commit 9c9a21d525926574ee6b3f24a549d943673cabd1 · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs

lol

fork atom

matrix-synapse service: Make url_preview_enabled optional (#20609)

authored by Ruben Maher and committed by Franz Pletz 9 years ago 9c9a21d5 95381760

+48 -2

2 changed files

expand all

unified split

nixos

modules

services

misc

matrix-synapse.nix

pkgs

servers

matrix-synapse

default.nix

+47 -1

nixos/modules/services/misc/matrix-synapse.nix

··· 59 59 max_upload_size: "${cfg.max_upload_size}" 60 60 max_image_pixels: "${cfg.max_image_pixels}" 61 61 dynamic_thumbnails: ${fromBool cfg.dynamic_thumbnails} 62 - url_preview_enabled: False 62 + url_preview_enabled: ${fromBool cfg.url_preview_enabled} 63 + ${optionalString (cfg.url_preview_enabled == true) '' 64 + url_preview_ip_range_blacklist: ${builtins.toJSON cfg.url_preview_ip_range_blacklist} 65 + url_preview_ip_range_whitelist: ${builtins.toJSON cfg.url_preview_ip_range_whitelist} 66 + url_preview_url_blacklist: ${builtins.toJSON cfg.url_preview_url_blacklist} 67 + ''} 63 68 recaptcha_private_key: "${cfg.recaptcha_private_key}" 64 69 recaptcha_public_key: "${cfg.recaptcha_public_key}" 65 70 enable_registration_captcha: ${fromBool cfg.enable_registration_captcha} ··· 354 359 type = types.str; 355 360 default = "10K"; 356 361 description = "Number of events to cache in memory."; 362 + }; 363 + url_preview_enabled = mkOption { 364 + type = types.bool; 365 + default = false; 366 + description = '' 367 + Is the preview URL API enabled? If enabled, you *must* specify an 368 + explicit url_preview_ip_range_blacklist of IPs that the spider is 369 + denied from accessing. 370 + ''; 371 + }; 372 + url_preview_ip_range_blacklist = mkOption { 373 + type = types.listOf types.str; 374 + default = []; 375 + description = '' 376 + List of IP address CIDR ranges that the URL preview spider is denied 377 + from accessing. 378 + ''; 379 + }; 380 + url_preview_ip_range_whitelist = mkOption { 381 + type = types.listOf types.str; 382 + default = []; 383 + description = '' 384 + List of IP address CIDR ranges that the URL preview spider is allowed 385 + to access even if they are specified in 386 + url_preview_ip_range_blacklist. 387 + ''; 388 + }; 389 + url_preview_url_blacklist = mkOption { 390 + type = types.listOf types.str; 391 + default = [ 392 + "127.0.0.0/8" 393 + "10.0.0.0/8" 394 + "172.16.0.0/12" 395 + "192.168.0.0/16" 396 + "100.64.0.0/10" 397 + "169.254.0.0/16" 398 + ]; 399 + description = '' 400 + Optional list of URL matches that the URL preview spider is 401 + denied from accessing. 402 + ''; 357 403 }; 358 404 recaptcha_private_key = mkOption { 359 405 type = types.str;

+1 -1

pkgs/servers/matrix-synapse/default.nix

··· 27 27 pydenticon pymacaroons-pynacl pynacl pyopenssl pysaml2 pytz requests2 28 28 service-identity signedjson systemd twisted ujson unpaddedbase64 pyyaml 29 29 matrix-angular-sdk bleach netaddr jinja2 psycopg2 30 - ldap3 psutil msgpack 30 + ldap3 psutil msgpack lxml 31 31 ]; 32 32 33 33 # Checks fail because of Tox.