diff options
author | github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> | 2021-03-11 12:21:28 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-03-11 12:21:28 +0000 |
commit | b4d5951d9e9a0af775e6379f3560ed39d30b7590 (patch) | |
tree | 83a9a3f0e10f5a231385cea87048a683c22a2068 /nixos/modules | |
parent | 31dc9fe4576c6f9c161742d26bbf06be63d9d20b (diff) | |
parent | 0213d5f9330cdea6a02d38534b0b8d1be1ddc4ef (diff) |
Merge master into staging-next
Diffstat (limited to 'nixos/modules')
-rw-r--r-- | nixos/modules/services/networking/privoxy.nix | 5 | ||||
-rw-r--r-- | nixos/modules/services/web-apps/nextcloud.nix | 14 |
2 files changed, 15 insertions, 4 deletions
diff --git a/nixos/modules/services/networking/privoxy.nix b/nixos/modules/services/networking/privoxy.nix index f1a9c6029cb07..7c22b7d09b9bd 100644 --- a/nixos/modules/services/networking/privoxy.nix +++ b/nixos/modules/services/networking/privoxy.nix @@ -205,9 +205,8 @@ in users.groups.privoxy = {}; - systemd.tmpfiles.rules = with cfg.settings; [ - "d ${certificate-directory} 0770 privoxy privoxy ${cfg.certsLifetime}" - ]; + systemd.tmpfiles.rules = optional cfg.inspectHttps + "d ${cfg.settings.certificate-directory} 0770 privoxy privoxy ${cfg.certsLifetime}"; systemd.services.privoxy = { description = "Filtering web proxy"; diff --git a/nixos/modules/services/web-apps/nextcloud.nix b/nixos/modules/services/web-apps/nextcloud.nix index 5636415f6a0d0..9a541aba6e43b 100644 --- a/nixos/modules/services/web-apps/nextcloud.nix +++ b/nixos/modules/services/web-apps/nextcloud.nix @@ -10,7 +10,7 @@ let extensions = { enabled, all }: (with all; enabled - ++ [ imagick ] # Always enabled + ++ optional (!cfg.disableImagemagick) imagick # Optionally enabled depending on caching settings ++ optional cfg.caching.apcu apcu ++ optional cfg.caching.redis redis @@ -303,6 +303,18 @@ in { }; }; + disableImagemagick = mkOption { + type = types.bool; + default = false; + description = '' + Whether to not load the ImageMagick module into PHP. + This is used by the theming app and for generating previews of certain images (e.g. SVG and HEIF). + You may want to disable it for increased security. In that case, previews will still be available + for some images (e.g. JPEG and PNG). + See https://github.com/nextcloud/server/issues/13099 + ''; + }; + caching = { apcu = mkOption { type = types.bool; |