diff options
Diffstat (limited to 'nixos/modules/services/web-apps')
22 files changed, 143 insertions, 54 deletions
diff --git a/nixos/modules/services/web-apps/bookstack.nix b/nixos/modules/services/web-apps/bookstack.nix index 40bb377e2c8..d846c98577c 100644 --- a/nixos/modules/services/web-apps/bookstack.nix +++ b/nixos/modules/services/web-apps/bookstack.nix @@ -359,7 +359,7 @@ in { }; systemd.services.bookstack-setup = { - description = "Preperation tasks for BookStack"; + description = "Preparation tasks for BookStack"; before = [ "phpfpm-bookstack.service" ]; after = optional db.createLocally "mysql.service"; wantedBy = [ "multi-user.target" ]; diff --git a/nixos/modules/services/web-apps/dex.nix b/nixos/modules/services/web-apps/dex.nix index 1dcc6f7a7c5..f69f1749aeb 100644 --- a/nixos/modules/services/web-apps/dex.nix +++ b/nixos/modules/services/web-apps/dex.nix @@ -83,11 +83,12 @@ in AmbientCapabilities = "CAP_NET_BIND_SERVICE"; BindReadOnlyPaths = [ "/nix/store" - "-/etc/resolv.conf" - "-/etc/nsswitch.conf" + "-/etc/dex" "-/etc/hosts" "-/etc/localtime" - "-/etc/dex" + "-/etc/nsswitch.conf" + "-/etc/resolv.conf" + "-/etc/ssl/certs/ca-certificates.crt" ]; BindPaths = optional (cfg.settings.storage.type == "postgres") "/var/run/postgresql"; CapabilityBoundingSet = "CAP_NET_BIND_SERVICE"; diff --git a/nixos/modules/services/web-apps/dolibarr.nix b/nixos/modules/services/web-apps/dolibarr.nix index 5335c439329..f262099354d 100644 --- a/nixos/modules/services/web-apps/dolibarr.nix +++ b/nixos/modules/services/web-apps/dolibarr.nix @@ -1,11 +1,11 @@ { config, pkgs, lib, ... }: let - inherit (lib) any boolToString concatStringsSep isBool isString literalExpression mapAttrsToList mkDefault mkEnableOption mkIf mkOption optionalAttrs types; + inherit (lib) any boolToString concatStringsSep isBool isString mapAttrsToList mkDefault mkEnableOption mkIf mkMerge mkOption optionalAttrs types; package = pkgs.dolibarr.override { inherit (cfg) stateDir; }; cfg = config.services.dolibarr; - vhostCfg = config.services.nginx.virtualHosts."${cfg.domain}"; + vhostCfg = lib.optionalAttr (cfg.nginx != null) config.services.nginx.virtualHosts."${cfg.domain}"; mkConfigFile = filename: settings: let @@ -38,7 +38,7 @@ let force_install_database = cfg.database.name; force_install_databaselogin = cfg.database.user; - force_install_mainforcehttps = vhostCfg.forceSSL; + force_install_mainforcehttps = vhostCfg.forceSSL or false; force_install_createuser = false; force_install_dolibarrlogin = null; } // optionalAttrs (cfg.database.passwordFile != null) { @@ -183,7 +183,8 @@ in }; # implementation - config = mkIf cfg.enable { + config = mkIf cfg.enable (mkMerge [ + { assertions = [ { assertion = cfg.database.createLocally -> cfg.database.user == cfg.user; @@ -214,7 +215,7 @@ in # Security settings dolibarr_main_prod = true; - dolibarr_main_force_https = vhostCfg.forceSSL; + dolibarr_main_force_https = vhostCfg.forceSSL or false; dolibarr_main_restrict_os_commands = "${pkgs.mariadb}/bin/mysqldump, ${pkgs.mariadb}/bin/mysql"; dolibarr_nocsrfcheck = false; dolibarr_main_instance_unique_id = '' @@ -314,7 +315,9 @@ in users.groups = optionalAttrs (cfg.group == "dolibarr") { dolibarr = { }; }; - - users.users."${config.services.nginx.group}".extraGroups = [ cfg.group ]; - }; + } + (mkIf (cfg.nginx != null) { + users.users."${config.services.nginx.group}".extraGroups = mkIf (cfg.nginx != null) [ cfg.group ]; + }) +]); } diff --git a/nixos/modules/services/web-apps/healthchecks.nix b/nixos/modules/services/web-apps/healthchecks.nix index 7da6dce1f95..b3fdb681e2f 100644 --- a/nixos/modules/services/web-apps/healthchecks.nix +++ b/nixos/modules/services/web-apps/healthchecks.nix @@ -98,7 +98,7 @@ in description = lib.mdDoc '' Environment variables which are read by healthchecks `(local)_settings.py`. - Settings which are explictly covered in options bewlow, are type-checked and/or transformed + Settings which are explicitly covered in options bewlow, are type-checked and/or transformed before added to the environment, everything else is passed as a string. See <https://healthchecks.io/docs/self_hosted_configuration/> diff --git a/nixos/modules/services/web-apps/ihatemoney/default.nix b/nixos/modules/services/web-apps/ihatemoney/default.nix index b0da0acfcf8..a61aa445f82 100644 --- a/nixos/modules/services/web-apps/ihatemoney/default.nix +++ b/nixos/modules/services/web-apps/ihatemoney/default.nix @@ -68,7 +68,7 @@ in example = { http = ":8000"; }; - description = lib.mdDoc "Additionnal configuration of the UWSGI vassal running ihatemoney. It should notably specify on which interfaces and ports the vassal should listen."; + description = lib.mdDoc "Additional configuration of the UWSGI vassal running ihatemoney. It should notably specify on which interfaces and ports the vassal should listen."; }; defaultSender = { name = mkOption { diff --git a/nixos/modules/services/web-apps/invidious.nix b/nixos/modules/services/web-apps/invidious.nix index a153aa3fb0c..61c52ee03dc 100644 --- a/nixos/modules/services/web-apps/invidious.nix +++ b/nixos/modules/services/web-apps/invidious.nix @@ -171,7 +171,7 @@ in description = lib.mdDoc '' A file including Invidious settings. - It gets merged with the setttings specified in {option}`services.invidious.settings` + It gets merged with the settings specified in {option}`services.invidious.settings` and can be used to store secrets like `hmac_key` outside of the nix store. ''; }; diff --git a/nixos/modules/services/web-apps/invoiceplane.nix b/nixos/modules/services/web-apps/invoiceplane.nix index 99e7b1f96ea..8be1fd3055d 100644 --- a/nixos/modules/services/web-apps/invoiceplane.nix +++ b/nixos/modules/services/web-apps/invoiceplane.nix @@ -74,7 +74,7 @@ let type = types.path; default = "/var/lib/invoiceplane/${name}"; description = lib.mdDoc '' - This directory is used for uploads of attachements and cache. + This directory is used for uploads of attachments and cache. The directory passed here is automatically created and permissions adjusted as required. ''; diff --git a/nixos/modules/services/web-apps/jitsi-meet.nix b/nixos/modules/services/web-apps/jitsi-meet.nix index a42e249189f..5b0934b2fb7 100644 --- a/nixos/modules/services/web-apps/jitsi-meet.nix +++ b/nixos/modules/services/web-apps/jitsi-meet.nix @@ -28,7 +28,7 @@ let ''); # Essential config - it's probably not good to have these as option default because - # types.attrs doesn't do merging. Let's merge explicitly, can still be overriden if + # types.attrs doesn't do merging. Let's merge explicitly, can still be overridden if # user desires. defaultCfg = { hosts = { diff --git a/nixos/modules/services/web-apps/matomo.nix b/nixos/modules/services/web-apps/matomo.nix index 117d540ba36..0435d21ce8a 100644 --- a/nixos/modules/services/web-apps/matomo.nix +++ b/nixos/modules/services/web-apps/matomo.nix @@ -174,7 +174,7 @@ in { CURRENT_PACKAGE=$(readlink ${dataDir}/current-package) NEW_PACKAGE=${cfg.package} if [ "$CURRENT_PACKAGE" != "$NEW_PACKAGE" ]; then - # keeping tmp arround between upgrades seems to bork stuff, so delete it + # keeping tmp around between upgrades seems to bork stuff, so delete it rm -rf ${dataDir}/tmp fi elif [ -e ${dataDir}/tmp ]; then diff --git a/nixos/modules/services/web-apps/mattermost.nix b/nixos/modules/services/web-apps/mattermost.nix index 99042821f5e..56a53198b3f 100644 --- a/nixos/modules/services/web-apps/mattermost.nix +++ b/nixos/modules/services/web-apps/mattermost.nix @@ -170,7 +170,7 @@ in type = types.attrs; default = { }; description = lib.mdDoc '' - Addtional configuration options as Nix attribute set in config.json schema. + Additional configuration options as Nix attribute set in config.json schema. ''; }; diff --git a/nixos/modules/services/web-apps/mediawiki.nix b/nixos/modules/services/web-apps/mediawiki.nix index e332847f5a2..07f29674862 100644 --- a/nixos/modules/services/web-apps/mediawiki.nix +++ b/nixos/modules/services/web-apps/mediawiki.nix @@ -129,7 +129,7 @@ let ## Set $wgCacheDirectory to a writable directory on the web server ## to make your wiki go slightly faster. The directory should not - ## be publically accessible from the web. + ## be publicly accessible from the web. $wgCacheDirectory = "${cacheDir}"; # Site language code, should be one of the list in ./languages/data/Names.php diff --git a/nixos/modules/services/web-apps/netbox.nix b/nixos/modules/services/web-apps/netbox.nix index 800af234e27..e028f16004e 100644 --- a/nixos/modules/services/web-apps/netbox.nix +++ b/nixos/modules/services/web-apps/netbox.nix @@ -135,7 +135,7 @@ in { type = types.path; default = ""; description = lib.mdDoc '' - Path to the Configuration-File for LDAP-Authentification, will be loaded as `ldap_config.py`. + Path to the Configuration-File for LDAP-Authentication, will be loaded as `ldap_config.py`. See the [documentation](https://netbox.readthedocs.io/en/stable/installation/6-ldap/#configuration) for possible options. ''; }; diff --git a/nixos/modules/services/web-apps/nextcloud.nix b/nixos/modules/services/web-apps/nextcloud.nix index da621573f2a..90801e99681 100644 --- a/nixos/modules/services/web-apps/nextcloud.nix +++ b/nixos/modules/services/web-apps/nextcloud.nix @@ -16,7 +16,7 @@ let # disable default openssl extension (lib.filter (e: e.pname != "php-openssl") enabled) # use OpenSSL 1.1 for RC4 Nextcloud encryption if user - # has acknowledged the brokeness of the ciphers (RC4). + # has acknowledged the brokenness of the ciphers (RC4). # TODO: remove when https://github.com/nextcloud/server/issues/32003 is fixed. ++ (if cfg.enableBrokenCiphersForSSE then [ cfg.phpPackage.extensions.openssl-legacy ] else [ cfg.phpPackage.extensions.openssl ]) ++ optional cfg.enableImagemagick imagick @@ -76,7 +76,7 @@ in { * setting `listen.owner` & `listen.group` in the phpfpm-pool to a different value Further details about this can be found in the `Nextcloud`-section of the NixOS-manual - (which can be openend e.g. by running `nixos-help`). + (which can be opened e.g. by running `nixos-help`). '') (mkRemovedOptionModule [ "services" "nextcloud" "disableImagemagick" ] '' Use services.nextcloud.nginx.enableImagemagick instead. @@ -388,7 +388,7 @@ in { default = []; description = lib.mdDoc '' Trusted domains, from which the nextcloud installation will be - acessible. You don't need to add + accessible. You don't need to add `services.nextcloud.hostname` here. ''; }; @@ -698,7 +698,7 @@ in { services.nextcloud.enableBrokenCiphersForSSE = false; - If you need to use server-side encryption you can ignore this waring. + If you need to use server-side encryption you can ignore this warning. Otherwise you'd have to disable server-side encryption first in order to be able to safely disable this option and get rid of this warning. See <https://docs.nextcloud.com/server/latest/admin_manual/configuration_files/encryption_configuration.html#disabling-encryption> on how to achieve this. @@ -758,7 +758,7 @@ in { nextcloud-setup = let c = cfg.config; - writePhpArrary = a: "[${concatMapStringsSep "," (val: ''"${toString val}"'') a}]"; + writePhpArray = a: "[${concatMapStringsSep "," (val: ''"${toString val}"'') a}]"; requiresReadSecretFunction = c.dbpassFile != null || c.objectstore.s3.enable; objectstoreConfig = let s3 = c.objectstore.s3; in optionalString s3.enable '' 'objectstore' => [ @@ -838,8 +838,8 @@ in { '' } 'dbtype' => '${c.dbtype}', - 'trusted_domains' => ${writePhpArrary ([ cfg.hostName ] ++ c.extraTrustedDomains)}, - 'trusted_proxies' => ${writePhpArrary (c.trustedProxies)}, + 'trusted_domains' => ${writePhpArray ([ cfg.hostName ] ++ c.extraTrustedDomains)}, + 'trusted_proxies' => ${writePhpArray (c.trustedProxies)}, ${optionalString (c.defaultPhoneRegion != null) "'default_phone_region' => '${c.defaultPhoneRegion}',"} ${optionalString (nextcloudGreaterOrEqualThan "23") "'profile.enabled' => ${boolToString cfg.globalProfiles},"} ${objectstoreConfig} diff --git a/nixos/modules/services/web-apps/nextcloud.xml b/nixos/modules/services/web-apps/nextcloud.xml index ca57692fc16..4207c4008d5 100644 --- a/nixos/modules/services/web-apps/nextcloud.xml +++ b/nixos/modules/services/web-apps/nextcloud.xml @@ -283,7 +283,7 @@ <para> If major-releases will be abandoned by upstream, we should check first if those are needed - in NixOS for a safe upgrade-path before removing those. In that case we shold keep those + in NixOS for a safe upgrade-path before removing those. In that case we should keep those packages, but mark them as insecure in an expression like this (in <literal><nixpkgs/pkgs/servers/nextcloud/default.nix></literal>): <programlisting>/* ... */ diff --git a/nixos/modules/services/web-apps/onlyoffice.nix b/nixos/modules/services/web-apps/onlyoffice.nix index 1478e8da87a..79ed3e43dd1 100644 --- a/nixos/modules/services/web-apps/onlyoffice.nix +++ b/nixos/modules/services/web-apps/onlyoffice.nix @@ -54,7 +54,7 @@ in postgresName = mkOption { type = types.str; default = "onlyoffice"; - description = lib.mdDoc "The name of databse OnlyOffice should user."; + description = lib.mdDoc "The name of database OnlyOffice should user."; }; postgresPasswordFile = mkOption { diff --git a/nixos/modules/services/web-apps/outline.nix b/nixos/modules/services/web-apps/outline.nix index 701930393f0..b72dd8243bb 100644 --- a/nixos/modules/services/web-apps/outline.nix +++ b/nixos/modules/services/web-apps/outline.nix @@ -465,7 +465,7 @@ in options = { host = lib.mkOption { type = lib.types.str; - description = lib.mdDoc "Host name or IP adress of the SMTP server."; + description = lib.mdDoc "Host name or IP address of the SMTP server."; }; port = lib.mkOption { type = lib.types.port; diff --git a/nixos/modules/services/web-apps/peering-manager.nix b/nixos/modules/services/web-apps/peering-manager.nix index 0db2e8e4aed..666b8262126 100644 --- a/nixos/modules/services/web-apps/peering-manager.nix +++ b/nixos/modules/services/web-apps/peering-manager.nix @@ -130,7 +130,7 @@ in { ldapConfigPath = mkOption { type = types.path; description = lib.mdDoc '' - Path to the Configuration-File for LDAP-Authentification, will be loaded as `ldap_config.py`. + Path to the Configuration-File for LDAP-Authentication, will be loaded as `ldap_config.py`. See the [documentation](https://peering-manager.readthedocs.io/en/stable/setup/6-ldap/#configuration) for possible options. ''; }; diff --git a/nixos/modules/services/web-apps/peertube.nix b/nixos/modules/services/web-apps/peertube.nix index 4dbcb09d2ae..7e418f2869c 100644 --- a/nixos/modules/services/web-apps/peertube.nix +++ b/nixos/modules/services/web-apps/peertube.nix @@ -161,6 +161,18 @@ in { description = lib.mdDoc "Configure nginx as a reverse proxy for peertube."; }; + secrets = { + secretsFile = lib.mkOption { + type = lib.types.nullOr lib.types.path; + default = null; + example = "/run/secrets/peertube"; + description = lib.mdDoc '' + Secrets to run PeerTube. + Generate one using `openssl rand -hex 32` + ''; + }; + }; + database = { createLocally = lib.mkOption { type = lib.types.bool; @@ -201,7 +213,7 @@ in { passwordFile = lib.mkOption { type = lib.types.nullOr lib.types.path; default = null; - example = "/run/keys/peertube/password-posgressql-db"; + example = "/run/keys/peertube/password-postgresql"; description = lib.mdDoc "Password for PostgreSQL database."; }; }; @@ -282,6 +294,11 @@ in { prevent this. ''; } + { assertion = cfg.secrets.secretsFile != null; + message = '' + <option>services.peertube.secrets.secretsFile</option> needs to be set. + ''; + } { assertion = !(cfg.redis.enableUnixSocket && (cfg.redis.host != null || cfg.redis.port != null)); message = '' <option>services.peertube.redis.createLocally</option> and redis network connection (<option>services.peertube.redis.host</option> or <option>services.peertube.redis.port</option>) enabled. Disable either of them. @@ -349,6 +366,7 @@ in { captions = lib.mkDefault "/var/lib/peertube/storage/captions/"; cache = lib.mkDefault "/var/lib/peertube/storage/cache/"; plugins = lib.mkDefault "/var/lib/peertube/storage/plugins/"; + well_known = lib.mkDefault "/var/lib/peertube/storage/well_known/"; client_overrides = lib.mkDefault "/var/lib/peertube/storage/client-overrides/"; }; import = { @@ -417,6 +435,10 @@ in { #!/bin/sh umask 077 cat > /var/lib/peertube/config/local.yaml <<EOF + ${lib.optionalString (cfg.secrets.secretsFile != null) '' + secrets: + peertube: '$(cat ${cfg.secrets.secretsFile})' + ''} ${lib.optionalString ((!cfg.database.createLocally) && (cfg.database.passwordFile != null)) '' database: password: '$(cat ${cfg.database.passwordFile})' @@ -443,6 +465,7 @@ in { RestartSec = 20; TimeoutSec = 60; WorkingDirectory = cfg.package; + SyslogIdentifier = "peertube"; # User and group User = cfg.user; Group = cfg.group; @@ -548,9 +571,14 @@ in { ''; }; + locations."~ ^/plugins/[^/]+(/[^/]+)?/ws/" = { + tryFiles = "/dev/null @api_websocket"; + priority = 1230; + }; + locations."@api_websocket" = { proxyPass = "http://127.0.0.1:${toString cfg.listenHttp}"; - priority = 1230; + priority = 1240; extraConfig = '' proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; @@ -581,7 +609,7 @@ in { ''; }; - locations."~ ^/lazy-static/(avatars|banners)/" = { + locations."^~ /lazy-static/avatars/" = { tryFiles = "$uri @api"; root = cfg.settings.storage.avatars; priority = 1330; @@ -599,6 +627,26 @@ in { add_header Cache-Control 'public, max-age=7200'; rewrite ^/lazy-static/avatars/(.*)$ /$1 break; + ''; + }; + + locations."^~ /lazy-static/banners/" = { + tryFiles = "$uri @api"; + root = cfg.settings.storage.avatars; + priority = 1340; + extraConfig = '' + if ($request_method = 'OPTIONS') { + ${nginxCommonHeaders} + add_header Access-Control-Max-Age 1728000; + add_header Cache-Control 'no-cache'; + add_header Content-Type 'text/plain charset=UTF-8'; + add_header Content-Length 0; + return 204; + } + + ${nginxCommonHeaders} + add_header Cache-Control 'public, max-age=7200'; + rewrite ^/lazy-static/banners/(.*)$ /$1 break; ''; }; @@ -606,7 +654,7 @@ in { locations."^~ /lazy-static/previews/" = { tryFiles = "$uri @api"; root = cfg.settings.storage.previews; - priority = 1340; + priority = 1350; extraConfig = '' if ($request_method = 'OPTIONS') { ${nginxCommonHeaders} @@ -624,10 +672,34 @@ in { ''; }; + locations."^~ /static/streaming-playlists/private/" = { + proxyPass = "http://127.0.0.1:${toString cfg.listenHttp}"; + priority = 1410; + extraConfig = '' + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + + proxy_limit_rate 5M; + ''; + }; + + locations."^~ /static/webseed/private/" = { + proxyPass = "http://127.0.0.1:${toString cfg.listenHttp}"; + priority = 1420; + extraConfig = '' + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + + proxy_limit_rate 5M; + ''; + }; + locations."^~ /static/thumbnails/" = { tryFiles = "$uri @api"; root = cfg.settings.storage.thumbnails; - priority = 1350; + priority = 1430; extraConfig = '' if ($request_method = 'OPTIONS') { ${nginxCommonHeaders} @@ -648,8 +720,14 @@ in { locations."^~ /static/redundancy/" = { tryFiles = "$uri @api"; root = cfg.settings.storage.redundancy; - priority = 1360; + priority = 1440; extraConfig = '' + set $peertube_limit_rate 800k; + + if ($request_uri ~ -fragmented.mp4$) { + set $peertube_limit_rate 5M; + } + if ($request_method = 'OPTIONS') { ${nginxCommonHeaders} add_header Access-Control-Max-Age 1728000; @@ -662,15 +740,14 @@ in { access_log off; } + aio threads; sendfile on; sendfile_max_chunk 1M; + limit_rate $peertube_limit_rate; limit_rate_after 5M; - set $peertube_limit_rate 800k; - set $limit_rate $peertube_limit_rate; - rewrite ^/static/redundancy/(.*)$ /$1 break; ''; }; @@ -678,8 +755,14 @@ in { locations."^~ /static/streaming-playlists/" = { tryFiles = "$uri @api"; root = cfg.settings.storage.streaming_playlists; - priority = 1370; + priority = 1450; extraConfig = '' + set $peertube_limit_rate 800k; + + if ($request_uri ~ -fragmented.mp4$) { + set $peertube_limit_rate 5M; + } + if ($request_method = 'OPTIONS') { ${nginxCommonHeaders} add_header Access-Control-Max-Age 1728000; @@ -697,20 +780,24 @@ in { sendfile on; sendfile_max_chunk 1M; + limit_rate $peertube_limit_rate; limit_rate_after 5M; - set $peertube_limit_rate 5M; - set $limit_rate $peertube_limit_rate; - rewrite ^/static/streaming-playlists/(.*)$ /$1 break; ''; }; - locations."~ ^/static/webseed/" = { + locations."^~ /static/webseed/" = { tryFiles = "$uri @api"; root = cfg.settings.storage.videos; - priority = 1380; + priority = 1460; extraConfig = '' + set $peertube_limit_rate 800k; + + if ($request_uri ~ -fragmented.mp4$) { + set $peertube_limit_rate 5M; + } + if ($request_method = 'OPTIONS') { ${nginxCommonHeaders} add_header Access-Control-Max-Age 1728000; @@ -728,11 +815,9 @@ in { sendfile on; sendfile_max_chunk 1M; + limit_rate $peertube_limit_rate; limit_rate_after 5M; - set $peertube_limit_rate 800k; - set $limit_rate $peertube_limit_rate; - rewrite ^/static/webseed/(.*)$ /$1 break; ''; }; diff --git a/nixos/modules/services/web-apps/pgpkeyserver-lite.nix b/nixos/modules/services/web-apps/pgpkeyserver-lite.nix index 0ab39b07931..dd51bacd75e 100644 --- a/nixos/modules/services/web-apps/pgpkeyserver-lite.nix +++ b/nixos/modules/services/web-apps/pgpkeyserver-lite.nix @@ -41,7 +41,7 @@ in defaultText = literalExpression "head config.${sksOpt.hkpAddress}"; type = types.str; description = lib.mdDoc '' - Wich ip address the sks-keyserver is listening on. + Which IP address the sks-keyserver is listening on. ''; }; diff --git a/nixos/modules/services/web-apps/snipe-it.nix b/nixos/modules/services/web-apps/snipe-it.nix index 6da44f1bdf3..314a69a73a8 100644 --- a/nixos/modules/services/web-apps/snipe-it.nix +++ b/nixos/modules/services/web-apps/snipe-it.nix @@ -381,7 +381,7 @@ in { }; systemd.services.snipe-it-setup = { - description = "Preperation tasks for snipe-it"; + description = "Preparation tasks for snipe-it"; before = [ "phpfpm-snipe-it.service" ]; after = optional db.createLocally "mysql.service"; wantedBy = [ "multi-user.target" ]; diff --git a/nixos/modules/services/web-apps/sogo.nix b/nixos/modules/services/web-apps/sogo.nix index ca1f426623f..5e5d9472829 100644 --- a/nixos/modules/services/web-apps/sogo.nix +++ b/nixos/modules/services/web-apps/sogo.nix @@ -49,7 +49,7 @@ in { Replacement-filepath mapping for sogo.conf. Every key is replaced with the contents of the file specified as value. - In the example, every occurence of LDAP_BINDPW will be replaced with the text of the + In the example, every occurrence of LDAP_BINDPW will be replaced with the text of the specified file. ''; type = attrsOf str; diff --git a/nixos/modules/services/web-apps/wiki-js.nix b/nixos/modules/services/web-apps/wiki-js.nix index c5627a28b84..b6e5b4594f1 100644 --- a/nixos/modules/services/web-apps/wiki-js.nix +++ b/nixos/modules/services/web-apps/wiki-js.nix @@ -17,7 +17,7 @@ in { default = null; example = "/root/wiki-js.env"; description = lib.mdDoc '' - Environment fiel to inject e.g. secrets into the configuration. + Environment file to inject e.g. secrets into the configuration. ''; }; |