public
/
nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

nixos/httpd: provide a stable path stable path to the configuration file for reloads

This commit is contained in:
Aaron Andersen 2021-05-11 19:51:23 -04:00
parent 774550baf5
commit f20aa073e1
1 changed files with 9 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
nixos/modules/services/web-servers/apache-httpd/default.nix
View File

@ -15,11 +15,9 @@ let
apachectl = pkgs.runCommand "apachectl" { meta.priority = -1; } '' apachectl = pkgs.runCommand "apachectl" { meta.priority = -1; } ''
mkdir -p $out/bin mkdir -p $out/bin
cp ${pkg}/bin/apachectl $out/bin/apachectl cp ${pkg}/bin/apachectl $out/bin/apachectl
sed -i $out/bin/apachectl -e 's|$HTTPD -t|$HTTPD -t -f ${httpdConf}|' sed -i $out/bin/apachectl -e 's|$HTTPD -t|$HTTPD -t -f /etc/httpd/httpd.conf|'
''; '';
httpdConf = cfg.configFile;
php = cfg.phpPackage.override { apacheHttpd = pkg; }; php = cfg.phpPackage.override { apacheHttpd = pkg; };
phpModuleName = let phpModuleName = let
@ -682,6 +680,8 @@ in
}) (filter (hostOpts: hostOpts.useACMEHost == null) acmeEnabledVhosts); }) (filter (hostOpts: hostOpts.useACMEHost == null) acmeEnabledVhosts);
in listToAttrs acmePairs; in listToAttrs acmePairs;
# httpd requires a stable path to the configuration file for reloads
environment.etc."httpd/httpd.conf".source = cfg.configFile;
environment.systemPackages = [ environment.systemPackages = [
apachectl apachectl
pkg pkg
@ -753,6 +753,7 @@ in
wants = concatLists (map (certName: [ "acme-finished-${certName}.target" ]) dependentCertNames); wants = concatLists (map (certName: [ "acme-finished-${certName}.target" ]) dependentCertNames);
after = [ "network.target" ] ++ map (certName: "acme-selfsigned-${certName}.service") dependentCertNames; after = [ "network.target" ] ++ map (certName: "acme-selfsigned-${certName}.service") dependentCertNames;
before = map (certName: "acme-${certName}.service") dependentCertNames; before = map (certName: "acme-${certName}.service") dependentCertNames;
restartTriggers = [ cfg.configFile ];
path = [ pkg pkgs.coreutils pkgs.gnugrep ]; path = [ pkg pkgs.coreutils pkgs.gnugrep ];
@ -771,9 +772,9 @@ in
''; '';
serviceConfig = { serviceConfig = {
ExecStart = "@${pkg}/bin/httpd httpd -f ${httpdConf}"; ExecStart = "@${pkg}/bin/httpd httpd -f /etc/httpd/httpd.conf";
ExecStop = "${pkg}/bin/httpd -f ${httpdConf} -k graceful-stop"; ExecStop = "${pkg}/bin/httpd -f /etc/httpd/httpd.conf -k graceful-stop";
ExecReload = "${pkg}/bin/httpd -f ${httpdConf} -k graceful"; ExecReload = "${pkg}/bin/httpd -f /etc/httpd/httpd.conf -k graceful";
User = cfg.user; User = cfg.user;
Group = cfg.group; Group = cfg.group;
Type = "forking"; Type = "forking";
@ -800,6 +801,7 @@ in
# certs are updated _after_ config has been reloaded. # certs are updated _after_ config has been reloaded.
before = sslTargets; before = sslTargets;
after = sslServices; after = sslServices;
restartTriggers = [ cfg.configFile ];
# Block reloading if not all certs exist yet. # Block reloading if not all certs exist yet.
# Happens when config changes add new vhosts/certs. # Happens when config changes add new vhosts/certs.
unitConfig.ConditionPathExists = map (certName: certs.${certName}.directory + "/fullchain.pem") dependentCertNames; unitConfig.ConditionPathExists = map (certName: certs.${certName}.directory + "/fullchain.pem") dependentCertNames;
@ -807,7 +809,7 @@ in
Type = "oneshot"; Type = "oneshot";
TimeoutSec = 60; TimeoutSec = 60;
ExecCondition = "/run/current-system/systemd/bin/systemctl -q is-active httpd.service"; ExecCondition = "/run/current-system/systemd/bin/systemctl -q is-active httpd.service";
ExecStartPre = "${pkg}/bin/httpd -f ${httpdConf} -t"; ExecStartPre = "${pkg}/bin/httpd -f /etc/httpd/httpd.conf -t";
ExecStart = "/run/current-system/systemd/bin/systemctl reload httpd.service"; ExecStart = "/run/current-system/systemd/bin/systemctl reload httpd.service";
}; };
}; };