public
/
nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

nixos/piwik: fix nginx submodule's ssl defaults 

previous mkDefault did not work as expected,
as it did not overwrite the original submodule's defaults when the user
did not specify any custom options at all.
This commit is contained in:
Florian Jacob 2017-08-31 16:47:54 +02:00 committed by Robin Gloster
parent 3b9f0c6a46
commit 786e9711f5
1 changed files with 17 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
nixos/modules/services/web-apps/piwik.nix
View File

@ -60,9 +60,17 @@ in {
}; };
nginx = mkOption { nginx = mkOption {
type = types.nullOr (types.submodule (import ../web-servers/nginx/vhost-options.nix { type = types.nullOr (types.submodule (
inherit config lib; recursiveUpdate
})); (import ../web-servers/nginx/vhost-options.nix { inherit config lib; })
{
# enable encryption by default,
# as sensitive login and piwik data should not be transmitted in clear text.
options.forceSSL.default = true;
options.enableACME.default = true;
}
)
);
default = null; default = null;
example = { example = {
serverName = "stats.$\{config.networking.hostName\}"; serverName = "stats.$\{config.networking.hostName\}";
@ -168,14 +176,14 @@ in {
# https://fralef.me/piwik-hardening-with-nginx-and-php-fpm.html # https://fralef.me/piwik-hardening-with-nginx-and-php-fpm.html
# https://github.com/perusio/piwik-nginx # https://github.com/perusio/piwik-nginx
"${user}.${config.networking.hostName}" = mkMerge [ cfg.nginx { "${user}.${config.networking.hostName}" = mkMerge [ cfg.nginx {
# don't allow to override root, as it will almost certainly break piwik # don't allow to override the root easily, as it will almost certainly break piwik.
# disadvantage: not shown as default in docs.
root = mkForce "${pkgs.piwik}/share"; root = mkForce "${pkgs.piwik}/share";
# allow to override SSL settings if necessary, i.e. when using another method than ACME # define locations here instead of as the submodule option's default
# but enable them by default, as sensitive login and piwik data should not be transmitted in clear text. # so that they can easily be extended with additional locations if required
forceSSL = mkDefault true; # without needing to redefine the piwik ones.
enableACME = mkDefault true; # disadvantage: not shown as default in docs.
locations."/" = { locations."/" = {
index = "index.php"; index = "index.php";
}; };