sslServerKey = "/var/lib/acme/${domain}/key.pem";
sslServerChain = "/var/lib/acme/${domain}/fullchain.pem";
};
+ apacheConfig = {
+ gzip = {
+ modules = [ "deflate" "filter" ];
+ extraConfig = ''
+ AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript application/javascript
+ '';
+ };
+ ldap = {
+ modules = [ "ldap" "authnz_ldap" ];
+ extraConfig = assert mylibs.checkEnv "NIXOPS_HTTP_LDAP_PASSWORD"; ''
+ <IfModule ldap_module>
+ LDAPSharedCacheSize 500000
+ LDAPCacheEntries 1024
+ LDAPCacheTTL 600
+ LDAPOpCacheEntries 1024
+ LDAPOpCacheTTL 600
+ </IfModule>
+
+ <Macro LDAPConnect>
+ <IfModule authnz_ldap_module>
+ AuthLDAPURL ldap://ldap.immae.eu:389/dc=immae,dc=eu
+ AuthLDAPBindDN cn=httpd,ou=services,dc=immae,dc=eu
+ AuthLDAPBindPassword "${builtins.getEnv "NIXOPS_HTTP_LDAP_PASSWORD"}"
+ AuthType Basic
+ AuthName "Authentification requise (Acces LDAP)"
+ AuthBasicProvider ldap
+ </IfModule>
+ </Macro>
+ '';
+ };
+ };
in rec {
enable = true;
logPerVirtualHost = true;
multiProcessingModule = "worker";
adminAddr = "httpd@immae.eu";
# FIXME: http2
+ # FIXME: voir les autres modules:
+ # authz_core_module
+ # reqtimeout_module
+ # http2_module
+ # version_module
+ # proxy_connect_module
+ # proxy_ftp_module
+ # proxy_scgi_module
+ # proxy_ajp_module
+ # proxy_balancer_module
+ # proxy_express_module
+ # lbmethod_byrequests_module
+ # lbmethod_bytraffic_module
+ # lbmethod_bybusyness_module
+ # lbmethod_heartbeat_module
+
extraModules = pkgs.lib.lists.unique (
mypkgs.adminer.apache.modules ++
mypkgs.connexionswing_dev.apache.modules ++
mypkgs.connexionswing_prod.apache.modules ++
- [
- "macro"
- "ldap"
- "authnz_ldap"
- ]);
- extraConfig = assert mylibs.checkEnv "NIXOPS_HTTP_LDAP_PASSWORD"; ''
- <IfModule ldap_module>
- LDAPSharedCacheSize 500000
- LDAPCacheEntries 1024
- LDAPCacheTTL 600
- LDAPOpCacheEntries 1024
- LDAPOpCacheTTL 600
- </IfModule>
-
- <Macro LDAPConnect>
- <IfModule authnz_ldap_module>
- AuthLDAPURL ldap://ldap.immae.eu:389/dc=immae,dc=eu
- AuthLDAPBindDN cn=httpd,ou=services,dc=immae,dc=eu
- AuthLDAPBindPassword "${builtins.getEnv "NIXOPS_HTTP_LDAP_PASSWORD"}"
- AuthType Basic
- AuthName "Authentification requise (Acces LDAP)"
- AuthBasicProvider ldap
- </IfModule>
- </Macro>
- '';
+ pkgs.lib.lists.flatten (pkgs.lib.attrsets.mapAttrsToList (n: v: v.modules) apacheConfig) ++
+ [ "macro" ]);
+ extraConfig = builtins.concatStringsSep "\n"
+ (pkgs.lib.attrsets.mapAttrsToList (n: v: v.extraConfig) apacheConfig);
virtualHosts = [
(withSSL "eldiron" // {
listen = [ { ip = "*"; port = 443; } ];