MirrorHub/nixpkgs
0
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-11-17 07:13:23 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

nixos/mastodon: add option trustedProxy

Browse source
This commit is contained in:
Izorkin 2021-02-13 18:37:26 +03:00 committed by erictapen
parent c36bcb9130
commit f1adea1a94
1 changed files with 12 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
nixos/modules/services/web-apps/mastodon.nix
View file

@ -25,6 +25,8 @@ let
ES_ENABLED = if (cfg.elasticsearch.host != null) then "true" else "false"; ES_ENABLED = if (cfg.elasticsearch.host != null) then "true" else "false";
ES_HOST = cfg.elasticsearch.host; ES_HOST = cfg.elasticsearch.host;
ES_PORT = toString(cfg.elasticsearch.port); ES_PORT = toString(cfg.elasticsearch.port);
TRUSTED_PROXY_IP = cfg.trustedProxy;
} }
// (if cfg.smtp.authenticate then { SMTP_LOGIN = cfg.smtp.user; } else {}) // (if cfg.smtp.authenticate then { SMTP_LOGIN = cfg.smtp.user; } else {})
// cfg.extraConfig; // cfg.extraConfig;
@ -179,6 +181,16 @@ in {
type = lib.types.str; type = lib.types.str;
}; };
trustedProxy = lib.mkOption {
description = ''
You need to set it to the IP from which your reverse proxy sends requests to Mastodon's web process,
otherwise Mastodon will record the reverse proxy's own IP as the IP of all requests, which would be
bad because IP addresses are used for important rate limits and security functions.
'';
type = lib.types.str;
default = "127.0.0.1";
};
redis = { redis = {
createLocally = lib.mkOption { createLocally = lib.mkOption {
description = "Configure local Redis server for Mastodon."; description = "Configure local Redis server for Mastodon.";