://issues.sonatype.org/browse/NEXUS-21603
2019-10-28 21:34:55 +01:00
Robert Djubek
6ea626d3e2
nixos/matomo: fix deprecation warnings
Fixes the phpfpm deprecation warnings about listen and extraConfig by
using fpm.socket and settings. Removes phpfpmProcessManagerConfig.
2019-10-28 05:07:27 +00:00
Aaron Andersen
33474166e3
Merge pull request #69436 from tshaynik/fix/nextcloud-nginx-sts
nixos/nextcloud: add Strict-Transport-Security
2019-10-26 12:34:36 -04:00
Maximilian Bosch
4a5c0e029d
Merge pull request #71963 from dtzWill/security/nextcloud17-php-and-nginx-config
Address nextcloud "urgent security issue" w/nginx per upstream recs
2019-10-25 19:12:18 +02:00
Martin Milata
ad034104cc nixos/moin: init 2019-10-25 17:51:09 +02:00
Maximilian Bosch
3461ec2ffd
nixos/gotify: init module and test 2019-10-25 16:19:41 +02:00
Will Dietz
f6c45bff6d
nixos/nextcloud: update config for "urgent security issue"
https://nextcloud.com/blog/urgent-security-issue-in-nginx-php-fpm/
2019-10-25 06:50:29 -05:00
Janne Heß
d6c08776ba treewide: Switch to system users 2019-10-12 22:25:28 +02:00
Mario Rodas
af4351ab85
Merge pull request #69255 from minijackson/init-shiori
Init shiori
2019-10-12 09:01:58 -05:00
elseym
93fa16f939
documize: introduce state directory 2019-10-05 00:40:44 +02:00
Daniel KT
4590a2380e nixos/nextcloud: add Strict-Transport-Security
This commit adds a Strict-Transport-Security header to
the nginx config file generated by the nextcloud module.

The Strict-Transport-Security header is recommended in
official guide for hardening Nextcloud installations:
https://docs.nextcloud.com/server/16/admin_manual/installation/harden_server.html

Further, if it is not set, we see a warning in the security scan results
in the Nextcloud admin panel:

```
The "Strict-Transport-Security" HTTP header is not set to at least "15552000" seconds. For enhanced security, it is recommended to enable HSTS as described in the security tips

```
2019-09-25 16:56:53 -04:00
Jörg Thalheim
bfed455de3
Merge pull request #68946 from volth/escape
treewide: fix string escapes
2019-09-24 04:19:12 +01:00
Minijackson
367cd2c7f8
nixos/shiori: init with test 2019-09-22 18:48:07 +02:00
Martin Milata
2adb03fdae nixos/wordpress: generate secrets locally
Use /dev/urandom to generate keys and salts instead of downloading them
from https://api.wordpress.org/secret-key/1.1/salt/
2019-09-22 14:33:08 +02:00
Eelco Dolstra
b0ccd6dd16
Revert "nixos/doc: re-format"
This reverts commit ea6e8775bd. The new
format is not an improvement.
2019-09-19 19:17:30 +02:00
Jan Tojnar
ea6e8775bd
nixos/doc: re-format 2019-09-18 22:13:35 +02:00
volth
48086fbd70
nixos/matomo: fix escape 2019-09-17 00:27:13 +00:00
volth
432a2d73be
nixos/tt-rss: fix string escape 2019-09-17 00:23:51 +00:00
volth
4641b683f6
nixos/restya-board: fix string escape 2019-09-17 00:22:56 +00:00
volth
08195254aa
nixos/matomo: fix string escape 2019-09-17 00:22:11 +00:00
Aaron Andersen
7491f85e4f nixos/moodle: add extraConfig option 2019-09-16 08:03:37 -04:00
Maximilian Bosch
80e2c41b87
Merge pull request #68435 from averelld/nextcloud-fix-deprecation-warning
nextcloud: fix deprecation warning
2019-09-15 15:35:32 +02:00
Vincent Bernat
cf3e491cef nginx: remove gzip_disable directive
IE6 is long gone and this directive is not useful anymore. We can
spare a few CPU cycles (and maybe skip some bugs) by not trying to
disable gzip for MSIE6.
2019-09-12 11:55:32 -05:00
Averell Dalton
56e5dddf7c nextcloud: fix deprecation warning 2019-09-12 14:19:42 +02:00
Aaron Andersen
a0edbc5b4d nixos/zabbixWeb: fix a string reference as well as the phpfpm socket path 2019-09-09 12:24:39 -04:00
volth
7b8fb5c06c treewide: remove redundant quotes 2019-09-08 23:38:31 +00:00
Vladimír Čunát
f21211ebfe
Merge branch 'master' into staging 2019-09-02 23:25:24 +02:00
Silvan Mosberger
478e7184f8
nixos/modules: Remove all usages of types.string
And replace them with a more appropriate type

Also fix up some minor module problems along the way
2019-08-31 18:19:00 +02:00
volth
08f68313a4 treewide: remove redundant rec 2019-08-28 11:07:32 +00:00