Loading maintainers/maintainer-list.nix +12 −2 Original line number Diff line number Diff line Loading @@ -4905,6 +4905,12 @@ githubId = 217918; name = "Viktor Kronvall"; }; Continous = { email = "continous159@gmail.com"; github = "Continous"; githubId = 4413336; name = "Dusty Carrier"; }; contrun = { email = "uuuuuu@protonmail.com"; github = "contrun"; Loading Loading @@ -26834,8 +26840,12 @@ name = "zimward"; github = "zimward"; githubId = 96021122; matrix = "@memoryfragmentation:matrix.org"; keys = [ { fingerprint = "CBF7 FA5E F4B5 8B68 5977 3E3E 4CAC 61D6 A482 FCD9"; } ]; matrix = "@zimward:zimward.moe"; email = "zimward@zimward.moe"; keys = [ { fingerprint = "CBF7 FA5E F4B5 8B68 5977 3E3E 4CAC 61D6 A482 FCD9"; } { fingerprint = "E22F 760E E074 E57A 21CB 1733 8DD2 9BB5 2C25 EA09"; } ]; }; zlepper = { name = "Rasmus Hansen"; nixos/modules/services/networking/freenet.nix +10 −24 Original line number Diff line number Diff line # NixOS module for Freenet daemon { config, lib, pkgs, ... }: let let cfg = config.services.freenet; varDir = "/var/lib/freenet"; in { ### configuration options = { services.freenet = { enable = lib.mkOption { type = lib.types.bool; default = false; description = "Enable the Freenet daemon"; }; enable = lib.mkEnableOption "Freenet daemon"; nice = lib.mkOption { type = lib.types.int; default = 10; description = "Set the nice level for the Freenet daemon"; }; }; }; ### implementation config = lib.mkIf cfg.enable { systemd.services.freenet = { description = "Freenet daemon"; after = [ "network.target" ]; wantedBy = [ "multi-user.target" ]; serviceConfig.ExecStart = "${pkgs.freenet}/bin/freenet"; serviceConfig.User = "freenet"; serviceConfig.UMask = "0007"; serviceConfig.WorkingDirectory = varDir; serviceConfig.Nice = cfg.nice; serviceConfig = { ExecStart = lib.getExe pkgs.freenet; User = "freenet"; UMask = "0007"; WorkingDirectory = varDir; Nice = cfg.nice; }; }; users.users.freenet = { Loading @@ -62,4 +47,5 @@ in users.groups.freenet.gid = config.ids.gids.freenet; }; meta.maintainers = with lib.maintainers; [ nagy ]; } nixos/modules/services/web-apps/movim.nix +193 −86 Original line number Diff line number Diff line Loading @@ -128,10 +128,8 @@ let '' echo -n "Precompressing static files with Brotli …" find ${appDir}/public -type f ${findTextFileNames} -print0 \ | xargs -0 -n 1 -P $NIX_BUILD_CORES ${pkgs.writeShellScript "movim_precompress_broti" '' file="$1" ${lib.getExe brotli.package} --keep --quality=${builtins.toString brotli.compressionLevel} --output=$file.br $file ''} | xargs -0 -P$NIX_BUILD_CORES -n1 -I{} \ ${lib.getExe brotli.package} --keep --quality=${builtins.toString brotli.compressionLevel} --output={}.br {} echo " done." '' ) Loading @@ -139,10 +137,8 @@ let '' echo -n "Precompressing static files with Gzip …" find ${appDir}/public -type f ${findTextFileNames} -print0 \ | xargs -0 -n 1 -P $NIX_BUILD_CORES ${pkgs.writeShellScript "movim_precompress_gzip" '' file="$1" ${lib.getExe gzip.package} -c -${builtins.toString gzip.compressionLevel} $file > $file.gz ''} | xargs -0 -P$NIX_BUILD_CORES -n1 -I{} \ ${lib.getExe gzip.package} -c -${builtins.toString gzip.compressionLevel} {} > {}.gz echo " done." '' ) Loading Loading @@ -175,6 +171,37 @@ let "mysql" = "mysql.service"; } .${cfg.database.type}; # exclusivity asserted in `assertions` webServerService = if cfg.h2o != null then "h2o.service" else if cfg.nginx != null then "nginx.service" else null; socketOwner = if cfg.h2o != null then config.services.h2o.user else if cfg.nginx != null then config.services.nginx.user else cfg.user; # Movim needs a lot of unsafe values to function at this time. Perhaps if # this is ever addressed in the future, the PHP application will send up the # proper directive. For now this fairly conservative CSP will restrict a lot # of potentially bad stuff as well as take in inventory of the features used. # # See: https://github.com/movim/movim/issues/314 movimCSP = lib.concatStringsSep "; " [ "default-src 'self'" "img-src 'self' aesgcm: data: https:" "media-src 'self' aesgcm: https:" "script-src 'self' 'unsafe-eval' 'unsafe-inline'" "style-src 'self' 'unsafe-inline'" ]; in { options.services = { Loading Loading @@ -209,19 +236,19 @@ in }; dataDir = mkOption { type = types.nonEmptyStr; type = types.path; default = "/var/lib/movim"; description = "State directory of the `movim` user which holds the application’s state & data."; }; logDir = mkOption { type = types.nonEmptyStr; type = types.path; default = "/var/log/movim"; description = "Log directory of the `movim` user which holds the application’s logs."; }; runtimeDir = mkOption { type = types.nonEmptyStr; type = types.path; default = "/run/movim"; description = "Runtime directory of the `movim` user which holds the application’s caches & temporary files."; }; Loading Loading @@ -319,9 +346,7 @@ in }; precompressStaticFiles = mkOption { type = with types; submodule { type = types.submodule { options = { brotli = { enable = mkEnableOption "Brotli precompression"; Loading Loading @@ -354,67 +379,67 @@ in type = types.submodule { options = { info = mkOption { type = with types; nullOr str; type = types.nullOr types.nonEmptyStr; default = null; description = "Content of the info box on the login page"; }; description = mkOption { type = with types; nullOr str; type = types.nullOr types.nonEmptyStr; default = null; description = "General description of the instance"; }; timezone = mkOption { type = with types; nullOr str; type = types.nullOr types.nonEmptyStr; default = null; description = "The server timezone"; }; restrictsuggestions = mkOption { type = with types; nullOr bool; type = types.nullOr types.bool; default = null; description = "Only suggest chatrooms, Communities and other contents that are available on the user XMPP server and related services"; }; chatonly = mkOption { type = with types; nullOr bool; type = types.nullOr types.bool; default = null; description = "Disable all the social feature (Communities, Blog…) and keep only the chat ones"; }; disableregistration = mkOption { type = with types; nullOr bool; type = types.nullOr types.bool; default = null; description = "Remove the XMPP registration flow and buttons from the interface"; }; loglevel = mkOption { type = with types; nullOr (ints.between 0 3); type = types.nullOr (types.ints.between 0 3); default = null; description = "The server loglevel"; }; locale = mkOption { type = with types; nullOr str; type = types.nullOr types.nonEmptyStr; default = null; description = "The server main locale"; }; xmppdomain = mkOption { type = with types; nullOr str; type = types.nullOr types.nonEmptyStr; default = null; description = "The default XMPP server domain"; }; xmppdescription = mkOption { type = with types; nullOr str; type = types.nullOr types.nonEmptyStr; default = null; description = "The default XMPP server description"; }; xmppwhitelist = mkOption { type = with types; nullOr str; type = types.nullOr types.nonEmptyStr; default = null; description = "The allowlisted XMPP servers"; }; Loading Loading @@ -442,7 +467,7 @@ in }; secretFile = mkOption { type = with types; nullOr path; type = types.nullOr types.path; default = null; description = "The secret file to be sourced for the .env settings."; }; Loading @@ -459,13 +484,13 @@ in }; name = mkOption { type = types.str; type = types.nonEmptyStr; default = "movim"; description = "Database name."; }; user = mkOption { type = types.str; type = types.nonEmptyStr; default = "movim"; description = "Database username."; }; Loading @@ -477,33 +502,53 @@ in }; }; nginx = mkOption { type = with types; nullOr ( submodule ( import ../web-servers/nginx/vhost-options.nix { inherit config lib; h2o = mkOption { type = types.nullOr ( types.submodule (import ../web-servers/h2o/vhost-options.nix { inherit config lib; }) ); default = null; example = lib.literalExpression # nix '' { serverAliases = [ "pics.''${config.movim.domain}" ]; acme.enable = true; tls.policy = "force"; } ) ''; description = '' With this option, you can customize an H2O virtual host which already has sensible defaults for Movim. Set to `{ }` if you do not need any customization to the virtual host. If enabled, then by default, the {option}`serverName` is `''${domain}`, If this is set to `null` (the default), no H2O `hosts` will be configured. ''; }; nginx = mkOption { type = types.nullOr ( types.submodule (import ../web-servers/nginx/vhost-options.nix { inherit config lib; }) ); default = null; example = lib.literalExpression # nginx lib.literalExpression # nix '' { serverAliases = [ "pics.''${config.networking.domain}" "pics.''${config.movim.domain}" ]; enableACME = true; forceHttps = true; } ''; description = '' With this option, you can customize an nginx virtual host which already has sensible defaults for Movim. Set to `{ }` if you do not need any customization to the virtual host. If enabled, then by default, the {option}`serverName` is `''${domain}`, If this is set to null (the default), no nginx virtualHost will be configured. With this option, you can customize an Nginx virtual host which already has sensible defaults for Movim. Set to `{ }` if you do not need any customization to the virtual host. If enabled, then by default, the {option}`serverName` is `''${domain}`, If this is set to `null` (the default), no Nginx `virtualHost` will be configured. ''; }; Loading @@ -522,6 +567,25 @@ in }; config = mkIf cfg.enable { assertions = [ ( let webServers = [ "h2o" "nginx" ]; checkConfigs = lib.concatMapStringsSep ", " (ws: "services.movim.${ws}") webServers; in { assertion = builtins.length (lib.lists.filter (ws: cfg.${ws} != null) webServers) <= 1; message = '' At most 1 web server virtual host configuration should be enabled for Movim at a time. Check ${checkConfigs}. ''; } ) ]; environment.systemPackages = [ package ]; users = { Loading @@ -532,6 +596,9 @@ in group = cfg.group; }; } // lib.optionalAttrs (cfg.h2o != null) { "${config.services.h2o.user}".extraGroups = [ cfg.group ]; } // lib.optionalAttrs (cfg.nginx != null) { "${config.services.nginx.user}".extraGroups = [ cfg.group ]; }; Loading Loading @@ -578,6 +645,51 @@ in }; }; h2o = mkIf (cfg.h2o != null) { enable = true; hosts."${cfg.domain}" = mkMerge [ { settings = { paths = { "/ws/" = { "proxy.preserve-host" = "ON"; "proxy.tunnel" = "ON"; "proxy.reverse.url" = "http://${cfg.settings.DAEMON_INTERFACE}:${builtins.toString cfg.port}/"; }; "/" = { "file.dir" = "${package}/share/php/movim/public"; "file.index" = [ "index.php" "index.html" ]; redirect = { url = "/index.php/"; internal = "YES"; status = 307; }; "header.set" = [ "Content-Security-Policy: ${movimCSP}" ]; } // lib.optionalAttrs (with cfg.precompressStaticFiles; brotli.enable || gzip.enable) { "file.send-compressed" = "ON"; }; }; "file.custom-handler" = { extension = [ ".php" ]; "fastcgi.document_root" = package; "fastcgi.connect" = { port = fpm.socket; type = "unix"; }; }; }; } cfg.h2o ]; }; nginx = mkIf (cfg.nginx != null) ( { enable = true; Loading Loading @@ -631,8 +743,7 @@ in tryFiles = "$uri $uri/ /index.php$is_args$args"; extraConfig = # nginx '' # https://github.com/movim/movim/issues/314 add_header Content-Security-Policy "default-src 'self'; img-src 'self' aesgcm: https:; media-src 'self' aesgcm: https:; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline';"; add_header Content-Security-Policy "${movimCSP}"; set $no_cache 1; ''; }; Loading Loading @@ -665,7 +776,7 @@ in ''; }; }; extraConfig = # ngnix extraConfig = # nginx '' index index.php; ''; Loading Loading @@ -706,11 +817,7 @@ in ''; }; phpfpm.pools.${pool} = let socketOwner = if (cfg.nginx != null) then config.services.nginx.user else cfg.user; in { phpfpm.pools.${pool} = { phpPackage = package.php; user = cfg.user; group = cfg.group; Loading Loading @@ -788,9 +895,9 @@ in }; services.${phpExecutionUnit} = { wantedBy = lib.optional (cfg.nginx != null) "nginx.service"; wantedBy = lib.optional (webServerService != null) webServerService; requiredBy = [ "movim.service" ]; before = [ "movim.service" ] ++ lib.optional (cfg.nginx != null) "nginx.service"; before = [ "movim.service" ] ++ lib.optional (webServerService != null) webServerService; wants = [ "network.target" ]; requires = [ "movim-data-setup.service" ] ++ lib.optional cfg.database.createLocally dbService; after = [ "movim-data-setup.service" ] ++ lib.optional cfg.database.createLocally dbService; Loading @@ -809,14 +916,14 @@ in "${phpExecutionUnit}.service" ] ++ lib.optional cfg.database.createLocally dbService ++ lib.optional (cfg.nginx != null) "nginx.service"; ++ lib.optional (webServerService != null) webServerService; after = [ "movim-data-setup.service" "${phpExecutionUnit}.service" ] ++ lib.optional cfg.database.createLocally dbService ++ lib.optional (cfg.nginx != null) "nginx.service"; ++ lib.optional (webServerService != null) webServerService; environment = { PUBLIC_URL = "//${cfg.domain}"; WS_PORT = builtins.toString cfg.port; Loading nixos/tests/all-tests.nix +4 −4 Original line number Diff line number Diff line Loading @@ -229,7 +229,7 @@ in bazarr = runTest ./bazarr.nix; bcachefs = runTestOn [ "x86_64-linux" "aarch64-linux" ] ./bcachefs.nix; beanstalkd = runTest ./beanstalkd.nix; bees = handleTest ./bees.nix { }; bees = runTest ./bees.nix; benchexec = handleTest ./benchexec.nix { }; binary-cache = runTest { imports = [ ./binary-cache.nix ]; Loading Loading @@ -492,7 +492,7 @@ in inherit runTest; forgejoPackage = pkgs.forgejo-lts; }; freenet = handleTest ./freenet.nix { }; freenet = runTest ./freenet.nix; freeswitch = handleTest ./freeswitch.nix { }; freetube = discoverTests (import ./freetube.nix); freshrss = handleTest ./freshrss { }; Loading Loading @@ -656,7 +656,7 @@ in jotta-cli = handleTest ./jotta-cli.nix { }; k3s = handleTest ./k3s { }; kafka = handleTest ./kafka.nix { }; kanboard = handleTest ./web-apps/kanboard.nix { }; kanboard = runTest ./web-apps/kanboard.nix; kanidm = handleTest ./kanidm.nix { }; kanidm-provisioning = handleTest ./kanidm-provisioning.nix { }; karma = handleTest ./karma.nix { }; Loading Loading @@ -802,7 +802,7 @@ in morty = handleTest ./morty.nix { }; mosquitto = runTest ./mosquitto.nix; moosefs = handleTest ./moosefs.nix { }; movim = discoverTests (import ./web-apps/movim { inherit handleTestOn; }); movim = import ./web-apps/movim { inherit recurseIntoAttrs runTest; }; mpd = handleTest ./mpd.nix { }; mpv = runTest ./mpv.nix; mtp = handleTest ./mtp.nix { }; Loading nixos/tests/bees.nix +64 −66 Original line number Diff line number Diff line import ./make-test-python.nix ( { lib, pkgs, ... }: { name = "bees"; Loading Loading @@ -71,4 +70,3 @@ import ./make-test-python.nix ( ) ''; } ) Loading
maintainers/maintainer-list.nix +12 −2 Original line number Diff line number Diff line Loading @@ -4905,6 +4905,12 @@ githubId = 217918; name = "Viktor Kronvall"; }; Continous = { email = "continous159@gmail.com"; github = "Continous"; githubId = 4413336; name = "Dusty Carrier"; }; contrun = { email = "uuuuuu@protonmail.com"; github = "contrun"; Loading Loading @@ -26834,8 +26840,12 @@ name = "zimward"; github = "zimward"; githubId = 96021122; matrix = "@memoryfragmentation:matrix.org"; keys = [ { fingerprint = "CBF7 FA5E F4B5 8B68 5977 3E3E 4CAC 61D6 A482 FCD9"; } ]; matrix = "@zimward:zimward.moe"; email = "zimward@zimward.moe"; keys = [ { fingerprint = "CBF7 FA5E F4B5 8B68 5977 3E3E 4CAC 61D6 A482 FCD9"; } { fingerprint = "E22F 760E E074 E57A 21CB 1733 8DD2 9BB5 2C25 EA09"; } ]; }; zlepper = { name = "Rasmus Hansen";
nixos/modules/services/networking/freenet.nix +10 −24 Original line number Diff line number Diff line # NixOS module for Freenet daemon { config, lib, pkgs, ... }: let let cfg = config.services.freenet; varDir = "/var/lib/freenet"; in { ### configuration options = { services.freenet = { enable = lib.mkOption { type = lib.types.bool; default = false; description = "Enable the Freenet daemon"; }; enable = lib.mkEnableOption "Freenet daemon"; nice = lib.mkOption { type = lib.types.int; default = 10; description = "Set the nice level for the Freenet daemon"; }; }; }; ### implementation config = lib.mkIf cfg.enable { systemd.services.freenet = { description = "Freenet daemon"; after = [ "network.target" ]; wantedBy = [ "multi-user.target" ]; serviceConfig.ExecStart = "${pkgs.freenet}/bin/freenet"; serviceConfig.User = "freenet"; serviceConfig.UMask = "0007"; serviceConfig.WorkingDirectory = varDir; serviceConfig.Nice = cfg.nice; serviceConfig = { ExecStart = lib.getExe pkgs.freenet; User = "freenet"; UMask = "0007"; WorkingDirectory = varDir; Nice = cfg.nice; }; }; users.users.freenet = { Loading @@ -62,4 +47,5 @@ in users.groups.freenet.gid = config.ids.gids.freenet; }; meta.maintainers = with lib.maintainers; [ nagy ]; }
nixos/modules/services/web-apps/movim.nix +193 −86 Original line number Diff line number Diff line Loading @@ -128,10 +128,8 @@ let '' echo -n "Precompressing static files with Brotli …" find ${appDir}/public -type f ${findTextFileNames} -print0 \ | xargs -0 -n 1 -P $NIX_BUILD_CORES ${pkgs.writeShellScript "movim_precompress_broti" '' file="$1" ${lib.getExe brotli.package} --keep --quality=${builtins.toString brotli.compressionLevel} --output=$file.br $file ''} | xargs -0 -P$NIX_BUILD_CORES -n1 -I{} \ ${lib.getExe brotli.package} --keep --quality=${builtins.toString brotli.compressionLevel} --output={}.br {} echo " done." '' ) Loading @@ -139,10 +137,8 @@ let '' echo -n "Precompressing static files with Gzip …" find ${appDir}/public -type f ${findTextFileNames} -print0 \ | xargs -0 -n 1 -P $NIX_BUILD_CORES ${pkgs.writeShellScript "movim_precompress_gzip" '' file="$1" ${lib.getExe gzip.package} -c -${builtins.toString gzip.compressionLevel} $file > $file.gz ''} | xargs -0 -P$NIX_BUILD_CORES -n1 -I{} \ ${lib.getExe gzip.package} -c -${builtins.toString gzip.compressionLevel} {} > {}.gz echo " done." '' ) Loading Loading @@ -175,6 +171,37 @@ let "mysql" = "mysql.service"; } .${cfg.database.type}; # exclusivity asserted in `assertions` webServerService = if cfg.h2o != null then "h2o.service" else if cfg.nginx != null then "nginx.service" else null; socketOwner = if cfg.h2o != null then config.services.h2o.user else if cfg.nginx != null then config.services.nginx.user else cfg.user; # Movim needs a lot of unsafe values to function at this time. Perhaps if # this is ever addressed in the future, the PHP application will send up the # proper directive. For now this fairly conservative CSP will restrict a lot # of potentially bad stuff as well as take in inventory of the features used. # # See: https://github.com/movim/movim/issues/314 movimCSP = lib.concatStringsSep "; " [ "default-src 'self'" "img-src 'self' aesgcm: data: https:" "media-src 'self' aesgcm: https:" "script-src 'self' 'unsafe-eval' 'unsafe-inline'" "style-src 'self' 'unsafe-inline'" ]; in { options.services = { Loading Loading @@ -209,19 +236,19 @@ in }; dataDir = mkOption { type = types.nonEmptyStr; type = types.path; default = "/var/lib/movim"; description = "State directory of the `movim` user which holds the application’s state & data."; }; logDir = mkOption { type = types.nonEmptyStr; type = types.path; default = "/var/log/movim"; description = "Log directory of the `movim` user which holds the application’s logs."; }; runtimeDir = mkOption { type = types.nonEmptyStr; type = types.path; default = "/run/movim"; description = "Runtime directory of the `movim` user which holds the application’s caches & temporary files."; }; Loading Loading @@ -319,9 +346,7 @@ in }; precompressStaticFiles = mkOption { type = with types; submodule { type = types.submodule { options = { brotli = { enable = mkEnableOption "Brotli precompression"; Loading Loading @@ -354,67 +379,67 @@ in type = types.submodule { options = { info = mkOption { type = with types; nullOr str; type = types.nullOr types.nonEmptyStr; default = null; description = "Content of the info box on the login page"; }; description = mkOption { type = with types; nullOr str; type = types.nullOr types.nonEmptyStr; default = null; description = "General description of the instance"; }; timezone = mkOption { type = with types; nullOr str; type = types.nullOr types.nonEmptyStr; default = null; description = "The server timezone"; }; restrictsuggestions = mkOption { type = with types; nullOr bool; type = types.nullOr types.bool; default = null; description = "Only suggest chatrooms, Communities and other contents that are available on the user XMPP server and related services"; }; chatonly = mkOption { type = with types; nullOr bool; type = types.nullOr types.bool; default = null; description = "Disable all the social feature (Communities, Blog…) and keep only the chat ones"; }; disableregistration = mkOption { type = with types; nullOr bool; type = types.nullOr types.bool; default = null; description = "Remove the XMPP registration flow and buttons from the interface"; }; loglevel = mkOption { type = with types; nullOr (ints.between 0 3); type = types.nullOr (types.ints.between 0 3); default = null; description = "The server loglevel"; }; locale = mkOption { type = with types; nullOr str; type = types.nullOr types.nonEmptyStr; default = null; description = "The server main locale"; }; xmppdomain = mkOption { type = with types; nullOr str; type = types.nullOr types.nonEmptyStr; default = null; description = "The default XMPP server domain"; }; xmppdescription = mkOption { type = with types; nullOr str; type = types.nullOr types.nonEmptyStr; default = null; description = "The default XMPP server description"; }; xmppwhitelist = mkOption { type = with types; nullOr str; type = types.nullOr types.nonEmptyStr; default = null; description = "The allowlisted XMPP servers"; }; Loading Loading @@ -442,7 +467,7 @@ in }; secretFile = mkOption { type = with types; nullOr path; type = types.nullOr types.path; default = null; description = "The secret file to be sourced for the .env settings."; }; Loading @@ -459,13 +484,13 @@ in }; name = mkOption { type = types.str; type = types.nonEmptyStr; default = "movim"; description = "Database name."; }; user = mkOption { type = types.str; type = types.nonEmptyStr; default = "movim"; description = "Database username."; }; Loading @@ -477,33 +502,53 @@ in }; }; nginx = mkOption { type = with types; nullOr ( submodule ( import ../web-servers/nginx/vhost-options.nix { inherit config lib; h2o = mkOption { type = types.nullOr ( types.submodule (import ../web-servers/h2o/vhost-options.nix { inherit config lib; }) ); default = null; example = lib.literalExpression # nix '' { serverAliases = [ "pics.''${config.movim.domain}" ]; acme.enable = true; tls.policy = "force"; } ) ''; description = '' With this option, you can customize an H2O virtual host which already has sensible defaults for Movim. Set to `{ }` if you do not need any customization to the virtual host. If enabled, then by default, the {option}`serverName` is `''${domain}`, If this is set to `null` (the default), no H2O `hosts` will be configured. ''; }; nginx = mkOption { type = types.nullOr ( types.submodule (import ../web-servers/nginx/vhost-options.nix { inherit config lib; }) ); default = null; example = lib.literalExpression # nginx lib.literalExpression # nix '' { serverAliases = [ "pics.''${config.networking.domain}" "pics.''${config.movim.domain}" ]; enableACME = true; forceHttps = true; } ''; description = '' With this option, you can customize an nginx virtual host which already has sensible defaults for Movim. Set to `{ }` if you do not need any customization to the virtual host. If enabled, then by default, the {option}`serverName` is `''${domain}`, If this is set to null (the default), no nginx virtualHost will be configured. With this option, you can customize an Nginx virtual host which already has sensible defaults for Movim. Set to `{ }` if you do not need any customization to the virtual host. If enabled, then by default, the {option}`serverName` is `''${domain}`, If this is set to `null` (the default), no Nginx `virtualHost` will be configured. ''; }; Loading @@ -522,6 +567,25 @@ in }; config = mkIf cfg.enable { assertions = [ ( let webServers = [ "h2o" "nginx" ]; checkConfigs = lib.concatMapStringsSep ", " (ws: "services.movim.${ws}") webServers; in { assertion = builtins.length (lib.lists.filter (ws: cfg.${ws} != null) webServers) <= 1; message = '' At most 1 web server virtual host configuration should be enabled for Movim at a time. Check ${checkConfigs}. ''; } ) ]; environment.systemPackages = [ package ]; users = { Loading @@ -532,6 +596,9 @@ in group = cfg.group; }; } // lib.optionalAttrs (cfg.h2o != null) { "${config.services.h2o.user}".extraGroups = [ cfg.group ]; } // lib.optionalAttrs (cfg.nginx != null) { "${config.services.nginx.user}".extraGroups = [ cfg.group ]; }; Loading Loading @@ -578,6 +645,51 @@ in }; }; h2o = mkIf (cfg.h2o != null) { enable = true; hosts."${cfg.domain}" = mkMerge [ { settings = { paths = { "/ws/" = { "proxy.preserve-host" = "ON"; "proxy.tunnel" = "ON"; "proxy.reverse.url" = "http://${cfg.settings.DAEMON_INTERFACE}:${builtins.toString cfg.port}/"; }; "/" = { "file.dir" = "${package}/share/php/movim/public"; "file.index" = [ "index.php" "index.html" ]; redirect = { url = "/index.php/"; internal = "YES"; status = 307; }; "header.set" = [ "Content-Security-Policy: ${movimCSP}" ]; } // lib.optionalAttrs (with cfg.precompressStaticFiles; brotli.enable || gzip.enable) { "file.send-compressed" = "ON"; }; }; "file.custom-handler" = { extension = [ ".php" ]; "fastcgi.document_root" = package; "fastcgi.connect" = { port = fpm.socket; type = "unix"; }; }; }; } cfg.h2o ]; }; nginx = mkIf (cfg.nginx != null) ( { enable = true; Loading Loading @@ -631,8 +743,7 @@ in tryFiles = "$uri $uri/ /index.php$is_args$args"; extraConfig = # nginx '' # https://github.com/movim/movim/issues/314 add_header Content-Security-Policy "default-src 'self'; img-src 'self' aesgcm: https:; media-src 'self' aesgcm: https:; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline';"; add_header Content-Security-Policy "${movimCSP}"; set $no_cache 1; ''; }; Loading Loading @@ -665,7 +776,7 @@ in ''; }; }; extraConfig = # ngnix extraConfig = # nginx '' index index.php; ''; Loading Loading @@ -706,11 +817,7 @@ in ''; }; phpfpm.pools.${pool} = let socketOwner = if (cfg.nginx != null) then config.services.nginx.user else cfg.user; in { phpfpm.pools.${pool} = { phpPackage = package.php; user = cfg.user; group = cfg.group; Loading Loading @@ -788,9 +895,9 @@ in }; services.${phpExecutionUnit} = { wantedBy = lib.optional (cfg.nginx != null) "nginx.service"; wantedBy = lib.optional (webServerService != null) webServerService; requiredBy = [ "movim.service" ]; before = [ "movim.service" ] ++ lib.optional (cfg.nginx != null) "nginx.service"; before = [ "movim.service" ] ++ lib.optional (webServerService != null) webServerService; wants = [ "network.target" ]; requires = [ "movim-data-setup.service" ] ++ lib.optional cfg.database.createLocally dbService; after = [ "movim-data-setup.service" ] ++ lib.optional cfg.database.createLocally dbService; Loading @@ -809,14 +916,14 @@ in "${phpExecutionUnit}.service" ] ++ lib.optional cfg.database.createLocally dbService ++ lib.optional (cfg.nginx != null) "nginx.service"; ++ lib.optional (webServerService != null) webServerService; after = [ "movim-data-setup.service" "${phpExecutionUnit}.service" ] ++ lib.optional cfg.database.createLocally dbService ++ lib.optional (cfg.nginx != null) "nginx.service"; ++ lib.optional (webServerService != null) webServerService; environment = { PUBLIC_URL = "//${cfg.domain}"; WS_PORT = builtins.toString cfg.port; Loading
nixos/tests/all-tests.nix +4 −4 Original line number Diff line number Diff line Loading @@ -229,7 +229,7 @@ in bazarr = runTest ./bazarr.nix; bcachefs = runTestOn [ "x86_64-linux" "aarch64-linux" ] ./bcachefs.nix; beanstalkd = runTest ./beanstalkd.nix; bees = handleTest ./bees.nix { }; bees = runTest ./bees.nix; benchexec = handleTest ./benchexec.nix { }; binary-cache = runTest { imports = [ ./binary-cache.nix ]; Loading Loading @@ -492,7 +492,7 @@ in inherit runTest; forgejoPackage = pkgs.forgejo-lts; }; freenet = handleTest ./freenet.nix { }; freenet = runTest ./freenet.nix; freeswitch = handleTest ./freeswitch.nix { }; freetube = discoverTests (import ./freetube.nix); freshrss = handleTest ./freshrss { }; Loading Loading @@ -656,7 +656,7 @@ in jotta-cli = handleTest ./jotta-cli.nix { }; k3s = handleTest ./k3s { }; kafka = handleTest ./kafka.nix { }; kanboard = handleTest ./web-apps/kanboard.nix { }; kanboard = runTest ./web-apps/kanboard.nix; kanidm = handleTest ./kanidm.nix { }; kanidm-provisioning = handleTest ./kanidm-provisioning.nix { }; karma = handleTest ./karma.nix { }; Loading Loading @@ -802,7 +802,7 @@ in morty = handleTest ./morty.nix { }; mosquitto = runTest ./mosquitto.nix; moosefs = handleTest ./moosefs.nix { }; movim = discoverTests (import ./web-apps/movim { inherit handleTestOn; }); movim = import ./web-apps/movim { inherit recurseIntoAttrs runTest; }; mpd = handleTest ./mpd.nix { }; mpv = runTest ./mpv.nix; mtp = handleTest ./mtp.nix { }; Loading
nixos/tests/bees.nix +64 −66 Original line number Diff line number Diff line import ./make-test-python.nix ( { lib, pkgs, ... }: { name = "bees"; Loading Loading @@ -71,4 +70,3 @@ import ./make-test-python.nix ( ) ''; } )
![nixpkgs-ci[bot]'s avatar](https://secure.gravatar.com/avatar/21d9e4256a026824783d9069d7622ceb22d44398fd318ddfee596c72e5556369?s=48&d=identicon "nixpkgs-ci[bot]")