diff options
Diffstat (limited to 'nixos')
-rw-r--r-- | nixos/doc/manual/release-notes/rl-2105.xml | 1 | ||||
-rw-r--r-- | nixos/modules/services/networking/wireguard.nix | 14 | ||||
-rw-r--r-- | nixos/modules/services/web-apps/discourse.nix | 41 | ||||
-rw-r--r-- | nixos/tests/discourse.nix | 2 |
4 files changed, 40 insertions, 18 deletions
diff --git a/nixos/doc/manual/release-notes/rl-2105.xml b/nixos/doc/manual/release-notes/rl-2105.xml index fa100290460e9..12a9ae2f44ea8 100644 --- a/nixos/doc/manual/release-notes/rl-2105.xml +++ b/nixos/doc/manual/release-notes/rl-2105.xml @@ -25,6 +25,7 @@ </listitem> <listitem> <para>The default Linux kernel was updated to the 5.10 LTS series, coming from the 5.4 LTS series.</para> + <para>The <package>linux_latest</package> kernel was updated to the 5.12 series. It currently is not officially supported for use with the zfs filesystem. If you use zfs, you should use a different kernel version (either the LTS kernel, or track a specific one). </para> </listitem> <listitem> <para>GNOME desktop environment was upgraded to 40, see the release notes for <link xlink:href="https://help.gnome.org/misc/release-notes/40.0/">40.0</link> and <link xlink:href="https://help.gnome.org/misc/release-notes/3.38/">3.38</link>. The <code>gnome3</code> attribute set has been renamed to <code>gnome</code> and so have been the NixOS options.</para> diff --git a/nixos/modules/services/networking/wireguard.nix b/nixos/modules/services/networking/wireguard.nix index 471f4bf8b33ff..2b51770a5aa13 100644 --- a/nixos/modules/services/networking/wireguard.nix +++ b/nixos/modules/services/networking/wireguard.nix @@ -244,17 +244,6 @@ let }; - generatePathUnit = name: values: - assert (values.privateKey == null); - assert (values.privateKeyFile != null); - nameValuePair "wireguard-${name}" - { - description = "WireGuard Tunnel - ${name} - Private Key"; - requiredBy = [ "wireguard-${name}.service" ]; - before = [ "wireguard-${name}.service" ]; - pathConfig.PathExists = values.privateKeyFile; - }; - generateKeyServiceUnit = name: values: assert values.generatePrivateKeyFile; nameValuePair "wireguard-${name}-key" @@ -509,9 +498,6 @@ in // (mapAttrs' generateKeyServiceUnit (filterAttrs (name: value: value.generatePrivateKeyFile) cfg.interfaces)); - systemd.paths = mapAttrs' generatePathUnit - (filterAttrs (name: value: value.privateKeyFile != null) cfg.interfaces); - }); } diff --git a/nixos/modules/services/web-apps/discourse.nix b/nixos/modules/services/web-apps/discourse.nix index 0e2e182ffe93e..49958fc6190c6 100644 --- a/nixos/modules/services/web-apps/discourse.nix +++ b/nixos/modules/services/web-apps/discourse.nix @@ -5,11 +5,16 @@ let cfg = config.services.discourse; + # Keep in sync with https://github.com/discourse/discourse_docker/blob/master/image/base/Dockerfile#L5 + upstreamPostgresqlVersion = lib.getVersion pkgs.postgresql_13; + postgresqlPackage = if config.services.postgresql.enable then config.services.postgresql.package else pkgs.postgresql; + postgresqlVersion = lib.getVersion postgresqlPackage; + # We only want to create a database if we're actually going to connect to it. databaseActuallyCreateLocally = cfg.database.createLocally && cfg.database.host == null; @@ -263,6 +268,17 @@ in Discourse database user. ''; }; + + ignorePostgresqlVersion = lib.mkOption { + type = lib.types.bool; + default = false; + description = '' + Whether to allow other versions of PostgreSQL than the + recommended one. Only effective when + <option>services.discourse.database.createLocally</option> + is enabled. + ''; + }; }; redis = { @@ -398,6 +414,14 @@ in How OpenSSL checks the certificate, see http://api.rubyonrails.org/classes/ActionMailer/Base.html ''; }; + + forceTLS = lib.mkOption { + type = lib.types.bool; + default = false; + description = '' + Force implicit TLS as per RFC 8314 3.3. + ''; + }; }; incoming = { @@ -497,6 +521,12 @@ in assertion = cfg.hostname != ""; message = "Could not automatically determine hostname, set service.discourse.hostname manually."; } + { + assertion = cfg.database.ignorePostgresqlVersion || (databaseActuallyCreateLocally -> upstreamPostgresqlVersion == postgresqlVersion); + message = "The PostgreSQL version recommended for use with Discourse is ${upstreamPostgresqlVersion}, you're using ${postgresqlVersion}. " + + "Either update your PostgreSQL package to the correct version or set services.discourse.database.ignorePostgresqlVersion. " + + "See https://nixos.org/manual/nixos/stable/index.html#module-postgresql for details on how to upgrade PostgreSQL."; + } ]; @@ -530,6 +560,7 @@ in smtp_authentication = cfg.mail.outgoing.authentication; smtp_enable_start_tls = cfg.mail.outgoing.enableStartTLSAuto; smtp_openssl_verify_mode = cfg.mail.outgoing.opensslVerifyMode; + smtp_force_tls = cfg.mail.outgoing.forceTLS; load_mini_profiler = true; mini_profiler_snapshots_period = 0; @@ -542,8 +573,8 @@ in redis_host = cfg.redis.host; redis_port = 6379; - redis_slave_host = null; - redis_slave_port = 6379; + redis_replica_host = null; + redis_replica_port = 6379; redis_db = cfg.redis.dbNumber; redis_password = cfg.redis.passwordFile; redis_skip_client_commands = false; @@ -552,8 +583,8 @@ in message_bus_redis_enabled = false; message_bus_redis_host = "localhost"; message_bus_redis_port = 6379; - message_bus_redis_slave_host = null; - message_bus_redis_slave_port = 6379; + message_bus_redis_replica_host = null; + message_bus_redis_replica_port = 6379; message_bus_redis_db = 0; message_bus_redis_password = null; message_bus_redis_skip_client_commands = false; @@ -606,6 +637,7 @@ in allowed_theme_repos = null; enable_email_sync_demon = false; max_digests_enqueued_per_30_mins_per_site = 10000; + cluster_name = null; }; services.redis.enable = lib.mkDefault (cfg.redis.host == "localhost"); @@ -667,6 +699,7 @@ in environment = cfg.package.runtimeEnv // { UNICORN_TIMEOUT = builtins.toString cfg.unicornTimeout; UNICORN_SIDEKIQS = builtins.toString cfg.sidekiqProcesses; + MALLOC_ARENA_MAX = "2"; }; preStart = diff --git a/nixos/tests/discourse.nix b/nixos/tests/discourse.nix index 3c965550fe0a1..2ed6fb957c203 100644 --- a/nixos/tests/discourse.nix +++ b/nixos/tests/discourse.nix @@ -51,6 +51,8 @@ import ./make-test-python.nix ( environment.systemPackages = [ pkgs.jq ]; + services.postgresql.package = pkgs.postgresql_13; + services.discourse = { enable = true; inherit admin; |