diff options
author | Alyssa Ross <hi@alyssa.is> | 2021-06-22 15:01:47 +0000 |
---|---|---|
committer | Alyssa Ross <hi@alyssa.is> | 2021-06-22 16:57:59 +0000 |
commit | 633cab0ecb07627706c6b523e219490f019eaab5 (patch) | |
tree | 4fb472bdfe2723037dad53dc1b8a87c939015f5e /nixpkgs/nixos/modules/services/web-apps/discourse.nix | |
parent | ffb691c199e7e0cbc4e45e5310779c9e3f7c2a73 (diff) | |
parent | 432fc2d9a67f92e05438dff5fdc2b39d33f77997 (diff) | |
download | nixlib-633cab0ecb07627706c6b523e219490f019eaab5.tar nixlib-633cab0ecb07627706c6b523e219490f019eaab5.tar.gz nixlib-633cab0ecb07627706c6b523e219490f019eaab5.tar.bz2 nixlib-633cab0ecb07627706c6b523e219490f019eaab5.tar.lz nixlib-633cab0ecb07627706c6b523e219490f019eaab5.tar.xz nixlib-633cab0ecb07627706c6b523e219490f019eaab5.tar.zst nixlib-633cab0ecb07627706c6b523e219490f019eaab5.zip |
Merge commit '432fc2d9a67f92e05438dff5fdc2b39d33f77997'
# Conflicts: # nixpkgs/pkgs/applications/editors/emacs/elisp-packages/elpa-generated.nix # nixpkgs/pkgs/applications/networking/mailreaders/thunderbird/default.nix # nixpkgs/pkgs/applications/window-managers/sway/default.nix # nixpkgs/pkgs/build-support/rust/default.nix # nixpkgs/pkgs/development/go-modules/generic/default.nix
Diffstat (limited to 'nixpkgs/nixos/modules/services/web-apps/discourse.nix')
-rw-r--r-- | nixpkgs/nixos/modules/services/web-apps/discourse.nix | 51 |
1 files changed, 41 insertions, 10 deletions
diff --git a/nixpkgs/nixos/modules/services/web-apps/discourse.nix b/nixpkgs/nixos/modules/services/web-apps/discourse.nix index 00b58d502574..49958fc6190c 100644 --- a/nixpkgs/nixos/modules/services/web-apps/discourse.nix +++ b/nixpkgs/nixos/modules/services/web-apps/discourse.nix @@ -5,11 +5,16 @@ let cfg = config.services.discourse; + # Keep in sync with https://github.com/discourse/discourse_docker/blob/master/image/base/Dockerfile#L5 + upstreamPostgresqlVersion = lib.getVersion pkgs.postgresql_13; + postgresqlPackage = if config.services.postgresql.enable then config.services.postgresql.package else pkgs.postgresql; + postgresqlVersion = lib.getVersion postgresqlPackage; + # We only want to create a database if we're actually going to connect to it. databaseActuallyCreateLocally = cfg.database.createLocally && cfg.database.host == null; @@ -263,6 +268,17 @@ in Discourse database user. ''; }; + + ignorePostgresqlVersion = lib.mkOption { + type = lib.types.bool; + default = false; + description = '' + Whether to allow other versions of PostgreSQL than the + recommended one. Only effective when + <option>services.discourse.database.createLocally</option> + is enabled. + ''; + }; }; redis = { @@ -398,6 +414,14 @@ in How OpenSSL checks the certificate, see http://api.rubyonrails.org/classes/ActionMailer/Base.html ''; }; + + forceTLS = lib.mkOption { + type = lib.types.bool; + default = false; + description = '' + Force implicit TLS as per RFC 8314 3.3. + ''; + }; }; incoming = { @@ -497,6 +521,12 @@ in assertion = cfg.hostname != ""; message = "Could not automatically determine hostname, set service.discourse.hostname manually."; } + { + assertion = cfg.database.ignorePostgresqlVersion || (databaseActuallyCreateLocally -> upstreamPostgresqlVersion == postgresqlVersion); + message = "The PostgreSQL version recommended for use with Discourse is ${upstreamPostgresqlVersion}, you're using ${postgresqlVersion}. " + + "Either update your PostgreSQL package to the correct version or set services.discourse.database.ignorePostgresqlVersion. " + + "See https://nixos.org/manual/nixos/stable/index.html#module-postgresql for details on how to upgrade PostgreSQL."; + } ]; @@ -530,6 +560,7 @@ in smtp_authentication = cfg.mail.outgoing.authentication; smtp_enable_start_tls = cfg.mail.outgoing.enableStartTLSAuto; smtp_openssl_verify_mode = cfg.mail.outgoing.opensslVerifyMode; + smtp_force_tls = cfg.mail.outgoing.forceTLS; load_mini_profiler = true; mini_profiler_snapshots_period = 0; @@ -542,8 +573,8 @@ in redis_host = cfg.redis.host; redis_port = 6379; - redis_slave_host = null; - redis_slave_port = 6379; + redis_replica_host = null; + redis_replica_port = 6379; redis_db = cfg.redis.dbNumber; redis_password = cfg.redis.passwordFile; redis_skip_client_commands = false; @@ -552,8 +583,8 @@ in message_bus_redis_enabled = false; message_bus_redis_host = "localhost"; message_bus_redis_port = 6379; - message_bus_redis_slave_host = null; - message_bus_redis_slave_port = 6379; + message_bus_redis_replica_host = null; + message_bus_redis_replica_port = 6379; message_bus_redis_db = 0; message_bus_redis_password = null; message_bus_redis_skip_client_commands = false; @@ -606,6 +637,7 @@ in allowed_theme_repos = null; enable_email_sync_demon = false; max_digests_enqueued_per_30_mins_per_site = 10000; + cluster_name = null; }; services.redis.enable = lib.mkDefault (cfg.redis.host == "localhost"); @@ -661,12 +693,13 @@ in ]; path = cfg.package.runtimeDeps ++ [ postgresqlPackage - pkgs.replace + pkgs.replace-secret cfg.package.rake ]; environment = cfg.package.runtimeEnv // { UNICORN_TIMEOUT = builtins.toString cfg.unicornTimeout; UNICORN_SIDEKIQS = builtins.toString cfg.sidekiqProcesses; + MALLOC_ARENA_MAX = "2"; }; preStart = @@ -688,10 +721,7 @@ in mkSecretReplacement = file: lib.optionalString (file != null) '' - ( - password=$(<'${file}') - replace-literal -fe '${file}' "$password" /run/discourse/config/discourse.conf - ) + replace-secret '${file}' '${file}' /run/discourse/config/discourse.conf ''; in '' set -o errexit -o pipefail -o nounset -o errtrace @@ -713,11 +743,12 @@ in cfg.siteSettings "/run/discourse/config/nixos_site_settings.json" } - install -T -m 0400 -o discourse ${discourseConf} /run/discourse/config/discourse.conf + install -T -m 0600 -o discourse ${discourseConf} /run/discourse/config/discourse.conf ${mkSecretReplacement cfg.database.passwordFile} ${mkSecretReplacement cfg.mail.outgoing.passwordFile} ${mkSecretReplacement cfg.redis.passwordFile} ${mkSecretReplacement cfg.secretKeyBaseFile} + chmod 0400 /run/discourse/config/discourse.conf ) discourse-rake db:migrate >>/var/log/discourse/db_migration.log |