about summary refs log tree commit diff
path: root/nixos
diff options
context:
space:
mode:
Diffstat (limited to 'nixos')
-rw-r--r--nixos/doc/manual/release-notes/rl-2105.xml1
-rw-r--r--nixos/modules/services/networking/wireguard.nix14
-rw-r--r--nixos/modules/services/web-apps/discourse.nix41
-rw-r--r--nixos/tests/discourse.nix2
4 files changed, 40 insertions, 18 deletions
diff --git a/nixos/doc/manual/release-notes/rl-2105.xml b/nixos/doc/manual/release-notes/rl-2105.xml
index fa100290460e9..12a9ae2f44ea8 100644
--- a/nixos/doc/manual/release-notes/rl-2105.xml
+++ b/nixos/doc/manual/release-notes/rl-2105.xml
@@ -25,6 +25,7 @@
    </listitem>
    <listitem>
     <para>The default Linux kernel was updated to the 5.10 LTS series, coming from the 5.4 LTS series.</para>
+    <para>The <package>linux_latest</package> kernel was updated to the 5.12 series. It currently is not officially supported for use with the zfs filesystem. If you use zfs, you should use a different kernel version (either the LTS kernel, or track a specific one). </para>
    </listitem>
    <listitem>
     <para>GNOME desktop environment was upgraded to 40, see the release notes for <link xlink:href="https://help.gnome.org/misc/release-notes/40.0/">40.0</link> and <link xlink:href="https://help.gnome.org/misc/release-notes/3.38/">3.38</link>. The <code>gnome3</code> attribute set has been renamed to <code>gnome</code> and so have been the NixOS options.</para>
diff --git a/nixos/modules/services/networking/wireguard.nix b/nixos/modules/services/networking/wireguard.nix
index 471f4bf8b33ff..2b51770a5aa13 100644
--- a/nixos/modules/services/networking/wireguard.nix
+++ b/nixos/modules/services/networking/wireguard.nix
@@ -244,17 +244,6 @@ let
 
   };
 
-  generatePathUnit = name: values:
-    assert (values.privateKey == null);
-    assert (values.privateKeyFile != null);
-    nameValuePair "wireguard-${name}"
-      {
-        description = "WireGuard Tunnel - ${name} - Private Key";
-        requiredBy = [ "wireguard-${name}.service" ];
-        before = [ "wireguard-${name}.service" ];
-        pathConfig.PathExists = values.privateKeyFile;
-      };
-
   generateKeyServiceUnit = name: values:
     assert values.generatePrivateKeyFile;
     nameValuePair "wireguard-${name}-key"
@@ -509,9 +498,6 @@ in
       // (mapAttrs' generateKeyServiceUnit
       (filterAttrs (name: value: value.generatePrivateKeyFile) cfg.interfaces));
 
-    systemd.paths = mapAttrs' generatePathUnit
-      (filterAttrs (name: value: value.privateKeyFile != null) cfg.interfaces);
-
   });
 
 }
diff --git a/nixos/modules/services/web-apps/discourse.nix b/nixos/modules/services/web-apps/discourse.nix
index 0e2e182ffe93e..49958fc6190c6 100644
--- a/nixos/modules/services/web-apps/discourse.nix
+++ b/nixos/modules/services/web-apps/discourse.nix
@@ -5,11 +5,16 @@ let
 
   cfg = config.services.discourse;
 
+  # Keep in sync with https://github.com/discourse/discourse_docker/blob/master/image/base/Dockerfile#L5
+  upstreamPostgresqlVersion = lib.getVersion pkgs.postgresql_13;
+
   postgresqlPackage = if config.services.postgresql.enable then
                         config.services.postgresql.package
                       else
                         pkgs.postgresql;
 
+  postgresqlVersion = lib.getVersion postgresqlPackage;
+
   # We only want to create a database if we're actually going to connect to it.
   databaseActuallyCreateLocally = cfg.database.createLocally && cfg.database.host == null;
 
@@ -263,6 +268,17 @@ in
             Discourse database user.
           '';
         };
+
+        ignorePostgresqlVersion = lib.mkOption {
+          type = lib.types.bool;
+          default = false;
+          description = ''
+            Whether to allow other versions of PostgreSQL than the
+            recommended one. Only effective when
+            <option>services.discourse.database.createLocally</option>
+            is enabled.
+          '';
+        };
       };
 
       redis = {
@@ -398,6 +414,14 @@ in
               How OpenSSL checks the certificate, see http://api.rubyonrails.org/classes/ActionMailer/Base.html
             '';
           };
+
+          forceTLS = lib.mkOption {
+            type = lib.types.bool;
+            default = false;
+            description = ''
+              Force implicit TLS as per RFC 8314 3.3.
+            '';
+          };
         };
 
         incoming = {
@@ -497,6 +521,12 @@ in
         assertion = cfg.hostname != "";
         message = "Could not automatically determine hostname, set service.discourse.hostname manually.";
       }
+      {
+        assertion = cfg.database.ignorePostgresqlVersion || (databaseActuallyCreateLocally -> upstreamPostgresqlVersion == postgresqlVersion);
+        message = "The PostgreSQL version recommended for use with Discourse is ${upstreamPostgresqlVersion}, you're using ${postgresqlVersion}. "
+                  + "Either update your PostgreSQL package to the correct version or set services.discourse.database.ignorePostgresqlVersion. "
+                  + "See https://nixos.org/manual/nixos/stable/index.html#module-postgresql for details on how to upgrade PostgreSQL.";
+      }
     ];
 
 
@@ -530,6 +560,7 @@ in
       smtp_authentication = cfg.mail.outgoing.authentication;
       smtp_enable_start_tls = cfg.mail.outgoing.enableStartTLSAuto;
       smtp_openssl_verify_mode = cfg.mail.outgoing.opensslVerifyMode;
+      smtp_force_tls = cfg.mail.outgoing.forceTLS;
 
       load_mini_profiler = true;
       mini_profiler_snapshots_period = 0;
@@ -542,8 +573,8 @@ in
 
       redis_host = cfg.redis.host;
       redis_port = 6379;
-      redis_slave_host = null;
-      redis_slave_port = 6379;
+      redis_replica_host = null;
+      redis_replica_port = 6379;
       redis_db = cfg.redis.dbNumber;
       redis_password = cfg.redis.passwordFile;
       redis_skip_client_commands = false;
@@ -552,8 +583,8 @@ in
       message_bus_redis_enabled = false;
       message_bus_redis_host = "localhost";
       message_bus_redis_port = 6379;
-      message_bus_redis_slave_host = null;
-      message_bus_redis_slave_port = 6379;
+      message_bus_redis_replica_host = null;
+      message_bus_redis_replica_port = 6379;
       message_bus_redis_db = 0;
       message_bus_redis_password = null;
       message_bus_redis_skip_client_commands = false;
@@ -606,6 +637,7 @@ in
       allowed_theme_repos = null;
       enable_email_sync_demon = false;
       max_digests_enqueued_per_30_mins_per_site = 10000;
+      cluster_name = null;
     };
 
     services.redis.enable = lib.mkDefault (cfg.redis.host == "localhost");
@@ -667,6 +699,7 @@ in
       environment = cfg.package.runtimeEnv // {
         UNICORN_TIMEOUT = builtins.toString cfg.unicornTimeout;
         UNICORN_SIDEKIQS = builtins.toString cfg.sidekiqProcesses;
+        MALLOC_ARENA_MAX = "2";
       };
 
       preStart =
diff --git a/nixos/tests/discourse.nix b/nixos/tests/discourse.nix
index 3c965550fe0a1..2ed6fb957c203 100644
--- a/nixos/tests/discourse.nix
+++ b/nixos/tests/discourse.nix
@@ -51,6 +51,8 @@ import ./make-test-python.nix (
 
         environment.systemPackages = [ pkgs.jq ];
 
+        services.postgresql.package = pkgs.postgresql_13;
+
         services.discourse = {
           enable = true;
           inherit admin;
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-08-06 12:21:36 +0000