3
0
Fork 0
forked from mirrors/nixpkgs
Commit graph

798 commits

Author SHA1 Message Date
volth bc0d605cf1 treewide: fix double quoted strings in meta.description
Signed-off-by: Ben Siraphob <bensiraphob@gmail.com>
2021-01-24 19:56:59 +07:00
Fritz Otlinghaus 0a38f6da4f
nixos/tomcat: add extraGroups type (#110486) 2021-01-22 16:22:06 +01:00
Fritz Otlinghaus c1efc32740
nixos/module/jboss: Add types to options (#110451) 2021-01-22 11:11:40 +01:00
Sandro Jäckel 7856011a30
nixos/apache-httpd: Suggest directory used security.acme.certs.<name>.webroot 2021-01-09 02:24:24 +01:00
rnhmjoj c00240e41e
nixos/uwsgi: add support for POSIX capabilities 2021-01-07 23:17:07 +01:00
Kevin Cox 8455fa3bca
Merge pull request #105347 from Mic92/nginx
nixos/nginx: add streamConfig option
2021-01-07 08:46:29 -05:00
Alyssa Ross 178ec8974f nixos/nginx: allow overriding fastcgi params
By default in Nginx, if you want to override a single fastcgi_param,
you have to override all of them.  This is less of a big deal if
you're editing the Nginx configuration directly, but when you're
generating the Nginx configuration with Nix it can be very annoying to
bloat your configuration repeating the default values of FastCGI
parameters every time.

This patch adds a fastcgiParams option to Nginx locations.  If any
parameters are set through this, all the default values will be
included as well, so only the ones that are changing need to be
supplied.  There's no way to use fastcgiParams to actually override
all parameters if that's what you want, but I think that's a niche use
case and it's still possible using extraConfig, which up until now was
the only option

Nginx allows the fastcgi_param directive in http and server scopes as
well as location, but here I only support location.  It would be
possible to support the others, but I don't think it's worth it.  It
would be a possible future enhancement if somebody has a need for it.
2021-01-05 03:36:18 +00:00
Daniel Nagy f2ca4c8f1d
nixos/httpd: set lua paths
We conditionally set the lua paths for the Apache mod_lua module. This
allows executing Lua script handlers to require modules, that have been
packaged with the supplied Lua derivation of Apache.

For more information, see:

  https://httpd.apache.org/docs/2.4/mod/mod_lua.html#luapackagecpath
  https://httpd.apache.org/docs/2.4/mod/mod_lua.html#luapackagepath
2020-12-25 22:54:05 +01:00
Maximilian Bosch 55ef9612a2
nixos/nginx: improve documentation for config
Unfortunately, I had a use-case where `services.nginx.config` was
necessary quite recently. While working on that config I had to look up
the module's code to understand which options can be used and which
don't.

To slightly improve the situation, I changed the documentation like
this:

* Added `types.str` as type since `config` is not mergeable on purpose.
  It must be a string as it's rendered verbatim into `nginx.conf` and if
  the type is `unspecified`, it can be confused with RFC42-like options.

* Mention which config options that don't generate config in
  `nginx.conf` are NOT mutually exclusive.
2020-12-06 17:26:13 +01:00
Jörg Thalheim 6f330ccedf
nixos/nginx: add streamConfig option 2020-11-29 10:55:01 +01:00
Graham Christensen bc49a0815a
utillinux: rename to util-linux 2020-11-24 12:42:06 -05:00
Graham Christensen 3361a037b9
nginx: add a warning that nginx's basic auth isn't very good. 2020-11-02 08:16:01 -05:00
Graham Christensen c7bf3828f0
nginx: add basic auth support for locations 2020-11-02 08:16:00 -05:00
Graham Christensen 33cf4f0e8e
nginx: factor out the generation of basic auth generation 2020-11-02 08:16:00 -05:00
lf- 00d257c7c3 nixos/caddy: fix caddy configs with complicated jq 2020-10-31 01:53:50 -07:00
lf- b37bbca521 nixos/modules: fix systemd start rate-limits
These were broken since 2016:
f0367da7d1
since StartLimitIntervalSec got moved into [Unit] from [Service].
StartLimitBurst has also been moved accordingly, so let's fix that one
too.

NixOS systems have been producing logs such as:
/nix/store/wf98r55aszi1bkmln1lvdbp7znsfr70i-unit-caddy.service/caddy.service:31:
Unknown key name 'StartLimitIntervalSec' in section 'Service', ignoring.

I have also removed some unnecessary duplication in units disabling
rate limiting since setting either interval or burst to zero disables it
(ad16158c10/src/basic/ratelimit.c (L16))
2020-10-31 01:35:56 -07:00
WORLDofPEACE 214af51225
Merge pull request #101067 from deviant/remove-caddy-agree
nixos/caddy: remove services.caddy.agree
2020-10-30 16:02:44 -04:00
Aneesh Agrawal 924035bb97 nixos/nginx: Allow unsetting ssl_ciphers
When using the Modern config from the Mozilla SSL config generator,
the `ssl_ciphers` parameter does not need to be set
as only TLSv1.3 is permitted and all of its ciphers are reasonable.
2020-10-26 00:35:29 -04:00
V 580f0faa75 nixos/caddy: remove services.caddy.agree
This option is no longer referenced anywhere as of #99371.
2020-10-19 14:29:48 +02:00
Dustin Frisch 762ca640c4
nixos/nginx: Do not remove headers while proxying
Removing the `Accept-Encoding` header breaks applications which may
produce already compressed content.

Removing this header is staded in the nginx docs but is ment as an
example, not as an recomendation.
2020-10-16 12:50:52 +02:00
Aaron Andersen dedd67610a
Merge pull request #99251 from xfix/remove-unnecessary-sendmail-configuration
nixos/httpd: remove unnecessary sendmail configuration
2020-10-05 08:59:42 -04:00
zowoq 8f74e9e905 nixos/caddy: remove caddy1 2020-10-02 23:50:59 +10:00
Konrad Borowski 6fc06a1d3d nixos/phpfpm: remove unnecessary sendmail configuration 2020-10-02 09:11:14 +02:00
Konrad Borowski 05eb3496e6 nixos/httpd: remove unnecessary sendmail configuration
PHP now uses system-sendmail without special configuration.
2020-10-01 12:05:08 +02:00
Emery Hemingway 9fa50bea78 nixos/molly-brown: refactor module to use a TOML generator 2020-09-28 14:38:31 +02:00
Izorkin 535896671b
nixos/nginx: remove option enableSandbox 2020-09-10 08:19:20 +03:00
Oleksii Filonenko 45d7f59da8
Merge pull request #97217 from sephii/nixos-caddy-v2-migration 2020-09-08 11:17:55 +03:00
Sylvain Fankhauser b8bfe941fa
caddy: address remaining MR comments for v2 2020-09-08 09:29:04 +02:00
Oleksii Filonenko 6322325a53
caddy: 1.0.5 -> 2.0.0
Rename legacy v1 to `caddy1`
2020-09-07 09:39:16 +02:00
Florian Klink d7046947e5
Merge pull request #91121 from m1cr0man/master
Restructure acme module
2020-09-06 18:26:22 +02:00
Oleksii Filonenko d71cadacd9
nixos/caddy: use v2 by default 2020-09-05 14:09:17 +02:00
Oleksii Filonenko 8cc592abfa
nixos/caddy: add support for v2 2020-09-05 14:09:16 +02:00
Lucas Savva 61dbf4bf89
nixos/acme: Add proper nginx/httpd config reload checks
Testing of certs failed randomly when the web server was still
returning old certs even after the reload was "complete". This was
because the reload commands send process signals and do not wait
for the worker processes to restart. This commit adds log watchers
which wait for the worker processes to be restarted.
2020-09-02 19:25:30 +01:00
Lucas Savva 982c5a1f0e
nixos/acme: Restructure module
- Use an acme user and group, allow group override only
- Use hashes to determine when certs actually need to regenerate
- Avoid running lego more than necessary
- Harden permissions
- Support "systemctl clean" for cert regeneration
- Support reuse of keys between some configuration changes
- Permissions fix services solves for previously root owned certs
- Add a note about multiple account creation and emails
- Migrate extraDomains to a list
- Deprecate user option
- Use minica for self-signed certs
- Rewrite all tests

I thought of a few more cases where things may go wrong,
and added tests to cover them. In particular, the web server
reload services were depending on the target - which stays alive,
meaning that the renewal timer wouldn't be triggering a reload
and old certs would stay on the web servers.

I encountered some problems ensuring that the reload took place
without accidently triggering it as part of the test. The sync
commands I added ended up being essential and I'm not sure why,
it seems like either node.succeed ends too early or there's an
oddity of the vm's filesystem I'm not aware of.

- Fix duplicate systemd rules on reload services

Since useACMEHost is not unique to every vhost, if one cert
was reused many times it would create duplicate entries in
${server}-config-reload.service for wants, before and
ConditionPathExists
2020-09-02 19:22:43 +01:00
Peter Hoeg 07408cac94 nixos/phpfpm: always restart service on failure 2020-08-31 21:19:54 +08:00
Aaron Andersen 4df837063f
Merge pull request #95809 from aanderse/logrotate
nixos/logrotate: switch `paths` option type from listOf to attrsOf
2020-08-21 17:31:52 -04:00
Aaron Andersen 06d17caf92 nixos/httpd: configure log rotation 2020-08-21 17:04:07 -04:00
Jörg Thalheim 6f4141507b
meguca: remove (#95920) 2020-08-21 13:00:40 -07:00
Aaron Andersen fd250d57bb
Merge pull request #79123 from aanderse/apachectl
nixos/httpd: remove impurity from /etc
2020-08-19 20:56:51 -04:00
Izorkin 26898b8518 nixos/unit: update sandboxing options 2020-08-15 11:21:09 +03:00
Florian Klink 300049ca51 nixos/nginx: move configuration testing script into reload command
nginx -t not only verifies configuration, but also creates (and chowns)
files. When the `nginx-config-reload` service is used, this can cause
directories to be chowned to `root`, causing nginx to fail.

This moves the nginx -t command into a second ExecReload command, which
runs as nginx's user. While fixing above issue, this will also cause the
configuration to be verified when running `systemctl reload nginx`, not
only when restarting the dummy `nginx-config-reload` unit. The latter is
mostly a workaround for missing features in our activation script
anyways.
2020-08-12 18:13:29 +02:00
zowoq 8fb410c0ad nixos/*: editorconfig fixes 2020-08-08 10:54:16 +10:00
Jörg Thalheim ba930d8679
nixos/modules: remove trailing whitespace
This leads to ci failure otherwise if the file gets changed.
git-blame can ignore whitespace changes.
2020-08-07 14:45:39 +01:00
Emery Hemingway 76d60b0fcd nixos/molly-brown: init 2020-07-24 11:04:33 +02:00
Izorkin 8129816f98 nixos/unit: add 'tmp' directory 2020-07-17 19:46:56 +03:00
Arian van Putten cfd672a94d nixos/acme: Also fix ordering for apache 2020-06-15 11:05:00 +02:00
Arian van Putten 681cc105ce nixos/acme: Make sure nginx is running before certs are requested
This fixes https://github.com/NixOS/nixpkgs/issues/81842

We should probably also fix this for Apache, which recently also learned
to use ACME.
2020-06-15 11:04:59 +02:00
Florian Klink a3678ed347 nixos/nginx: always run systemctl of the currently running systemd
Also, make the postRun script refer to that systemctl, and not just rely
on $PATH for consistency.
2020-05-21 10:31:47 +02:00
Jörg Thalheim b96a4dcc60
uwsgi: make instance configuration deeply mergeable
allows to specify independent uwsgi instances in two modules.
2020-05-15 08:53:31 +01:00
Izorkin 94391fce1d nixos/nginx: add option enableSandbox 2020-05-12 20:03:29 +03:00
Izorkin aa12fb8adb nginxModules: add option allowMemoryWriteExecute
The allowMemoryWriteExecute option is required to checking enabled nginxModules
and disable the nginx sandbox mode MemoryDenyWriteExecute.
2020-05-12 20:03:29 +03:00
Izorkin 628354c686 nixos/nginx: enable sandboxing 2020-05-12 20:03:27 +03:00
Jörg Thalheim 11c18faa4e
Merge pull request #85862 from Izorkin/nginx-paths 2020-05-11 11:17:04 +01:00
Izorkin cfad151ac5 nixos/unit: run Unit as root
In latest release recommended not set ambient capabilities.
2020-05-06 12:27:12 +03:00
Izorkin 3eb6012b64 nixos/unit: update sandboxing mode 2020-05-06 12:27:12 +03:00
Izorkin 91a7f33b64 nixos/unit: fix starting service 2020-05-06 12:27:12 +03:00
Izorkin 4d988ff0d0 nixos/nginx: change log and cache directories 2020-05-04 16:36:37 +03:00
Elis Hirwing 27b9b7b3af
Merge pull request #85026 from talyz/php_buildenv_override
php.buildEnv: Make the exported php package overridable, improve handling of currently enabled extensions, etc
2020-04-29 19:57:37 +02:00
talyz c3d5d92f4a
php.buildEnv: Add phpIni attribute for easy access to the php.ini 2020-04-29 12:12:59 +02:00
Dominik Xaver Hörl c10d82358f treewide: add types to boolean / enable options or make use of mkEnableOption 2020-04-27 09:32:01 +02:00
Aaron Andersen 16ab83760f
Merge pull request #85043 from aanderse/httpd-2020
nixos/httpd: modernize module standards
2020-04-25 20:04:05 -04:00
Jan Tojnar b231ac2101
Merge pull request #85402 from jtojnar/httpd-php 2020-04-22 04:23:24 +02:00
Aaron Andersen d0de970279 nixos/httpd: some mod_php cleanup 2020-04-21 20:33:18 -04:00
Aaron Andersen ee030b121b nixos/httpd: set modern default values for mpm and http2 2020-04-21 20:33:18 -04:00
Aaron Andersen 20f37a4430 nixos/httpd: run as non root user 2020-04-21 20:33:18 -04:00
Thomas Churchman 8880957042 nixos/phpfpm: fix erroneous pools example 2020-04-21 20:59:52 +02:00
Dominik Xaver Hörl 0412bde942 treewide: add bool type to enable options, or make use of mkEnableOption
Add missing type information to manually specified enable options or replace them by mkEnableOption where appropriate.
2020-04-21 08:55:36 +02:00
Jan Tojnar 4816b426a0
nixos/httpd: remove unnecessary override
This was introduced in c801cd1a04
but it no longer seems necessary.
2020-04-17 14:41:21 +02:00
Jan Tojnar c214e63f2e
nixos/httpd: Use extensions from php package
After the recent rewrite, enabled extensions are passed to php programs
through an extra ini file by a wrapper. Since httpd uses shared module
instead of program, the wrapper did not affect it and no extensions
other than built-ins were loaded.

To fix this, we are passing the extension config another way – by adding it
to the service's generated config.

For now we are hardcoding the path to the ini file. It would be nice to add
the path to the passthru and use that once the PHP expression settles down.
2020-04-17 14:38:29 +02:00
Ioannis Koutras 1f61fbf326 nixos/traefik: make config deep mergeable 2020-04-12 22:50:36 +02:00
Ioannis Koutras bc766b003a nixos/traefik: Adapt to traefik v2
This commit:

1. Updates the path of the traefik package, so that the out output is
   used.
2. Adapts the configuration settings and options to Traefik v2.
3. Formats the NixOS traefik service using nixfmt.
2020-04-12 22:50:36 +02:00
Michael Reilly 84cf00f980
treewide: Per RFC45, remove all unquoted URLs 2020-04-10 17:54:53 +01:00
Aaron Andersen 24d456a48d
Merge pull request #82784 from davidak/fpm
nixos/phpfpm: add example to socket
2020-03-28 22:22:24 -04:00
Jan Tojnar 3c4ab13243
nixos/nginx: fix eval
Fixes a typo introduced in https://github.com/NixOS/nixpkgs/pull/83611
2020-03-29 00:20:07 +01:00
Vincent Bernat 7c451c3b6b
nginx: increase types_hash_max_size to 4096 (#83609)
After upgrading to NixOS 20.03, I've got the following warning:

    nginx: [warn] could not build optimal types_hash, you should increase either types_hash_max_size: 2048 or types_hash_bucket_size: 64; ignoring types_hash_bucket_size

The documentation states that "if nginx emits the message requesting
to increase either hash max size or hash bucket size then the first
parameter should first be increased" (aka types_hash_max_size).

In 19.03, the size of mime.types was around 100 entries. In 20.03, we
are around 900 entries. This is due to ff0148d868 which makes nginx
use mailcap mime.types.
2020-03-28 20:40:44 +01:00
Vincent Bernat 8f8cbec985
nixos/nginx: use mailcap mimetypes in all cases (#83611)
In ff0148d868, nginx configuration was modified to use mime.types
from mailcap package as it is more complete. However, there are two
places where mime.types is included in configuration. When the user
was setting `cfg.httpConfig`, the mime.types from nginx was still
used. This commit fix that by moving the common snippet in a variable
of its own and ensure it is used at both places.
2020-03-28 20:29:09 +01:00
davidak c7e4c3b5a3 nixos/phpfpm: add example to socket 2020-03-17 15:34:43 +01:00
Jörg Thalheim 391b7b31d8
Merge pull request #81891 from emilazy/nginx-use-mozilla-tls-config
nixos/nginx: use Mozilla Intermediate TLS configuration
2020-03-06 14:30:28 +00:00
Emily 4ed98d69ed nixos/nginx: use Mozilla Intermediate TLS configuration
The configuration at https://ssl-config.mozilla.org/#server=nginx&config=intermediate
is reliably kept up-to-date in terms of security and compatible with a
wide range of clients. They've probably had more care and thought put
into them than our defaults, and will be easier to keep updated in
the future.

The only removed (rather than changed) configuration option here is
ssl_ecdh_curve, per https://github.com/mozilla/server-side-tls/issues/189.

Resolves #80952.
2020-03-06 13:08:56 +00:00
Alexander Bakker 7bbf7fa693 uwsgi: use pyhome instead of pythonpath for uwsgi vassals 2020-03-04 20:20:32 +01:00
Florian Klink 7564f4faf3
Merge pull request #78360 from serokell/mkaito/caddy-restart
nixos/caddy: resync with upstream unit file
2020-02-13 23:26:11 +01:00
Aaron Andersen 0b91dfedbc nixos/httpd: override apachectl command to use generated httpd configuration 2020-02-02 08:38:57 -05:00
Aaron Andersen e23ba2a1b0 Revert "nixos/httpd: symlink apache configuration to /etc/httpd/httpd.conf for use in the apachectl command"
This reverts commit 336a6f471f.
2020-02-02 08:08:02 -05:00
Aaron Andersen 5b5856f6fb nixos/httpd: add http2 option 2020-02-01 19:08:02 -05:00
Aaron Andersen 0224720562 nixos/httpd: provision log directory with tmpfiles instead of mkdir 2020-01-31 20:39:25 -05:00
Aaron Andersen 01ccb67598 nixos/httpd: code cleanup 2020-01-31 20:39:12 -05:00
Aaron Andersen ae9980040f nixos/httpd: add services.httpd.virtualHosts.<name>.locations option to match nginx 2020-01-23 21:03:15 -05:00
Izorkin f2c9bcf009 nixos/unit: fix attrs 2020-01-23 20:40:49 +03:00
Yorick van Pelt 34b0167c56
nixos/caddy: resync with upstream unit file 2020-01-23 14:08:37 +01:00
Jörg Thalheim 71c19d3efa
Merge pull request #76537 from Izorkin/unit
unit: 1.13.0 -> 1.14.0
2020-01-21 11:39:41 +00:00
Aaron Andersen fc1bee555e
Merge pull request #75602 from vanyaklimenko/nginx-gitweb-more-options
nixos/nginx/gitweb: add some (crucial) options
2020-01-15 21:16:24 -05:00
Aaron Andersen 7260d2eb13
Merge pull request #77326 from aanderse/apacheHttpd
nixos/httpd: symlink apache configuration to /etc/httpd/httpd.conf for use in the apachectl command
2020-01-15 21:02:05 -05:00
Vanya Klimenko ed52a6567c nixos/nginx/gitweb: add some (crucial) options
This replaces some hardcoded values in nginx's VirtualHosts's
configuration with customizable options. Previous values are kept as
default, so nothing should break for existing users.

Co-Authored-By: Florian Klink <flokli@flokli.de>
2020-01-14 00:11:10 +00:00
Léo Gaspard b31660e5bb
Merge branch 'master' into ihatemoney 2020-01-09 03:49:03 +01:00
Aaron Andersen 336a6f471f nixos/httpd: symlink apache configuration to /etc/httpd/httpd.conf for use in the apachectl command 2020-01-08 10:37:46 -05:00
rnhmjoj 1d61efb7f1 treewide: use attrs instead of list for types.loaOf options 2020-01-06 10:39:18 -05:00
Danylo Hlynskyi cef68c4580
nixos/nginx: don't hide nginx config errors on nixos-rebuild --switch with reload enabled (#76179)
nixos/nginx: don't hide nginx config errors on nixos-rebuild --switch
with reload enabled

Closes https://github.com/NixOS/nixpkgs/issues/73455
2020-01-05 00:39:23 +02:00
Aaron Andersen 6777926911 nixos/httpd: update default ssl protocols 2019-12-30 11:24:11 -05:00
Izorkin 192df19a7c nixos/unit: fix typo 2019-12-28 22:12:45 +03:00
Aaron Andersen 4d2dd15546
Merge pull request #73113 from aanderse/httpd-vhost
nixos/httpd: support overridable virtual hosts
2019-12-26 08:09:08 -05:00
danbst 50d6e93dc8 nixos/nginx: fixup permissions for Nginx state dir
The commit b0bbacb521 was a bit too fast
It did set executable bit for log files.

Also, it didn't account for other directories in state dir:
```
 # ls -la /var/spool/nginx/
total 32
drwxr-x--- 8 nginx nginx 4096 Dec 26 12:00 .
drwxr-xr-x 4 root  root  4096 Oct 10 20:24 ..
drwx------ 2 root  root  4096 Oct 10 20:24 client_body_temp
drwx------ 2 root  root  4096 Oct 10 20:24 fastcgi_temp
drwxr-x--- 2 nginx nginx 4096 Dec 26 12:00 logs
drwx------ 2 root  root  4096 Oct 10 20:24 proxy_temp
drwx------ 2 root  root  4096 Oct 10 20:24 scgi_temp
drwx------ 2 root  root  4096 Oct 10 20:24 uwsgi_temp
```

With proposed change, only ownership is changed for state files, and mode is left as is
except that statedir/logs is now group accessible.
2019-12-26 14:16:29 +02:00
Yurii Izorkin b0bbacb521 nixos/nginx: recursively change logs directory owner/group (#76174)
This change brings pre-existing installations (where the logfiles
are owned by root) in line with the new permssions (where logfiles
are owned by the nginx user)
2019-12-26 13:51:10 +02:00
Aaron Andersen 79215f0df1 nixos/httpd: limit serving web content to virtual hosts, convert virtualHosts option type from listOf to attrsOf, add ACME integration 2019-12-24 20:27:48 -05:00
Florian Klink 0a41dae98b
Merge pull request #56255 from Izorkin/nginx-temp1
nginx: do not run anything as root
2019-12-20 23:34:55 +01:00
brprice 5b210859f6 nixos/nginx: drop extra semicolon in return example (#76055) 2019-12-19 21:59:01 +02:00
Izorkin 2a413da57e nixos/nginx: do not run anything as root 2019-12-15 11:21:08 +03:00
Izorkin e1e0059667 nixos/unit: update preStart script 2019-12-12 17:59:10 +03:00
Izorkin 7443d9dfd4 nixos/unit: enable sanboxing 2019-12-12 17:59:10 +03:00
Silvan Mosberger 4ee3e8b21d
nixos/treewide: Move rename.nix imports to their respective modules
A centralized list for these renames is not good because:
- It breaks disabledModules for modules that have a rename defined
- Adding/removing renames for a module means having to find them in the
central file
- Merge conflicts due to multiple people editing the central file
2019-12-10 02:51:19 +01:00
Vanya Klimenko 125205cd60
nixos/apache-httpd: fix typo in extraConfig description 2019-12-06 21:47:15 +03:00
paumr 5a1c15da12 improved nginx.basicAuthFile description 2019-12-03 14:05:46 +01:00
Florian Klink 4321a88f44 nixos/phpfpm: enable PrivateTmp=true
This seems to be mostly a pre - #57677 relict. As postgresql sockets now
are not in /tmp anymore, isolate /tmp.
2019-11-21 23:31:19 +01:00
Renaud bf6217cbf1
nixos/nginx: correct header
Apache -> Nginx
2019-11-18 23:25:17 +01:00
Lassulus 14961b1034
Merge pull request #72719 from bhipple/doc/comment-fix
nixos/nginx: update comment
2019-11-18 23:02:46 +01:00
Silvan Mosberger b4b2253459
nixos/ttyd: init (#68604)
nixos/ttyd: init
2019-11-14 01:37:18 +01:00
Aleksandar Topuzović 6b3cc03b45
nixos/ttyd: init 2019-11-13 23:18:47 +00:00
Franz Pletz 60f2e4f831
nixos/varnish: fix default package name 2019-11-13 16:39:45 +01:00
Aaron Andersen d68d23bb26
Merge pull request #72767 from Izorkin/phpfpm-fix
nixos/phpfpm: fix apply global phpOptions
2019-11-11 07:45:28 -05:00
Red Davies 62e421fbb2 nixos/httpd: module fixes enableUserDir (attendum to #72789) 2019-11-09 00:53:56 +00:00
Aaron Andersen dec234f986
Merge pull request #72789 from aanderse/httpd-again
nixos/httpd: module cleanup
2019-11-06 16:04:38 -05:00
Izorkin 9a27acedda nixos/phpfpm: fix apply global phpOptions 2019-11-05 23:22:30 +03:00
Aaron Andersen 5c3715379d nixos/httpd: allow user to specify a minimal list of apache modules 2019-11-04 11:21:20 -05:00
Aaron Andersen 9c28599bfe nixos/httpd: drop stateDir option, hardcode to /run/httpd 2019-11-04 07:32:28 -05:00
Benjamin Hipple 3d73b6db85 nixos/nginx: update comment
It says Apache, but this is for Nginx; looks like a copy-paste error.
2019-11-03 10:22:56 -05:00
Symphorien Gibol 32d2266d0d ihatemoney: init at 4.1 plus module and test 2019-11-02 12:00:00 +00:00
Silvan Mosberger dd0a47e7ae
treewide: Switch to system users (#71055)
treewide: Switch to system users
2019-11-01 13:26:43 +01:00
Aaron Andersen 9a91679b7a nixos/httpd: remove deprecated extraSubservices option 2019-10-20 20:16:45 -04:00
Janne Heß d6c08776ba treewide: Switch to system users 2019-10-12 22:25:28 +02:00
Robin Gloster 8e1fdad7c6
Merge pull request #70858 from manveru/nginx-map-hash-sizes
nginx: add map_hash_*_size options
2019-10-09 17:32:40 +02:00
Milan Pässler ff0148d868 nixos/nginx: use mailcap mime.types
The mime type definitions included with nginx are very incomplete, so
we use a list of mime types from the mailcap package, which is also
used by most other Linux distributions by default.
2019-10-09 14:20:40 +00:00
Michael Fellinger 2d0b34aa1c
nginx: add map_hash_*_size options 2019-10-09 15:59:03 +02:00
Joachim Fasting bad07dfac5
tree-wide: replace uses of splitString "." with lib.versions
Quoting from the splitString docstring:

   NOTE: this function is not performant and should never be used.

This replaces trivial uses of splitString for splitting version
strings with the (potentially builtin) splitVersion.
2019-09-26 17:42:49 +02:00
Vincent Bernat cf3e491cef nginx: remove gzip_disable directive
IE6 is long gone and this directive is not useful anymore. We can
spare a few CPU cycles (and maybe skip some bugs) by not trying to
disable gzip for MSIE6.
2019-09-12 11:55:32 -05:00
volth 7b8fb5c06c treewide: remove redundant quotes 2019-09-08 23:38:31 +00:00
Peter Hoeg 5eef8c231a
Merge pull request #68094 from peterhoeg/f/darkhttp
nixos/darkhttpd: fix package reference
2019-09-04 17:08:14 +08:00
Silvan Mosberger 478e7184f8
nixos/modules: Remove all usages of types.string
And replace them with a more appropriate type

Also fix up some minor module problems along the way
2019-08-31 18:19:00 +02:00
Arian van Putten 604b7c139f Fix letsencrypt (#60219)
* nixos/acme: Fix ordering of cert requests

When subsequent certificates would be added, they would
not wake up nginx correctly due to target units only being triggered
once. We now added more fine-grained systemd dependencies to make sure
nginx always is aware of new certificates and doesn't restart too early
resulting in a crash.

Furthermore, the acme module has been refactored. Mostly to get
rid of the deprecated PermissionStartOnly systemd options which were
deprecated. Below is a summary of changes made.

* Use SERVICE_RESULT to determine status
This was added in systemd v232. we don't have to keep track
of the EXITCODE ourselves anymore.

* Add regression test for requesting mutliple domains

* Deprecate 'directory' option
We now use systemd's StateDirectory option to manage
create and permissions of the acme state directory.

* The webroot is created using a systemd.tmpfiles.rules rule
instead of the preStart script.

* Depend on certs directly

By getting rid of the target units, we make sure ordering
is correct in the case that you add new certs after already
having deployed some.

Reason it broke before:  acme-certificates.target would
be in active state, and if you then add a new cert, it
would still be active and hence nginx would restart
without even requesting a new cert. Not good!  We
make the dependencies more fine-grained now. this should fix that

* Remove activationDelay option

It complicated the code a lot, and is rather arbitrary. What if
your activation script takes more than activationDelay seconds?

Instead, one should use systemd dependencies to make sure some
action happens before setting the certificate live.

e.g. If you want to wait until your cert is published in DNS DANE /
TLSA, you could create a unit that blocks until it appears in DNS:

```
RequiredBy=acme-${cert}.service
After=acme-${cert}.service
ExecStart=publish-wait-for-dns-script
```
2019-08-29 16:32:59 +02:00
Peter Hoeg 33bf2acc5e nixos/darkhttpd: fix package reference 2019-08-28 09:04:58 +08:00
Maximilian Bosch 56a7bc05e1
nixos/treewide: drop dependencies to keys.target
The `keys.target` is used to indicate whether all NixOps keys were
successfully uploaded on an unattended reboot. However this can cause
startup issues e.g. with NixOS containers (see #67265) and can block
boots even though this might not be needed (e.g. with a dovecot2
instance running that doesn't need any of the NixOps keys).

As described in the NixOps manual[1], dependencies to keys should be
defined like this now:

``` nix
{
  systemd.services.myservice = {
    after = [ "secret-key.service" ];
    wants = [ "secret-key.service" ];
  };
}
```

However I'd leave the issue open until it's discussed whether or not to
keep `keys.target` in `nixpkgs`.

[1] https://nixos.org/nixops/manual/#idm140737322342384
2019-08-27 18:55:55 +02:00
Peter Hoeg c876affce0 nixos darkhttpd: module to enable darkhttpd 2019-08-26 19:57:49 +08:00
Aaron Andersen 400c6aac71 nixos/phpfpm: deprecate extraConfig options in favor of settings options 2019-08-23 07:56:27 -04:00
Aaron Andersen d2db3a338c nixos/phpfpm: Use systemd's RuntimeDirectory 2019-08-23 07:56:27 -04:00
Aaron Andersen a30a1e2795 nixos/phpfpm: add user and group option to each pool 2019-08-23 07:56:27 -04:00
Aaron Andersen 62b774a700 nixos/phpfpm: add socket option to replace the listen option 2019-08-23 07:56:21 -04:00
Aaron Andersen 2b5f663015 nixos/phpfpm: merge pool-options.nix into default.nix 2019-08-23 07:54:51 -04:00
Aaron Andersen 0ce8317c46 nixos/phpfpm: deprecate poolConfigs option 2019-08-23 07:54:51 -04:00
Danylo Hlynskyi 855be67358
nginx: expose generated config and allow nginx reloads (#57429)
* nginx: expose generated config and allow nginx reloads

Fixes: https://github.com/NixOS/nixpkgs/issues/15906
Another try was done, but not yet merged in https://github.com/NixOS/nixpkgs/pull/24476

This add 2 new features: ability to review generated Nginx config
(and NixOS has sophisticated generation!) and reloading
of nginx on config changes. This preserves nginx restart on package
updates.

I've modified nginx test to use this new feature and check reload/restart
behavior.

* rename to enableReload

* add sleep(1) in ETag test (race condition) and rewrite rebuild-switch using `nesting.clone`
2019-08-21 16:52:46 +03:00
Timothy DeHerrera 98e6c1432e
caddy: remove 'bin' attribute 2019-08-18 18:46:21 -06:00
Marek Mahut cb8f4b0552
Merge pull request #65439 from aanderse/httpd-extra-modules
nixos/httpd: remove duplicate module entries from httpd.conf
2019-08-13 18:51:15 +02:00
Aaron Andersen 5596b69771 nixos/httpd: remove duplicate module entries from httpd.conf 2019-07-26 17:51:06 -04:00
Aaron Andersen 455d33f514 nixos/mediawiki: init service to replace httpd subservice 2019-07-23 22:02:33 -04:00
Aaron Andersen 9b970d07f3 nixos/httpd: drop postgresql reference 2019-07-20 18:36:24 -04:00
Aaron Andersen 0fd69629c7 nixos/httpd: mark extraSubservices option as deprecated 2019-07-20 18:36:19 -04:00
Aaron Andersen 505df09d50 nixos/httpd: drop the port option 2019-07-20 18:29:46 -04:00
Graham Christensen d51b522a6e
Merge pull request #64052 from aanderse/tomcat-connector
nixos/httpd: drop tomcat-connector httpd subservice
2019-07-19 15:25:44 -04:00
Aaron Andersen c13fbe0551
Merge pull request #63844 from aanderse/zabbix-cleanup
nixos/zabbix: overhaul package & module
2019-07-12 06:12:51 -04:00
Aaron Andersen 08286b4f29 nixos/httpd: drop tomcat-connector httpd subservice 2019-07-11 20:58:55 -04:00
Aaron Andersen 649ec93c37 foswiki: drop package & httpd subservice 2019-07-11 19:46:30 -04:00
Aaron Andersen 6a1de5460b nixos/httpd: remove broken trac subservice 2019-07-11 19:19:27 -04:00
Aaron Andersen 6891fb4103 nixos/zabbixWeb: replace httpd subservice with new module 2019-07-11 18:45:46 -04:00
Frederik Rietdijk fb6260fcf7
Merge pull request #64236 from NixOS/staging-next
Staging next
2019-07-10 08:52:04 +02:00
Aaron Andersen ca336ac985
Merge pull request #64050 from aanderse/mercurial
nixos/httpd: drop mercurial httpd subservice
2019-07-09 12:54:01 -04:00
Vladimír Čunát 0746c4dbb4
Merge branch 'master' into staging-next
There are several thousand rebuilds from master already.
Hydra nixpkgs: ?compare=1528940
2019-07-06 13:44:40 +02:00
Aaron Andersen aa05aad470 nixos/wordpress: create module to replace the httpd subservice 2019-07-03 11:47:33 -04:00
Frederik Rietdijk 25a77b7210 Merge staging-next into staging 2019-07-03 08:59:42 +02:00
Aaron Andersen f2a499549f nixos/httpd: drop mercurial httpd subservice 2019-07-01 15:34:00 -04:00
worldofpeace cab7c6cbd9 treewide: use dontConfigure 2019-07-01 04:23:51 -04:00
Aaron Andersen 278d867a9b Revert "Merge pull request #63156 from Izorkin/phpfpm-rootless"
This reverts commit b5478fd1a2, reversing
changes made to dbb00bfcbf.
2019-06-28 21:47:43 -04:00
Aaron Andersen 4b98e262a0 Revert "nixos/phpfpm: Remove usage of undefined variable fpmCfg"
This reverts commit 54645ce43a.
2019-06-28 21:47:17 -04:00
Elis Hirwing 54645ce43a
nixos/phpfpm: Remove usage of undefined variable fpmCfg 2019-06-27 20:39:18 +02:00
Elis Hirwing b5478fd1a2
Merge pull request #63156 from Izorkin/phpfpm-rootless
phpfpm: do not run anything as root
2019-06-27 19:13:53 +02:00
pacien b05870d223 nixos/cgit: fix config example
The order of the keys matters: scan-path must be the last key for other settings
to be taken into account.
2019-06-26 19:59:31 +02:00
Izorkin eee87b460e nixos/phpfpm: remove options services.phpfpm.poolConfigs 2019-06-17 09:15:51 +03:00
volth f3282c8d1e treewide: remove unused variables (#63177)
* treewide: remove unused variables

* making ofborg happy
2019-06-16 19:59:05 +00:00
Izorkin 320e8ab5d7 nixos/phpfpm: do not run anything as root 2019-06-16 12:33:49 +03:00
Frederik Rietdijk 395da1280e
Merge pull request #63100 from aanderse/phabricator-remove
drop unmaintained phabricator package, service, and httpd subservice
2019-06-15 13:08:48 +02:00
Aaron Andersen a49b546c92 nixos/httpd: remove unmaintained subservice (phabricator) 2019-06-13 17:12:13 -04:00
pacien 7cc0c50e39 nixos/cgit: mention filters in configText example 2019-06-11 15:27:56 +02:00
Aaron Andersen fae95c2c82
Merge pull request #60021 from aanderse/httpd-cleanup
nixos/httpd: cleanup old apache2.2 syntax
2019-06-06 06:46:05 -04:00
Izorkin 5612650767 nixos/nginx: add ipv6 options to resolver 2019-06-02 19:29:30 +00:00
Matthew Bauer f21b846afe
Merge pull request #57752 from aanderse/limesurvey
limesurvey: 2.05_plus_141210 -> 3.17.1+190408, init module
2019-06-01 17:31:15 -04:00
Matthew Bauer 002cce23f7
Merge pull request #62050 from aanderse/hydron
nixos/hydron: replace deprecated usage of PermissionsStartOnly
2019-06-01 17:29:24 -04:00
Florian Klink 5ea7a3eb21 nixos/mysql: drop services.mysql.pidDir
mysql already has its socket path hardcoded to to
/run/mysqld/mysqld.sock.
There's not much value in making the pidDir configurable, which also
points to /run/mysqld by default.

We only seem to use `services.mysql.pidDir` in the wordpress startup
script, to wait for mysql to boot up, but we can also simply wait on the
(hardcoded) socket location too.

A much nicer way to accomplish that would be to properly describe a
dependency on mysqld.service. This however is not easily doable, due to
how the apache-httpd module was designed.
2019-05-31 22:27:55 +02:00
Aaron Andersen 5cf98d29e7 nixos/limesurvey: init module to replace apache subservice 2019-05-28 23:02:34 -04:00
Aaron Andersen d27be52b3d nixos/hydron: replace deprecated usage of PermissionsStartOnly
see #53852
2019-05-25 08:38:15 -04:00
Robin Gloster 6cf583cf2f
Merge pull request #60406 from JohnAZoidberg/remove-isnull
treewide: Remove usage of isNull
2019-05-18 09:36:24 +00:00
c0bw3b 582fd549fb winstone: drop package and service
Close #56294
Upstream package is unmaintained for years
and nixpkgs provides alternatives
2019-05-15 20:30:48 +02:00
Daniel Schaefer 786f02f7a4 treewide: Remove usage of isNull
isNull "is deprecated; just write e == null instead" says the Nix manual
2019-04-29 14:05:50 +02:00
Dan Elkouby 83c9b6ee39 nginx: use fullchain.pem for ssl_trusted_certificate
Some ACME clients do not generate full.pem, which is the same as
fullchain.pem + the certificate key (key.pem), which is not necessary
for verifying OCSP staples.
2019-04-23 12:33:19 +03:00
Aaron Andersen e5b583bef4 nixos/httpd: cleanup old apache2.2 syntax 2019-04-20 07:32:55 -04:00
Aaron Andersen e5d8ba59cc nixos/traefik: replace deprecated usage of PermissionsStartOnly
see https://github.com/NixOS/nixpkgs/issues/53852
2019-04-13 07:00:58 -04:00
Aaron Andersen 8c48c55c2d nixos/minio: replace deprecated usage of PermissionsStartOnly
see https://github.com/NixOS/nixpkgs/issues/53852
2019-04-13 07:00:56 -04:00
Florian Klink 2457510db4
Merge pull request #51918 from bobvanderlinden/var-run
tree-wide: nixos: /var/run -> /run
2019-04-07 20:09:46 +02:00
Léo Gaspard 07fdcb348f
Merge pull request #59056 from aanderse/mod_php-sendmail
nixos/httpd: replace ssmtp with system-sendmail
2019-04-06 20:57:58 +02:00
Aaron Andersen 9c9a6f380e nixos/httpd: replace ssmtp with system-sendmail 2019-04-06 06:34:46 -04:00
Jörg Thalheim 6dd7483ce1
Merge pull request #57979 from 4z3/writeNginxConfig
nixos/nginx: use nginxfmt and gixy
2019-04-04 20:23:58 +01:00
Bob van der Linden 65710d1df5
nixos/mighttpd2: /var/run -> /run 2019-03-24 21:15:33 +01:00
tv 59fac1a6d7 nixos/nginx: use writeNginxConfig 2019-03-23 11:16:14 +01:00
Okina Matara 40d7079f79
nixos/meguca: Add videoPaths, set postgresql version to 11 2019-03-23 01:19:29 -05:00
Dmitry Kalinkin 0e57b98b2c
Merge pull request #57596 from artemist/nginx-return
nixos/nginx: add return option to location
2019-03-22 14:08:33 -04:00