gador/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
879,646 Commits 9 Branches 0 Tags
78d6ea59c3aeee40e032cd81fa6ebbf28a14f6cb
Commit Graph

2684 Commits

Author SHA1 Message Date
Maximilian Bosch
76b41b119e simplesamlphp: remove 
See https://github.com/NixOS/nixpkgs/pull/312251#issuecomment-3416076466

I think it's frankly careless to merge something into nixpkgs that's two
patch-releases behind the current patch-level of the _legacy branch_ of
a software. Especially for security-sensitive things.

On top, this got never updated even though there are two high-rated CVEs
in this, i.e.  CVE-2025-27773[1] and CVE-2024-52596[2].

[1] https://github.com/advisories/GHSA-46r4-f8gj-xg56
[2] https://github.com/advisories/GHSA-2x65-fpch-2fcm
 2025-10-17 17:49:52 +02:00
Maximilian Bosch
a1c24d0868 filesender: remove 
This depends on `simplesamlphp` which is one major version behind, was
packaged in an outdated version from the beginning and is known
vulnerable in nixpkgs. As a result, I decided to remove simplesamlphp
and all its reverse dependencies.
 2025-10-17 17:49:01 +02:00
Sandro
3e4edac3b4 nixos/librespeed: init (#448889) 2025-10-16 23:13:57 +00:00
emily
b17ca19e8f nixos/librespeed: init 
Co-Authored-By: Sandro Jäckel <sandro.jaeckel@gmail.com>
 2025-10-17 00:40:35 +02:00
Gutyina Gergő
98c30482ed nixos/glance: restart service on failure 2025-10-16 19:59:23 +02:00
Diogo Correia
3017b2746c nixos/pairdrop: init module 2025-10-16 10:22:06 +01:00
Martin Weinelt
af0bfe2d3a nixos/limesurvey: nginx support (#448680) 2025-10-15 13:38:59 +00:00
transcaffeine
ca9406a250 netbox_4_1: remove 2025-10-14 17:47:01 +02:00
Sandro
c58cd36d56 nixos/nextcloud-notify_push: automatically install notify_push nextcloud app (#451501) 2025-10-13 11:42:31 +00:00
Marcel
29a3e7a111 nixos/nextcloud-notify_push: automatically install notify_push nextcloud app 2025-10-13 13:37:53 +02:00
Marcel
2f00e84a4b nixos/nextcloud-notify_push: remove not required mkMerge 2025-10-13 13:37:47 +02:00
Maximilian Bosch
ddb9127071 nixos/nextcloud: remove ancient stateVersion conditions 2025-10-12 19:26:07 +02:00
Maximilian Bosch
6e416f8cc2 nixos/nextcloud: drop httpd configuration from manual 
Closes #243203

This hasn't changed in years because nobody maintains it. Considering
the amount of updates in the meantime to the nginx configuration, I'm
pretty sure that this doesn't work anymore.

I think it's OK to keep the part about how to really disable nginx, but
that's it.

The reason this also closes #243203 is that config in the manual saw
zero maintenance and I don't expect that to change. This should really
be maintained by interested people in a community wiki.
 2025-10-12 19:11:36 +02:00
Matthew Croughan
4f32864ef1 docuseal: init at 2.1.7 (#266880) 2025-10-12 16:16:15 +00:00
Raroh73
7117f21044 maintainers: drop raroh73 2025-10-12 15:56:30 +02:00
Masum Reza
6349231879 nixos/dolibarr: support PostgreSQL + H2O (#449173) 2025-10-12 06:33:48 +00:00
Yt
e2f157e5b8 nixos/windmill: add a package option (#450986) 2025-10-12 01:14:13 +00:00
Sandro
66e5020bfe nixos/hedgedoc: fix configureNginx, set path per default, adjust nginx group (#450350) 2025-10-11 18:00:45 +00:00
sweenu
527080672c nixos/windmill: add a package option 2025-10-11 14:38:06 +02:00
·𐑑𐑴𐑕𐑑𐑩𐑤
9427b8aeda nixos/dolibarr: stylistic, remove a mkMerge layer 
removes a level of indentation & might even evaluate faster
 2025-10-11 16:45:48 +07:00
·𐑑𐑴𐑕𐑑𐑩𐑤
3fdabe09a5 nixos/dolibarr: add H2O web server option 2025-10-11 16:45:48 +07:00
·𐑑𐑴𐑕𐑑𐑩𐑤
38f3a23bd5 nixos/dolibarr: split DB type; add PostgreSQL support 2025-10-11 16:45:48 +07:00
·𐑑𐑴𐑕𐑑𐑩𐑤
f9100c292f nixos/dolibarr: fix casing typos 2025-10-11 16:45:48 +07:00
Johannes Kirschbauer
1d841c88ca nixos/lasuite-meet: make settings lazy! (#450327) 2025-10-10 13:42:55 +00:00
Sandro Jäckel
6ed6d97fc4 nixos/hedgedoc: fix configureNginx, set path per default, adjust nginx group 2025-10-10 01:49:10 +02:00
Felix Buehler
cf594a3b83 nixos/docuseal: init 2025-10-09 21:46:22 +02:00
Maximilian Bosch
285ea04d23 nextcloud32: init at 32.0.0 (#446632) 2025-10-09 18:00:09 +00:00
Maximilian Bosch
cc1a69468d nixos/nextcloud: avoid duplicate X-Robots-Tag header, remove option nginx.recommendedHttpHeaders (#449186) 2025-10-09 17:47:13 +00:00
Michael Hoang
aeb2db1591 nixos/lasuite-meet: make settings lazy! 2025-10-09 16:43:03 +02:00
Martin Weinelt
531f6038cf nixos/pretalx: run pretalx-manage migrate on plugin changes and upgrades (#450102) 2025-10-09 14:31:12 +00:00
Sandro Jäckel
ad9e817cc2 nixos/pretalx: run pretalx-manage migrate on plugin changes and upgrades 
Some plugins like https://github.com/pretalx/pretalx-media-ccc-de
require database migrations to properly work.
 2025-10-09 16:11:46 +02:00
teutat3s
ed6fed3410 nixos/nextcloud: recommended nginx headers should 
not be optional, because upstream recommends them
https://docs.nextcloud.com/server/stable/admin_manual/installation/harden_server.html#serve-security-related-headers-by-the-web-server
 2025-10-09 10:09:42 +02:00
teutat3s
c794451fee nixos/nextcloud: avoid duplicate X-Robots-Tag header 
We already set this header in nginx, and a duplicate header can lead to
issues, like: https://github.com/nextcloud/notes-android/issues/2848
 2025-10-09 09:42:29 +02:00
Bruno BELANYI
5ca9078d7f nixos/homebox: update module (#436651) 2025-10-08 21:13:53 +00:00
dish
47a0293617 nixos/pixelfed: remove X-XSS-Protection header 
not recommended to set it, per OWASP, as it can actually introduce
security issues

https://owasp.org/www-project-secure-headers/#x-xss-protection
 2025-10-07 14:06:30 -04:00
h7x4
35ef0e22e8 nixos/linkwarden: init module, linkwarden: init at 2.13.0 (#347353) 2025-10-07 15:50:50 +00:00
Jan van Brügge
0bf693cb0f nixos/linkwarden: init module 2025-10-07 12:57:55 +01:00
provokateurin
f8d0f08acc nixos/nextcloud: Use php84 by default 
php84 is supported by nextcloud31 and nextcloud32 and brings some additional performance improvements in nextcloud32.
 2025-10-07 09:45:28 +02:00
provokateurin
34a7111f89 nextcloud32: init at 32.0.0 2025-10-07 09:45:28 +02:00
Marcus Ramberg
39e076de80 nixos/immich: fix eval with settings == null (#449271) 2025-10-07 06:45:18 +00:00
Robert Schütz
f1e52abf0d nixos/immich: fix eval with settings == null 
Using the module without declarative settings previously failed with

    error: attribute 'settingsFile' missing
 2025-10-06 15:08:09 -07:00
dish
231b923f0a {nixos/,}.tt-rss: drop (#448401) 2025-10-06 13:54:05 +00:00
Florian Klink
a2d829eaa7 nixos/gerrit: Apply more hardening settings (#448870) 2025-10-06 11:13:38 +00:00
dotlambda
65fb719b8c nixos/immich: add secretSettings option (#448238) 2025-10-06 09:07:08 +00:00
Martin Weinelt
4d28f658ba nixos/limesurvey: add nginx support 
The majority of services in nixpkgs uses nginx, so for better coexistence
we add support for it. The option design follows that of mediawiki.

Co-Authored-By: Julien Malka <julien@malka.sh>
 2025-10-05 22:29:44 +02:00
Martin Weinelt
9d9f70b4e9 nixos/limesurvey: deduplicate php references 2025-10-05 22:29:44 +02:00
Martin Weinelt
5b039b9fd4 nixos/limesurvey: fix default config merging when config is defined, set userquestionthemerootdir default (#400448) 2025-10-05 21:34:02 +02:00
Felix Singer
8dac7deb3d nixos/gerrit: Enable PrivateUsers hardening in service config 
For documentation see
https://www.freedesktop.org/software/systemd/man/latest/systemd.exec.html#PrivateUsers=

Signed-off-by: Felix Singer <felixsinger@posteo.net>
 2025-10-05 16:06:19 +02:00
Felix Singer
1ed557f179 nixos/gerrit: Set ProtectProc to invisible 
For documentation see
https://www.freedesktop.org/software/systemd/man/latest/systemd.exec.html#ProtectProc=

Signed-off-by: Felix Singer <felixsinger@posteo.net>
 2025-10-05 15:58:16 +02:00
Felix Singer
302eaedd92 nixos/gerrit: Enable MountAPIVFS hardening in service config 
This setting is already implied by others, but add it for completeness
as well. For documentation see
https://www.freedesktop.org/software/systemd/man/latest/systemd.exec.html#MountAPIVFS=

Signed-off-by: Felix Singer <felixsinger@posteo.net>
 2025-10-05 15:38:50 +02:00