Emery Hemingway
76d60b0fcd
nixos/molly-brown: init
2020-07-24 11:04:33 +02:00
Izorkin
8129816f98
nixos/unit: add 'tmp' directory
2020-07-17 19:46:56 +03:00
Arian van Putten
cfd672a94d
nixos/acme: Also fix ordering for apache
2020-06-15 11:05:00 +02:00
Arian van Putten
681cc105ce
nixos/acme: Make sure nginx is running before certs are requested
...
This fixes https://github.com/NixOS/nixpkgs/issues/81842
We should probably also fix this for Apache, which recently also learned
to use ACME.
2020-06-15 11:04:59 +02:00
Florian Klink
a3678ed347
nixos/nginx: always run systemctl of the currently running systemd
...
Also, make the postRun script refer to that systemctl, and not just rely
on $PATH for consistency.
2020-05-21 10:31:47 +02:00
Jörg Thalheim
b96a4dcc60
uwsgi: make instance configuration deeply mergeable
...
allows to specify independent uwsgi instances in two modules.
2020-05-15 08:53:31 +01:00
Izorkin
94391fce1d
nixos/nginx: add option enableSandbox
2020-05-12 20:03:29 +03:00
Izorkin
aa12fb8adb
nginxModules: add option allowMemoryWriteExecute
...
The allowMemoryWriteExecute option is required to checking enabled nginxModules
and disable the nginx sandbox mode MemoryDenyWriteExecute.
2020-05-12 20:03:29 +03:00
Izorkin
628354c686
nixos/nginx: enable sandboxing
2020-05-12 20:03:27 +03:00
Jörg Thalheim
11c18faa4e
Merge pull request #85862 from Izorkin/nginx-paths
2020-05-11 11:17:04 +01:00
Izorkin
cfad151ac5
nixos/unit: run Unit as root
...
In latest release recommended not set ambient capabilities.
2020-05-06 12:27:12 +03:00
Izorkin
3eb6012b64
nixos/unit: update sandboxing mode
2020-05-06 12:27:12 +03:00
Izorkin
91a7f33b64
nixos/unit: fix starting service
2020-05-06 12:27:12 +03:00
Izorkin
4d988ff0d0
nixos/nginx: change log and cache directories
2020-05-04 16:36:37 +03:00
Elis Hirwing
27b9b7b3af
Merge pull request #85026 from talyz/php_buildenv_override
...
php.buildEnv: Make the exported php package overridable, improve handling of currently enabled extensions, etc
2020-04-29 19:57:37 +02:00
talyz
c3d5d92f4a
php.buildEnv: Add phpIni attribute for easy access to the php.ini
2020-04-29 12:12:59 +02:00
Dominik Xaver Hörl
c10d82358f
treewide: add types to boolean / enable options or make use of mkEnableOption
2020-04-27 09:32:01 +02:00
Aaron Andersen
16ab83760f
Merge pull request #85043 from aanderse/httpd-2020
...
nixos/httpd: modernize module standards
2020-04-25 20:04:05 -04:00
Jan Tojnar
b231ac2101
Merge pull request #85402 from jtojnar/httpd-php
2020-04-22 04:23:24 +02:00
Aaron Andersen
d0de970279
nixos/httpd: some mod_php cleanup
2020-04-21 20:33:18 -04:00
Aaron Andersen
ee030b121b
nixos/httpd: set modern default values for mpm and http2
2020-04-21 20:33:18 -04:00
Aaron Andersen
20f37a4430
nixos/httpd: run as non root user
2020-04-21 20:33:18 -04:00
Thomas Churchman
8880957042
nixos/phpfpm: fix erroneous pools example
2020-04-21 20:59:52 +02:00
Dominik Xaver Hörl
0412bde942
treewide: add bool type to enable options, or make use of mkEnableOption
...
Add missing type information to manually specified enable options or replace them by mkEnableOption where appropriate.
2020-04-21 08:55:36 +02:00
Jan Tojnar
4816b426a0
nixos/httpd: remove unnecessary override
...
This was introduced in c801cd1a04
but it no longer seems necessary.
2020-04-17 14:41:21 +02:00
Jan Tojnar
c214e63f2e
nixos/httpd: Use extensions from php package
...
After the recent rewrite, enabled extensions are passed to php programs
through an extra ini file by a wrapper. Since httpd uses shared module
instead of program, the wrapper did not affect it and no extensions
other than built-ins were loaded.
To fix this, we are passing the extension config another way – by adding it
to the service's generated config.
For now we are hardcoding the path to the ini file. It would be nice to add
the path to the passthru and use that once the PHP expression settles down.
2020-04-17 14:38:29 +02:00
Ioannis Koutras
1f61fbf326
nixos/traefik: make config deep mergeable
2020-04-12 22:50:36 +02:00
Ioannis Koutras
bc766b003a
nixos/traefik: Adapt to traefik v2
...
This commit:
1. Updates the path of the traefik package, so that the out output is
used.
2. Adapts the configuration settings and options to Traefik v2.
3. Formats the NixOS traefik service using nixfmt.
2020-04-12 22:50:36 +02:00
Michael Reilly
84cf00f980
treewide: Per RFC45, remove all unquoted URLs
2020-04-10 17:54:53 +01:00
Aaron Andersen
24d456a48d
Merge pull request #82784 from davidak/fpm
...
nixos/phpfpm: add example to socket
2020-03-28 22:22:24 -04:00
Jan Tojnar
3c4ab13243
nixos/nginx: fix eval
...
Fixes a typo introduced in https://github.com/NixOS/nixpkgs/pull/83611
2020-03-29 00:20:07 +01:00
Vincent Bernat
7c451c3b6b
nginx: increase types_hash_max_size to 4096 ( #83609 )
...
After upgrading to NixOS 20.03, I've got the following warning:
nginx: [warn] could not build optimal types_hash, you should increase either types_hash_max_size: 2048 or types_hash_bucket_size: 64; ignoring types_hash_bucket_size
The documentation states that "if nginx emits the message requesting
to increase either hash max size or hash bucket size then the first
parameter should first be increased" (aka types_hash_max_size).
In 19.03, the size of mime.types was around 100 entries. In 20.03, we
are around 900 entries. This is due to ff0148d868
which makes nginx
use mailcap mime.types.
2020-03-28 20:40:44 +01:00
Vincent Bernat
8f8cbec985
nixos/nginx: use mailcap mimetypes in all cases ( #83611 )
...
In ff0148d868
, nginx configuration was modified to use mime.types
from mailcap package as it is more complete. However, there are two
places where mime.types is included in configuration. When the user
was setting `cfg.httpConfig`, the mime.types from nginx was still
used. This commit fix that by moving the common snippet in a variable
of its own and ensure it is used at both places.
2020-03-28 20:29:09 +01:00
davidak
c7e4c3b5a3
nixos/phpfpm: add example to socket
2020-03-17 15:34:43 +01:00
Jörg Thalheim
391b7b31d8
Merge pull request #81891 from emilazy/nginx-use-mozilla-tls-config
...
nixos/nginx: use Mozilla Intermediate TLS configuration
2020-03-06 14:30:28 +00:00
Emily
4ed98d69ed
nixos/nginx: use Mozilla Intermediate TLS configuration
...
The configuration at https://ssl-config.mozilla.org/#server=nginx&config=intermediate
is reliably kept up-to-date in terms of security and compatible with a
wide range of clients. They've probably had more care and thought put
into them than our defaults, and will be easier to keep updated in
the future.
The only removed (rather than changed) configuration option here is
ssl_ecdh_curve, per https://github.com/mozilla/server-side-tls/issues/189 .
Resolves #80952 .
2020-03-06 13:08:56 +00:00
Alexander Bakker
7bbf7fa693
uwsgi: use pyhome instead of pythonpath for uwsgi vassals
2020-03-04 20:20:32 +01:00
Florian Klink
7564f4faf3
Merge pull request #78360 from serokell/mkaito/caddy-restart
...
nixos/caddy: resync with upstream unit file
2020-02-13 23:26:11 +01:00
Aaron Andersen
5b5856f6fb
nixos/httpd: add http2 option
2020-02-01 19:08:02 -05:00
Aaron Andersen
0224720562
nixos/httpd: provision log directory with tmpfiles instead of mkdir
2020-01-31 20:39:25 -05:00
Aaron Andersen
01ccb67598
nixos/httpd: code cleanup
2020-01-31 20:39:12 -05:00
Aaron Andersen
ae9980040f
nixos/httpd: add services.httpd.virtualHosts.<name>.locations option to match nginx
2020-01-23 21:03:15 -05:00
Izorkin
f2c9bcf009
nixos/unit: fix attrs
2020-01-23 20:40:49 +03:00
Yorick van Pelt
34b0167c56
nixos/caddy: resync with upstream unit file
2020-01-23 14:08:37 +01:00
Jörg Thalheim
71c19d3efa
Merge pull request #76537 from Izorkin/unit
...
unit: 1.13.0 -> 1.14.0
2020-01-21 11:39:41 +00:00
Aaron Andersen
fc1bee555e
Merge pull request #75602 from vanyaklimenko/nginx-gitweb-more-options
...
nixos/nginx/gitweb: add some (crucial) options
2020-01-15 21:16:24 -05:00
Aaron Andersen
7260d2eb13
Merge pull request #77326 from aanderse/apacheHttpd
...
nixos/httpd: symlink apache configuration to /etc/httpd/httpd.conf for use in the apachectl command
2020-01-15 21:02:05 -05:00
Vanya Klimenko
ed52a6567c
nixos/nginx/gitweb: add some (crucial) options
...
This replaces some hardcoded values in nginx's VirtualHosts's
configuration with customizable options. Previous values are kept as
default, so nothing should break for existing users.
Co-Authored-By: Florian Klink <flokli@flokli.de>
2020-01-14 00:11:10 +00:00
Léo Gaspard
b31660e5bb
Merge branch 'master' into ihatemoney
2020-01-09 03:49:03 +01:00
Aaron Andersen
336a6f471f
nixos/httpd: symlink apache configuration to /etc/httpd/httpd.conf for use in the apachectl command
2020-01-08 10:37:46 -05:00