diff --git a/nixos/doc/manual/release-notes/rl-2009.xml b/nixos/doc/manual/release-notes/rl-2009.xml
index ce78bda8505..1b1016e92af 100644
--- a/nixos/doc/manual/release-notes/rl-2009.xml
+++ b/nixos/doc/manual/release-notes/rl-2009.xml
@@ -796,6 +796,15 @@ CREATE ROLE postgres LOGIN SUPERUSER;
config.systemd.services.${name}.path now returns a list of paths instead of a colon-separated string.
+
+
+ Caddy module now uses Caddy v2 by default. Caddy v1 can still be used by setting
+ to pkgs.caddy1.
+
+
+ New option has been added.
+
+
diff --git a/nixos/modules/services/web-servers/caddy.nix b/nixos/modules/services/web-servers/caddy.nix
index 0e6e10a5f47..dda26fe491a 100644
--- a/nixos/modules/services/web-servers/caddy.nix
+++ b/nixos/modules/services/web-servers/caddy.nix
@@ -5,6 +5,26 @@ with lib;
let
cfg = config.services.caddy;
configFile = pkgs.writeText "Caddyfile" cfg.config;
+
+ # v2-specific options
+ isCaddy2 = versionAtLeast cfg.package.version "2.0";
+ tlsConfig = {
+ apps.tls.automation.policies = [{
+ issuer = {
+ inherit (cfg) ca email;
+ module = "acme";
+ };
+ }];
+ };
+
+ adaptedConfig = pkgs.runCommand "caddy-config-adapted.json" { } ''
+ ${cfg.package}/bin/caddy adapt \
+ --config ${configFile} --adapter ${cfg.adapter} > $out
+ '';
+ tlsJSON = pkgs.writeText "tls.json" (builtins.toJSON tlsConfig);
+ configJSON = pkgs.runCommand "caddy-config.json" { } ''
+ ${pkgs.jq}/bin/jq -s '.[0] * .[1]' ${adaptedConfig} ${tlsJSON} > $out
+ '';
in {
options.services.caddy = {
enable = mkEnableOption "Caddy web server";
@@ -13,15 +33,26 @@ in {
default = "";
example = ''
example.com {
- gzip
- minify
- log syslog
-
- root /srv/http
+ encode gzip
+ log
+ root /srv/http
}
'';
type = types.lines;
- description = "Verbatim Caddyfile to use";
+ description = ''
+ Verbatim Caddyfile to use.
+ Caddy v2 supports multiple config formats via adapters (see ).
+ '';
+ };
+
+ adapter = mkOption {
+ default = "caddyfile";
+ example = "nginx";
+ type = types.str;
+ description = ''
+ Name of the config adapter to use. Not applicable to Caddy v1.
+ See https://caddyserver.com/docs/config-adapters for the full list.
+ '';
};
ca = mkOption {
@@ -50,33 +81,46 @@ in {
The data directory, for storing certificates. Before 17.09, this
would create a .caddy directory. With 17.09 the contents of the
.caddy directory are in the specified data directory instead.
+
+ Caddy v2 replaced CADDYPATH with XDG directories.
+ See https://caddyserver.com/docs/conventions#file-locations.
'';
};
package = mkOption {
default = pkgs.caddy;
defaultText = "pkgs.caddy";
+ example = "pkgs.caddy1";
type = types.package;
- description = "Caddy package to use.";
+ description = ''
+ Caddy package to use.
+ To use Caddy v1 (obsolete), set this to pkgs.caddy1.
+ '';
};
};
config = mkIf cfg.enable {
systemd.services.caddy = {
description = "Caddy web server";
- # upstream unit: https://github.com/caddyserver/caddy/blob/master/dist/init/linux-systemd/caddy.service
+ # upstream unit: https://github.com/caddyserver/dist/blob/master/init/caddy.service
after = [ "network-online.target" ];
wants = [ "network-online.target" ]; # systemd-networkd-wait-online.service
wantedBy = [ "multi-user.target" ];
- environment = mkIf (versionAtLeast config.system.stateVersion "17.09")
+ environment = mkIf (versionAtLeast config.system.stateVersion "17.09" && !isCaddy2)
{ CADDYPATH = cfg.dataDir; };
serviceConfig = {
- ExecStart = ''
+ ExecStart = if isCaddy2 then ''
+ ${cfg.package}/bin/caddy run --config ${configJSON}
+ '' else ''
${cfg.package}/bin/caddy -log stdout -log-timestamps=false \
-root=/var/tmp -conf=${configFile} \
-ca=${cfg.ca} -email=${cfg.email} ${optionalString cfg.agree "-agree"}
'';
- ExecReload = "${pkgs.coreutils}/bin/kill -USR1 $MAINPID";
+ ExecReload =
+ if isCaddy2 then
+ "${cfg.package}/bin/caddy reload --config ${configJSON}"
+ else
+ "${pkgs.coreutils}/bin/kill -USR1 $MAINPID";
Type = "simple";
User = "caddy";
Group = "caddy";
diff --git a/nixos/tests/caddy.nix b/nixos/tests/caddy.nix
index 144d83179a1..445a7fa6b0b 100644
--- a/nixos/tests/caddy.nix
+++ b/nixos/tests/caddy.nix
@@ -1,7 +1,7 @@
import ./make-test-python.nix ({ pkgs, ... }: {
name = "caddy";
meta = with pkgs.stdenv.lib.maintainers; {
- maintainers = [ xfix ];
+ maintainers = [ xfix filalex77 ];
};
nodes = {
@@ -9,9 +9,10 @@ import ./make-test-python.nix ({ pkgs, ... }: {
services.caddy.enable = true;
services.caddy.config = ''
http://localhost {
- gzip
+ encode gzip
- root ${
+ file_server
+ root * ${
pkgs.runCommand "testdir" {} ''
mkdir "$out"
echo hello world > "$out/example.html"
@@ -23,9 +24,10 @@ import ./make-test-python.nix ({ pkgs, ... }: {
specialisation.etag.configuration = {
services.caddy.config = lib.mkForce ''
http://localhost {
- gzip
+ encode gzip
- root ${
+ file_server
+ root * ${
pkgs.runCommand "testdir2" {} ''
mkdir "$out"
echo changed > "$out/example.html"
@@ -59,9 +61,11 @@ import ./make-test-python.nix ({ pkgs, ... }: {
)
etag = etag.replace("\r\n", " ")
http_code = webserver.succeed(
- "curl -w \"%{{http_code}}\" -X HEAD -H 'If-None-Match: {}' {}".format(etag, url)
+ "curl --silent --show-error -o /dev/null -w \"%{{http_code}}\" --head -H 'If-None-Match: {}' {}".format(
+ etag, url
+ )
)
- assert int(http_code) == 304, "HTTP code is not 304"
+ assert int(http_code) == 304, "HTTP code is {}, expected 304".format(http_code)
return etag
diff --git a/pkgs/servers/caddy/default.nix b/pkgs/servers/caddy/default.nix
index 05b69c30e6c..1ed6fcd2d52 100644
--- a/pkgs/servers/caddy/default.nix
+++ b/pkgs/servers/caddy/default.nix
@@ -2,35 +2,23 @@
buildGoModule rec {
pname = "caddy";
- version = "1.0.5";
+ version = "2.1.1";
- subPackages = [ "caddy" ];
+ subPackages = [ "cmd/caddy" ];
src = fetchFromGitHub {
owner = "caddyserver";
repo = pname;
rev = "v${version}";
- sha256 = "0jrhwmr6gggppskg5h450wybzkv17iq69dgw36hd1dp56q002i7g";
+ sha256 = "0c682zrivkawsxlps5hlx8js5zp4ddahg0zi5cr0861gnllbdll0";
};
- vendorSha256 = "09vnci9pp8zp7bvn8zj68wslz2nc54nhcd0ll31sqfjbp00215mj";
- doCheck = false;
-
- preBuild = ''
- cat << EOF > caddy/main.go
- package main
- import "github.com/caddyserver/caddy/caddy/caddymain"
- func main() {
- caddymain.EnableTelemetry = false
- caddymain.Run()
- }
- EOF
- '';
+ vendorSha256 = "0jzx00c2b8y7zwl73r2fh1826spcd15y39nfzr53s5lay3fvkybc";
meta = with stdenv.lib; {
homepage = "https://caddyserver.com";
description = "Fast, cross-platform HTTP/2 web server with automatic HTTPS";
license = licenses.asl20;
- maintainers = with maintainers; [ rushmorem fpletz zimbatm filalex77 ];
+ maintainers = with maintainers; [ filalex77 ];
};
}
diff --git a/pkgs/servers/caddy/v1.nix b/pkgs/servers/caddy/v1.nix
new file mode 100644
index 00000000000..8a18904af2c
--- /dev/null
+++ b/pkgs/servers/caddy/v1.nix
@@ -0,0 +1,37 @@
+{ stdenv, buildGoModule, fetchFromGitHub }:
+
+buildGoModule rec {
+ pname = "caddy";
+ version = "1.0.5";
+
+ goPackagePath = "github.com/caddyserver/caddy";
+
+ subPackages = [ "caddy" ];
+
+ src = fetchFromGitHub {
+ owner = "caddyserver";
+ repo = pname;
+ rev = "v${version}";
+ sha256 = "0jrhwmr6gggppskg5h450wybzkv17iq69dgw36hd1dp56q002i7g";
+ };
+
+ vendorSha256 = "09vnci9pp8zp7bvn8zj68wslz2nc54nhcd0ll31sqfjbp00215mj";
+
+ preBuild = ''
+ cat << EOF > caddy/main.go
+ package main
+ import "github.com/caddyserver/caddy/caddy/caddymain"
+ func main() {
+ caddymain.EnableTelemetry = false
+ caddymain.Run()
+ }
+ EOF
+ '';
+
+ meta = with stdenv.lib; {
+ homepage = "https://caddyserver.com";
+ description = "Fast, cross-platform HTTP/2 web server with automatic HTTPS";
+ license = licenses.asl20;
+ maintainers = with maintainers; [ rushmorem fpletz zimbatm filalex77 ];
+ };
+}
diff --git a/pkgs/servers/caddy/v2.nix b/pkgs/servers/caddy/v2.nix
deleted file mode 100644
index 4021e829800..00000000000
--- a/pkgs/servers/caddy/v2.nix
+++ /dev/null
@@ -1,26 +0,0 @@
-{ stdenv, buildGoModule, fetchFromGitHub }:
-
-buildGoModule rec {
- pname = "caddy";
- version = "2.1.1";
-
- subPackages = [ "cmd/caddy" ];
-
- src = fetchFromGitHub {
- owner = "caddyserver";
- repo = pname;
- rev = "v${version}";
- sha256 = "0c682zrivkawsxlps5hlx8js5zp4ddahg0zi5cr0861gnllbdll0";
- };
-
- vendorSha256 = "0jzx00c2b8y7zwl73r2fh1826spcd15y39nfzr53s5lay3fvkybc";
-
- doCheck = false;
-
- meta = with stdenv.lib; {
- homepage = "https://caddyserver.com";
- description = "Fast, cross-platform HTTP/2 web server with automatic HTTPS";
- license = licenses.asl20;
- maintainers = with maintainers; [ filalex77 ];
- };
-}
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index e191074c363..75f427beb6e 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -1509,12 +1509,8 @@ in
'';
});
- caddy = callPackage ../servers/caddy {
- buildGoModule = buildGo114Module;
- };
- caddy2 = callPackage ../servers/caddy/v2.nix {
- buildGoModule = buildGo114Module;
- };
+ caddy = callPackage ../servers/caddy { buildGoModule = buildGo114Module; }; # https://github.com/lucas-clemente/quic-go/issues/2614
+ caddy1 = callPackage ../servers/caddy/v1.nix { buildGoModule = buildGo114Module; };
traefik = callPackage ../servers/traefik { };
calamares = libsForQt514.callPackage ../tools/misc/calamares {