| Commit message (Collapse) | Author | Age |
| |
|
|
|
|
|
|
| |
Extracted from
b478e0043c53964c99cc9a145c155a673af3c7d8 ("nixos/mailman: refactor"),
to bring myself closer to current upstream.
|
|
|
|
|
|
| |
Extracted from
b478e0043c53964c99cc9a145c155a673af3c7d8 ("nixos/mailman: refactor"),
to bring myself closer to current upstream.
|
|
|
|
| |
I need this to be able to make my uwsgi socket group-readable.
|
|
|
|
|
|
| |
Extracted from
b478e0043c53964c99cc9a145c155a673af3c7d8 ("nixos/mailman: refactor"),
to bring myself closer to current upstream.
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previously, fcgiwrap was run as root by default. This was bad because
it meant every CGI script was run as root.
Changed to set DynamicUser, so instead of having access to everything,
CGI scripts will now by default only have access to things that are
world-readable. This will probably break things for users, but since
we can't know what they want to allow their CGI scripts access to
they'll have to fix that themselves, because it would be irresponsible
to leave this defaulting to root.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
By default in Nginx, if you want to override a single fastcgi_param,
you have to override all of them. This is less of a big deal if
you're editing the Nginx configuration directly, but when you're
generating the Nginx configuration with Nix it can be very annoying to
bloat your configuration repeating the default values of FastCGI
parameters every time.
This patch adds a fastcgiParams option to Nginx locations. If any
parameters are set through this, all the default values will be
included as well, so only the ones that are changing need to be
supplied. There's no way to use fastcgiParams to actually override
all parameters if that's what you want, but I think that's a niche use
case and it's still possible using extraConfig, which up until now was
the only option
Nginx allows the fastcgi_param directive in http and server scopes as
well as location, but here I only support location. It would be
possible to support the others, but I don't think it's worth it. It
would be a possible future enhancement if somebody has a need for it.
|
|
|
|
|
|
| |
Extracted from
b478e0043c53964c99cc9a145c155a673af3c7d8 ("nixos/mailman: refactor"),
to bring myself closer to current upstream.
|
|
|
|
|
|
| |
Extracted from
b478e0043c53964c99cc9a145c155a673af3c7d8 ("nixos/mailman: refactor"),
to bring myself closer to current upstream.
|
|
|
|
|
|
| |
Extracted from
b478e0043c53964c99cc9a145c155a673af3c7d8 ("nixos/mailman: refactor"),
to bring myself closer to current upstream.
|
|
|
|
|
|
| |
Extracted from
b478e0043c53964c99cc9a145c155a673af3c7d8 ("nixos/mailman: refactor"),
to bring myself closer to current upstream.
|
|
|
|
|
|
| |
Extracted from
b478e0043c53964c99cc9a145c155a673af3c7d8 ("nixos/mailman: refactor"),
to bring myself closer to current upstream.
|
|
|
|
|
|
| |
Extracted from
b478e0043c53964c99cc9a145c155a673af3c7d8 ("nixos/mailman: refactor"),
to bring myself closer to current upstream.
|
|
|
|
|
|
| |
Extracted from
b478e0043c53964c99cc9a145c155a673af3c7d8 ("nixos/mailman: refactor"),
to bring myself closer to current upstream.
|
|
|
|
|
|
| |
Extracted from
b478e0043c53964c99cc9a145c155a673af3c7d8 ("nixos/mailman: refactor"),
to bring myself closer to current upstream.
|
|
|
|
|
|
|
|
|
| |
Adapted from
b478e0043c53964c99cc9a145c155a673af3c7d8 ("nixos/mailman: refactor"),
to bring myself closer to current upstream.
The conditional was added for the case where the directory did not yet
exist, and quotes were changed to the more robust escapeShellArg.
|
|
|
|
|
|
| |
Extracted from
b478e0043c53964c99cc9a145c155a673af3c7d8 ("nixos/mailman: refactor"),
to bring myself closer to current upstream.
|
|
|
|
|
|
| |
Extracted from
b478e0043c53964c99cc9a145c155a673af3c7d8 ("nixos/mailman: refactor"),
to bring myself closer to current upstream.
|
|
|
|
|
|
| |
Extracted from
b478e0043c53964c99cc9a145c155a673af3c7d8 ("nixos/mailman: refactor"),
to bring myself closer to current upstream.
|
|
|
|
| |
(cherry picked from commit cf7b63df5b9efdef4e8e1b3261d7040199f7e671)
|
|
|
|
| |
(cherry picked from commit c37347af7eaa0177e3a374dd94158ff546f20fdb)
|
|
|
|
| |
(cherry picked from commit 751c2ed6e4af9e525fe57b7c0f0ee8a611eab9fa)
|
|
|
|
|
|
|
|
|
| |
This option has been deprecated for a long time because is redundant
(users.users.root.initialHashedPassword exists).
Moreover, being of type string, it required to handle the special value
"!" separately, instead of using just `null`.
(cherry picked from commit a6ed7d4845f1142f36b2c461d5a721bc68eb7d48)
|
|
|
|
|
|
|
| |
SJW brigade represent. ;)
Co-authored-by: Jan Tojnar <jtojnar@gmail.com>
(cherry picked from commit 517be841352ec3e6b236e7cdfb1fbd8e26bf49cb)
|
|
|
|
|
|
| |
This is the last nixos-unstable release before 13b2903169f, which I'm a
bit nervous about. So I want the update including that one to be as
small as possible, hence going to this one first.
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This needs to be defined as an attribute set two layers deep so that
multiple settings in the same namespace, declared in two different
modules, will be merged together.
For example, the following previously wouldn't be merged properly:
{ ... }:
{
imports = [ (
{ ... }: {
services.public-inbox.config.publicinbox.listid = "foo.example.com;
}
) ];
services.public-inbox.config.publicinbox.css =
"https://example.com/pi.css";
}
|
|
|
|
|
|
|
| |
A *good* fix for this problem looks to be a long way off. But I need
my certificates to not expire until that happens.
Fixes: https://github.com/NixOS/nixpkgs/issues/48845
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
We don't want /srv on NixOS, and /home is already created by
users-groups.nix.
Furthermore, systemd tmpfiles are set up post-activation, and so
there's absolutely no way for a user to override them. They can't
even set their own rules in systemd.tmpfiles, because "home.conf"
comes before "nixos.conf" lexicographically, and so systemd always
picks the "home.conf" ones.
|
|
|
|
| |
For man pages.
|
|
|
|
| |
This way, we can use StateDirectory instead of a tmpfile rule.
|
| |
|
|
|
|
|
|
| |
# Conflicts:
# nixpkgs/pkgs/build-support/rust/default.nix
# nixpkgs/pkgs/development/go-modules/generic/default.nix
|
| |
|
| |
|
|
|
|
| |
Warns about loaOf deprecation warning.
|
| |
|
| |
|
| |
|
|
|
|
|
| |
This caused the service to fail because it couldn't find its
gpghomedir.
|
| |
|
|
|
|
|
|
|
|
|
| |
This module encapsulates pretty much all of public-inbox's
functionality. While there are a lot of options, they're only exposed
for things that either I think have a high chance of being something a
large proportion of users need to set, or if the module needs to do
some special setup to accomodate them. All other public-inbox
configuration can be set through the `config' options.
|
|
|
|
|
| |
This will allow users to provide other archiver plugins than the
default mailman-hyperkitty.
|
|
|
|
|
|
| |
Mailman will read its config file from either location, but
mailman-web will only read its config from /etc/mailman3/settings.py.
So, use /etc/mailman3 for mailman.cfg as well, for symmetry.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previously, some files were copied into the Nixpkgs tree, which meant
we wouldn't easily be able to update them, and was also just messy.
The reason it was done that way before was so that a few NixOS
options could be substituted in. Some problems with doing it this way
were that the _package_ changed depending on the values of the
settings, which is pretty strange, and also that it only allowed those
few settings to be set.
In the new model, mailman-web is a usable package without needing to
override, and I've implemented the NixOS options in a much more
flexible way. NixOS' mailman-web config file first reads the
mailman-web settings to use as defaults, but then it loads another
configuration file generated from the new services.mailman.webSettings
option, so _any_ mailman-web Django setting can be customised by the
user, rather than just the three that were supported before. I've
kept the old options, but there might not really be any good reason to
keep them.
It also meant that one hard-coded SECRET_KEY was included in the Nix
store, AND SHARED BETWEEN ALL NIXOS USERS! As part of this change,
the secret key will now be generated along with the Hyperkitty API key
the first time the service is run, and it will never be stored in the
Nix store.
|