commit 885e762d471e0733e5da72ddf10f486893624483 · pyrox.dev/nixpkgs

+12

nixos/doc/manual/release-notes/rl-1803.xml

···

       257
       257
        
               </listitem>

     

       258
       258
        
               <listitem>

     

       259
       259
        
                 <para>

     

       260
       260
       +
                   The default <option>serverName</option> for the nginx configuration changed from

     

       261
       261
       +
                   <literal>piwik.${config.networking.hostName}</literal> to

     

       262
       262
       +
                   <literal>matomo.${config.networking.hostName}.${config.networking.domain}</literal>

     

       263
       263
       +
                   if <option>config.networking.domain</option> is set,

     

       264
       264
       +
                   <literal>matomo.${config.networking.hostName}</literal> if it is not set.

     

       265
       265
       +
                   If you change your <option>serverName</option>, remember you'll need to update the

     

       266
       266
       +
                   <literal>trustedHosts[]</literal> array in <filename>/var/lib/matomo/config/config.ini.php</filename>

     

       267
       267
       +
                   as well.

     

       268
       268
       +
                 </para>

     

       269
       269
       +
               </listitem>

     

       270
       270
       +
               <listitem>

     

       271
       271
       +
                 <para>

     

       260
       272
        
                   The <literal>piwik</literal> user was renamed to <literal>matomo</literal>.

     

       261
       273
        
                   The service will adjust ownership automatically for files in the data directory.

     

       262
       274
        
                   If you use unix socket authentication, remember to give the new <literal>matomo</literal> user

+13 -5

nixos/modules/services/web-apps/matomo.nix

···

       14
       14
        
         phpExecutionUnit = "phpfpm-${pool}";

     

       15
       15
        
         databaseService = "mysql.service";

     

       16
       16
        
       

     

       17
       17
       +
         fqdn =

     

       18
       18
       +
           let

     

       19
       19
       +
             join = hostName: domain: hostName + optionalString (domain != null) ".${domain}";

     

       20
       20
       +
            in join config.networking.hostName config.networking.domain;

     

       21
       21
       +
       

     

       17
       22
        
       in {

     

       18
       23
        
         options = {

     

       19
       24
        
           services.matomo = {

     
···

       75
       80
        
               );

     

       76
       81
        
               default = null;

     

       77
       82
        
               example = {

     

       78
       78
       -
                 serverName = "stats.$\{config.networking.hostName\}";

     

       83
       83
       +
                 serverAliases = [

     

       84
       84
       +
                   "matomo.$\{config.networking.domain\}"

     

       85
       85
       +
                   "stats.$\{config.networking.domain\}"

     

       86
       86
       +
                 ];

     

       79
       87
        
                 enableACME = false;

     

       80
       88
        
               };

     

       81
       89
        
               description = ''

     

       82
       90
        
                   With this option, you can customize an nginx virtualHost which already has sensible defaults for matomo.

     

       83
       91
        
                   Either this option or the webServerUser option is mandatory.

     

       84
       92
        
                   Set this to {} to just enable the virtualHost if you don't need any customization.

     

       85
       85
       -
                   If enabled, then by default, the serverName is ${user}.$\{config.networking.hostName\}, SSL is active,

     

       86
       86
       -
                   and certificates are acquired via ACME.

     

       93
       93
       +
                   If enabled, then by default, the <option>serverName</option> is

     

       94
       94
       +
                   <literal>${user}.$\{config.networking.hostName\}.$\{config.networking.domain\}</literal>,

     

       95
       95
       +
                   SSL is active, and certificates are acquired via ACME.

     

       87
       96
        
                   If this is set to null (the default), no nginx virtualHost will be configured.

     

       88
       97
        
               '';

     

       89
       98
        
             };

     
···

       183
       192
        
             # References:

     

       184
       193
        
             # https://fralef.me/piwik-hardening-with-nginx-and-php-fpm.html

     

       185
       194
        
             # https://github.com/perusio/piwik-nginx

     

       186
       186
       -
             # TODO: better default

     

       187
       187
       -
             "${user}.${config.networking.hostName}" = mkMerge [ cfg.nginx {

     

       195
       195
       +
             "${user}.${fqdn}" = mkMerge [ cfg.nginx {

     

       188
       196
        
               # don't allow to override the root easily, as it will almost certainly break matomo.

     

       189
       197
        
               # disadvantage: not shown as default in docs.

     

       190
       198
        
               root = mkForce "${pkgs.matomo}/share";