1 files changed, 19 insertions, 49 deletions
diff --git a/modules/websites/httpd-service-builder.nix b/modules/websites/httpd-service-builder.nix
index d049202c..f0208ab5 100644
--- a/modules/websites/httpd-service-builder.nix
+++ b/modules/websites/httpd-service-builder.nix
@@ -11,8 +11,6 @@ let
  httpd = mainCfg.package.out;
-  version24 = !versionOlder httpd.version "2.4";
  httpdConf = mainCfg.configFile;
  php = mainCfg.phpPackage.override { apacheHttpd = httpd.dev; /* otherwise it only gets .out */ };
@@ -26,10 +24,9 @@ let
    else [{ip = "*"; port = 80;}];
  getListen = cfg:
-    let list = (lib.optional (cfg.port != 0) {ip = "*"; port = cfg.port;}) ++ cfg.listen;
+    if cfg.listen == []
-    in if list == []
+      then defaultListen cfg
-        then defaultListen cfg
+      else cfg.listen;
-        else list;
  listenToString = l: "${l.ip}:${toString l.port}";
@@ -110,11 +107,10 @@ let
      "auth_basic" "auth_digest"
      # Authentication: is the user who he claims to be?
-      "authn_file" "authn_dbm" "authn_anon"
+      "authn_file" "authn_dbm" "authn_anon" "authn_core"
-      (if version24 then "authn_core" else "authn_alias")
      # Authorization: is the user allowed access?
-      "authz_user" "authz_groupfile" "authz_host"
+      "authz_user" "authz_groupfile" "authz_host" "authz_core"
      # Other modules.
      "ext_filter" "include" "log_config" "env" "mime_magic"
@@ -122,14 +118,9 @@ let
      "mime" "dav" "status" "autoindex" "asis" "info" "dav_fs"
      "vhost_alias" "negotiation" "dir" "imagemap" "actions" "speling"
      "userdir" "alias" "rewrite" "proxy" "proxy_http"
-    ]
+      "unixd" "cache" "cache_disk" "slotmem_shm" "socache_shmcb"
-    ++ optionals version24 [
      "mpm_${mainCfg.multiProcessingModule}"
-      "authz_core"
-      "unixd"
-      "cache" "cache_disk"
-      "slotmem_shm"
-      "socache_shmcb"
      # For compatibility with old configurations, the new module mod_access_compat is provided.
      "access_compat"
    ]
@@ -138,19 +129,8 @@ let
    ++ extraApacheModules;
-  allDenied = if version24 then ''
+  allDenied = "Require all denied";
-    Require all denied
+  allGranted = "Require all granted";
-  '' else ''
-    Order deny,allow
-    Deny from all
-  '';
-  allGranted = if version24 then ''
-    Require all granted
-  '' else ''
-    Order allow,deny
-    Allow from all
-  '';
  loggingConf = (if mainCfg.logFormat != "none" then ''
@@ -183,9 +163,9 @@ let
  sslConf = ''
-    SSLSessionCache ${if version24 then "shmcb" else "shm"}:${mainCfg.stateDir}/ssl_scache(512000)
+    SSLSessionCache shmcb:${mainCfg.stateDir}/ssl_scache(512000)
-    ${if version24 then "Mutex" else "SSLMutex"} posixsem
+    Mutex posixsem
    SSLRandomSeed startup builtin
    SSLRandomSeed connect builtin
@@ -325,9 +305,7 @@ let
    ServerRoot ${httpd}
-    ${optionalString version24 ''
+    DefaultRuntimeDir ${mainCfg.stateDir}/runtime
-      DefaultRuntimeDir ${mainCfg.stateDir}/runtime
-    ''}
    PidFile ${mainCfg.stateDir}/httpd.pid
@@ -361,7 +339,7 @@ let
          ++ optional enablePerl { name = "perl"; path = "${mod_perl}/modules/mod_perl.so"; }
          ++ concatMap (svc: svc.extraModules) allSubservices
          ++ extraForeignModules;
-      in concatMapStrings load allModules
+      in concatMapStrings load (unique allModules)
    }
    AddHandler type-map var
@@ -393,14 +371,6 @@ let
    # Generate directives for the main server.
    ${perServerConf true mainCfg}
-    # Always enable virtual hosts; it doesn't seem to hurt.
-    ${let
-        listen = concatMap getListen allHosts;
-        uniqueListen = uniqList {inputList = listen;};
-        directives = concatMapStrings (listen: "NameVirtualHost ${listenToString listen}\n") uniqueListen;
-      in optionalString (!version24) directives
-    }
    ${let
        makeVirtualHost = vhost: ''
          <VirtualHost ${concatStringsSep " " (map listenToString (getListen vhost))}>
@@ -663,7 +633,7 @@ in
                     message = "SSL is enabled for httpd, but sslServerCert and/or sslServerKey haven't been specified."; }
                 ];
-    warnings = map (cfg: ''apache-httpd's port option is deprecated. Use listen = [{/*ip = "*"; */ port = ${toString cfg.port};}]; instead'' ) (lib.filter (cfg: cfg.port != 0) allHosts);
+    warnings = map (cfg: "apache-httpd's extraSubservices option is deprecated. Most existing subservices have been ported to the NixOS module system. Please update your configuration accordingly.") (lib.filter (cfg: cfg.extraSubservices != []) allHosts);
    users.users = optionalAttrs (withUsers && mainCfg.user == "wwwrun") (singleton
      { name = "wwwrun";
@@ -686,7 +656,7 @@ in
        ; Don't advertise PHP
        expose_php = off
-      '' + optionalString (!isNull config.time.timeZone) ''
+      '' + optionalString (config.time.timeZone != null) ''
        ; Apparently PHP doesn't use $TZ.
        date.timezone = "${config.time.timeZone}"
@@ -713,10 +683,10 @@ in
          ''
            mkdir -m 0750 -p ${mainCfg.stateDir}
            [ $(id -u) != 0 ] || chown root.${mainCfg.group} ${mainCfg.stateDir}
-            ${optionalString version24 ''
-              mkdir -m 0750 -p "${mainCfg.stateDir}/runtime"
+            mkdir -m 0750 -p "${mainCfg.stateDir}/runtime"
-              [ $(id -u) != 0 ] || chown root.${mainCfg.group} "${mainCfg.stateDir}/runtime"
+            [ $(id -u) != 0 ] || chown root.${mainCfg.group} "${mainCfg.stateDir}/runtime"
-            ''}
            mkdir -m 0700 -p ${mainCfg.logDir}
            # Get rid of old semaphores.  These tend to accumulate across

diff --git a/modules/websites/httpd-service-builder.nix b/modules/websites/httpd-service-builder.nix index d049202c..f0208ab5 100644 --- a/modules/websites/httpd-service-builder.nix +++ b/modules/websites/httpd-service-builder.nix
@@ -11,8 +11,6 @@ let
11		11
12	httpd = mainCfg.package.out;	12	httpd = mainCfg.package.out;
13		13
14	version24 = !versionOlder httpd.version "2.4";
15
16	httpdConf = mainCfg.configFile;	14	httpdConf = mainCfg.configFile;
17		15
18	php = mainCfg.phpPackage.override { apacheHttpd = httpd.dev; /* otherwise it only gets .out */ };	16	php = mainCfg.phpPackage.override { apacheHttpd = httpd.dev; /* otherwise it only gets .out */ };
@@ -26,10 +24,9 @@ let
26	else [{ip = "*"; port = 80;}];	24	else [{ip = "*"; port = 80;}];
27		25
28	getListen = cfg:	26	getListen = cfg:
29	let list = (lib.optional (cfg.port != 0) {ip = "*"; port = cfg.port;}) ++ cfg.listen;	27	if cfg.listen == []
30	in if list == []	28	then defaultListen cfg
31	then defaultListen cfg	29	else cfg.listen;
32	else list;
33		30
34	listenToString = l: "${l.ip}:${toString l.port}";	31	listenToString = l: "${l.ip}:${toString l.port}";
35		32
@@ -110,11 +107,10 @@ let
110	"auth_basic" "auth_digest"	107	"auth_basic" "auth_digest"
111		108
112	# Authentication: is the user who he claims to be?	109	# Authentication: is the user who he claims to be?
113	"authn_file" "authn_dbm" "authn_anon"	110	"authn_file" "authn_dbm" "authn_anon" "authn_core"
114	(if version24 then "authn_core" else "authn_alias")
115		111
116	# Authorization: is the user allowed access?	112	# Authorization: is the user allowed access?
117	"authz_user" "authz_groupfile" "authz_host"	113	"authz_user" "authz_groupfile" "authz_host" "authz_core"
118		114
119	# Other modules.	115	# Other modules.
120	"ext_filter" "include" "log_config" "env" "mime_magic"	116	"ext_filter" "include" "log_config" "env" "mime_magic"
@@ -122,14 +118,9 @@ let
122	"mime" "dav" "status" "autoindex" "asis" "info" "dav_fs"	118	"mime" "dav" "status" "autoindex" "asis" "info" "dav_fs"
123	"vhost_alias" "negotiation" "dir" "imagemap" "actions" "speling"	119	"vhost_alias" "negotiation" "dir" "imagemap" "actions" "speling"
124	"userdir" "alias" "rewrite" "proxy" "proxy_http"	120	"userdir" "alias" "rewrite" "proxy" "proxy_http"
125	]	121	"unixd" "cache" "cache_disk" "slotmem_shm" "socache_shmcb"
126	++ optionals version24 [
127	"mpm_${mainCfg.multiProcessingModule}"	122	"mpm_${mainCfg.multiProcessingModule}"
128	"authz_core"	123
129	"unixd"
130	"cache" "cache_disk"
131	"slotmem_shm"
132	"socache_shmcb"
133	# For compatibility with old configurations, the new module mod_access_compat is provided.	124	# For compatibility with old configurations, the new module mod_access_compat is provided.
134	"access_compat"	125	"access_compat"
135	]	126	]
@@ -138,19 +129,8 @@ let
138	++ extraApacheModules;	129	++ extraApacheModules;
139		130
140		131
141	allDenied = if version24 then ''	132	allDenied = "Require all denied";
142	Require all denied	133	allGranted = "Require all granted";
143	'' else ''
144	Order deny,allow
145	Deny from all
146	'';
147
148	allGranted = if version24 then ''
149	Require all granted
150	'' else ''
151	Order allow,deny
152	Allow from all
153	'';
154		134
155		135
156	loggingConf = (if mainCfg.logFormat != "none" then ''	136	loggingConf = (if mainCfg.logFormat != "none" then ''
@@ -183,9 +163,9 @@ let
183		163
184		164
185	sslConf = ''	165	sslConf = ''
186	SSLSessionCache ${if version24 then "shmcb" else "shm"}:${mainCfg.stateDir}/ssl_scache(512000)	166	SSLSessionCache shmcb:${mainCfg.stateDir}/ssl_scache(512000)
187		167
188	${if version24 then "Mutex" else "SSLMutex"} posixsem	168	Mutex posixsem
189		169
190	SSLRandomSeed startup builtin	170	SSLRandomSeed startup builtin
191	SSLRandomSeed connect builtin	171	SSLRandomSeed connect builtin
@@ -325,9 +305,7 @@ let
325		305
326	ServerRoot ${httpd}	306	ServerRoot ${httpd}
327		307
328	${optionalString version24 ''	308	DefaultRuntimeDir ${mainCfg.stateDir}/runtime
329	DefaultRuntimeDir ${mainCfg.stateDir}/runtime
330	''}
331		309
332	PidFile ${mainCfg.stateDir}/httpd.pid	310	PidFile ${mainCfg.stateDir}/httpd.pid
333		311
@@ -361,7 +339,7 @@ let
361	++ optional enablePerl { name = "perl"; path = "${mod_perl}/modules/mod_perl.so"; }	339	++ optional enablePerl { name = "perl"; path = "${mod_perl}/modules/mod_perl.so"; }
362	++ concatMap (svc: svc.extraModules) allSubservices	340	++ concatMap (svc: svc.extraModules) allSubservices
363	++ extraForeignModules;	341	++ extraForeignModules;
364	in concatMapStrings load allModules	342	in concatMapStrings load (unique allModules)
365	}	343	}
366		344
367	AddHandler type-map var	345	AddHandler type-map var
@@ -393,14 +371,6 @@ let
393	# Generate directives for the main server.	371	# Generate directives for the main server.
394	${perServerConf true mainCfg}	372	${perServerConf true mainCfg}
395		373
396	# Always enable virtual hosts; it doesn't seem to hurt.
397	${let
398	listen = concatMap getListen allHosts;
399	uniqueListen = uniqList {inputList = listen;};
400	directives = concatMapStrings (listen: "NameVirtualHost ${listenToString listen}\n") uniqueListen;
401	in optionalString (!version24) directives
402	}
403
404	${let	374	${let
405	makeVirtualHost = vhost: ''	375	makeVirtualHost = vhost: ''
406	<VirtualHost ${concatStringsSep " " (map listenToString (getListen vhost))}>	376	<VirtualHost ${concatStringsSep " " (map listenToString (getListen vhost))}>
@@ -663,7 +633,7 @@ in
663	message = "SSL is enabled for httpd, but sslServerCert and/or sslServerKey haven't been specified."; }	633	message = "SSL is enabled for httpd, but sslServerCert and/or sslServerKey haven't been specified."; }
664	];	634	];
665		635
666	warnings = map (cfg: ''apache-httpd's port option is deprecated. Use listen = [{/ip = ""; */ port = ${toString cfg.port};}]; instead'' ) (lib.filter (cfg: cfg.port != 0) allHosts);	636	warnings = map (cfg: "apache-httpd's extraSubservices option is deprecated. Most existing subservices have been ported to the NixOS module system. Please update your configuration accordingly.") (lib.filter (cfg: cfg.extraSubservices != []) allHosts);
667		637
668	users.users = optionalAttrs (withUsers && mainCfg.user == "wwwrun") (singleton	638	users.users = optionalAttrs (withUsers && mainCfg.user == "wwwrun") (singleton
669	{ name = "wwwrun";	639	{ name = "wwwrun";
@@ -686,7 +656,7 @@ in
686		656
687	; Don't advertise PHP	657	; Don't advertise PHP
688	expose_php = off	658	expose_php = off
689	'' + optionalString (!isNull config.time.timeZone) ''	659	'' + optionalString (config.time.timeZone != null) ''
690		660
691	; Apparently PHP doesn't use $TZ.	661	; Apparently PHP doesn't use $TZ.
692	date.timezone = "${config.time.timeZone}"	662	date.timezone = "${config.time.timeZone}"
@@ -713,10 +683,10 @@ in
713	''	683	''
714	mkdir -m 0750 -p ${mainCfg.stateDir}	684	mkdir -m 0750 -p ${mainCfg.stateDir}
715	[ $(id -u) != 0 ] \|\| chown root.${mainCfg.group} ${mainCfg.stateDir}	685	[ $(id -u) != 0 ] \|\| chown root.${mainCfg.group} ${mainCfg.stateDir}
716	${optionalString version24 ''	686
717	mkdir -m 0750 -p "${mainCfg.stateDir}/runtime"	687	mkdir -m 0750 -p "${mainCfg.stateDir}/runtime"
718	[ $(id -u) != 0 ] \|\| chown root.${mainCfg.group} "${mainCfg.stateDir}/runtime"	688	[ $(id -u) != 0 ] \|\| chown root.${mainCfg.group} "${mainCfg.stateDir}/runtime"
719	''}	689
720	mkdir -m 0700 -p ${mainCfg.logDir}	690	mkdir -m 0700 -p ${mainCfg.logDir}
721		691
722	# Get rid of old semaphores. These tend to accumulate across	692	# Get rid of old semaphores. These tend to accumulate across