public
/
nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
277,644 Commits 1 Branch 0 Tags 1.5 GiB
Commit Graph

662 Commits

Author SHA1 Message Date
Aaron Andersen 06d17caf92 nixos/httpd: configure log rotation 2020-08-21 17:04:07 -04:00
Jörg Thalheim 6f4141507b
meguca: remove (#95920) 2020-08-21 13:00:40 -07:00
Aaron Andersen fd250d57bb
Merge pull request #79123 from aanderse/apachectl 
nixos/httpd: remove impurity from /etc
 2020-08-19 20:56:51 -04:00
Izorkin 26898b8518 nixos/unit: update sandboxing options 2020-08-15 11:21:09 +03:00
Florian Klink 300049ca51 nixos/nginx: move configuration testing script into reload command 
nginx -t not only verifies configuration, but also creates (and chowns)
files. When the `nginx-config-reload` service is used, this can cause
directories to be chowned to `root`, causing nginx to fail.

This moves the nginx -t command into a second ExecReload command, which
runs as nginx's user. While fixing above issue, this will also cause the
configuration to be verified when running `systemctl reload nginx`, not
only when restarting the dummy `nginx-config-reload` unit. The latter is
mostly a workaround for missing features in our activation script
anyways.
 2020-08-12 18:13:29 +02:00
zowoq 8fb410c0ad nixos/*: editorconfig fixes 2020-08-08 10:54:16 +10:00
Jörg Thalheim ba930d8679
nixos/modules: remove trailing whitespace 
This leads to ci failure otherwise if the file gets changed.
git-blame can ignore whitespace changes.
 2020-08-07 14:45:39 +01:00
Emery Hemingway 76d60b0fcd nixos/molly-brown: init 2020-07-24 11:04:33 +02:00
Izorkin 8129816f98 nixos/unit: add 'tmp' directory 2020-07-17 19:46:56 +03:00
Arian van Putten cfd672a94d nixos/acme: Also fix ordering for apache 2020-06-15 11:05:00 +02:00
Arian van Putten 681cc105ce nixos/acme: Make sure nginx is running before certs are requested 
This fixes https://github.com/NixOS/nixpkgs/issues/81842

We should probably also fix this for Apache, which recently also learned
to use ACME.
 2020-06-15 11:04:59 +02:00
Florian Klink a3678ed347 nixos/nginx: always run systemctl of the currently running systemd 
Also, make the postRun script refer to that systemctl, and not just rely
on $PATH for consistency.
 2020-05-21 10:31:47 +02:00
Jörg Thalheim b96a4dcc60
uwsgi: make instance configuration deeply mergeable 
allows to specify independent uwsgi instances in two modules.
 2020-05-15 08:53:31 +01:00
Izorkin 94391fce1d nixos/nginx: add option enableSandbox 2020-05-12 20:03:29 +03:00
Izorkin aa12fb8adb nginxModules: add option allowMemoryWriteExecute 
The allowMemoryWriteExecute option is required to checking enabled nginxModules
and disable the nginx sandbox mode MemoryDenyWriteExecute.
 2020-05-12 20:03:29 +03:00
Izorkin 628354c686 nixos/nginx: enable sandboxing 2020-05-12 20:03:27 +03:00
Jörg Thalheim 11c18faa4e
Merge pull request #85862 from Izorkin/nginx-paths 2020-05-11 11:17:04 +01:00
Izorkin cfad151ac5 nixos/unit: run Unit as root 
In latest release recommended not set ambient capabilities.
 2020-05-06 12:27:12 +03:00
Izorkin 3eb6012b64 nixos/unit: update sandboxing mode 2020-05-06 12:27:12 +03:00
Izorkin 91a7f33b64 nixos/unit: fix starting service 2020-05-06 12:27:12 +03:00
Izorkin 4d988ff0d0 nixos/nginx: change log and cache directories 2020-05-04 16:36:37 +03:00
Elis Hirwing 27b9b7b3af
Merge pull request #85026 from talyz/php_buildenv_override 
php.buildEnv: Make the exported php package overridable, improve handling of currently enabled extensions, etc
 2020-04-29 19:57:37 +02:00
talyz c3d5d92f4a
php.buildEnv: Add phpIni attribute for easy access to the php.ini 2020-04-29 12:12:59 +02:00
Dominik Xaver Hörl c10d82358f treewide: add types to boolean / enable options or make use of mkEnableOption 2020-04-27 09:32:01 +02:00
Aaron Andersen 16ab83760f
Merge pull request #85043 from aanderse/httpd-2020 
nixos/httpd: modernize module standards
 2020-04-25 20:04:05 -04:00
Jan Tojnar b231ac2101
Merge pull request #85402 from jtojnar/httpd-php 2020-04-22 04:23:24 +02:00
Aaron Andersen d0de970279 nixos/httpd: some mod_php cleanup 2020-04-21 20:33:18 -04:00
Aaron Andersen ee030b121b nixos/httpd: set modern default values for mpm and http2 2020-04-21 20:33:18 -04:00
Aaron Andersen 20f37a4430 nixos/httpd: run as non root user 2020-04-21 20:33:18 -04:00
Thomas Churchman 8880957042 nixos/phpfpm: fix erroneous pools example 2020-04-21 20:59:52 +02:00
Dominik Xaver Hörl 0412bde942 treewide: add bool type to enable options, or make use of mkEnableOption 
Add missing type information to manually specified enable options or replace them by mkEnableOption where appropriate.
 2020-04-21 08:55:36 +02:00
Jan Tojnar 4816b426a0
nixos/httpd: remove unnecessary override 
This was introduced in c801cd1a04
but it no longer seems necessary.
 2020-04-17 14:41:21 +02:00
Jan Tojnar c214e63f2e
nixos/httpd: Use extensions from php package 
After the recent rewrite, enabled extensions are passed to php programs
through an extra ini file by a wrapper. Since httpd uses shared module
instead of program, the wrapper did not affect it and no extensions
other than built-ins were loaded.

To fix this, we are passing the extension config another way – by adding it
to the service's generated config.

For now we are hardcoding the path to the ini file. It would be nice to add
the path to the passthru and use that once the PHP expression settles down.
 2020-04-17 14:38:29 +02:00
Ioannis Koutras 1f61fbf326 nixos/traefik: make config deep mergeable 2020-04-12 22:50:36 +02:00
Ioannis Koutras bc766b003a nixos/traefik: Adapt to traefik v2 
This commit:

1. Updates the path of the traefik package, so that the out output is
   used.
2. Adapts the configuration settings and options to Traefik v2.
3. Formats the NixOS traefik service using nixfmt.
 2020-04-12 22:50:36 +02:00
Michael Reilly 84cf00f980
treewide: Per RFC45, remove all unquoted URLs 2020-04-10 17:54:53 +01:00
Aaron Andersen 24d456a48d
Merge pull request #82784 from davidak/fpm 
nixos/phpfpm: add example to socket
 2020-03-28 22:22:24 -04:00
Jan Tojnar 3c4ab13243
nixos/nginx: fix eval 
Fixes a typo introduced in https://github.com/NixOS/nixpkgs/pull/83611
 2020-03-29 00:20:07 +01:00
Vincent Bernat 7c451c3b6b
nginx: increase types_hash_max_size to 4096 (#83609) 
After upgrading to NixOS 20.03, I've got the following warning:

    nginx: [warn] could not build optimal types_hash, you should increase either types_hash_max_size: 2048 or types_hash_bucket_size: 64; ignoring types_hash_bucket_size

The documentation states that "if nginx emits the message requesting
to increase either hash max size or hash bucket size then the first
parameter should first be increased" (aka types_hash_max_size).

In 19.03, the size of mime.types was around 100 entries. In 20.03, we
are around 900 entries. This is due to ff0148d868 which makes nginx
use mailcap mime.types.
 2020-03-28 20:40:44 +01:00
Vincent Bernat 8f8cbec985
nixos/nginx: use mailcap mimetypes in all cases (#83611) 
In ff0148d868, nginx configuration was modified to use mime.types
from mailcap package as it is more complete. However, there are two
places where mime.types is included in configuration. When the user
was setting `cfg.httpConfig`, the mime.types from nginx was still
used. This commit fix that by moving the common snippet in a variable
of its own and ensure it is used at both places.
 2020-03-28 20:29:09 +01:00
davidak c7e4c3b5a3 nixos/phpfpm: add example to socket 2020-03-17 15:34:43 +01:00
Jörg Thalheim 391b7b31d8
Merge pull request #81891 from emilazy/nginx-use-mozilla-tls-config 
nixos/nginx: use Mozilla Intermediate TLS configuration
 2020-03-06 14:30:28 +00:00
Emily 4ed98d69ed nixos/nginx: use Mozilla Intermediate TLS configuration 
The configuration at https://ssl-config.mozilla.org/#server=nginx&config=intermediate
is reliably kept up-to-date in terms of security and compatible with a
wide range of clients. They've probably had more care and thought put
into them than our defaults, and will be easier to keep updated in
the future.

The only removed (rather than changed) configuration option here is
ssl_ecdh_curve, per https://github.com/mozilla/server-side-tls/issues/189.

Resolves #80952.
 2020-03-06 13:08:56 +00:00
Alexander Bakker 7bbf7fa693 uwsgi: use pyhome instead of pythonpath for uwsgi vassals 2020-03-04 20:20:32 +01:00
Florian Klink 7564f4faf3
Merge pull request #78360 from serokell/mkaito/caddy-restart 
nixos/caddy: resync with upstream unit file
 2020-02-13 23:26:11 +01:00
Aaron Andersen 0b91dfedbc nixos/httpd: override apachectl command to use generated httpd configuration 2020-02-02 08:38:57 -05:00
Aaron Andersen e23ba2a1b0 Revert "nixos/httpd: symlink apache configuration to /etc/httpd/httpd.conf for use in the apachectl command" 
This reverts commit 336a6f471f.
 2020-02-02 08:08:02 -05:00
Aaron Andersen 5b5856f6fb nixos/httpd: add http2 option 2020-02-01 19:08:02 -05:00
Aaron Andersen 0224720562 nixos/httpd: provision log directory with tmpfiles instead of mkdir 2020-01-31 20:39:25 -05:00
Aaron Andersen 01ccb67598 nixos/httpd: code cleanup 2020-01-31 20:39:12 -05:00
Aaron Andersen ae9980040f nixos/httpd: add services.httpd.virtualHosts.<name>.locations option to match nginx 2020-01-23 21:03:15 -05:00
Izorkin f2c9bcf009 nixos/unit: fix attrs 2020-01-23 20:40:49 +03:00
Yorick van Pelt 34b0167c56
nixos/caddy: resync with upstream unit file 2020-01-23 14:08:37 +01:00
Jörg Thalheim 71c19d3efa
Merge pull request #76537 from Izorkin/unit 
unit: 1.13.0 -> 1.14.0
 2020-01-21 11:39:41 +00:00
Aaron Andersen fc1bee555e
Merge pull request #75602 from vanyaklimenko/nginx-gitweb-more-options 
nixos/nginx/gitweb: add some (crucial) options
 2020-01-15 21:16:24 -05:00
Aaron Andersen 7260d2eb13
Merge pull request #77326 from aanderse/apacheHttpd 
nixos/httpd: symlink apache configuration to /etc/httpd/httpd.conf for use in the apachectl command
 2020-01-15 21:02:05 -05:00
Vanya Klimenko ed52a6567c nixos/nginx/gitweb: add some (crucial) options 
This replaces some hardcoded values in nginx's VirtualHosts's
configuration with customizable options. Previous values are kept as
default, so nothing should break for existing users.

Co-Authored-By: Florian Klink <flokli@flokli.de>
 2020-01-14 00:11:10 +00:00
Léo Gaspard b31660e5bb
Merge branch 'master' into ihatemoney 2020-01-09 03:49:03 +01:00
Aaron Andersen 336a6f471f nixos/httpd: symlink apache configuration to /etc/httpd/httpd.conf for use in the apachectl command 2020-01-08 10:37:46 -05:00
rnhmjoj 1d61efb7f1 treewide: use attrs instead of list for types.loaOf options 2020-01-06 10:39:18 -05:00
Danylo Hlynskyi cef68c4580
nixos/nginx: don't hide nginx config errors on nixos-rebuild --switch with reload enabled (#76179) 
nixos/nginx: don't hide nginx config errors on nixos-rebuild --switch
with reload enabled

Closes https://github.com/NixOS/nixpkgs/issues/73455
 2020-01-05 00:39:23 +02:00
Aaron Andersen 6777926911 nixos/httpd: update default ssl protocols 2019-12-30 11:24:11 -05:00
Izorkin 192df19a7c nixos/unit: fix typo 2019-12-28 22:12:45 +03:00
Aaron Andersen 4d2dd15546
Merge pull request #73113 from aanderse/httpd-vhost 
nixos/httpd: support overridable virtual hosts
 2019-12-26 08:09:08 -05:00
danbst 50d6e93dc8 nixos/nginx: fixup permissions for Nginx state dir 
The commit b0bbacb521 was a bit too fast
It did set executable bit for log files.

Also, it didn't account for other directories in state dir:
```
 # ls -la /var/spool/nginx/
total 32
drwxr-x--- 8 nginx nginx 4096 Dec 26 12:00 .
drwxr-xr-x 4 root  root  4096 Oct 10 20:24 ..
drwx------ 2 root  root  4096 Oct 10 20:24 client_body_temp
drwx------ 2 root  root  4096 Oct 10 20:24 fastcgi_temp
drwxr-x--- 2 nginx nginx 4096 Dec 26 12:00 logs
drwx------ 2 root  root  4096 Oct 10 20:24 proxy_temp
drwx------ 2 root  root  4096 Oct 10 20:24 scgi_temp
drwx------ 2 root  root  4096 Oct 10 20:24 uwsgi_temp
```

With proposed change, only ownership is changed for state files, and mode is left as is
except that statedir/logs is now group accessible.
 2019-12-26 14:16:29 +02:00
Yurii Izorkin b0bbacb521 nixos/nginx: recursively change logs directory owner/group (#76174) 
This change brings pre-existing installations (where the logfiles
are owned by root) in line with the new permssions (where logfiles
are owned by the nginx user)
 2019-12-26 13:51:10 +02:00
Aaron Andersen 79215f0df1 nixos/httpd: limit serving web content to virtual hosts, convert virtualHosts option type from listOf to attrsOf, add ACME integration 2019-12-24 20:27:48 -05:00
Florian Klink 0a41dae98b
Merge pull request #56255 from Izorkin/nginx-temp1 
nginx: do not run anything as root
 2019-12-20 23:34:55 +01:00
brprice 5b210859f6 nixos/nginx: drop extra semicolon in return example (#76055) 2019-12-19 21:59:01 +02:00
Izorkin 2a413da57e nixos/nginx: do not run anything as root 2019-12-15 11:21:08 +03:00
Izorkin e1e0059667 nixos/unit: update preStart script 2019-12-12 17:59:10 +03:00
Izorkin 7443d9dfd4 nixos/unit: enable sanboxing 2019-12-12 17:59:10 +03:00
Silvan Mosberger 4ee3e8b21d
nixos/treewide: Move rename.nix imports to their respective modules 
A centralized list for these renames is not good because:
- It breaks disabledModules for modules that have a rename defined
- Adding/removing renames for a module means having to find them in the
central file
- Merge conflicts due to multiple people editing the central file
 2019-12-10 02:51:19 +01:00
Vanya Klimenko 125205cd60
nixos/apache-httpd: fix typo in extraConfig description 2019-12-06 21:47:15 +03:00
paumr 5a1c15da12 improved nginx.basicAuthFile description 2019-12-03 14:05:46 +01:00
Florian Klink 4321a88f44 nixos/phpfpm: enable PrivateTmp=true 
This seems to be mostly a pre - #57677 relict. As postgresql sockets now
are not in /tmp anymore, isolate /tmp.
 2019-11-21 23:31:19 +01:00
Renaud bf6217cbf1
nixos/nginx: correct header 
Apache -> Nginx
 2019-11-18 23:25:17 +01:00
Lassulus 14961b1034
Merge pull request #72719 from bhipple/doc/comment-fix 
nixos/nginx: update comment
 2019-11-18 23:02:46 +01:00
Silvan Mosberger b4b2253459
nixos/ttyd: init (#68604) 
nixos/ttyd: init
 2019-11-14 01:37:18 +01:00
Aleksandar Topuzović 6b3cc03b45
nixos/ttyd: init 2019-11-13 23:18:47 +00:00
Franz Pletz 60f2e4f831
nixos/varnish: fix default package name 2019-11-13 16:39:45 +01:00
Aaron Andersen d68d23bb26
Merge pull request #72767 from Izorkin/phpfpm-fix 
nixos/phpfpm: fix apply global phpOptions
 2019-11-11 07:45:28 -05:00
Red Davies 62e421fbb2 nixos/httpd: module fixes enableUserDir (attendum to #72789) 2019-11-09 00:53:56 +00:00
Aaron Andersen dec234f986
Merge pull request #72789 from aanderse/httpd-again 
nixos/httpd: module cleanup
 2019-11-06 16:04:38 -05:00
Izorkin 9a27acedda nixos/phpfpm: fix apply global phpOptions 2019-11-05 23:22:30 +03:00
Aaron Andersen 5c3715379d nixos/httpd: allow user to specify a minimal list of apache modules 2019-11-04 11:21:20 -05:00
Aaron Andersen 9c28599bfe nixos/httpd: drop stateDir option, hardcode to /run/httpd 2019-11-04 07:32:28 -05:00
Benjamin Hipple 3d73b6db85 nixos/nginx: update comment 
It says Apache, but this is for Nginx; looks like a copy-paste error.
 2019-11-03 10:22:56 -05:00
Symphorien Gibol 32d2266d0d ihatemoney: init at 4.1 plus module and test 2019-11-02 12:00:00 +00:00
Silvan Mosberger dd0a47e7ae
treewide: Switch to system users (#71055) 
treewide: Switch to system users
 2019-11-01 13:26:43 +01:00
Aaron Andersen 9a91679b7a nixos/httpd: remove deprecated extraSubservices option 2019-10-20 20:16:45 -04:00
Janne Heß d6c08776ba treewide: Switch to system users 2019-10-12 22:25:28 +02:00
Robin Gloster 8e1fdad7c6
Merge pull request #70858 from manveru/nginx-map-hash-sizes 
nginx: add map_hash_*_size options
 2019-10-09 17:32:40 +02:00
Milan Pässler ff0148d868 nixos/nginx: use mailcap mime.types 
The mime type definitions included with nginx are very incomplete, so
we use a list of mime types from the mailcap package, which is also
used by most other Linux distributions by default.
 2019-10-09 14:20:40 +00:00
Michael Fellinger 2d0b34aa1c
nginx: add map_hash_*_size options 2019-10-09 15:59:03 +02:00
Joachim Fasting bad07dfac5
tree-wide: replace uses of splitString "." with lib.versions 
Quoting from the splitString docstring:

   NOTE: this function is not performant and should never be used.

This replaces trivial uses of splitString for splitting version
strings with the (potentially builtin) splitVersion.
 2019-09-26 17:42:49 +02:00
Vincent Bernat cf3e491cef nginx: remove gzip_disable directive 
IE6 is long gone and this directive is not useful anymore. We can
spare a few CPU cycles (and maybe skip some bugs) by not trying to
disable gzip for MSIE6.
 2019-09-12 11:55:32 -05:00
volth 7b8fb5c06c treewide: remove redundant quotes 2019-09-08 23:38:31 +00:00
Peter Hoeg 5eef8c231a
Merge pull request #68094 from peterhoeg/f/darkhttp 
nixos/darkhttpd: fix package reference
 2019-09-04 17:08:14 +08:00
Silvan Mosberger 478e7184f8
nixos/modules: Remove all usages of types.string 
And replace them with a more appropriate type

Also fix up some minor module problems along the way
 2019-08-31 18:19:00 +02:00