diff options
author | Frederik Rietdijk <fridh@fridh.nl> | 2020-01-12 09:47:43 +0100 |
---|---|---|
committer | Frederik Rietdijk <fridh@fridh.nl> | 2020-01-12 09:47:43 +0100 |
commit | b3245241d8c630aa2b9435a7e31c50fdfba2a0a0 (patch) | |
tree | 7c5a9f88f7bd0f47d43a262d7a547779752bda24 /nixos/modules/services | |
parent | cd827f2209b35c4c3bdd5492c3e9a9d351e3e3b3 (diff) | |
parent | 960f062825d22e328828766f4910b702f81ddade (diff) | |
download | nixlib-b3245241d8c630aa2b9435a7e31c50fdfba2a0a0.tar nixlib-b3245241d8c630aa2b9435a7e31c50fdfba2a0a0.tar.gz nixlib-b3245241d8c630aa2b9435a7e31c50fdfba2a0a0.tar.bz2 nixlib-b3245241d8c630aa2b9435a7e31c50fdfba2a0a0.tar.lz nixlib-b3245241d8c630aa2b9435a7e31c50fdfba2a0a0.tar.xz nixlib-b3245241d8c630aa2b9435a7e31c50fdfba2a0a0.tar.zst nixlib-b3245241d8c630aa2b9435a7e31c50fdfba2a0a0.zip |
Merge staging-next into staging
Diffstat (limited to 'nixos/modules/services')
-rw-r--r-- | nixos/modules/services/hardware/actkbd.nix | 2 | ||||
-rw-r--r-- | nixos/modules/services/networking/nat.nix | 2 | ||||
-rw-r--r-- | nixos/modules/services/web-apps/nextcloud.nix | 10 |
3 files changed, 12 insertions, 2 deletions
diff --git a/nixos/modules/services/hardware/actkbd.nix b/nixos/modules/services/hardware/actkbd.nix index 4168140b287a..daa407ca1f0e 100644 --- a/nixos/modules/services/hardware/actkbd.nix +++ b/nixos/modules/services/hardware/actkbd.nix @@ -83,7 +83,7 @@ in See <command>actkbd</command> <filename>README</filename> for documentation. - The example shows a piece of what <option>sound.enableMediaKeys</option> does when enabled. + The example shows a piece of what <option>sound.mediaKeys.enable</option> does when enabled. ''; }; diff --git a/nixos/modules/services/networking/nat.nix b/nixos/modules/services/networking/nat.nix index f1238bc6b168..9c658af30f75 100644 --- a/nixos/modules/services/networking/nat.nix +++ b/nixos/modules/services/networking/nat.nix @@ -68,7 +68,7 @@ let destinationPorts = if (m == null) then throw "bad ip:ports `${fwd.destination}'" else elemAt m 1; in '' # Allow connections to ${loopbackip}:${toString fwd.sourcePort} from the host itself - iptables -w -t nat -A OUTPUT \ + iptables -w -t nat -A nixos-nat-out \ -d ${loopbackip} -p ${fwd.proto} \ --dport ${builtins.toString fwd.sourcePort} \ -j DNAT --to-destination ${fwd.destination} diff --git a/nixos/modules/services/web-apps/nextcloud.nix b/nixos/modules/services/web-apps/nextcloud.nix index f1dabadc119a..d79f2bb735fa 100644 --- a/nixos/modules/services/web-apps/nextcloud.nix +++ b/nixos/modules/services/web-apps/nextcloud.nix @@ -229,6 +229,15 @@ in { ''; }; + trustedProxies = mkOption { + type = types.listOf types.str; + default = []; + description = '' + Trusted proxies, to provide if the nextcloud installation is being + proxied to secure against e.g. spoofing. + ''; + }; + overwriteProtocol = mkOption { type = types.nullOr (types.enum [ "http" "https" ]); default = null; @@ -352,6 +361,7 @@ in { ${optionalString (c.dbpassFile != null) "'dbpassword' => nix_read_pwd(),"} 'dbtype' => '${c.dbtype}', 'trusted_domains' => ${writePhpArrary ([ cfg.hostName ] ++ c.extraTrustedDomains)}, + 'trusted_proxies' => ${writePhpArrary (c.trustedProxies)}, ]; ''; occInstallCmd = let |