nixos/matomo: improve serverName default

when we need to change it anyway for the rename.

2 files changed, 25 insertions, 5 deletions

diff --git a/nixos/doc/manual/release-notes/rl-1803.xml b/nixos/doc/manual/release-notes/rl-1803.xml
index 855045d6ce96..ddf812aae82f 100644
--- a/nixos/doc/manual/release-notes/rl-1803.xml
+++ b/nixos/doc/manual/release-notes/rl-1803.xml
@@ -257,6 +257,18 @@ following incompatible changes:</para>
         </listitem>
         <listitem>
           <para>
+            The default <option>serverName</option> for the nginx configuration changed from
+            <literal>piwik.${config.networking.hostName}</literal> to
+            <literal>matomo.${config.networking.hostName}.${config.networking.domain}</literal>
+            if <option>config.networking.domain</option> is set,
+            <literal>matomo.${config.networking.hostName}</literal> if it is not set.
+            If you change your <option>serverName</option>, remember you'll need to update the
+            <literal>trustedHosts[]</literal> array in <filename>/var/lib/matomo/config/config.ini.php</filename>
+            as well.
+          </para>
+        </listitem>
+        <listitem>
+          <para>
             The <literal>piwik</literal> user was renamed to <literal>matomo</literal>.
             The service will adjust ownership automatically for files in the data directory.
             If you use unix socket authentication, remember to give the new <literal>matomo</literal> user
diff --git a/nixos/modules/services/web-apps/matomo.nix b/nixos/modules/services/web-apps/matomo.nix
index 8ca117fc459b..ef6ac9698e21 100644
--- a/nixos/modules/services/web-apps/matomo.nix
+++ b/nixos/modules/services/web-apps/matomo.nix
@@ -14,6 +14,11 @@ let
   phpExecutionUnit = "phpfpm-${pool}";
   databaseService = "mysql.service";
 
+  fqdn =
+    let
+      join = hostName: domain: hostName + optionalString (domain != null) ".${domain}";
+     in join config.networking.hostName config.networking.domain;
+
 in {
   options = {
     services.matomo = {
@@ -75,15 +80,19 @@ in {
         );
         default = null;
         example = {
-          serverName = "stats.$\{config.networking.hostName\}";
+          serverAliases = [
+            "matomo.$\{config.networking.domain\}"
+            "stats.$\{config.networking.domain\}"
+          ];
           enableACME = false;
         };
         description = ''
             With this option, you can customize an nginx virtualHost which already has sensible defaults for matomo.
             Either this option or the webServerUser option is mandatory.
             Set this to {} to just enable the virtualHost if you don't need any customization.
-            If enabled, then by default, the serverName is ${user}.$\{config.networking.hostName\}, SSL is active,
-            and certificates are acquired via ACME.
+            If enabled, then by default, the <option>serverName</option> is
+            <literal>${user}.$\{config.networking.hostName\}.$\{config.networking.domain\}</literal>,
+            SSL is active, and certificates are acquired via ACME.
             If this is set to null (the default), no nginx virtualHost will be configured.
         '';
       };
@@ -183,8 +192,7 @@ in {
       # References:
       # https://fralef.me/piwik-hardening-with-nginx-and-php-fpm.html
       # https://github.com/perusio/piwik-nginx
-      # TODO: better default
-      "${user}.${config.networking.hostName}" = mkMerge [ cfg.nginx {
+      "${user}.${fqdn}" = mkMerge [ cfg.nginx {
         # don't allow to override the root easily, as it will almost certainly break matomo.
         # disadvantage: not shown as default in docs.
         root = mkForce "${pkgs.matomo}/share";