Lennart
4e6e94417c
nixos/nextcloud: added trusted_proxies setting ( #77480 )
2020-01-11 15:43:43 +01:00
Léo Gaspard
b31660e5bb
Merge branch 'master' into ihatemoney
2020-01-09 03:49:03 +01:00
rnhmjoj
1d61efb7f1
treewide: use attrs instead of list for types.loaOf options
2020-01-06 10:39:18 -05:00
Daniel Frank
6d671372b5
nextcloud module: https is important not only for proxies
2019-12-31 13:01:46 +01:00
Aaron Andersen
79215f0df1
nixos/httpd: limit serving web content to virtual hosts, convert virtualHosts option type from listOf to attrsOf, add ACME integration
2019-12-24 20:27:48 -05:00
Aaron Andersen
133a5c345c
Merge pull request #74763 from nek0/restya-board-config-fix
...
restya-board: Restya board config fix
2019-12-23 07:42:37 -05:00
nek0
acd1240fd1
restya-board: fix configuration option and switch to file based password provisioning
2019-12-23 05:45:15 +01:00
Christian Kampka
9f97485399
trilium-server: Add nginx reverse proxy configuration to module
2019-12-19 10:14:13 +01:00
Christian Kampka
82f038d468
trilium-server: Add module
2019-12-19 10:14:12 +01:00
Silvan Mosberger
4ee3e8b21d
nixos/treewide: Move rename.nix imports to their respective modules
...
A centralized list for these renames is not good because:
- It breaks disabledModules for modules that have a rename defined
- Adding/removing renames for a module means having to find them in the
central file
- Merge conflicts due to multiple people editing the central file
2019-12-10 02:51:19 +01:00
Janne Heß
d21f5cf36f
nixos/nextcloud: Do not run sudo if not needed
...
Only use sudo if we are currently not running as the nextcloud user.
This is problematic when occ is called from a systemd service with
NoNewPrivileges=true
2019-12-07 21:10:34 +01:00
Jason Samsa
7e564ae162
remove vulgarity from wordpress nixos module
2019-12-04 12:45:40 -06:00
Aaron Andersen
5988940ca7
Merge pull request #73577 from helsinki-systems/matomo-consistency
...
matomo: Fix consistency check
2019-11-27 18:07:20 -05:00
Jean-Philippe Braun
4ea4408b9c
nixos/nextcloud: add occ in path of nextcloud-setup
...
This makes possible to use nextcloud-occ for setting extra
configuration options.
Example:
systemd.services.nextcloud-setup = {
script = mkAfter ''
nextcloud-occ config:system:set redis 'host' --value '/var/run/redis/redis.sock' --type string
nextcloud-occ config:system:set redis 'port' --value 0 --type integer
'';
};
2019-11-19 23:59:26 +01:00
Janne Heß
08b9cac6d5
matomo: Fix consistency check
...
This is done by recalculating sizes and md5 hashes and inserting them
into the manifest.
2019-11-18 14:52:47 +01:00
Marek Mahut
e51f707437
Merge pull request #72729 from mmahut/trac
...
nixos/trac: init
2019-11-04 17:53:49 +01:00
Marek Mahut
794c919765
Merge pull request #68327 from mmilata/moin
...
nixos/moinmoin: init module
2019-11-03 21:36:12 +01:00
Marek Mahut
f3b8d9bae3
nixos/trac: service init
2019-11-03 17:24:08 +01:00
Symphorien Gibol
32d2266d0d
ihatemoney: init at 4.1 plus module and test
2019-11-02 12:00:00 +00:00
Silvan Mosberger
dd0a47e7ae
treewide: Switch to system users ( #71055 )
...
treewide: Switch to system users
2019-11-01 13:26:43 +01:00
Renaud
e69fd930ed
Merge pull request #72193 from Ma27/bump-nexus
...
nexus: 3.18.1-01 -> 3.19.1-01
2019-11-01 08:55:24 +01:00
Maximilian Bosch
df7727042f
nexus: 3.18.1-01 -> 3.19.1-01
...
Relevant release notes:
* https://help.sonatype.com/repomanager3/release-notes/2019-release-notes#id-2019ReleaseNotes-RepositoryManager3.19.1
* https://help.sonatype.com/repomanager3/release-notes/2019-release-notes#id-2019ReleaseNotes-RepositoryManager3.19.0
Also added `preferLocalBuild = true;` to prevent builds on remote
machines as this only means elevated network access (tarball is fetched
locally and uploaded to the builder) and the build is fairly trivial.
To fix the startup I had to add the JVM parameter `java.endorsed.dirs`
to ensure that all libraries are loaded properly[1].
[1] https://issues.sonatype.org/browse/NEXUS-21603
2019-10-28 21:34:55 +01:00
Robert Djubek
6ea626d3e2
nixos/matomo: fix deprecation warnings
...
Fixes the phpfpm deprecation warnings about listen and extraConfig by
using fpm.socket and settings. Removes phpfpmProcessManagerConfig.
2019-10-28 05:07:27 +00:00
Aaron Andersen
33474166e3
Merge pull request #69436 from tshaynik/fix/nextcloud-nginx-sts
...
nixos/nextcloud: add Strict-Transport-Security
2019-10-26 12:34:36 -04:00
Maximilian Bosch
4a5c0e029d
Merge pull request #71963 from dtzWill/security/nextcloud17-php-and-nginx-config
...
Address nextcloud "urgent security issue" w/nginx per upstream recs
2019-10-25 19:12:18 +02:00
Martin Milata
ad034104cc
nixos/moin: init
2019-10-25 17:51:09 +02:00
Maximilian Bosch
3461ec2ffd
nixos/gotify: init module and test
2019-10-25 16:19:41 +02:00
Will Dietz
f6c45bff6d
nixos/nextcloud: update config for "urgent security issue"
...
https://nextcloud.com/blog/urgent-security-issue-in-nginx-php-fpm/
2019-10-25 06:50:29 -05:00
Janne Heß
d6c08776ba
treewide: Switch to system users
2019-10-12 22:25:28 +02:00
Mario Rodas
af4351ab85
Merge pull request #69255 from minijackson/init-shiori
...
Init shiori
2019-10-12 09:01:58 -05:00
elseym
93fa16f939
documize: introduce state directory
2019-10-05 00:40:44 +02:00
Daniel KT
4590a2380e
nixos/nextcloud: add Strict-Transport-Security
...
This commit adds a Strict-Transport-Security header to
the nginx config file generated by the nextcloud module.
The Strict-Transport-Security header is recommended in
official guide for hardening Nextcloud installations:
https://docs.nextcloud.com/server/16/admin_manual/installation/harden_server.html
Further, if it is not set, we see a warning in the security scan results
in the Nextcloud admin panel:
```
The "Strict-Transport-Security" HTTP header is not set to at least "15552000" seconds. For enhanced security, it is recommended to enable HSTS as described in the security tips
```
2019-09-25 16:56:53 -04:00
Jörg Thalheim
bfed455de3
Merge pull request #68946 from volth/escape
...
treewide: fix string escapes
2019-09-24 04:19:12 +01:00
Minijackson
367cd2c7f8
nixos/shiori: init with test
2019-09-22 18:48:07 +02:00
Martin Milata
2adb03fdae
nixos/wordpress: generate secrets locally
...
Use /dev/urandom to generate keys and salts instead of downloading them
from https://api.wordpress.org/secret-key/1.1/salt/
2019-09-22 14:33:08 +02:00
Eelco Dolstra
b0ccd6dd16
Revert "nixos/doc: re-format"
...
This reverts commit ea6e8775bd
. The new
format is not an improvement.
2019-09-19 19:17:30 +02:00
Jan Tojnar
ea6e8775bd
nixos/doc: re-format
2019-09-18 22:13:35 +02:00
volth
48086fbd70
nixos/matomo: fix escape
2019-09-17 00:27:13 +00:00
volth
432a2d73be
nixos/tt-rss: fix string escape
2019-09-17 00:23:51 +00:00
volth
4641b683f6
nixos/restya-board: fix string escape
2019-09-17 00:22:56 +00:00
volth
08195254aa
nixos/matomo: fix string escape
2019-09-17 00:22:11 +00:00
Aaron Andersen
7491f85e4f
nixos/moodle: add extraConfig option
2019-09-16 08:03:37 -04:00
Maximilian Bosch
80e2c41b87
Merge pull request #68435 from averelld/nextcloud-fix-deprecation-warning
...
nextcloud: fix deprecation warning
2019-09-15 15:35:32 +02:00
Vincent Bernat
cf3e491cef
nginx: remove gzip_disable directive
...
IE6 is long gone and this directive is not useful anymore. We can
spare a few CPU cycles (and maybe skip some bugs) by not trying to
disable gzip for MSIE6.
2019-09-12 11:55:32 -05:00
Averell Dalton
56e5dddf7c
nextcloud: fix deprecation warning
2019-09-12 14:19:42 +02:00
Aaron Andersen
a0edbc5b4d
nixos/zabbixWeb: fix a string reference as well as the phpfpm socket path
2019-09-09 12:24:39 -04:00
volth
7b8fb5c06c
treewide: remove redundant quotes
2019-09-08 23:38:31 +00:00
Vladimír Čunát
f21211ebfe
Merge branch 'master' into staging
2019-09-02 23:25:24 +02:00
Silvan Mosberger
478e7184f8
nixos/modules: Remove all usages of types.string
...
And replace them with a more appropriate type
Also fix up some minor module problems along the way
2019-08-31 18:19:00 +02:00
volth
08f68313a4
treewide: remove redundant rec
2019-08-28 11:07:32 +00:00