From b64eb5bbbf3ee58a84bd426f85da15c6ae020e1e Mon Sep 17 00:00:00 2001 From: Weijia Wang <9713184+wegank@users.noreply.github.com> Date: Mon, 20 Mar 2023 14:31:32 +0200 Subject: [PATCH] limesurvey: 3.27.33+220125 -> 5.6.9+230306 --- .../modules/services/web-apps/limesurvey.nix | 33 +++++++++++++++++-- pkgs/servers/limesurvey/default.nix | 8 ++--- 2 files changed, 33 insertions(+), 8 deletions(-) diff --git a/nixos/modules/services/web-apps/limesurvey.nix b/nixos/modules/services/web-apps/limesurvey.nix index dd51174c8b8e..8e6b39cbdebc 100644 --- a/nixos/modules/services/web-apps/limesurvey.nix +++ b/nixos/modules/services/web-apps/limesurvey.nix @@ -34,6 +34,24 @@ in options.services.limesurvey = { enable = mkEnableOption (lib.mdDoc "Limesurvey web application"); + encryptionKey = mkOption { + type = types.str; + default = "E17687FC77CEE247F0E22BB3ECF27FDE8BEC310A892347EC13013ABA11AA7EB5"; + description = lib.mdDoc '' + This is a 32-byte key used to encrypt variables in the database. + You _must_ change this from the default value. + ''; + }; + + encryptionNonce = mkOption { + type = types.str; + default = "1ACC8555619929DB91310BE848025A427B0F364A884FFA77"; + description = lib.mdDoc '' + This is a 24-byte nonce used to encrypt variables in the database. + You _must_ change this from the default value. + ''; + }; + database = { type = mkOption { type = types.enum [ "mysql" "pgsql" "odbc" "mssql" ]; @@ -42,6 +60,12 @@ in description = lib.mdDoc "Database engine to use."; }; + dbEngine = mkOption { + type = types.enum [ "MyISAM" "InnoDB" ]; + default = "InnoDB"; + description = lib.mdDoc "Database storage engine to use."; + }; + host = mkOption { type = types.str; default = "localhost"; @@ -180,6 +204,8 @@ in config = { tempdir = "${stateDir}/tmp"; uploaddir = "${stateDir}/upload"; + encryptionnonce = cfg.encryptionNonce; + encryptionsecretboxkey = cfg.encryptionKey; force_ssl = mkIf (cfg.virtualHost.addSSL || cfg.virtualHost.forceSSL || cfg.virtualHost.onlySSL) "on"; config.defaultlang = "en"; }; @@ -200,6 +226,8 @@ in services.phpfpm.pools.limesurvey = { inherit user group; + phpPackage = pkgs.php80; + phpEnv.DBENGINE = "${cfg.database.dbEngine}"; phpEnv.LIMESURVEY_CONFIG = "${limesurveyConfig}"; settings = { "listen.owner" = config.services.httpd.user; @@ -256,11 +284,12 @@ in wantedBy = [ "multi-user.target" ]; before = [ "phpfpm-limesurvey.service" ]; after = optional mysqlLocal "mysql.service" ++ optional pgsqlLocal "postgresql.service"; + environment.DBENGINE = "${cfg.database.dbEngine}"; environment.LIMESURVEY_CONFIG = limesurveyConfig; script = '' # update or install the database as required - ${pkgs.php}/bin/php ${pkg}/share/limesurvey/application/commands/console.php updatedb || \ - ${pkgs.php}/bin/php ${pkg}/share/limesurvey/application/commands/console.php install admin password admin admin@example.com verbose + ${pkgs.php80}/bin/php ${pkg}/share/limesurvey/application/commands/console.php updatedb || \ + ${pkgs.php80}/bin/php ${pkg}/share/limesurvey/application/commands/console.php install admin password admin admin@example.com verbose ''; serviceConfig = { User = user; diff --git a/pkgs/servers/limesurvey/default.nix b/pkgs/servers/limesurvey/default.nix index 2a5a0a2308b6..ce75e8de8b5a 100644 --- a/pkgs/servers/limesurvey/default.nix +++ b/pkgs/servers/limesurvey/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { pname = "limesurvey"; - version = "3.27.33+220125"; + version = "5.6.9+230306"; src = fetchFromGitHub { owner = "LimeSurvey"; repo = "LimeSurvey"; rev = version; - sha256 = "sha256-iwTsn+glh8fwt1IaH9iDKDhEAnx1s1zvv1dmsdzUk8g="; + hash = "sha256-FBcpP9Zb4flr1AZlocRW8xx9UCXJAU9aaGXcWQE6iWc="; }; phpConfig = writeText "config.php" '' @@ -37,9 +37,5 @@ stdenv.mkDerivation rec { homepage = "https://www.limesurvey.org"; maintainers = with maintainers; [offline]; platforms = with platforms; unix; - knownVulnerabilities = [ - "CVE-2022-48008" - "CVE-2022-48010" - ]; }; }