diff --git a/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml b/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml
index 16cea58bfb39..535c63dfd3f5 100644
--- a/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml
+++ b/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml
@@ -164,6 +164,13 @@
services.influxdb2.
+
+
+ isso, a
+ commenting server similar to Disqus. Available as
+ isso
+
+
@@ -654,32 +661,6 @@
to use wildcards in the source argument.
-
-
- The openrazer and
- openrazer-daemon packages as well as the
- hardware.openrazer module now require users
- to be members of the openrazer group
- instead of plugdev. With this change, users
- no longer need be granted the entire set of
- plugdev group permissions, which can
- include permissions other than those required by
- openrazer. This is desirable from a
- security point of view. The setting
- harware.openrazer.users
- can be used to add users to the openrazer
- group.
-
-
-
-
- The yambar package has been split into
- yambar and
- yambar-wayland, corresponding to the xorg
- and wayland backend respectively. Please switch to
- yambar-wayland if you are on wayland.
-
-
@@ -849,15 +830,6 @@
version of zfs.
-
-
- Nginx will use the value of
- sslTrustedCertificate if provided for a
- virtual host, even if enableACME is set.
- This is useful for providers not using the same certificate to
- sign OCSP responses and server certificates.
-
-
diff --git a/nixos/doc/manual/release-notes/rl-2111.section.md b/nixos/doc/manual/release-notes/rl-2111.section.md
index 7e4f50228ef3..b03f2931becf 100644
--- a/nixos/doc/manual/release-notes/rl-2111.section.md
+++ b/nixos/doc/manual/release-notes/rl-2111.section.md
@@ -50,6 +50,9 @@ pt-services.clipcat.enable).
- [influxdb2](https://github.com/influxdata/influxdb), a Scalable datastore for metrics, events, and real-time analytics. Available as [services.influxdb2](#opt-services.influxdb2.enable).
+- [isso](https://posativ.org/isso/), a commenting server similar to Disqus.
+ Available as [isso](#opt-services.isso.enable)
+
## Backward Incompatibilities {#sec-release-21.11-incompatibilities}
- The `staticjinja` package has been upgraded from 1.0.4 to 3.0.1
@@ -166,10 +169,6 @@ pt-services.clipcat.enable).
- `programs.neovim.runtime` switched to a `linkFarm` internally, making it impossible to use wildcards in the `source` argument.
-- The `openrazer` and `openrazer-daemon` packages as well as the `hardware.openrazer` module now require users to be members of the `openrazer` group instead of `plugdev`. With this change, users no longer need be granted the entire set of `plugdev` group permissions, which can include permissions other than those required by `openrazer`. This is desirable from a security point of view. The setting [`harware.openrazer.users`](options.html#opt-services.hardware.openrazer.users) can be used to add users to the `openrazer` group.
-
-- The `yambar` package has been split into `yambar` and `yambar-wayland`, corresponding to the xorg and wayland backend respectively. Please switch to `yambar-wayland` if you are on wayland.
-
## Other Notable Changes {#sec-release-21.11-notable-changes}
- The setting [`services.openssh.logLevel`](options.html#opt-services.openssh.logLevel) `"VERBOSE"` `"INFO"`. This brings NixOS in line with upstream and other Linux distributions, and reduces log spam on servers due to bruteforcing botnets.
@@ -215,5 +214,3 @@ pt-services.clipcat.enable).
- The [services.syncoid.enable](options.html#opt-services.syncoid.enable) module now properly drops ZFS permissions after usage. Before it delegated permissions to whole pools instead of datasets and didn't clean up after execution. You can manually look this up for your pools by running `zfs allow your-pool-name` and use `zfs unallow syncoid your-pool-name` to clean this up.
- Zfs: `latestCompatibleLinuxPackages` is now exported on the zfs package. One can use `boot.kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages;` to always track the latest compatible kernel with a given version of zfs.
-
-- Nginx will use the value of `sslTrustedCertificate` if provided for a virtual host, even if `enableACME` is set. This is useful for providers not using the same certificate to sign OCSP responses and server certificates.
diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix
index c9a124544f83..270e30704063 100644
--- a/nixos/modules/module-list.nix
+++ b/nixos/modules/module-list.nix
@@ -960,6 +960,7 @@
./services/web-apps/icingaweb2/icingaweb2.nix
./services/web-apps/icingaweb2/module-monitoring.nix
./services/web-apps/ihatemoney
+ ./services/web-apps/isso.nix
./services/web-apps/jirafeau.nix
./services/web-apps/jitsi-meet.nix
./services/web-apps/keycloak.nix
diff --git a/nixos/modules/services/web-apps/isso.nix b/nixos/modules/services/web-apps/isso.nix
new file mode 100644
index 000000000000..d05a99a3eedc
--- /dev/null
+++ b/nixos/modules/services/web-apps/isso.nix
@@ -0,0 +1,69 @@
+{ config, lib, pkgs, ... }:
+
+let
+ inherit (lib) mkEnableOption mkIf mkOption types literalExample;
+
+ cfg = config.services.isso;
+
+ settingsFormat = pkgs.formats.ini { };
+ configFile = settingsFormat.generate "isso.conf" cfg.settings;
+in {
+
+ options = {
+ services.isso = {
+ enable = mkEnableOption ''
+ A commenting server similar to Disqus.
+
+ Note: The application's author suppose to run isso behind a reverse proxy.
+ The embedded solution offered by NixOS is also only suitable for small installations
+ below 20 requests per second.
+ '';
+
+ settings = mkOption {
+ description = ''
+ Configuration for isso.
+
+ See Isso Server Configuration
+ for supported values.
+ '';
+
+ type = types.submodule {
+ freeformType = settingsFormat.type;
+ };
+
+ example = literalExample ''
+ {
+ general = {
+ host = "http://localhost";
+ };
+ }
+ '';
+ };
+ };
+ };
+
+ config = mkIf cfg.enable {
+ services.isso.settings.general.dbpath = lib.mkDefault "/var/lib/isso/comments.db";
+
+ systemd.services.isso = {
+ description = "isso, a commenting server similar to Disqus";
+ wantedBy = [ "multi-user.target" ];
+
+ serviceConfig = {
+ User = "isso";
+ Group = "isso";
+
+ DynamicUser = true;
+
+ StateDirectory = "isso";
+
+ ExecStart = ''
+ ${pkgs.isso}/bin/isso -c ${configFile}
+ '';
+
+ Restart = "on-failure";
+ RestartSec = 1;
+ };
+ };
+ };
+}
diff --git a/nixos/tests/isso.nix b/nixos/tests/isso.nix
index e9a68dca3714..99dc8009ae06 100644
--- a/nixos/tests/isso.nix
+++ b/nixos/tests/isso.nix
@@ -5,20 +5,22 @@ import ./make-test-python.nix ({ pkgs, ... }: {
};
machine = { config, pkgs, ... }: {
- environment.systemPackages = [ pkgs.isso ];
+ services.isso = {
+ enable = true;
+ settings = {
+ general = {
+ dbpath = "/var/lib/isso/comments.db";
+ host = "http://localhost";
+ };
+ };
+ };
};
testScript = let
- issoConfig = pkgs.writeText "minimal-isso.conf" ''
- [general]
- dbpath = /tmp/isso-comments.db
- host = http://localhost
- '';
-
port = 8080;
in
''
- machine.succeed("isso -c ${issoConfig} &")
+ machine.wait_for_unit("isso.service")
machine.wait_for_open_port("${toString port}")