-{ lib, config, ... }: with lib;
+{ lib, config, pkgs, ... }: with lib;
let
cfg = config.services.websites;
in
logPerVirtualHost = true;
multiProcessingModule = "worker";
# https://ssl-config.mozilla.org/#server=apache&version=2.4.41&config=intermediate&openssl=1.0.2t&guideline=5.4
+ # test with https://www.ssllabs.com/ssltest/analyze.html?d=www.immae.eu&s=176.9.151.154&latest
sslProtocols = "all -SSLv3 -TLSv1 -TLSv1.1";
sslCiphers = builtins.concatStringsSep ":" [
"ECDHE-ECDSA-AES128-GCM-SHA256" "ECDHE-RSA-AES128-GCM-SHA256"
(name: path: "ln -s ${path} $out/${cfg.webappDirsName}/${name}") cfg.webappDirs)
}
'';
+
+ config.systemd.services = let
+ package = httpdName: config.services.httpd.${httpdName}.package.out;
+ cfgFile = httpdName: config.services.httpd.${httpdName}.configFile;
+ serviceChange = attrsets.mapAttrs' (name: icfg:
+ attrsets.nameValuePair
+ "httpd${icfg.httpdName}" {
+ stopIfChanged = false;
+ serviceConfig.ExecStart =
+ lib.mkForce "@${package icfg.httpdName}/bin/httpd httpd -f /etc/httpd/httpd_${icfg.httpdName}.conf";
+ serviceConfig.ExecStop =
+ lib.mkForce "${package icfg.httpdName}/bin/httpd -f /etc/httpd/httpd_${icfg.httpdName}.conf -k graceful-stop";
+ serviceConfig.ExecReload =
+ lib.mkForce "${package icfg.httpdName}/bin/httpd -f /etc/httpd/httpd_${icfg.httpdName}.conf -k graceful";
+ }
+ ) cfg.env;
+ serviceReload = attrsets.mapAttrs' (name: icfg:
+ attrsets.nameValuePair
+ "httpd${icfg.httpdName}-config-reload" {
+ wants = [ "httpd${icfg.httpdName}.service" ];
+ wantedBy = [ "multi-user.target" ];
+ restartTriggers = [ (cfgFile icfg.httpdName) ];
+ # commented, because can cause extra delays during activate for this config:
+ # services.nginx.virtualHosts."_".locations."/".proxyPass = "http://blabla:3000";
+ # stopIfChanged = false;
+ serviceConfig.Type = "oneshot";
+ serviceConfig.TimeoutSec = 60;
+ script = ''
+ if ${pkgs.systemd}/bin/systemctl -q is-active httpd${icfg.httpdName}.service ; then
+ ${package icfg.httpdName}/bin/httpd -f /etc/httpd/httpd_${icfg.httpdName}.conf -t && \
+ ${pkgs.systemd}/bin/systemctl reload httpd${icfg.httpdName}.service
+ fi
+ '';
+ serviceConfig.RemainAfterExit = true;
+ }
+ ) cfg.env;
+ in
+ serviceChange // serviceReload;
}