diff options
Diffstat (limited to 'nixos')
| -rw-r--r-- | nixos/doc/manual/release-notes/rl-1903.xml | 14 | ||||
| -rw-r--r-- | nixos/modules/module-list.nix | 1 | ||||
| -rw-r--r-- | nixos/modules/services/mail/rmilter.nix | 4 | ||||
| -rw-r--r-- | nixos/modules/services/networking/coredns.nix | 50 | ||||
| -rw-r--r-- | nixos/modules/services/web-apps/nextcloud.nix | 53 | ||||
| -rw-r--r-- | nixos/modules/services/x11/desktop-managers/plasma5.nix | 6 | ||||
| -rw-r--r-- | nixos/modules/services/x11/desktop-managers/xfce.nix | 2 | ||||
| -rw-r--r-- | nixos/modules/services/x11/display-managers/lightdm-greeters/gtk.nix | 8 |
8 files changed, 107 insertions, 31 deletions
diff --git a/nixos/doc/manual/release-notes/rl-1903.xml b/nixos/doc/manual/release-notes/rl-1903.xml index 78fb5237171..20f1d43618d 100644 --- a/nixos/doc/manual/release-notes/rl-1903.xml +++ b/nixos/doc/manual/release-notes/rl-1903.xml @@ -184,6 +184,20 @@ </listitem> <listitem> <para> + The <varname>buildPythonPackage</varname> function now sets <varname>strictDeps = true</varname> + to help distinguish between native and non-native dependencies in order to + improve cross-compilation compatibility. Note however that this may break + user expressions. + </para> + </listitem> + <listitem> + <para> + The <varname>buildPythonPackage</varname> function now sets <varname>LANG = C.UTF-8</varname> + to enable Unicode support. The <varname>glibcLocales</varname> package is no longer needed as a build input. + </para> + </listitem> + <listitem> + <para> The Syncthing state and configuration data has been moved from <varname>services.syncthing.dataDir</varname> to the newly defined <varname>services.syncthing.configDir</varname>, which default to diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index 1aacd02f6bc..2ddc38d6c24 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -529,6 +529,7 @@ ./services/networking/cntlm.nix ./services/networking/connman.nix ./services/networking/consul.nix + ./services/networking/coredns.nix ./services/networking/coturn.nix ./services/networking/dante.nix ./services/networking/ddclient.nix diff --git a/nixos/modules/services/mail/rmilter.nix b/nixos/modules/services/mail/rmilter.nix index 492c6458321..466365b6b30 100644 --- a/nixos/modules/services/mail/rmilter.nix +++ b/nixos/modules/services/mail/rmilter.nix @@ -8,7 +8,7 @@ let postfixCfg = config.services.postfix; cfg = config.services.rmilter; - inetSocket = addr: port: "inet:[${toString port}@${addr}]"; + inetSocket = addr: port: "inet:${addr}:${toString port}"; unixSocket = sock: "unix:${sock}"; systemdSocket = if cfg.bindSocket.type == "unix" then cfg.bindSocket.path @@ -97,7 +97,7 @@ in bindSocket.address = mkOption { type = types.str; - default = "::1"; + default = "[::1]"; example = "0.0.0.0"; description = '' Inet address to listen on. diff --git a/nixos/modules/services/networking/coredns.nix b/nixos/modules/services/networking/coredns.nix new file mode 100644 index 00000000000..afb2b547a46 --- /dev/null +++ b/nixos/modules/services/networking/coredns.nix @@ -0,0 +1,50 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + cfg = config.services.coredns; + configFile = pkgs.writeText "Corefile" cfg.config; +in { + options.services.coredns = { + enable = mkEnableOption "Coredns dns server"; + + config = mkOption { + default = ""; + example = '' + . { + whoami + } + ''; + type = types.lines; + description = "Verbatim Corefile to use. See <link xlink:href=\"https://coredns.io/manual/toc/#configuration\"/> for details."; + }; + + package = mkOption { + default = pkgs.coredns; + defaultText = "pkgs.coredns"; + type = types.package; + description = "Coredns package to use."; + }; + }; + + config = mkIf cfg.enable { + systemd.services.coredns = { + description = "Coredns dns server"; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + PermissionsStartOnly = true; + LimitNPROC = 512; + LimitNOFILE = 1048576; + CapabilityBoundingSet = "cap_net_bind_service"; + AmbientCapabilities = "cap_net_bind_service"; + NoNewPrivileges = true; + DynamicUser = true; + ExecStart = "${getBin cfg.package}/bin/coredns -conf=${configFile}"; + ExecReload = "${pkgs.coreutils}/bin/kill -SIGUSR1 $MAINPID"; + Restart = "on-failure"; + }; + }; + }; +} diff --git a/nixos/modules/services/web-apps/nextcloud.nix b/nixos/modules/services/web-apps/nextcloud.nix index 49d8836b8ad..498e3fdb23a 100644 --- a/nixos/modules/services/web-apps/nextcloud.nix +++ b/nixos/modules/services/web-apps/nextcloud.nix @@ -5,14 +5,18 @@ with lib; let cfg = config.services.nextcloud; + phpPackage = pkgs.php73; + phpPackages = pkgs.php73Packages; + toKeyValue = generators.toKeyValue { mkKeyValue = generators.mkKeyValueDefault {} " = "; }; phpOptionsExtensions = '' - ${optionalString cfg.caching.apcu "extension=${cfg.phpPackages.apcu}/lib/php/extensions/apcu.so"} - ${optionalString cfg.caching.redis "extension=${cfg.phpPackages.redis}/lib/php/extensions/redis.so"} - ${optionalString cfg.caching.memcached "extension=${cfg.phpPackages.memcached}/lib/php/extensions/memcached.so"} + ${optionalString cfg.caching.apcu "extension=${phpPackages.apcu}/lib/php/extensions/apcu.so"} + ${optionalString cfg.caching.redis "extension=${phpPackages.redis}/lib/php/extensions/redis.so"} + ${optionalString cfg.caching.memcached "extension=${phpPackages.memcached}/lib/php/extensions/memcached.so"} + extension=${phpPackages.imagick}/lib/php/extensions/imagick.so zend_extension = opcache.so opcache.enable = 1 ''; @@ -94,18 +98,6 @@ in { ''; }; - phpPackages = mkOption { - type = types.attrs; - default = pkgs.php71Packages; - defaultText = "pkgs.php71Packages"; - description = '' - Overridable attribute of the PHP packages set to use. If any caching - module is enabled, it will be taken from here. Therefore it should - match the version of PHP given to - <literal>services.phpfpm.phpPackage</literal>. - ''; - }; - phpOptions = mkOption { type = types.attrsOf types.str; default = { @@ -223,6 +215,19 @@ in { <literal>services.nextcloud.hostname</literal> here. ''; }; + + overwriteProtocol = mkOption { + type = types.nullOr (types.enum [ "http" "https" ]); + default = null; + example = "https"; + + description = '' + Force Nextcloud to always use HTTPS i.e. for link generation. Nextcloud + uses the currently used protocol by default, but when behind a reverse-proxy, + it may use <literal>http</literal> for everything although Nextcloud + may be served via HTTPS. + ''; + }; }; caching = { @@ -287,6 +292,7 @@ in { ${optionalString cfg.caching.apcu "'memcache.local' => '\\OC\\Memcache\\APCu',"} 'log_type' => 'syslog', 'log_level' => '${builtins.toString cfg.logLevel}', + ${optionalString (cfg.config.overwriteProtocol != null) "'overwriteprotocol' => '${cfg.config.overwriteProtocol}',"} ]; ''; occInstallCmd = let @@ -359,14 +365,14 @@ in { }; services.phpfpm = { - phpOptions = phpOptionsExtensions; - phpPackage = pkgs.php71; pools.nextcloud = let phpAdminValues = (toKeyValue (foldr (a: b: a // b) {} (mapAttrsToList (k: v: { "php_admin_value[${k}]" = v; }) phpOptions))); in { + phpOptions = phpOptionsExtensions; + phpPackage = phpPackage; listen = "/run/phpfpm/nextcloud"; extraConfig = '' listen.owner = nginx @@ -407,7 +413,7 @@ in { }; "/" = { priority = 200; - extraConfig = "rewrite ^ /index.php$uri;"; + extraConfig = "rewrite ^ /index.php$request_uri;"; }; "~ ^/store-apps" = { priority = 201; @@ -444,22 +450,23 @@ in { fastcgi_read_timeout 120s; ''; }; - "~ ^/(?:updater|ocs-provider)(?:$|/)".extraConfig = '' + "~ ^/(?:updater|ocs-provider|ocm-provider)(?:$|\/)".extraConfig = '' try_files $uri/ =404; index index.php; ''; - "~ \\.(?:css|js|woff|svg|gif)$".extraConfig = '' - try_files $uri /index.php$uri$is_args$args; + "~ \\.(?:css|js|woff2?|svg|gif)$".extraConfig = '' + try_files $uri /index.php$request_uri; add_header Cache-Control "public, max-age=15778463"; add_header X-Content-Type-Options nosniff; add_header X-XSS-Protection "1; mode=block"; add_header X-Robots-Tag none; add_header X-Download-Options noopen; add_header X-Permitted-Cross-Domain-Policies none; + add_header Referrer-Policy no-referrer; access_log off; ''; "~ \\.(?:png|html|ttf|ico|jpg|jpeg)$".extraConfig = '' - try_files $uri /index.php$uri$is_args$args; + try_files $uri /index.php$request_uri; access_log off; ''; }; @@ -469,10 +476,12 @@ in { add_header X-Robots-Tag none; add_header X-Download-Options noopen; add_header X-Permitted-Cross-Domain-Policies none; + add_header Referrer-Policy no-referrer; error_page 403 /core/templates/403.php; error_page 404 /core/templates/404.php; client_max_body_size ${cfg.maxUploadSize}; fastcgi_buffers 64 4K; + fastcgi_hide_header X-Powered-By; gzip on; gzip_vary on; gzip_comp_level 4; diff --git a/nixos/modules/services/x11/desktop-managers/plasma5.nix b/nixos/modules/services/x11/desktop-managers/plasma5.nix index 704cc78c152..ace9dd5321b 100644 --- a/nixos/modules/services/x11/desktop-managers/plasma5.nix +++ b/nixos/modules/services/x11/desktop-managers/plasma5.nix @@ -163,6 +163,8 @@ in libsForQt56.phonon-backend-gstreamer libsForQt5.phonon-backend-gstreamer + + xdg-user-dirs # Update user dirs as described in https://freedesktop.org/wiki/Software/xdg-user-dirs/ ] ++ lib.optionals cfg.enableQt4Support [ pkgs.phonon-backend-gstreamer ] @@ -175,9 +177,9 @@ in ++ lib.optional config.services.colord.enable colord-kde ++ lib.optionals config.services.samba.enable [ kdenetwork-filesharing pkgs.samba ]; - environment.pathsToLink = [ + environment.pathsToLink = [ # FIXME: modules should link subdirs of `/share` rather than relying on this - "/share" + "/share" ]; environment.etc = singleton { diff --git a/nixos/modules/services/x11/desktop-managers/xfce.nix b/nixos/modules/services/x11/desktop-managers/xfce.nix index dabf09418da..6852154378d 100644 --- a/nixos/modules/services/x11/desktop-managers/xfce.nix +++ b/nixos/modules/services/x11/desktop-managers/xfce.nix @@ -53,7 +53,7 @@ in # Supplies some abstract icons such as: # utilities-terminal, accessories-text-editor - gnome3.defaultIconTheme + gnome3.adwaita-icon-theme hicolor-icon-theme tango-icon-theme diff --git a/nixos/modules/services/x11/display-managers/lightdm-greeters/gtk.nix b/nixos/modules/services/x11/display-managers/lightdm-greeters/gtk.nix index 772cc95e84e..5b280b02423 100644 --- a/nixos/modules/services/x11/display-managers/lightdm-greeters/gtk.nix +++ b/nixos/modules/services/x11/display-managers/lightdm-greeters/gtk.nix @@ -96,8 +96,8 @@ in package = mkOption { type = types.package; - default = pkgs.gnome3.defaultIconTheme; - defaultText = "pkgs.gnome3.defaultIconTheme"; + default = pkgs.gnome3.adwaita-icon-theme; + defaultText = "pkgs.gnome3.adwaita-icon-theme"; description = '' The package path that contains the icon theme given in the name option. ''; @@ -116,8 +116,8 @@ in cursorTheme = { package = mkOption { - default = pkgs.gnome3.defaultIconTheme; - defaultText = "pkgs.gnome3.defaultIconTheme"; + default = pkgs.gnome3.adwaita-icon-theme; + defaultText = "pkgs.gnome3.adwaita-icon-theme"; description = '' The package path that contains the cursor theme given in the name option. ''; |