Loading nixos/modules/services/web-apps/onlyoffice.nix +7 −20 Original line number Diff line number Diff line Loading @@ -7,10 +7,6 @@ let cfg = config.services.onlyoffice; defaultNginxNonceFileContent = "set $secure_link_secret \"mynonce\";"; defaultNginxNonceFile = pkgs.writeText "onlyoffice-nonce-nginx.conf" '' ${defaultNginxNonceFileContent} ''; in { options.services.onlyoffice = { Loading @@ -26,17 +22,14 @@ in securityNonceFile = lib.mkOption { type = lib.types.str; default = "${defaultNginxNonceFile}"; defaultText = lib.literalExpression '' (pkgs.writeText "onlyoffice-nonce-nginx.conf" \'\' ${defaultNginxNonceFileContent} \'\').outPath; ''; example = "/run/keys/onlyoffice-nginx-nonce.conf"; description = '' Path to a file that contains a secret to sign web requests. This file should set a 'secure_link_secret' nginx variable, and ideally be managed by a [secret managing scheme](https://wiki.nixos.org/wiki/Comparison_of_secret_managing_schemes). File holding nginx configuration that sets the nonce used to create secret links. Example: ``` set $secure_link_secret "changeme"; ``` ''; }; Loading Loading @@ -103,12 +96,6 @@ in }; config = lib.mkIf cfg.enable { warnings = [ (lib.optionalString (cfg.securityNonceFile == "${defaultNginxNonceFile}") '' Please set `options.services.onlyoffice.securityNonceFile` to avoid an (albeit unlikely) information disclosure issue. '') ]; services = { nginx = { enable = lib.mkDefault true; Loading Loading
nixos/modules/services/web-apps/onlyoffice.nix +7 −20 Original line number Diff line number Diff line Loading @@ -7,10 +7,6 @@ let cfg = config.services.onlyoffice; defaultNginxNonceFileContent = "set $secure_link_secret \"mynonce\";"; defaultNginxNonceFile = pkgs.writeText "onlyoffice-nonce-nginx.conf" '' ${defaultNginxNonceFileContent} ''; in { options.services.onlyoffice = { Loading @@ -26,17 +22,14 @@ in securityNonceFile = lib.mkOption { type = lib.types.str; default = "${defaultNginxNonceFile}"; defaultText = lib.literalExpression '' (pkgs.writeText "onlyoffice-nonce-nginx.conf" \'\' ${defaultNginxNonceFileContent} \'\').outPath; ''; example = "/run/keys/onlyoffice-nginx-nonce.conf"; description = '' Path to a file that contains a secret to sign web requests. This file should set a 'secure_link_secret' nginx variable, and ideally be managed by a [secret managing scheme](https://wiki.nixos.org/wiki/Comparison_of_secret_managing_schemes). File holding nginx configuration that sets the nonce used to create secret links. Example: ``` set $secure_link_secret "changeme"; ``` ''; }; Loading Loading @@ -103,12 +96,6 @@ in }; config = lib.mkIf cfg.enable { warnings = [ (lib.optionalString (cfg.securityNonceFile == "${defaultNginxNonceFile}") '' Please set `options.services.onlyoffice.securityNonceFile` to avoid an (albeit unlikely) information disclosure issue. '') ]; services = { nginx = { enable = lib.mkDefault true; Loading
Martin Weinelt <hexa@darmstadt.ccc.de>Martin Weinelt <hexa@darmstadt.ccc.de>