X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=modules%2Fwebsites%2Fhttpd-service-builder.nix;fp=modules%2Fwebsites%2Fhttpd-service-builder.nix;h=f0208ab5310bbc59feb5fd7ffd0dfacffbed07f2;hb=72300eb8116c960935a462564d96db6fac355bca;hp=d049202c1d59c5c9e8b496240cd38f4cb7b83122;hpb=22e09a87fb538a0eaf81837750b0948f26f79cf1;p=perso%2FImmae%2FConfig%2FNix%2FNUR.git diff --git a/modules/websites/httpd-service-builder.nix b/modules/websites/httpd-service-builder.nix index d049202c..f0208ab5 100644 --- a/modules/websites/httpd-service-builder.nix +++ b/modules/websites/httpd-service-builder.nix @@ -11,8 +11,6 @@ let httpd = mainCfg.package.out; - version24 = !versionOlder httpd.version "2.4"; - httpdConf = mainCfg.configFile; php = mainCfg.phpPackage.override { apacheHttpd = httpd.dev; /* otherwise it only gets .out */ }; @@ -26,10 +24,9 @@ let else [{ip = "*"; port = 80;}]; getListen = cfg: - let list = (lib.optional (cfg.port != 0) {ip = "*"; port = cfg.port;}) ++ cfg.listen; - in if list == [] - then defaultListen cfg - else list; + if cfg.listen == [] + then defaultListen cfg + else cfg.listen; listenToString = l: "${l.ip}:${toString l.port}"; @@ -110,11 +107,10 @@ let "auth_basic" "auth_digest" # Authentication: is the user who he claims to be? - "authn_file" "authn_dbm" "authn_anon" - (if version24 then "authn_core" else "authn_alias") + "authn_file" "authn_dbm" "authn_anon" "authn_core" # Authorization: is the user allowed access? - "authz_user" "authz_groupfile" "authz_host" + "authz_user" "authz_groupfile" "authz_host" "authz_core" # Other modules. "ext_filter" "include" "log_config" "env" "mime_magic" @@ -122,14 +118,9 @@ let "mime" "dav" "status" "autoindex" "asis" "info" "dav_fs" "vhost_alias" "negotiation" "dir" "imagemap" "actions" "speling" "userdir" "alias" "rewrite" "proxy" "proxy_http" - ] - ++ optionals version24 [ + "unixd" "cache" "cache_disk" "slotmem_shm" "socache_shmcb" "mpm_${mainCfg.multiProcessingModule}" - "authz_core" - "unixd" - "cache" "cache_disk" - "slotmem_shm" - "socache_shmcb" + # For compatibility with old configurations, the new module mod_access_compat is provided. "access_compat" ] @@ -138,19 +129,8 @@ let ++ extraApacheModules; - allDenied = if version24 then '' - Require all denied - '' else '' - Order deny,allow - Deny from all - ''; - - allGranted = if version24 then '' - Require all granted - '' else '' - Order allow,deny - Allow from all - ''; + allDenied = "Require all denied"; + allGranted = "Require all granted"; loggingConf = (if mainCfg.logFormat != "none" then '' @@ -183,9 +163,9 @@ let sslConf = '' - SSLSessionCache ${if version24 then "shmcb" else "shm"}:${mainCfg.stateDir}/ssl_scache(512000) + SSLSessionCache shmcb:${mainCfg.stateDir}/ssl_scache(512000) - ${if version24 then "Mutex" else "SSLMutex"} posixsem + Mutex posixsem SSLRandomSeed startup builtin SSLRandomSeed connect builtin @@ -325,9 +305,7 @@ let ServerRoot ${httpd} - ${optionalString version24 '' - DefaultRuntimeDir ${mainCfg.stateDir}/runtime - ''} + DefaultRuntimeDir ${mainCfg.stateDir}/runtime PidFile ${mainCfg.stateDir}/httpd.pid @@ -361,7 +339,7 @@ let ++ optional enablePerl { name = "perl"; path = "${mod_perl}/modules/mod_perl.so"; } ++ concatMap (svc: svc.extraModules) allSubservices ++ extraForeignModules; - in concatMapStrings load allModules + in concatMapStrings load (unique allModules) } AddHandler type-map var @@ -393,14 +371,6 @@ let # Generate directives for the main server. ${perServerConf true mainCfg} - # Always enable virtual hosts; it doesn't seem to hurt. - ${let - listen = concatMap getListen allHosts; - uniqueListen = uniqList {inputList = listen;}; - directives = concatMapStrings (listen: "NameVirtualHost ${listenToString listen}\n") uniqueListen; - in optionalString (!version24) directives - } - ${let makeVirtualHost = vhost: '' @@ -663,7 +633,7 @@ in message = "SSL is enabled for httpd, but sslServerCert and/or sslServerKey haven't been specified."; } ]; - warnings = map (cfg: ''apache-httpd's port option is deprecated. Use listen = [{/*ip = "*"; */ port = ${toString cfg.port};}]; instead'' ) (lib.filter (cfg: cfg.port != 0) allHosts); + warnings = map (cfg: "apache-httpd's extraSubservices option is deprecated. Most existing subservices have been ported to the NixOS module system. Please update your configuration accordingly.") (lib.filter (cfg: cfg.extraSubservices != []) allHosts); users.users = optionalAttrs (withUsers && mainCfg.user == "wwwrun") (singleton { name = "wwwrun"; @@ -686,7 +656,7 @@ in ; Don't advertise PHP expose_php = off - '' + optionalString (!isNull config.time.timeZone) '' + '' + optionalString (config.time.timeZone != null) '' ; Apparently PHP doesn't use $TZ. date.timezone = "${config.time.timeZone}" @@ -713,10 +683,10 @@ in '' mkdir -m 0750 -p ${mainCfg.stateDir} [ $(id -u) != 0 ] || chown root.${mainCfg.group} ${mainCfg.stateDir} - ${optionalString version24 '' - mkdir -m 0750 -p "${mainCfg.stateDir}/runtime" - [ $(id -u) != 0 ] || chown root.${mainCfg.group} "${mainCfg.stateDir}/runtime" - ''} + + mkdir -m 0750 -p "${mainCfg.stateDir}/runtime" + [ $(id -u) != 0 ] || chown root.${mainCfg.group} "${mainCfg.stateDir}/runtime" + mkdir -m 0700 -p ${mainCfg.logDir} # Get rid of old semaphores. These tend to accumulate across