From 8cc592abfa34e9e45a506b679099419a336313fc Mon Sep 17 00:00:00 2001 From: Oleksii Filonenko Date: Mon, 4 May 2020 02:10:26 +0300 Subject: [PATCH 1/7] nixos/caddy: add support for v2 --- nixos/modules/services/web-servers/caddy.nix | 43 ++++++++++++++++++-- 1 file changed, 40 insertions(+), 3 deletions(-) diff --git a/nixos/modules/services/web-servers/caddy.nix b/nixos/modules/services/web-servers/caddy.nix index 0e6e10a5f47..4c024985dae 100644 --- a/nixos/modules/services/web-servers/caddy.nix +++ b/nixos/modules/services/web-servers/caddy.nix @@ -5,12 +5,30 @@ with lib; let cfg = config.services.caddy; configFile = pkgs.writeText "Caddyfile" cfg.config; + + # v2-specific options + isCaddy2 = versionAtLeast cfg.package.version "2.0"; + tlsConfig = { + apps.tls.automation.policies = [{ + issuer = { + inherit (cfg) ca email; + module = "acme"; + }; + }]; + }; + adaptedConfig = importJSON (pkgs.runCommand "caddy-config-adapted.json" { } '' + ${cfg.package}/bin/caddy adapt \ + --config ${configFile} --adapter ${cfg.adapter} > $out + ''); + configJSON = pkgs.writeText "caddy-config.json" (builtins.toJSON + (recursiveUpdate adaptedConfig tlsConfig)); in { options.services.caddy = { enable = mkEnableOption "Caddy web server"; config = mkOption { default = ""; + # TODO: update example text on v2.0 release example = '' example.com { gzip @@ -24,6 +42,17 @@ in { description = "Verbatim Caddyfile to use"; }; + adapter = mkOption { + default = "caddyfile"; + example = "nginx"; + type = types.str; + description = '' + Name of the config adapter to use. + + See https://caddyserver.com/docs/config-adapters for the full list. + ''; + }; + ca = mkOption { default = "https://acme-v02.api.letsencrypt.org/directory"; example = "https://acme-staging-v02.api.letsencrypt.org/directory"; @@ -56,8 +85,14 @@ in { package = mkOption { default = pkgs.caddy; defaultText = "pkgs.caddy"; + example = "pkgs.caddy2"; type = types.package; - description = "Caddy package to use."; + description = '' + Caddy package to use. + + Note: to use Caddy v2, set this to . + v2 will become the default after it is released. + ''; }; }; @@ -68,10 +103,12 @@ in { after = [ "network-online.target" ]; wants = [ "network-online.target" ]; # systemd-networkd-wait-online.service wantedBy = [ "multi-user.target" ]; - environment = mkIf (versionAtLeast config.system.stateVersion "17.09") + environment = mkIf (versionAtLeast config.system.stateVersion "17.09" && !isCaddy2) { CADDYPATH = cfg.dataDir; }; serviceConfig = { - ExecStart = '' + ExecStart = if isCaddy2 then '' + ${cfg.package}/bin/caddy run --config ${configJSON} + '' else '' ${cfg.package}/bin/caddy -log stdout -log-timestamps=false \ -root=/var/tmp -conf=${configFile} \ -ca=${cfg.ca} -email=${cfg.email} ${optionalString cfg.agree "-agree"} From d71cadacd9bc67b0bd4dc207442a8edb5d492943 Mon Sep 17 00:00:00 2001 From: Oleksii Filonenko Date: Fri, 8 May 2020 09:35:55 +0000 Subject: [PATCH 2/7] nixos/caddy: use v2 by default --- nixos/modules/services/web-servers/caddy.nix | 33 ++++++++++---------- 1 file changed, 17 insertions(+), 16 deletions(-) diff --git a/nixos/modules/services/web-servers/caddy.nix b/nixos/modules/services/web-servers/caddy.nix index 4c024985dae..65e9f12e664 100644 --- a/nixos/modules/services/web-servers/caddy.nix +++ b/nixos/modules/services/web-servers/caddy.nix @@ -20,6 +20,7 @@ let ${cfg.package}/bin/caddy adapt \ --config ${configFile} --adapter ${cfg.adapter} > $out ''); + # TODO: validate with `caddy validate`? configJSON = pkgs.writeText "caddy-config.json" (builtins.toJSON (recursiveUpdate adaptedConfig tlsConfig)); in { @@ -28,18 +29,18 @@ in { config = mkOption { default = ""; - # TODO: update example text on v2.0 release example = '' example.com { - gzip - minify - log syslog - - root /srv/http + encode gzip + log + root /srv/http } ''; type = types.lines; - description = "Verbatim Caddyfile to use"; + description = '' + Verbatim Caddyfile to use. + Caddy v2 supports multiple config formats via adapters (see ). + ''; }; adapter = mkOption { @@ -47,8 +48,7 @@ in { example = "nginx"; type = types.str; description = '' - Name of the config adapter to use. - + Name of the config adapter to use. Not applicable to Caddy v1. See https://caddyserver.com/docs/config-adapters for the full list. ''; }; @@ -79,19 +79,20 @@ in { The data directory, for storing certificates. Before 17.09, this would create a .caddy directory. With 17.09 the contents of the .caddy directory are in the specified data directory instead. + + Caddy v2 replaced CADDYPATH with XDG directories. + See https://caddyserver.com/docs/conventions#file-locations. ''; }; package = mkOption { - default = pkgs.caddy; - defaultText = "pkgs.caddy"; - example = "pkgs.caddy2"; + default = pkgs.caddy2; + defaultText = "pkgs.caddy2"; + example = "pkgs.caddy"; type = types.package; description = '' Caddy package to use. - - Note: to use Caddy v2, set this to . - v2 will become the default after it is released. + To use Caddy v1 (obsolete), set this to . ''; }; }; @@ -99,7 +100,7 @@ in { config = mkIf cfg.enable { systemd.services.caddy = { description = "Caddy web server"; - # upstream unit: https://github.com/caddyserver/caddy/blob/master/dist/init/linux-systemd/caddy.service + # upstream unit: https://github.com/caddyserver/dist/blob/master/init/caddy.service after = [ "network-online.target" ]; wants = [ "network-online.target" ]; # systemd-networkd-wait-online.service wantedBy = [ "multi-user.target" ]; From 06d2d845190aa33013346d415271f9d045db91cf Mon Sep 17 00:00:00 2001 From: Oleksii Filonenko Date: Fri, 8 May 2020 09:39:24 +0000 Subject: [PATCH 3/7] nixosTests.caddy: update to v2 - Update configuration syntax - Add filalex77 as a maintainer --- nixos/tests/caddy.nix | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/nixos/tests/caddy.nix b/nixos/tests/caddy.nix index 144d83179a1..e9a93df4f48 100644 --- a/nixos/tests/caddy.nix +++ b/nixos/tests/caddy.nix @@ -1,7 +1,7 @@ import ./make-test-python.nix ({ pkgs, ... }: { name = "caddy"; meta = with pkgs.stdenv.lib.maintainers; { - maintainers = [ xfix ]; + maintainers = [ xfix filalex77 ]; }; nodes = { @@ -9,9 +9,9 @@ import ./make-test-python.nix ({ pkgs, ... }: { services.caddy.enable = true; services.caddy.config = '' http://localhost { - gzip + encode gzip - root ${ + root * ${ pkgs.runCommand "testdir" {} '' mkdir "$out" echo hello world > "$out/example.html" @@ -23,9 +23,9 @@ import ./make-test-python.nix ({ pkgs, ... }: { specialisation.etag.configuration = { services.caddy.config = lib.mkForce '' http://localhost { - gzip + encode gzip - root ${ + root * ${ pkgs.runCommand "testdir2" {} '' mkdir "$out" echo changed > "$out/example.html" From 6322325a53cc7c681992fe5899fbfaf4f007957f Mon Sep 17 00:00:00 2001 From: Oleksii Filonenko Date: Fri, 8 May 2020 22:23:33 +0300 Subject: [PATCH 4/7] caddy: 1.0.5 -> 2.0.0 Rename legacy v1 to `caddy1` --- nixos/modules/services/web-servers/caddy.nix | 8 ++--- pkgs/servers/caddy/default.nix | 22 ++++-------- pkgs/servers/caddy/v1.nix | 36 ++++++++++++++++++++ pkgs/servers/caddy/v2.nix | 26 -------------- pkgs/top-level/all-packages.nix | 8 ++--- 5 files changed, 48 insertions(+), 52 deletions(-) create mode 100644 pkgs/servers/caddy/v1.nix delete mode 100644 pkgs/servers/caddy/v2.nix diff --git a/nixos/modules/services/web-servers/caddy.nix b/nixos/modules/services/web-servers/caddy.nix index 65e9f12e664..e5f1df774bb 100644 --- a/nixos/modules/services/web-servers/caddy.nix +++ b/nixos/modules/services/web-servers/caddy.nix @@ -86,13 +86,13 @@ in { }; package = mkOption { - default = pkgs.caddy2; - defaultText = "pkgs.caddy2"; - example = "pkgs.caddy"; + default = pkgs.caddy; + defaultText = "pkgs.caddy"; + example = "pkgs.caddy1"; type = types.package; description = '' Caddy package to use. - To use Caddy v1 (obsolete), set this to . + To use Caddy v1 (obsolete), set this to pkgs.caddy1. ''; }; }; diff --git a/pkgs/servers/caddy/default.nix b/pkgs/servers/caddy/default.nix index 05b69c30e6c..5a7ac8f086f 100644 --- a/pkgs/servers/caddy/default.nix +++ b/pkgs/servers/caddy/default.nix @@ -2,35 +2,25 @@ buildGoModule rec { pname = "caddy"; - version = "1.0.5"; + version = "2.0.0"; - subPackages = [ "caddy" ]; + subPackages = [ "cmd/caddy" ]; src = fetchFromGitHub { owner = "caddyserver"; repo = pname; rev = "v${version}"; - sha256 = "0jrhwmr6gggppskg5h450wybzkv17iq69dgw36hd1dp56q002i7g"; + sha256 = "1c1frfx0qkprhf4var70cncvrw8s9gjag2hygndbd9055hb52bvv"; }; + vendorSha256 = "09vnci9pp8zp7bvn8zj68wslz2nc54nhcd0ll31sqfjbp00215mj"; - doCheck = false; - - preBuild = '' - cat << EOF > caddy/main.go - package main - import "github.com/caddyserver/caddy/caddy/caddymain" - func main() { - caddymain.EnableTelemetry = false - caddymain.Run() - } - EOF - ''; + modSha256 = "19sxyvfq1bpg85w8cd1yk2s6rd8759cf2zqs5b6wyny4cak2bl83"; meta = with stdenv.lib; { homepage = "https://caddyserver.com"; description = "Fast, cross-platform HTTP/2 web server with automatic HTTPS"; license = licenses.asl20; - maintainers = with maintainers; [ rushmorem fpletz zimbatm filalex77 ]; + maintainers = with maintainers; [ filalex77 ]; }; } diff --git a/pkgs/servers/caddy/v1.nix b/pkgs/servers/caddy/v1.nix new file mode 100644 index 00000000000..bcd4b7065b5 --- /dev/null +++ b/pkgs/servers/caddy/v1.nix @@ -0,0 +1,36 @@ +{ stdenv, buildGoModule, fetchFromGitHub }: + +buildGoModule rec { + pname = "caddy"; + version = "1.0.5"; + + goPackagePath = "github.com/caddyserver/caddy"; + + subPackages = [ "caddy" ]; + + src = fetchFromGitHub { + owner = "caddyserver"; + repo = pname; + rev = "v${version}"; + sha256 = "0jrhwmr6gggppskg5h450wybzkv17iq69dgw36hd1dp56q002i7g"; + }; + modSha256 = "1gc0xvsihr4zp7hkrdfrplvzkaphz1y4q53rgwn2jhd8s98l57an"; + + preBuild = '' + cat << EOF > caddy/main.go + package main + import "github.com/caddyserver/caddy/caddy/caddymain" + func main() { + caddymain.EnableTelemetry = false + caddymain.Run() + } + EOF + ''; + + meta = with stdenv.lib; { + homepage = "https://caddyserver.com"; + description = "Fast, cross-platform HTTP/2 web server with automatic HTTPS"; + license = licenses.asl20; + maintainers = with maintainers; [ rushmorem fpletz zimbatm filalex77 ]; + }; +} diff --git a/pkgs/servers/caddy/v2.nix b/pkgs/servers/caddy/v2.nix deleted file mode 100644 index 4021e829800..00000000000 --- a/pkgs/servers/caddy/v2.nix +++ /dev/null @@ -1,26 +0,0 @@ -{ stdenv, buildGoModule, fetchFromGitHub }: - -buildGoModule rec { - pname = "caddy"; - version = "2.1.1"; - - subPackages = [ "cmd/caddy" ]; - - src = fetchFromGitHub { - owner = "caddyserver"; - repo = pname; - rev = "v${version}"; - sha256 = "0c682zrivkawsxlps5hlx8js5zp4ddahg0zi5cr0861gnllbdll0"; - }; - - vendorSha256 = "0jzx00c2b8y7zwl73r2fh1826spcd15y39nfzr53s5lay3fvkybc"; - - doCheck = false; - - meta = with stdenv.lib; { - homepage = "https://caddyserver.com"; - description = "Fast, cross-platform HTTP/2 web server with automatic HTTPS"; - license = licenses.asl20; - maintainers = with maintainers; [ filalex77 ]; - }; -} diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 7a5414477e9..dba9d0c793b 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -1507,12 +1507,8 @@ in ''; }); - caddy = callPackage ../servers/caddy { - buildGoModule = buildGo114Module; - }; - caddy2 = callPackage ../servers/caddy/v2.nix { - buildGoModule = buildGo114Module; - }; + caddy = callPackage ../servers/caddy { }; + caddy1 = callPackage ../servers/caddy/v1.nix { }; traefik = callPackage ../servers/traefik { }; calamares = libsForQt5.callPackage ../tools/misc/calamares { From c3a7c89a20fbb602a176cd6e82bd6609d2eb9bf7 Mon Sep 17 00:00:00 2001 From: Oleksii Filonenko Date: Fri, 8 May 2020 22:36:31 +0300 Subject: [PATCH 5/7] release-notes/rl-2009: add item about Caddy v2 --- nixos/doc/manual/release-notes/rl-2009.xml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/nixos/doc/manual/release-notes/rl-2009.xml b/nixos/doc/manual/release-notes/rl-2009.xml index 7d11d422e30..bf805ab9858 100644 --- a/nixos/doc/manual/release-notes/rl-2009.xml +++ b/nixos/doc/manual/release-notes/rl-2009.xml @@ -782,6 +782,15 @@ CREATE ROLE postgres LOGIN SUPERUSER; config.systemd.services.${name}.path now returns a list of paths instead of a colon-separated string. + + + Caddy module now uses Caddy v2 by default. Caddy v1 can still be used by setting + to pkgs.caddy1. + + + New option has been added. + + From b8bfe941fa7912bc68fb952fb268bc529eb502ca Mon Sep 17 00:00:00 2001 From: Sylvain Fankhauser Date: Mon, 7 Sep 2020 09:42:00 +0200 Subject: [PATCH 6/7] caddy: address remaining MR comments for v2 --- nixos/modules/services/web-servers/caddy.nix | 18 ++++++++++++------ nixos/tests/caddy.nix | 8 ++++++-- pkgs/servers/caddy/v1.nix | 3 ++- pkgs/top-level/all-packages.nix | 4 ++-- 4 files changed, 22 insertions(+), 11 deletions(-) diff --git a/nixos/modules/services/web-servers/caddy.nix b/nixos/modules/services/web-servers/caddy.nix index e5f1df774bb..dda26fe491a 100644 --- a/nixos/modules/services/web-servers/caddy.nix +++ b/nixos/modules/services/web-servers/caddy.nix @@ -16,13 +16,15 @@ let }; }]; }; - adaptedConfig = importJSON (pkgs.runCommand "caddy-config-adapted.json" { } '' + + adaptedConfig = pkgs.runCommand "caddy-config-adapted.json" { } '' ${cfg.package}/bin/caddy adapt \ --config ${configFile} --adapter ${cfg.adapter} > $out - ''); - # TODO: validate with `caddy validate`? - configJSON = pkgs.writeText "caddy-config.json" (builtins.toJSON - (recursiveUpdate adaptedConfig tlsConfig)); + ''; + tlsJSON = pkgs.writeText "tls.json" (builtins.toJSON tlsConfig); + configJSON = pkgs.runCommand "caddy-config.json" { } '' + ${pkgs.jq}/bin/jq -s '.[0] * .[1]' ${adaptedConfig} ${tlsJSON} > $out + ''; in { options.services.caddy = { enable = mkEnableOption "Caddy web server"; @@ -114,7 +116,11 @@ in { -root=/var/tmp -conf=${configFile} \ -ca=${cfg.ca} -email=${cfg.email} ${optionalString cfg.agree "-agree"} ''; - ExecReload = "${pkgs.coreutils}/bin/kill -USR1 $MAINPID"; + ExecReload = + if isCaddy2 then + "${cfg.package}/bin/caddy reload --config ${configJSON}" + else + "${pkgs.coreutils}/bin/kill -USR1 $MAINPID"; Type = "simple"; User = "caddy"; Group = "caddy"; diff --git a/nixos/tests/caddy.nix b/nixos/tests/caddy.nix index e9a93df4f48..445a7fa6b0b 100644 --- a/nixos/tests/caddy.nix +++ b/nixos/tests/caddy.nix @@ -11,6 +11,7 @@ import ./make-test-python.nix ({ pkgs, ... }: { http://localhost { encode gzip + file_server root * ${ pkgs.runCommand "testdir" {} '' mkdir "$out" @@ -25,6 +26,7 @@ import ./make-test-python.nix ({ pkgs, ... }: { http://localhost { encode gzip + file_server root * ${ pkgs.runCommand "testdir2" {} '' mkdir "$out" @@ -59,9 +61,11 @@ import ./make-test-python.nix ({ pkgs, ... }: { ) etag = etag.replace("\r\n", " ") http_code = webserver.succeed( - "curl -w \"%{{http_code}}\" -X HEAD -H 'If-None-Match: {}' {}".format(etag, url) + "curl --silent --show-error -o /dev/null -w \"%{{http_code}}\" --head -H 'If-None-Match: {}' {}".format( + etag, url + ) ) - assert int(http_code) == 304, "HTTP code is not 304" + assert int(http_code) == 304, "HTTP code is {}, expected 304".format(http_code) return etag diff --git a/pkgs/servers/caddy/v1.nix b/pkgs/servers/caddy/v1.nix index bcd4b7065b5..8a18904af2c 100644 --- a/pkgs/servers/caddy/v1.nix +++ b/pkgs/servers/caddy/v1.nix @@ -14,7 +14,8 @@ buildGoModule rec { rev = "v${version}"; sha256 = "0jrhwmr6gggppskg5h450wybzkv17iq69dgw36hd1dp56q002i7g"; }; - modSha256 = "1gc0xvsihr4zp7hkrdfrplvzkaphz1y4q53rgwn2jhd8s98l57an"; + + vendorSha256 = "09vnci9pp8zp7bvn8zj68wslz2nc54nhcd0ll31sqfjbp00215mj"; preBuild = '' cat << EOF > caddy/main.go diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index dba9d0c793b..a3e55521547 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -1507,8 +1507,8 @@ in ''; }); - caddy = callPackage ../servers/caddy { }; - caddy1 = callPackage ../servers/caddy/v1.nix { }; + caddy = callPackage ../servers/caddy { buildGoModule = buildGo114Module; }; # https://github.com/lucas-clemente/quic-go/issues/2614 + caddy1 = callPackage ../servers/caddy/v1.nix { buildGoModule = buildGo114Module; }; traefik = callPackage ../servers/traefik { }; calamares = libsForQt5.callPackage ../tools/misc/calamares { From 94ed8606c6851e326d91dde1b79774c157b2681f Mon Sep 17 00:00:00 2001 From: Sylvain Fankhauser Date: Mon, 7 Sep 2020 09:42:42 +0200 Subject: [PATCH 7/7] caddy: 2.0.0 -> 2.1.1 --- pkgs/servers/caddy/default.nix | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/pkgs/servers/caddy/default.nix b/pkgs/servers/caddy/default.nix index 5a7ac8f086f..1ed6fcd2d52 100644 --- a/pkgs/servers/caddy/default.nix +++ b/pkgs/servers/caddy/default.nix @@ -2,7 +2,7 @@ buildGoModule rec { pname = "caddy"; - version = "2.0.0"; + version = "2.1.1"; subPackages = [ "cmd/caddy" ]; @@ -10,12 +10,10 @@ buildGoModule rec { owner = "caddyserver"; repo = pname; rev = "v${version}"; - sha256 = "1c1frfx0qkprhf4var70cncvrw8s9gjag2hygndbd9055hb52bvv"; + sha256 = "0c682zrivkawsxlps5hlx8js5zp4ddahg0zi5cr0861gnllbdll0"; }; - vendorSha256 = "09vnci9pp8zp7bvn8zj68wslz2nc54nhcd0ll31sqfjbp00215mj"; - - modSha256 = "19sxyvfq1bpg85w8cd1yk2s6rd8759cf2zqs5b6wyny4cak2bl83"; + vendorSha256 = "0jzx00c2b8y7zwl73r2fh1826spcd15y39nfzr53s5lay3fvkybc"; meta = with stdenv.lib; { homepage = "https://caddyserver.com";