Commit Graph

705 Commits

Author SHA1 Message Date
Kerstin Humm
f44b12fb52 mastodon: use correct GitHub Url
The tootsuite organization was renamed to mastodon ages ago.
2022-03-31 13:17:11 +02:00
Kerstin Humm
23a1971a4e nixos/mastodon: preload libjemalloc.so
Co-authored-by: Izorkin <izorkin@elven.pw>
2022-03-31 13:17:11 +02:00
Matthew Toohey
a0f7d98c19 nixos/jitsi-meet: fix typo 2022-03-30 20:56:29 -04:00
Ember 'n0emis' Keske
dbd49febb5
netbox: init module 2022-03-30 22:24:34 +02:00
Benjamin Staffin
d6f50a5c8e keycloak: fix a missing newline when using plugins 2022-03-22 12:36:14 -04:00
Benjamin Staffin
34006ebc9d Merge remote-tracking branch 'origin/master' into mvn 2022-03-21 18:37:45 -04:00
Maximilian Bosch
15876a546c
nextcloud21: remove
EOLed by upstream in 2022-02[1].

[1] https://docs.nextcloud.com/server/23/admin_manual/release_schedule.html#older-versions
2022-03-15 21:26:46 +01:00
Krzysztof Nazarewski
4ea5398d20
plantuml-server 1.2021.12 -> 1.2022.2
- changed JDK version to 17 (11+ required)
- added maven build reproducibility
2022-03-11 09:05:35 +01:00
midchildan
dc5bd4b375
nixos/keycloak: fix database provisioning issues
This fixes the following issues with the database provisioning script
included in the services.keycloak module:

- It lacked permission to access the DB password file specified in the
  module option 'services.keycloak.database.passwordFile'.

- It prevented Keycloak from starting after the second time if the user
  chose MySQL for the database.
2022-02-28 00:54:26 +09:00
Izorkin
e0616741d1
nixos/peertube: add python path 2022-02-24 22:34:01 +03:00
Izorkin
c2296c3ec2
nixos/peertube: fix youtube-dl import 2022-02-24 22:34:01 +03:00
Guillaume Girol
4846d948b4
Merge pull request #156601 from symphorien/miniflux-password
nixos/miniflux: no cleartext password in the store
2022-02-21 21:18:36 +00:00
Sandro
5a57844cf6
Merge pull request #158592 from SuperSandro2000/nginx-nixos 2022-02-20 16:32:09 +01:00
Jelle Besseling
29366071a4 nixos/mastodon: add RAILS_ROOT to mastodon-env 2022-02-19 16:42:45 +01:00
Olivier Marty
7852ea1596 nixos/matomo: point path.geoip2 outside of the nix store.
path.geoip2 pointed to the nix store which is read-only. Matomo was
failing to download a geoip2 database. See #64759.
2022-02-16 22:21:44 +03:00
Sandro Jäckel
ae66e2d5ec
treewide: use configured nginx package 2022-02-08 12:13:30 +01:00
Kim Lindberger
b43e0ae859
Merge pull request #157719 from talyz/bookstack-secret-paths
nixos/bookstack: Make secret replacement strings more unique
2022-02-02 16:27:22 +01:00
talyz
be97b3b44d
nixos/bookstack: Make secret replacement strings more unique
If a secret path is a subset of a second secret path, there's a risk
that its secret is substituted for the matching part of the second
path. To prevent this, use the sha256 of the paths as placeholder
string instead.
2022-02-02 12:27:18 +01:00
Guillaume Girol
1df9e95ed7 nixos/miniflux: no cleartext password in the store 2022-01-31 21:31:28 +01:00
Guillaume Girol
d5ddafd0fa
Merge pull request #153219 from symphorien/doc-miniflux
nixos/miniflux: improve docs
2022-01-31 20:05:30 +00:00
Niklas Hambüchen
13f5c4c45b
Merge pull request #156731 from Ma27/bump-plausible
plausible: 1.4.0 -> 1.4.3
2022-01-29 22:32:15 +01:00
Ingo Blechschmidt
92eb5bc48e ethercalc: init at latest master (b19627) 2022-01-29 20:56:06 +01:00
Jörg Thalheim
956dab36a3 nextcloud: use tmpfiles to create group-readable home
users.users.*.createHome makes home only owner-readable.
This breaks nginx reading static assets from nextcloud's home,
after a nixos-rebuild that did not restart nextcloud-setup.

Closes #112639
2022-01-27 19:13:50 +01:00
Maximilian Bosch
e211c94b94
plausible: 1.4.0 -> 1.4.3
ChangeLog: https://github.com/plausible/analytics/blob/v1.4.3/CHANGELOG.md#unreleased

Also makes the option `services.plausible.releaseCookiePath` mandatory[1]: since Elixir
1.13 the `RELEASE_COOKIE` env-var *must* be set, otherwise the startup
fails[2]. Since we drop `$out/releases/COOKIE` in the `fixupPhase` of
`mixRelease` and Elixir seems to always attempt to generate such a
file[3], I figured it's reasonable to just make it mandatory now.

Closes #155575

[1] https://nixos.org/manual/nixos/stable/options.html#opt-services.plausible.releaseCookiePath
[2] f24eb2c1ef /
    https://github.com/elixir-lang/elixir/issues/11114
[3] https://hexdocs.pm/mix/Mix.Tasks.Release.html, see `:cookie`
2022-01-25 17:19:49 +01:00
Guillaume Girol
9a303957b9 nixos/miniflux: improve docs 2022-01-25 12:00:00 +00:00
Renaud
454272e7ff
Merge pull request #155847 from onny/dokuwikicleanup
nixos/dokuwiki: Minor code cleanup
2022-01-24 13:42:57 +01:00
Jonas Heinrich
c95e816c65
nixos/wordpress: Drop old deprecated interface (#152674) 2022-01-23 23:17:01 +09:00
Maximilian Bosch
588fd794b3
Merge pull request #155502 from yayayayaka/nextcloud-optional-headers
nixos/nextcloud: Optionally disable setting HTTP response headers
2022-01-21 10:53:28 +01:00
Jonas Heinrich
80475b46f5
nixos/invoiceplane: init module and package at 1.5.11 (#146909) 2022-01-20 22:45:35 +09:00
Jonas Heinrich
884daaafcb nixos/dokuwiki: Minor code cleanup 2022-01-20 12:01:09 +01:00
Nikolay Amiantov
e5e160e08e
Merge pull request #155367 from talyz/keycloak-loadcredential
nixos/keycloak: Use LoadCredential to load secrets + module formatting
2022-01-19 00:47:58 +03:00
Lara
7109660b9a nixos/nextcloud: Optionally disable setting HTTP response headers
This commit introduces a new option
`services.nextcloud.nginx.recommendedHttpHeaders` that can be used to
optionally disable serving recommended HTTP Response Headers in nginx.
This is especially useful if some headers are already configured
elsewhere to be served in nginx and thus result in duplicate headers.

Resolves #120223
2022-01-18 18:33:11 +00:00
talyz
07b64a2ad7
nixos/bookstack: Add option config to replace extraConfig
The `extraConfig` parameter only handles text - it doesn't support
arbitrary secrets and, with the way it's processed in the setup
script, it's very easy to accidentally unescape the echoed string and
run shell commands / feed garbage to bash.

To fix this, implement a new option, `config`, which instead takes a
typed attribute set, generates the `.env` file in nix and does
arbitrary secret replacement. This option is then used to provide the
configuration for all other options which change the `.env` file.
2022-01-18 15:16:23 +01:00
talyz
a0b54a0626
nixos/bookstack: Simplify the nginx setup
Use the recommended defaults and remove unnecessary configuration.
2022-01-18 15:16:17 +01:00
talyz
df607c1d1f
nixos/bookstack: Make the hostname configurable...
...and set a reasonable default `appURL` based on it.

This is pretty much required when configuring ACME, and useful in
general.
2022-01-18 15:16:11 +01:00
talyz
e7fa7fdffc
nixos/bookstack: Clear the cache more reliably
When upgrading bookstack, if something in the cache conflicts with the
new installation, the artisan commands might fail. To solve this, make
the cache lifetime bound to the setup service. This also removes the
`cacheDir` option, since the path is now handled automatically by
systemd.
2022-01-18 15:16:04 +01:00
talyz
95430e31f5
nixos/keycloak: Reformat the code with nixpkgs-fmt 2022-01-17 12:47:53 +01:00
talyz
21b1de2bcd
nixos/keycloak: Inherit library functions and builtins
Instead of referencing all library functions through `lib.` and
builtins through `builtins.` at every invocation, inherit them into
the appropriate scope.
2022-01-17 12:42:30 +01:00
talyz
5010f4fff9
nixos/keycloak: Use LoadCredential to load secrets
Use systemd's LoadCredential mechanism to make the secret files
available to the service.

This gets rid of the privileged part of the ExecPreStart script which
only served to copy these files and assign the correct
permissions. There's been issues with this approach when used in
combination with DynamicUser, where sometimes the user isn't created
before the ExecPreStart script runs, causing the error

install: invalid user ‘keycloak’

This should fix that issue.

Unfortunately, all of the ExecPreStart script had to be moved to
ExecStart, since credentials aren't provided to ExecPreStart. See
https://github.com/systemd/systemd/issues/19604.
2022-01-17 11:46:51 +01:00
Morgan Jones
9db1fb4772 nixos/mattermost: update release notes 2022-01-16 22:34:37 -07:00
Naïm Favier
bbfca6b6b9
nixos/prosody-filer: remove usage of literalExample 2022-01-16 22:10:47 +01:00
Kim Lindberger
cdd600c430
Merge pull request #154193 from abbradar/keycloak-changes
keycloak: 15.1.0 -> 16.1.0 + module improvements
2022-01-16 11:27:29 +01:00
Nikolay Amiantov
97a0cf62f0 keycloak service: allow to set empty frontend URL
This together with extraConfig:

{
  "subsystem=undertow"."server=default-server"."http-listener=default"."proxy-address-forwarding" = true;
  "subsystem=undertow"."server=default-server"."https-listener=https"."proxy-address-forwarding" = true;
}

Allows to run Keycloak behind a reverse proxy that provides
X-Forwarded-* headers.
2022-01-16 11:41:50 +03:00
Nikolay Amiantov
84f70eefd1 keycloak service: add themes support
Custom themes can be packaged and then added using `themes` config
attribute.
2022-01-16 11:41:50 +03:00
Nikolay Amiantov
a42abe27c0 keycloak service: use 'attrsOf anything' for extraConfig 2022-01-16 11:25:44 +03:00
Nikolay Amiantov
827267a27f keycloak service: update HTTPS configuration
Keycloak 16.1.0 uses different way to configure HTTPS.
This requires us to order commands correctly, otherwise linked
objects will fail.
2022-01-16 11:25:44 +03:00
Nikolay Amiantov
3c7e78cc6a keycloak service: ordering for CLI script
Allow update commands in the script to be ordered using `mkOrder`.
If we encounter ordered sub-objects we sort them by priority.

To implement this we now explicitly pass current node in `recurse`,
which also allows us to clean up edge case for top-level node.

Also refactor `recurse` to avoid passing result text argument; we
weren't tail recursive before anyway.
2022-01-16 11:25:44 +03:00
Jonas Heinrich
75d417c267
nixos/dokuwiki: Drop deprecated old interface (#152676) 2022-01-16 02:38:20 +09:00
Matthias Beyer
1f10b0434f timetagger: Make enable option with mkOption
Signed-off-by: Matthias Beyer <mail@beyermatthias.de>
2022-01-15 09:07:54 +01:00
Matthias Beyer
a24dc8d2ef timetagger: Use default value for package option
Signed-off-by: Matthias Beyer <mail@beyermatthias.de>
Suggested-by: Aaron Andersen <aaron@fosslib.net>
2022-01-15 09:07:52 +01:00