tobias/nixpkgs
1
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-11-14 19:58:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
812566 commits 213 branches 129 tags 14 GiB
Commit graph

5 commits

Author SHA1 Message Date
Robert Helgesson 908dbaf1e7 nixos/grav: remove X-XSS-Protection 
See <https://github.com/NixOS/nixpkgs/issues/438800>.

(cherry picked from commit 90c505624b)
 2025-09-02 23:25:35 +02:00
Robert Helgesson 4b5e614d94 nixos/grav: use PHP 8.3 
The stable version of Grav is not compatible with later versions of
PHP.

(cherry picked from commit 22617bd181)
 2025-09-02 23:25:35 +02:00
Robert Helgesson ee04cf23b6 nixos/grav: clean up PHP extensions 
Specifically, simply add the extensions that are not already part of
the default `enabled` set.
 2025-03-24 10:09:27 +01:00
shelvacu 1a4575f9db
nixos/modules: Add security.pki.caBundle option and make all services use it for CA bundles (#352244) 
Previously some modules used `config.environment.etc."ssl/certs/ca-certificates.crt".source`, some used `"/etc/ssl/certs/ca-certificates.crt"`, and some used `"${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"`. These were all bad in one way or another:

- `config.environment.etc."ssl/certs/ca-certificates.crt".source` relies on `source` being set; if `text` is set instead this breaks, introducing a weird undocumented requirement
- `"/etc/ssl/certs/ca-certificates.crt"` is probably okay but very un-nix. It's a magic string, and the path doesn't change when the file changes (and so you can't trigger service reloads, for example, when the contents change in a new system activation)
- `"${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"` silently doesn't include the options from `security.pki`

Co-authored-by: Shelvacu <git@shelvacu.com>
 2025-03-08 08:41:08 +00:00
Robert Helgesson 44a5b1bdca nixos/grav: init module 2025-02-21 23:09:42 +01:00