diff --git a/nixos/doc/manual/release-notes/rl-1803.xml b/nixos/doc/manual/release-notes/rl-1803.xml
index 855045d6ce96..ddf812aae82f 100644
--- a/nixos/doc/manual/release-notes/rl-1803.xml
+++ b/nixos/doc/manual/release-notes/rl-1803.xml
@@ -255,6 +255,18 @@ following incompatible changes:
All files will be moved automatically on first startup, but you might need to adjust your backup scripts.
+
+
+ The default for the nginx configuration changed from
+ piwik.${config.networking.hostName} to
+ matomo.${config.networking.hostName}.${config.networking.domain}
+ if is set,
+ matomo.${config.networking.hostName} if it is not set.
+ If you change your , remember you'll need to update the
+ trustedHosts[] array in /var/lib/matomo/config/config.ini.php
+ as well.
+
+
The piwik user was renamed to matomo.
diff --git a/nixos/modules/services/web-apps/matomo.nix b/nixos/modules/services/web-apps/matomo.nix
index 8ca117fc459b..ef6ac9698e21 100644
--- a/nixos/modules/services/web-apps/matomo.nix
+++ b/nixos/modules/services/web-apps/matomo.nix
@@ -14,6 +14,11 @@ let
phpExecutionUnit = "phpfpm-${pool}";
databaseService = "mysql.service";
+ fqdn =
+ let
+ join = hostName: domain: hostName + optionalString (domain != null) ".${domain}";
+ in join config.networking.hostName config.networking.domain;
+
in {
options = {
services.matomo = {
@@ -75,15 +80,19 @@ in {
);
default = null;
example = {
- serverName = "stats.$\{config.networking.hostName\}";
+ serverAliases = [
+ "matomo.$\{config.networking.domain\}"
+ "stats.$\{config.networking.domain\}"
+ ];
enableACME = false;
};
description = ''
With this option, you can customize an nginx virtualHost which already has sensible defaults for matomo.
Either this option or the webServerUser option is mandatory.
Set this to {} to just enable the virtualHost if you don't need any customization.
- If enabled, then by default, the serverName is ${user}.$\{config.networking.hostName\}, SSL is active,
- and certificates are acquired via ACME.
+ If enabled, then by default, the is
+ ${user}.$\{config.networking.hostName\}.$\{config.networking.domain\},
+ SSL is active, and certificates are acquired via ACME.
If this is set to null (the default), no nginx virtualHost will be configured.
'';
};
@@ -183,8 +192,7 @@ in {
# References:
# https://fralef.me/piwik-hardening-with-nginx-and-php-fpm.html
# https://github.com/perusio/piwik-nginx
- # TODO: better default
- "${user}.${config.networking.hostName}" = mkMerge [ cfg.nginx {
+ "${user}.${fqdn}" = mkMerge [ cfg.nginx {
# don't allow to override the root easily, as it will almost certainly break matomo.
# disadvantage: not shown as default in docs.
root = mkForce "${pkgs.matomo}/share";