diff options
author | Ismaël Bouya <ismael.bouya@normalesup.org> | 2020-03-25 11:57:48 +0100 |
---|---|---|
committer | Ismaël Bouya <ismael.bouya@normalesup.org> | 2020-04-25 00:04:53 +0200 |
commit | 72300eb8116c960935a462564d96db6fac355bca (patch) | |
tree | da182278dc7b1a39c287cc701cff73df2b44fc52 /modules/websites/httpd-service-builder.nix | |
parent | 22e09a87fb538a0eaf81837750b0948f26f79cf1 (diff) | |
download | NUR-72300eb8116c960935a462564d96db6fac355bca.tar.gz NUR-72300eb8116c960935a462564d96db6fac355bca.tar.zst NUR-72300eb8116c960935a462564d96db6fac355bca.zip |
Upgrade nixos
Diffstat (limited to 'modules/websites/httpd-service-builder.nix')
-rw-r--r-- | modules/websites/httpd-service-builder.nix | 68 |
1 files changed, 19 insertions, 49 deletions
diff --git a/modules/websites/httpd-service-builder.nix b/modules/websites/httpd-service-builder.nix index d049202c..f0208ab5 100644 --- a/modules/websites/httpd-service-builder.nix +++ b/modules/websites/httpd-service-builder.nix | |||
@@ -11,8 +11,6 @@ let | |||
11 | 11 | ||
12 | httpd = mainCfg.package.out; | 12 | httpd = mainCfg.package.out; |
13 | 13 | ||
14 | version24 = !versionOlder httpd.version "2.4"; | ||
15 | |||
16 | httpdConf = mainCfg.configFile; | 14 | httpdConf = mainCfg.configFile; |
17 | 15 | ||
18 | php = mainCfg.phpPackage.override { apacheHttpd = httpd.dev; /* otherwise it only gets .out */ }; | 16 | php = mainCfg.phpPackage.override { apacheHttpd = httpd.dev; /* otherwise it only gets .out */ }; |
@@ -26,10 +24,9 @@ let | |||
26 | else [{ip = "*"; port = 80;}]; | 24 | else [{ip = "*"; port = 80;}]; |
27 | 25 | ||
28 | getListen = cfg: | 26 | getListen = cfg: |
29 | let list = (lib.optional (cfg.port != 0) {ip = "*"; port = cfg.port;}) ++ cfg.listen; | 27 | if cfg.listen == [] |
30 | in if list == [] | 28 | then defaultListen cfg |
31 | then defaultListen cfg | 29 | else cfg.listen; |
32 | else list; | ||
33 | 30 | ||
34 | listenToString = l: "${l.ip}:${toString l.port}"; | 31 | listenToString = l: "${l.ip}:${toString l.port}"; |
35 | 32 | ||
@@ -110,11 +107,10 @@ let | |||
110 | "auth_basic" "auth_digest" | 107 | "auth_basic" "auth_digest" |
111 | 108 | ||
112 | # Authentication: is the user who he claims to be? | 109 | # Authentication: is the user who he claims to be? |
113 | "authn_file" "authn_dbm" "authn_anon" | 110 | "authn_file" "authn_dbm" "authn_anon" "authn_core" |
114 | (if version24 then "authn_core" else "authn_alias") | ||
115 | 111 | ||
116 | # Authorization: is the user allowed access? | 112 | # Authorization: is the user allowed access? |
117 | "authz_user" "authz_groupfile" "authz_host" | 113 | "authz_user" "authz_groupfile" "authz_host" "authz_core" |
118 | 114 | ||
119 | # Other modules. | 115 | # Other modules. |
120 | "ext_filter" "include" "log_config" "env" "mime_magic" | 116 | "ext_filter" "include" "log_config" "env" "mime_magic" |
@@ -122,14 +118,9 @@ let | |||
122 | "mime" "dav" "status" "autoindex" "asis" "info" "dav_fs" | 118 | "mime" "dav" "status" "autoindex" "asis" "info" "dav_fs" |
123 | "vhost_alias" "negotiation" "dir" "imagemap" "actions" "speling" | 119 | "vhost_alias" "negotiation" "dir" "imagemap" "actions" "speling" |
124 | "userdir" "alias" "rewrite" "proxy" "proxy_http" | 120 | "userdir" "alias" "rewrite" "proxy" "proxy_http" |
125 | ] | 121 | "unixd" "cache" "cache_disk" "slotmem_shm" "socache_shmcb" |
126 | ++ optionals version24 [ | ||
127 | "mpm_${mainCfg.multiProcessingModule}" | 122 | "mpm_${mainCfg.multiProcessingModule}" |
128 | "authz_core" | 123 | |
129 | "unixd" | ||
130 | "cache" "cache_disk" | ||
131 | "slotmem_shm" | ||
132 | "socache_shmcb" | ||
133 | # For compatibility with old configurations, the new module mod_access_compat is provided. | 124 | # For compatibility with old configurations, the new module mod_access_compat is provided. |
134 | "access_compat" | 125 | "access_compat" |
135 | ] | 126 | ] |
@@ -138,19 +129,8 @@ let | |||
138 | ++ extraApacheModules; | 129 | ++ extraApacheModules; |
139 | 130 | ||
140 | 131 | ||
141 | allDenied = if version24 then '' | 132 | allDenied = "Require all denied"; |
142 | Require all denied | 133 | allGranted = "Require all granted"; |
143 | '' else '' | ||
144 | Order deny,allow | ||
145 | Deny from all | ||
146 | ''; | ||
147 | |||
148 | allGranted = if version24 then '' | ||
149 | Require all granted | ||
150 | '' else '' | ||
151 | Order allow,deny | ||
152 | Allow from all | ||
153 | ''; | ||
154 | 134 | ||
155 | 135 | ||
156 | loggingConf = (if mainCfg.logFormat != "none" then '' | 136 | loggingConf = (if mainCfg.logFormat != "none" then '' |
@@ -183,9 +163,9 @@ let | |||
183 | 163 | ||
184 | 164 | ||
185 | sslConf = '' | 165 | sslConf = '' |
186 | SSLSessionCache ${if version24 then "shmcb" else "shm"}:${mainCfg.stateDir}/ssl_scache(512000) | 166 | SSLSessionCache shmcb:${mainCfg.stateDir}/ssl_scache(512000) |
187 | 167 | ||
188 | ${if version24 then "Mutex" else "SSLMutex"} posixsem | 168 | Mutex posixsem |
189 | 169 | ||
190 | SSLRandomSeed startup builtin | 170 | SSLRandomSeed startup builtin |
191 | SSLRandomSeed connect builtin | 171 | SSLRandomSeed connect builtin |
@@ -325,9 +305,7 @@ let | |||
325 | 305 | ||
326 | ServerRoot ${httpd} | 306 | ServerRoot ${httpd} |
327 | 307 | ||
328 | ${optionalString version24 '' | 308 | DefaultRuntimeDir ${mainCfg.stateDir}/runtime |
329 | DefaultRuntimeDir ${mainCfg.stateDir}/runtime | ||
330 | ''} | ||
331 | 309 | ||
332 | PidFile ${mainCfg.stateDir}/httpd.pid | 310 | PidFile ${mainCfg.stateDir}/httpd.pid |
333 | 311 | ||
@@ -361,7 +339,7 @@ let | |||
361 | ++ optional enablePerl { name = "perl"; path = "${mod_perl}/modules/mod_perl.so"; } | 339 | ++ optional enablePerl { name = "perl"; path = "${mod_perl}/modules/mod_perl.so"; } |
362 | ++ concatMap (svc: svc.extraModules) allSubservices | 340 | ++ concatMap (svc: svc.extraModules) allSubservices |
363 | ++ extraForeignModules; | 341 | ++ extraForeignModules; |
364 | in concatMapStrings load allModules | 342 | in concatMapStrings load (unique allModules) |
365 | } | 343 | } |
366 | 344 | ||
367 | AddHandler type-map var | 345 | AddHandler type-map var |
@@ -393,14 +371,6 @@ let | |||
393 | # Generate directives for the main server. | 371 | # Generate directives for the main server. |
394 | ${perServerConf true mainCfg} | 372 | ${perServerConf true mainCfg} |
395 | 373 | ||
396 | # Always enable virtual hosts; it doesn't seem to hurt. | ||
397 | ${let | ||
398 | listen = concatMap getListen allHosts; | ||
399 | uniqueListen = uniqList {inputList = listen;}; | ||
400 | directives = concatMapStrings (listen: "NameVirtualHost ${listenToString listen}\n") uniqueListen; | ||
401 | in optionalString (!version24) directives | ||
402 | } | ||
403 | |||
404 | ${let | 374 | ${let |
405 | makeVirtualHost = vhost: '' | 375 | makeVirtualHost = vhost: '' |
406 | <VirtualHost ${concatStringsSep " " (map listenToString (getListen vhost))}> | 376 | <VirtualHost ${concatStringsSep " " (map listenToString (getListen vhost))}> |
@@ -663,7 +633,7 @@ in | |||
663 | message = "SSL is enabled for httpd, but sslServerCert and/or sslServerKey haven't been specified."; } | 633 | message = "SSL is enabled for httpd, but sslServerCert and/or sslServerKey haven't been specified."; } |
664 | ]; | 634 | ]; |
665 | 635 | ||
666 | warnings = map (cfg: ''apache-httpd's port option is deprecated. Use listen = [{/*ip = "*"; */ port = ${toString cfg.port};}]; instead'' ) (lib.filter (cfg: cfg.port != 0) allHosts); | 636 | warnings = map (cfg: "apache-httpd's extraSubservices option is deprecated. Most existing subservices have been ported to the NixOS module system. Please update your configuration accordingly.") (lib.filter (cfg: cfg.extraSubservices != []) allHosts); |
667 | 637 | ||
668 | users.users = optionalAttrs (withUsers && mainCfg.user == "wwwrun") (singleton | 638 | users.users = optionalAttrs (withUsers && mainCfg.user == "wwwrun") (singleton |
669 | { name = "wwwrun"; | 639 | { name = "wwwrun"; |
@@ -686,7 +656,7 @@ in | |||
686 | 656 | ||
687 | ; Don't advertise PHP | 657 | ; Don't advertise PHP |
688 | expose_php = off | 658 | expose_php = off |
689 | '' + optionalString (!isNull config.time.timeZone) '' | 659 | '' + optionalString (config.time.timeZone != null) '' |
690 | 660 | ||
691 | ; Apparently PHP doesn't use $TZ. | 661 | ; Apparently PHP doesn't use $TZ. |
692 | date.timezone = "${config.time.timeZone}" | 662 | date.timezone = "${config.time.timeZone}" |
@@ -713,10 +683,10 @@ in | |||
713 | '' | 683 | '' |
714 | mkdir -m 0750 -p ${mainCfg.stateDir} | 684 | mkdir -m 0750 -p ${mainCfg.stateDir} |
715 | [ $(id -u) != 0 ] || chown root.${mainCfg.group} ${mainCfg.stateDir} | 685 | [ $(id -u) != 0 ] || chown root.${mainCfg.group} ${mainCfg.stateDir} |
716 | ${optionalString version24 '' | 686 | |
717 | mkdir -m 0750 -p "${mainCfg.stateDir}/runtime" | 687 | mkdir -m 0750 -p "${mainCfg.stateDir}/runtime" |
718 | [ $(id -u) != 0 ] || chown root.${mainCfg.group} "${mainCfg.stateDir}/runtime" | 688 | [ $(id -u) != 0 ] || chown root.${mainCfg.group} "${mainCfg.stateDir}/runtime" |
719 | ''} | 689 | |
720 | mkdir -m 0700 -p ${mainCfg.logDir} | 690 | mkdir -m 0700 -p ${mainCfg.logDir} |
721 | 691 | ||
722 | # Get rid of old semaphores. These tend to accumulate across | 692 | # Get rid of old semaphores. These tend to accumulate across |