summaryrefslogtreecommitdiff
path: root/modules
diff options
context:
space:
mode:
Diffstat (limited to 'modules')
-rw-r--r--modules/naemon/default.nix18
-rw-r--r--modules/opendmarc.nix14
-rw-r--r--modules/webapps/diaspora.nix28
-rw-r--r--modules/webapps/mastodon.nix26
-rw-r--r--modules/webapps/mediagoblin.nix26
-rw-r--r--modules/webapps/peertube.nix26
-rw-r--r--modules/websites/httpd-service-builder.nix2
-rw-r--r--modules/websites/location-options.nix54
-rw-r--r--modules/websites/vhost-options.nix275
9 files changed, 75 insertions, 394 deletions
diff --git a/modules/naemon/default.nix b/modules/naemon/default.nix
index 38e99a9c..976de693 100644
--- a/modules/naemon/default.nix
+++ b/modules/naemon/default.nix
@@ -137,18 +137,18 @@ in
137 } 137 }
138 ]; 138 ];
139 139
140 users.users = optionalAttrs (cfg.user == "naemon") (singleton 140 users.users = optionalAttrs (cfg.user == "naemon") {
141 { 141 naemon = {
142 name = "naemon";
143 group = cfg.group; 142 group = cfg.group;
144 uid = config.ids.uids.nagios; 143 uid = config.ids.uids.nagios;
145 extraGroups = [ "keys" ]; 144 extraGroups = [ "keys" ];
146 }); 145 };
147 users.groups = optionalAttrs (cfg.user == "naemon") (singleton 146 };
148 { 147 users.groups = optionalAttrs (cfg.user == "naemon") {
149 name = "naemon"; 148 naemon = {
150 gid = config.ids.gids.nagios; 149 gid = config.ids.gids.nagios;
151 }); 150 };
151 };
152 152
153 services.filesWatcher.naemon = { 153 services.filesWatcher.naemon = {
154 paths = [ config.secrets.fullPaths."naemon/resources.cfg" ]; 154 paths = [ config.secrets.fullPaths."naemon/resources.cfg" ];
diff --git a/modules/opendmarc.nix b/modules/opendmarc.nix
index e18ec82a..6137d100 100644
--- a/modules/opendmarc.nix
+++ b/modules/opendmarc.nix
@@ -59,16 +59,18 @@ in {
59 59
60 config = mkIf cfg.enable { 60 config = mkIf cfg.enable {
61 61
62 users.users = optionalAttrs (cfg.user == "opendmarc") (singleton 62 users.users = optionalAttrs (cfg.user == "opendmarc") {
63 { name = "opendmarc"; 63 opendmarc = {
64 group = cfg.group; 64 group = cfg.group;
65 uid = config.ids.uids.opendmarc; 65 uid = config.ids.uids.opendmarc;
66 }); 66 };
67 };
67 68
68 users.groups = optionalAttrs (cfg.group == "opendmarc") (singleton 69 users.groups = optionalAttrs (cfg.group == "opendmarc") {
69 { name = "opendmarc"; 70 opendmarc = {
70 gid = config.ids.gids.opendmarc; 71 gid = config.ids.gids.opendmarc;
71 }); 72 };
73 };
72 74
73 environment.systemPackages = [ pkgs.opendmarc ]; 75 environment.systemPackages = [ pkgs.opendmarc ];
74 76
diff --git a/modules/webapps/diaspora.nix b/modules/webapps/diaspora.nix
index 65599b73..d9e9989f 100644
--- a/modules/webapps/diaspora.nix
+++ b/modules/webapps/diaspora.nix
@@ -108,19 +108,21 @@ in
108 }; 108 };
109 109
110 config = lib.mkIf cfg.enable { 110 config = lib.mkIf cfg.enable {
111 users.users = lib.optionalAttrs (cfg.user == name) (lib.singleton { 111 users.users = lib.optionalAttrs (cfg.user == name) {
112 inherit name; 112 "${name}" = {
113 inherit uid; 113 inherit uid;
114 group = cfg.group; 114 group = cfg.group;
115 description = "Diaspora user"; 115 description = "Diaspora user";
116 home = cfg.dataDir; 116 home = cfg.dataDir;
117 packages = [ cfg.workdir.gems pkgs.nodejs cfg.workdir.gems.ruby ]; 117 packages = [ cfg.workdir.gems pkgs.nodejs cfg.workdir.gems.ruby ];
118 useDefaultShell = true; 118 useDefaultShell = true;
119 }); 119 };
120 users.groups = lib.optionalAttrs (cfg.group == name) (lib.singleton { 120 };
121 inherit name; 121 users.groups = lib.optionalAttrs (cfg.group == name) {
122 inherit gid; 122 "${name}" = {
123 }); 123 inherit gid;
124 };
125 };
124 126
125 systemd.services.diaspora = { 127 systemd.services.diaspora = {
126 description = "Diaspora"; 128 description = "Diaspora";
diff --git a/modules/webapps/mastodon.nix b/modules/webapps/mastodon.nix
index 68531cf3..cd550c0e 100644
--- a/modules/webapps/mastodon.nix
+++ b/modules/webapps/mastodon.nix
@@ -96,18 +96,20 @@ in
96 }; 96 };
97 97
98 config = lib.mkIf cfg.enable { 98 config = lib.mkIf cfg.enable {
99 users.users = lib.optionalAttrs (cfg.user == name) (lib.singleton { 99 users.users = lib.optionalAttrs (cfg.user == name) {
100 inherit name; 100 "${name}" = {
101 inherit uid; 101 inherit uid;
102 group = cfg.group; 102 group = cfg.group;
103 description = "Mastodon user"; 103 description = "Mastodon user";
104 home = cfg.dataDir; 104 home = cfg.dataDir;
105 useDefaultShell = true; 105 useDefaultShell = true;
106 }); 106 };
107 users.groups = lib.optionalAttrs (cfg.group == name) (lib.singleton { 107 };
108 inherit name; 108 users.groups = lib.optionalAttrs (cfg.group == name) {
109 inherit gid; 109 "${name}" = {
110 }); 110 inherit gid;
111 };
112 };
111 113
112 systemd.services.mastodon-streaming = { 114 systemd.services.mastodon-streaming = {
113 description = "Mastodon Streaming"; 115 description = "Mastodon Streaming";
diff --git a/modules/webapps/mediagoblin.nix b/modules/webapps/mediagoblin.nix
index 78bbef6f..dbc4c2b1 100644
--- a/modules/webapps/mediagoblin.nix
+++ b/modules/webapps/mediagoblin.nix
@@ -151,18 +151,20 @@ in
151 }; 151 };
152 152
153 config = lib.mkIf cfg.enable { 153 config = lib.mkIf cfg.enable {
154 users.users = lib.optionalAttrs (cfg.user == name) (lib.singleton { 154 users.users = lib.optionalAttrs (cfg.user == name) {
155 inherit name; 155 "${name}" = {
156 inherit uid; 156 inherit uid;
157 group = cfg.group; 157 group = cfg.group;
158 description = "Mediagoblin user"; 158 description = "Mediagoblin user";
159 home = cfg.dataDir; 159 home = cfg.dataDir;
160 useDefaultShell = true; 160 useDefaultShell = true;
161 }); 161 };
162 users.groups = lib.optionalAttrs (cfg.group == name) (lib.singleton { 162 };
163 inherit name; 163 users.groups = lib.optionalAttrs (cfg.group == name) {
164 inherit gid; 164 "${name}" = {
165 }); 165 inherit gid;
166 };
167 };
166 168
167 systemd.services.mediagoblin-web = { 169 systemd.services.mediagoblin-web = {
168 description = "Mediagoblin service"; 170 description = "Mediagoblin service";
diff --git a/modules/webapps/peertube.nix b/modules/webapps/peertube.nix
index 89dcc67a..281ff8bc 100644
--- a/modules/webapps/peertube.nix
+++ b/modules/webapps/peertube.nix
@@ -53,18 +53,20 @@ in
53 }; 53 };
54 54
55 config = lib.mkIf cfg.enable { 55 config = lib.mkIf cfg.enable {
56 users.users = lib.optionalAttrs (cfg.user == name) (lib.singleton { 56 users.users = lib.optionalAttrs (cfg.user == name) {
57 inherit name; 57 "${name}" = {
58 inherit uid; 58 inherit uid;
59 group = cfg.group; 59 group = cfg.group;
60 description = "Peertube user"; 60 description = "Peertube user";
61 home = cfg.dataDir; 61 home = cfg.dataDir;
62 useDefaultShell = true; 62 useDefaultShell = true;
63 }); 63 };
64 users.groups = lib.optionalAttrs (cfg.group == name) (lib.singleton { 64 };
65 inherit name; 65 users.groups = lib.optionalAttrs (cfg.group == name) {
66 inherit gid; 66 "${name}" = {
67 }); 67 inherit gid;
68 };
69 };
68 70
69 systemd.services.peertube = { 71 systemd.services.peertube = {
70 description = "Peertube"; 72 description = "Peertube";
diff --git a/modules/websites/httpd-service-builder.nix b/modules/websites/httpd-service-builder.nix
index ec79a90c..c5f72f96 100644
--- a/modules/websites/httpd-service-builder.nix
+++ b/modules/websites/httpd-service-builder.nix
@@ -470,7 +470,7 @@ in
470 }; 470 };
471 471
472 virtualHosts = mkOption { 472 virtualHosts = mkOption {
473 type = with types; attrsOf (submodule (import ./vhost-options.nix)); 473 type = with types; attrsOf (submodule (import <nixpkgs/nixos/modules/services/web-servers/apache-httpd/vhost-options.nix>));
474 default = { 474 default = {
475 localhost = { 475 localhost = {
476 documentRoot = "${pkg}/htdocs"; 476 documentRoot = "${pkg}/htdocs";
diff --git a/modules/websites/location-options.nix b/modules/websites/location-options.nix
deleted file mode 100644
index 8ea88f94..00000000
--- a/modules/websites/location-options.nix
+++ /dev/null
@@ -1,54 +0,0 @@
1{ config, lib, name, ... }:
2let
3 inherit (lib) mkOption types;
4in
5{
6 options = {
7
8 proxyPass = mkOption {
9 type = with types; nullOr str;
10 default = null;
11 example = "http://www.example.org/";
12 description = ''
13 Sets up a simple reverse proxy as described by <link xlink:href="https://httpd.apache.org/docs/2.4/howto/reverse_proxy.html#simple" />.
14 '';
15 };
16
17 index = mkOption {
18 type = with types; nullOr str;
19 default = null;
20 example = "index.php index.html";
21 description = ''
22 Adds DirectoryIndex directive. See <link xlink:href="https://httpd.apache.org/docs/2.4/mod/mod_dir.html#directoryindex" />.
23 '';
24 };
25
26 alias = mkOption {
27 type = with types; nullOr path;
28 default = null;
29 example = "/your/alias/directory";
30 description = ''
31 Alias directory for requests. See <link xlink:href="https://httpd.apache.org/docs/2.4/mod/mod_alias.html#alias" />.
32 '';
33 };
34
35 extraConfig = mkOption {
36 type = types.lines;
37 default = "";
38 description = ''
39 These lines go to the end of the location verbatim.
40 '';
41 };
42
43 priority = mkOption {
44 type = types.int;
45 default = 1000;
46 description = ''
47 Order of this location block in relation to the others in the vhost.
48 The semantics are the same as with `lib.mkOrder`. Smaller values have
49 a greater priority.
50 '';
51 };
52
53 };
54}
diff --git a/modules/websites/vhost-options.nix b/modules/websites/vhost-options.nix
deleted file mode 100644
index 263980ad..00000000
--- a/modules/websites/vhost-options.nix
+++ /dev/null
@@ -1,275 +0,0 @@
1{ config, lib, name, ... }:
2let
3 inherit (lib) literalExample mkOption nameValuePair types;
4in
5{
6 options = {
7
8 hostName = mkOption {
9 type = types.str;
10 default = name;
11 description = "Canonical hostname for the server.";
12 };
13
14 serverAliases = mkOption {
15 type = types.listOf types.str;
16 default = [];
17 example = ["www.example.org" "www.example.org:8080" "example.org"];
18 description = ''
19 Additional names of virtual hosts served by this virtual host configuration.
20 '';
21 };
22
23 listen = mkOption {
24 type = with types; listOf (submodule ({
25 options = {
26 port = mkOption {
27 type = types.port;
28 description = "Port to listen on";
29 };
30 ip = mkOption {
31 type = types.str;
32 default = "*";
33 description = "IP to listen on. 0.0.0.0 for IPv4 only, * for all.";
34 };
35 ssl = mkOption {
36 type = types.bool;
37 default = false;
38 description = "Whether to enable SSL (https) support.";
39 };
40 };
41 }));
42 default = [];
43 example = [
44 { ip = "195.154.1.1"; port = 443; ssl = true;}
45 { ip = "192.154.1.1"; port = 80; }
46 { ip = "*"; port = 8080; }
47 ];
48 description = ''
49 Listen addresses and ports for this virtual host.
50 <note><para>
51 This option overrides <literal>addSSL</literal>, <literal>forceSSL</literal> and <literal>onlySSL</literal>.
52 </para></note>
53 '';
54 };
55
56 enableSSL = mkOption {
57 type = types.bool;
58 visible = false;
59 default = false;
60 };
61
62 addSSL = mkOption {
63 type = types.bool;
64 default = false;
65 description = ''
66 Whether to enable HTTPS in addition to plain HTTP. This will set defaults for
67 <literal>listen</literal> to listen on all interfaces on the respective default
68 ports (80, 443).
69 '';
70 };
71
72 onlySSL = mkOption {
73 type = types.bool;
74 default = false;
75 description = ''
76 Whether to enable HTTPS and reject plain HTTP connections. This will set
77 defaults for <literal>listen</literal> to listen on all interfaces on port 443.
78 '';
79 };
80
81 forceSSL = mkOption {
82 type = types.bool;
83 default = false;
84 description = ''
85 Whether to add a separate nginx server block that permanently redirects (301)
86 all plain HTTP traffic to HTTPS. This will set defaults for
87 <literal>listen</literal> to listen on all interfaces on the respective default
88 ports (80, 443), where the non-SSL listens are used for the redirect vhosts.
89 '';
90 };
91
92 enableACME = mkOption {
93 type = types.bool;
94 default = false;
95 description = ''
96 Whether to ask Let's Encrypt to sign a certificate for this vhost.
97 Alternately, you can use an existing certificate through <option>useACMEHost</option>.
98 '';
99 };
100
101 useACMEHost = mkOption {
102 type = types.nullOr types.str;
103 default = null;
104 description = ''
105 A host of an existing Let's Encrypt certificate to use.
106 This is useful if you have many subdomains and want to avoid hitting the
107 <link xlink:href="https://letsencrypt.org/docs/rate-limits/">rate limit</link>.
108 Alternately, you can generate a certificate through <option>enableACME</option>.
109 <emphasis>Note that this option does not create any certificates, nor it does add subdomains to existing ones – you will need to create them manually using <xref linkend="opt-security.acme.certs"/>.</emphasis>
110 '';
111 };
112
113 acmeRoot = mkOption {
114 type = types.str;
115 default = "/var/lib/acme/acme-challenges";
116 description = "Directory for the acme challenge which is PUBLIC, don't put certs or keys in here";
117 };
118
119 sslServerCert = mkOption {
120 type = types.path;
121 example = "/var/host.cert";
122 description = "Path to server SSL certificate.";
123 };
124
125 sslServerKey = mkOption {
126 type = types.path;
127 example = "/var/host.key";
128 description = "Path to server SSL certificate key.";
129 };
130
131 sslServerChain = mkOption {
132 type = types.nullOr types.path;
133 default = null;
134 example = "/var/ca.pem";
135 description = "Path to server SSL chain file.";
136 };
137
138 http2 = mkOption {
139 type = types.bool;
140 default = false;
141 description = ''
142 Whether to enable HTTP 2. HTTP/2 is supported in all multi-processing modules that come with httpd. <emphasis>However, if you use the prefork mpm, there will
143 be severe restrictions.</emphasis> Refer to <link xlink:href="https://httpd.apache.org/docs/2.4/howto/http2.html#mpm-config"/> for details.
144 '';
145 };
146
147 adminAddr = mkOption {
148 type = types.nullOr types.str;
149 default = null;
150 example = "admin@example.org";
151 description = "E-mail address of the server administrator.";
152 };
153
154 documentRoot = mkOption {
155 type = types.nullOr types.path;
156 default = null;
157 example = "/data/webserver/docs";
158 description = ''
159 The path of Apache's document root directory. If left undefined,
160 an empty directory in the Nix store will be used as root.
161 '';
162 };
163
164 servedDirs = mkOption {
165 type = types.listOf types.attrs;
166 default = [];
167 example = [
168 { urlPath = "/nix";
169 dir = "/home/eelco/Dev/nix-homepage";
170 }
171 ];
172 description = ''
173 This option provides a simple way to serve static directories.
174 '';
175 };
176
177 servedFiles = mkOption {
178 type = types.listOf types.attrs;
179 default = [];
180 example = [
181 { urlPath = "/foo/bar.png";
182 file = "/home/eelco/some-file.png";
183 }
184 ];
185 description = ''
186 This option provides a simple way to serve individual, static files.
187
188 <note><para>
189 This option has been deprecated and will be removed in a future
190 version of NixOS. You can achieve the same result by making use of
191 the <literal>locations.&lt;name&gt;.alias</literal> option.
192 </para></note>
193 '';
194 };
195
196 extraConfig = mkOption {
197 type = types.lines;
198 default = "";
199 example = ''
200 <Directory /home>
201 Options FollowSymlinks
202 AllowOverride All
203 </Directory>
204 '';
205 description = ''
206 These lines go to httpd.conf verbatim. They will go after
207 directories and directory aliases defined by default.
208 '';
209 };
210
211 enableUserDir = mkOption {
212 type = types.bool;
213 default = false;
214 description = ''
215 Whether to enable serving <filename>~/public_html</filename> as
216 <literal>/~<replaceable>username</replaceable></literal>.
217 '';
218 };
219
220 globalRedirect = mkOption {
221 type = types.nullOr types.str;
222 default = null;
223 example = http://newserver.example.org/;
224 description = ''
225 If set, all requests for this host are redirected permanently to
226 the given URL.
227 '';
228 };
229
230 logFormat = mkOption {
231 type = types.str;
232 default = "common";
233 example = "combined";
234 description = ''
235 Log format for Apache's log files. Possible values are: combined, common, referer, agent.
236 '';
237 };
238
239 robotsEntries = mkOption {
240 type = types.lines;
241 default = "";
242 example = "Disallow: /foo/";
243 description = ''
244 Specification of pages to be ignored by web crawlers. See <link
245 xlink:href='http://www.robotstxt.org/'/> for details.
246 '';
247 };
248
249 locations = mkOption {
250 type = with types; attrsOf (submodule (import ./location-options.nix));
251 default = {};
252 example = literalExample ''
253 {
254 "/" = {
255 proxyPass = "http://localhost:3000";
256 };
257 "/foo/bar.png" = {
258 alias = "/home/eelco/some-file.png";
259 };
260 };
261 '';
262 description = ''
263 Declarative location config. See <link
264 xlink:href="https://httpd.apache.org/docs/2.4/mod/core.html#location"/> for details.
265 '';
266 };
267
268 };
269
270 config = {
271
272 locations = builtins.listToAttrs (map (elem: nameValuePair elem.urlPath { alias = elem.file; }) config.servedFiles);
273
274 };
275}