diff options
author | Florian Jacob <projects+git@florianjacob.de> | 2018-01-17 11:00:15 +0100 |
---|---|---|
committer | Florian Jacob <projects+git@florianjacob.de> | 2018-02-22 22:03:55 +0100 |
commit | 885e762d471e0733e5da72ddf10f486893624483 (patch) | |
tree | 9bd06c675f49592ce72125e48ea4517458efff74 /nixos | |
parent | 48e449ee7015c01a02875cb68290e69033d9daa1 (diff) | |
download | nixlib-885e762d471e0733e5da72ddf10f486893624483.tar nixlib-885e762d471e0733e5da72ddf10f486893624483.tar.gz nixlib-885e762d471e0733e5da72ddf10f486893624483.tar.bz2 nixlib-885e762d471e0733e5da72ddf10f486893624483.tar.lz nixlib-885e762d471e0733e5da72ddf10f486893624483.tar.xz nixlib-885e762d471e0733e5da72ddf10f486893624483.tar.zst nixlib-885e762d471e0733e5da72ddf10f486893624483.zip |
nixos/matomo: improve serverName default
when we need to change it anyway for the rename.
Diffstat (limited to 'nixos')
-rw-r--r-- | nixos/doc/manual/release-notes/rl-1803.xml | 12 | ||||
-rw-r--r-- | nixos/modules/services/web-apps/matomo.nix | 18 |
2 files changed, 25 insertions, 5 deletions
diff --git a/nixos/doc/manual/release-notes/rl-1803.xml b/nixos/doc/manual/release-notes/rl-1803.xml index 855045d6ce96..ddf812aae82f 100644 --- a/nixos/doc/manual/release-notes/rl-1803.xml +++ b/nixos/doc/manual/release-notes/rl-1803.xml @@ -257,6 +257,18 @@ following incompatible changes:</para> </listitem> <listitem> <para> + The default <option>serverName</option> for the nginx configuration changed from + <literal>piwik.${config.networking.hostName}</literal> to + <literal>matomo.${config.networking.hostName}.${config.networking.domain}</literal> + if <option>config.networking.domain</option> is set, + <literal>matomo.${config.networking.hostName}</literal> if it is not set. + If you change your <option>serverName</option>, remember you'll need to update the + <literal>trustedHosts[]</literal> array in <filename>/var/lib/matomo/config/config.ini.php</filename> + as well. + </para> + </listitem> + <listitem> + <para> The <literal>piwik</literal> user was renamed to <literal>matomo</literal>. The service will adjust ownership automatically for files in the data directory. If you use unix socket authentication, remember to give the new <literal>matomo</literal> user diff --git a/nixos/modules/services/web-apps/matomo.nix b/nixos/modules/services/web-apps/matomo.nix index 8ca117fc459b..ef6ac9698e21 100644 --- a/nixos/modules/services/web-apps/matomo.nix +++ b/nixos/modules/services/web-apps/matomo.nix @@ -14,6 +14,11 @@ let phpExecutionUnit = "phpfpm-${pool}"; databaseService = "mysql.service"; + fqdn = + let + join = hostName: domain: hostName + optionalString (domain != null) ".${domain}"; + in join config.networking.hostName config.networking.domain; + in { options = { services.matomo = { @@ -75,15 +80,19 @@ in { ); default = null; example = { - serverName = "stats.$\{config.networking.hostName\}"; + serverAliases = [ + "matomo.$\{config.networking.domain\}" + "stats.$\{config.networking.domain\}" + ]; enableACME = false; }; description = '' With this option, you can customize an nginx virtualHost which already has sensible defaults for matomo. Either this option or the webServerUser option is mandatory. Set this to {} to just enable the virtualHost if you don't need any customization. - If enabled, then by default, the serverName is ${user}.$\{config.networking.hostName\}, SSL is active, - and certificates are acquired via ACME. + If enabled, then by default, the <option>serverName</option> is + <literal>${user}.$\{config.networking.hostName\}.$\{config.networking.domain\}</literal>, + SSL is active, and certificates are acquired via ACME. If this is set to null (the default), no nginx virtualHost will be configured. ''; }; @@ -183,8 +192,7 @@ in { # References: # https://fralef.me/piwik-hardening-with-nginx-and-php-fpm.html # https://github.com/perusio/piwik-nginx - # TODO: better default - "${user}.${config.networking.hostName}" = mkMerge [ cfg.nginx { + "${user}.${fqdn}" = mkMerge [ cfg.nginx { # don't allow to override the root easily, as it will almost certainly break matomo. # disadvantage: not shown as default in docs. root = mkForce "${pkgs.matomo}/share"; |