Skip to content
This repository was archived by the owner on Apr 12, 2021. It is now read-only.
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: NixOS/nixpkgs-channels
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: b780aefc621d
Choose a base ref
...
head repository: NixOS/nixpkgs-channels
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: f7e077a54a01
Choose a head ref
  • 3 commits
  • 3 files changed
  • 3 contributors

Commits on Mar 6, 2020

  1. nixos/nginx: use Mozilla Intermediate TLS configuration 

    The configuration at https://ssl-config.mozilla.org/#server=nginx&config=intermediate
is reliably kept up-to-date in terms of security and compatible with a
wide range of clients. They've probably had more care and thought put
into them than our defaults, and will be easier to keep updated in
the future.

The only removed (rather than changed) configuration option here is
ssl_ecdh_curve, per mozilla/server-side-tls#189.

Resolves #80952.

(cherry picked from commit 4ed98d6)
    @emilazy @Mic92
    emilazy authored and Mic92 committed Mar 6, 2020
    Copy the full SHA
    65e31f9 View commit details

Commits on Mar 7, 2020

  1. Merge pull request #81902 from Mic92/nginx-ssl 

    [backport] nixos/nginx: use Mozilla Intermediate TLS configuration
    @Mic92
    Mic92 authored Mar 7, 2020
    Copy the full SHA
    23edc44 View commit details

  2. grocy: 2.6.0 -> 2.6.1 

    (cherry picked from commit d0e0aca)
    @Ma27
    Ma27 committed Mar 7, 2020

    Verified

    This commit was signed with the committer’s verified signature. The key has expired.
    NeQuissimus Tim Steinbach
    GPG key ID: FD36A5EAAC49035A
    Expired
    Verified
    Learn about vigilant mode
    Copy the full SHA
    f7e077a View commit details
20 changes: 14 additions & 6 deletions nixos/modules/services/web-servers/nginx/default.nix
View file
Original file line number Diff line number Diff line change
@@ -87,10 +87,17 @@ let
${optionalString (cfg.sslDhparam != null) "ssl_dhparam ${cfg.sslDhparam};"}
${optionalString (cfg.recommendedTlsSettings) ''
ssl_session_cache shared:SSL:42m;
ssl_session_timeout 23m;
ssl_ecdh_curve secp384r1;
ssl_prefer_server_ciphers on;
# Keep in sync with https://ssl-config.mozilla.org/#server=nginx&config=intermediate
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:10m;
# Breaks forward secrecy: https://github.com/mozilla/server-side-tls/issues/135
ssl_session_tickets off;
# We don't enable insecure ciphers by default, so this allows
# clients to pick the most performant, per https://github.com/mozilla/server-side-tls/issues/260
ssl_prefer_server_ciphers off;
# OCSP stapling
ssl_stapling on;
ssl_stapling_verify on;
''}
@@ -487,8 +494,9 @@ in

sslCiphers = mkOption {
type = types.str;
default = "EECDH+aRSA+AESGCM:EDH+aRSA:EECDH+aRSA:+AES256:+AES128:+SHA1:!CAMELLIA:!SEED:!3DES:!DES:!RC4:!eNULL";
description = "Ciphers to choose from when negotiating tls handshakes.";
# Keep in sync with https://ssl-config.mozilla.org/#server=nginx&config=intermediate
default = "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384";
description = "Ciphers to choose from when negotiating TLS handshakes.";
};

sslProtocols = mkOption {
79 changes: 47 additions & 32 deletions pkgs/servers/grocy/config-locations.patch → ...y/0001-Define-configs-with-env-vars.patch
View file
Original file line number Diff line number Diff line change
@@ -1,8 +1,20 @@
diff --git a/app.php b/app.php
index 5f91e4d..09c6010 100644
--- a/app.php
+++ b/app.php
@@ -23,7 +23,7 @@ else
From 931958d8f11cb55f2e88a178a3b828f3c537eba8 Mon Sep 17 00:00:00 2001
From: Maximilian Bosch <maximilian@mbosch.me>
Date: Fri, 6 Mar 2020 23:43:58 +0100
Subject: [PATCH] Define configs with env vars

---
app.php | 4 ++--
services/DatabaseService.php | 2 +-
services/FilesService.php | 2 +-
services/StockService.php | 2 +-
4 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/app.php b/app.php
index af65ad1..4963c28 100644
--- a/app.php
+++ b/app.php
@@ -25,7 +25,7 @@ else
require_once __DIR__ . '/vendor/autoload.php';

// Load config files
@@ -11,46 +23,46 @@ index 5f91e4d..09c6010 100644
require_once __DIR__ . '/config-dist.php'; // For not in own config defined values we use the default ones

// Definitions for dev/demo/prerelease mode
@@ -49,7 +49,7 @@ $appContainer = new \Slim\Container([
],
'view' => function($container)
{
- return new \Slim\Views\Blade(__DIR__ . '/views', GROCY_DATAPATH . '/viewcache');
+ return new \Slim\Views\Blade(__DIR__ . '/views', getenv('GROCY_CACHE_DIR'));
},
'LoginControllerInstance' => function($container)
{
diff --git a/services/DatabaseService.php b/services/DatabaseService.php
index 0bcf9b8..ec45e93 100644
--- a/services/DatabaseService.php
+++ b/services/DatabaseService.php
@@ -13,7 +13,7 @@ class DatabaseService
@@ -50,7 +50,7 @@ $app = AppFactory::create();
$container = $app->getContainer();
$container->set('view', function(Container $container)
{
- return new Slim\Views\Blade(__DIR__ . '/views', GROCY_DATAPATH . '/viewcache');
+ return new \Slim\Views\Blade(__DIR__ . '/views', getenv('GROCY_CACHE_DIR'));
});
$container->set('LoginControllerInstance', function(Container $container)
{
diff --git a/services/DatabaseService.php b/services/DatabaseService.php
index 23fc7b9..daa1993 100644
--- a/services/DatabaseService.php
+++ b/services/DatabaseService.php
@@ -25,7 +25,7 @@ class DatabaseService
return GROCY_DATAPATH . '/grocy_' . GROCY_CULTURE . '.db';
}

- return GROCY_DATAPATH . '/grocy.db';
+ return getenv('GROCY_DB_FILE');
}

private $DbConnectionRaw;
diff --git a/services/FilesService.php b/services/FilesService.php
index 7933b73..f52657e 100644
--- a/services/FilesService.php
+++ b/services/FilesService.php
@@ -12,7 +12,7 @@ class FilesService extends BaseService
private static $DbConnectionRaw = null;
diff --git a/services/FilesService.php b/services/FilesService.php
index cecdae3..357298d 100644
--- a/services/FilesService.php
+++ b/services/FilesService.php
@@ -12,7 +12,7 @@ class FilesService extends BaseService
{
parent::__construct();

- $this->StoragePath = GROCY_DATAPATH . '/storage';
+ $this->StoragePath = getenv('GROCY_STORAGE_DIR');

if (!file_exists($this->StoragePath))
{
diff --git a/services/StockService.php b/services/StockService.php
index d7482ef..d1399a7 100644
--- a/services/StockService.php
+++ b/services/StockService.php
@@ -933,7 +933,7 @@ class StockService extends BaseService
diff --git a/services/StockService.php b/services/StockService.php
index bfde3fc..53b2245 100644
--- a/services/StockService.php
+++ b/services/StockService.php
@@ -934,7 +934,7 @@ class StockService extends BaseService
throw new \Exception('No barcode lookup plugin defined');
}

@@ -59,3 +71,6 @@ index d7482ef..d1399a7 100644
if (file_exists($path))
{
require_once $path;
--
2.25.0

7 changes: 4 additions & 3 deletions pkgs/servers/grocy/default.nix
View file
Original file line number Diff line number Diff line change
@@ -2,19 +2,20 @@

stdenv.mkDerivation rec {
pname = "grocy";
version = "2.6.0";
version = "2.6.1";

src = fetchurl {
url = "https://github.com/grocy/grocy/releases/download/v${version}/grocy_${version}.zip";
sha256 = "1d4hy495in7p0i4fnhai1yqhjhmblv1g30siggmqpjrzdiiw3bak";
sha256 = "1fq1zlxxhpcxj67xxlgf20dia95xcimgnm13cr56sy9f2vjx58m6";
};

nativeBuildInputs = [ unzip ];
unpackPhase = ''
unzip ${src} -d .
'';

patches = [ ./config-locations.patch ];
patches = [ ./0001-Define-configs-with-env-vars.patch ];
patchFlags = [ "--binary" "-p1" ];

dontBuild = true;