diff options
Diffstat (limited to 'modules')
-rw-r--r-- | modules/naemon/default.nix | 18 | ||||
-rw-r--r-- | modules/opendmarc.nix | 14 | ||||
-rw-r--r-- | modules/webapps/diaspora.nix | 28 | ||||
-rw-r--r-- | modules/webapps/mastodon.nix | 26 | ||||
-rw-r--r-- | modules/webapps/mediagoblin.nix | 26 | ||||
-rw-r--r-- | modules/webapps/peertube.nix | 26 | ||||
-rw-r--r-- | modules/websites/httpd-service-builder.nix | 2 | ||||
-rw-r--r-- | modules/websites/location-options.nix | 54 | ||||
-rw-r--r-- | modules/websites/vhost-options.nix | 275 |
9 files changed, 75 insertions, 394 deletions
diff --git a/modules/naemon/default.nix b/modules/naemon/default.nix index 38e99a9c..976de693 100644 --- a/modules/naemon/default.nix +++ b/modules/naemon/default.nix | |||
@@ -137,18 +137,18 @@ in | |||
137 | } | 137 | } |
138 | ]; | 138 | ]; |
139 | 139 | ||
140 | users.users = optionalAttrs (cfg.user == "naemon") (singleton | 140 | users.users = optionalAttrs (cfg.user == "naemon") { |
141 | { | 141 | naemon = { |
142 | name = "naemon"; | ||
143 | group = cfg.group; | 142 | group = cfg.group; |
144 | uid = config.ids.uids.nagios; | 143 | uid = config.ids.uids.nagios; |
145 | extraGroups = [ "keys" ]; | 144 | extraGroups = [ "keys" ]; |
146 | }); | 145 | }; |
147 | users.groups = optionalAttrs (cfg.user == "naemon") (singleton | 146 | }; |
148 | { | 147 | users.groups = optionalAttrs (cfg.user == "naemon") { |
149 | name = "naemon"; | 148 | naemon = { |
150 | gid = config.ids.gids.nagios; | 149 | gid = config.ids.gids.nagios; |
151 | }); | 150 | }; |
151 | }; | ||
152 | 152 | ||
153 | services.filesWatcher.naemon = { | 153 | services.filesWatcher.naemon = { |
154 | paths = [ config.secrets.fullPaths."naemon/resources.cfg" ]; | 154 | paths = [ config.secrets.fullPaths."naemon/resources.cfg" ]; |
diff --git a/modules/opendmarc.nix b/modules/opendmarc.nix index e18ec82a..6137d100 100644 --- a/modules/opendmarc.nix +++ b/modules/opendmarc.nix | |||
@@ -59,16 +59,18 @@ in { | |||
59 | 59 | ||
60 | config = mkIf cfg.enable { | 60 | config = mkIf cfg.enable { |
61 | 61 | ||
62 | users.users = optionalAttrs (cfg.user == "opendmarc") (singleton | 62 | users.users = optionalAttrs (cfg.user == "opendmarc") { |
63 | { name = "opendmarc"; | 63 | opendmarc = { |
64 | group = cfg.group; | 64 | group = cfg.group; |
65 | uid = config.ids.uids.opendmarc; | 65 | uid = config.ids.uids.opendmarc; |
66 | }); | 66 | }; |
67 | }; | ||
67 | 68 | ||
68 | users.groups = optionalAttrs (cfg.group == "opendmarc") (singleton | 69 | users.groups = optionalAttrs (cfg.group == "opendmarc") { |
69 | { name = "opendmarc"; | 70 | opendmarc = { |
70 | gid = config.ids.gids.opendmarc; | 71 | gid = config.ids.gids.opendmarc; |
71 | }); | 72 | }; |
73 | }; | ||
72 | 74 | ||
73 | environment.systemPackages = [ pkgs.opendmarc ]; | 75 | environment.systemPackages = [ pkgs.opendmarc ]; |
74 | 76 | ||
diff --git a/modules/webapps/diaspora.nix b/modules/webapps/diaspora.nix index 65599b73..d9e9989f 100644 --- a/modules/webapps/diaspora.nix +++ b/modules/webapps/diaspora.nix | |||
@@ -108,19 +108,21 @@ in | |||
108 | }; | 108 | }; |
109 | 109 | ||
110 | config = lib.mkIf cfg.enable { | 110 | config = lib.mkIf cfg.enable { |
111 | users.users = lib.optionalAttrs (cfg.user == name) (lib.singleton { | 111 | users.users = lib.optionalAttrs (cfg.user == name) { |
112 | inherit name; | 112 | "${name}" = { |
113 | inherit uid; | 113 | inherit uid; |
114 | group = cfg.group; | 114 | group = cfg.group; |
115 | description = "Diaspora user"; | 115 | description = "Diaspora user"; |
116 | home = cfg.dataDir; | 116 | home = cfg.dataDir; |
117 | packages = [ cfg.workdir.gems pkgs.nodejs cfg.workdir.gems.ruby ]; | 117 | packages = [ cfg.workdir.gems pkgs.nodejs cfg.workdir.gems.ruby ]; |
118 | useDefaultShell = true; | 118 | useDefaultShell = true; |
119 | }); | 119 | }; |
120 | users.groups = lib.optionalAttrs (cfg.group == name) (lib.singleton { | 120 | }; |
121 | inherit name; | 121 | users.groups = lib.optionalAttrs (cfg.group == name) { |
122 | inherit gid; | 122 | "${name}" = { |
123 | }); | 123 | inherit gid; |
124 | }; | ||
125 | }; | ||
124 | 126 | ||
125 | systemd.services.diaspora = { | 127 | systemd.services.diaspora = { |
126 | description = "Diaspora"; | 128 | description = "Diaspora"; |
diff --git a/modules/webapps/mastodon.nix b/modules/webapps/mastodon.nix index 68531cf3..cd550c0e 100644 --- a/modules/webapps/mastodon.nix +++ b/modules/webapps/mastodon.nix | |||
@@ -96,18 +96,20 @@ in | |||
96 | }; | 96 | }; |
97 | 97 | ||
98 | config = lib.mkIf cfg.enable { | 98 | config = lib.mkIf cfg.enable { |
99 | users.users = lib.optionalAttrs (cfg.user == name) (lib.singleton { | 99 | users.users = lib.optionalAttrs (cfg.user == name) { |
100 | inherit name; | 100 | "${name}" = { |
101 | inherit uid; | 101 | inherit uid; |
102 | group = cfg.group; | 102 | group = cfg.group; |
103 | description = "Mastodon user"; | 103 | description = "Mastodon user"; |
104 | home = cfg.dataDir; | 104 | home = cfg.dataDir; |
105 | useDefaultShell = true; | 105 | useDefaultShell = true; |
106 | }); | 106 | }; |
107 | users.groups = lib.optionalAttrs (cfg.group == name) (lib.singleton { | 107 | }; |
108 | inherit name; | 108 | users.groups = lib.optionalAttrs (cfg.group == name) { |
109 | inherit gid; | 109 | "${name}" = { |
110 | }); | 110 | inherit gid; |
111 | }; | ||
112 | }; | ||
111 | 113 | ||
112 | systemd.services.mastodon-streaming = { | 114 | systemd.services.mastodon-streaming = { |
113 | description = "Mastodon Streaming"; | 115 | description = "Mastodon Streaming"; |
diff --git a/modules/webapps/mediagoblin.nix b/modules/webapps/mediagoblin.nix index 78bbef6f..dbc4c2b1 100644 --- a/modules/webapps/mediagoblin.nix +++ b/modules/webapps/mediagoblin.nix | |||
@@ -151,18 +151,20 @@ in | |||
151 | }; | 151 | }; |
152 | 152 | ||
153 | config = lib.mkIf cfg.enable { | 153 | config = lib.mkIf cfg.enable { |
154 | users.users = lib.optionalAttrs (cfg.user == name) (lib.singleton { | 154 | users.users = lib.optionalAttrs (cfg.user == name) { |
155 | inherit name; | 155 | "${name}" = { |
156 | inherit uid; | 156 | inherit uid; |
157 | group = cfg.group; | 157 | group = cfg.group; |
158 | description = "Mediagoblin user"; | 158 | description = "Mediagoblin user"; |
159 | home = cfg.dataDir; | 159 | home = cfg.dataDir; |
160 | useDefaultShell = true; | 160 | useDefaultShell = true; |
161 | }); | 161 | }; |
162 | users.groups = lib.optionalAttrs (cfg.group == name) (lib.singleton { | 162 | }; |
163 | inherit name; | 163 | users.groups = lib.optionalAttrs (cfg.group == name) { |
164 | inherit gid; | 164 | "${name}" = { |
165 | }); | 165 | inherit gid; |
166 | }; | ||
167 | }; | ||
166 | 168 | ||
167 | systemd.services.mediagoblin-web = { | 169 | systemd.services.mediagoblin-web = { |
168 | description = "Mediagoblin service"; | 170 | description = "Mediagoblin service"; |
diff --git a/modules/webapps/peertube.nix b/modules/webapps/peertube.nix index 89dcc67a..281ff8bc 100644 --- a/modules/webapps/peertube.nix +++ b/modules/webapps/peertube.nix | |||
@@ -53,18 +53,20 @@ in | |||
53 | }; | 53 | }; |
54 | 54 | ||
55 | config = lib.mkIf cfg.enable { | 55 | config = lib.mkIf cfg.enable { |
56 | users.users = lib.optionalAttrs (cfg.user == name) (lib.singleton { | 56 | users.users = lib.optionalAttrs (cfg.user == name) { |
57 | inherit name; | 57 | "${name}" = { |
58 | inherit uid; | 58 | inherit uid; |
59 | group = cfg.group; | 59 | group = cfg.group; |
60 | description = "Peertube user"; | 60 | description = "Peertube user"; |
61 | home = cfg.dataDir; | 61 | home = cfg.dataDir; |
62 | useDefaultShell = true; | 62 | useDefaultShell = true; |
63 | }); | 63 | }; |
64 | users.groups = lib.optionalAttrs (cfg.group == name) (lib.singleton { | 64 | }; |
65 | inherit name; | 65 | users.groups = lib.optionalAttrs (cfg.group == name) { |
66 | inherit gid; | 66 | "${name}" = { |
67 | }); | 67 | inherit gid; |
68 | }; | ||
69 | }; | ||
68 | 70 | ||
69 | systemd.services.peertube = { | 71 | systemd.services.peertube = { |
70 | description = "Peertube"; | 72 | description = "Peertube"; |
diff --git a/modules/websites/httpd-service-builder.nix b/modules/websites/httpd-service-builder.nix index ec79a90c..c5f72f96 100644 --- a/modules/websites/httpd-service-builder.nix +++ b/modules/websites/httpd-service-builder.nix | |||
@@ -470,7 +470,7 @@ in | |||
470 | }; | 470 | }; |
471 | 471 | ||
472 | virtualHosts = mkOption { | 472 | virtualHosts = mkOption { |
473 | type = with types; attrsOf (submodule (import ./vhost-options.nix)); | 473 | type = with types; attrsOf (submodule (import <nixpkgs/nixos/modules/services/web-servers/apache-httpd/vhost-options.nix>)); |
474 | default = { | 474 | default = { |
475 | localhost = { | 475 | localhost = { |
476 | documentRoot = "${pkg}/htdocs"; | 476 | documentRoot = "${pkg}/htdocs"; |
diff --git a/modules/websites/location-options.nix b/modules/websites/location-options.nix deleted file mode 100644 index 8ea88f94..00000000 --- a/modules/websites/location-options.nix +++ /dev/null | |||
@@ -1,54 +0,0 @@ | |||
1 | { config, lib, name, ... }: | ||
2 | let | ||
3 | inherit (lib) mkOption types; | ||
4 | in | ||
5 | { | ||
6 | options = { | ||
7 | |||
8 | proxyPass = mkOption { | ||
9 | type = with types; nullOr str; | ||
10 | default = null; | ||
11 | example = "http://www.example.org/"; | ||
12 | description = '' | ||
13 | Sets up a simple reverse proxy as described by <link xlink:href="https://httpd.apache.org/docs/2.4/howto/reverse_proxy.html#simple" />. | ||
14 | ''; | ||
15 | }; | ||
16 | |||
17 | index = mkOption { | ||
18 | type = with types; nullOr str; | ||
19 | default = null; | ||
20 | example = "index.php index.html"; | ||
21 | description = '' | ||
22 | Adds DirectoryIndex directive. See <link xlink:href="https://httpd.apache.org/docs/2.4/mod/mod_dir.html#directoryindex" />. | ||
23 | ''; | ||
24 | }; | ||
25 | |||
26 | alias = mkOption { | ||
27 | type = with types; nullOr path; | ||
28 | default = null; | ||
29 | example = "/your/alias/directory"; | ||
30 | description = '' | ||
31 | Alias directory for requests. See <link xlink:href="https://httpd.apache.org/docs/2.4/mod/mod_alias.html#alias" />. | ||
32 | ''; | ||
33 | }; | ||
34 | |||
35 | extraConfig = mkOption { | ||
36 | type = types.lines; | ||
37 | default = ""; | ||
38 | description = '' | ||
39 | These lines go to the end of the location verbatim. | ||
40 | ''; | ||
41 | }; | ||
42 | |||
43 | priority = mkOption { | ||
44 | type = types.int; | ||
45 | default = 1000; | ||
46 | description = '' | ||
47 | Order of this location block in relation to the others in the vhost. | ||
48 | The semantics are the same as with `lib.mkOrder`. Smaller values have | ||
49 | a greater priority. | ||
50 | ''; | ||
51 | }; | ||
52 | |||
53 | }; | ||
54 | } | ||
diff --git a/modules/websites/vhost-options.nix b/modules/websites/vhost-options.nix deleted file mode 100644 index 263980ad..00000000 --- a/modules/websites/vhost-options.nix +++ /dev/null | |||
@@ -1,275 +0,0 @@ | |||
1 | { config, lib, name, ... }: | ||
2 | let | ||
3 | inherit (lib) literalExample mkOption nameValuePair types; | ||
4 | in | ||
5 | { | ||
6 | options = { | ||
7 | |||
8 | hostName = mkOption { | ||
9 | type = types.str; | ||
10 | default = name; | ||
11 | description = "Canonical hostname for the server."; | ||
12 | }; | ||
13 | |||
14 | serverAliases = mkOption { | ||
15 | type = types.listOf types.str; | ||
16 | default = []; | ||
17 | example = ["www.example.org" "www.example.org:8080" "example.org"]; | ||
18 | description = '' | ||
19 | Additional names of virtual hosts served by this virtual host configuration. | ||
20 | ''; | ||
21 | }; | ||
22 | |||
23 | listen = mkOption { | ||
24 | type = with types; listOf (submodule ({ | ||
25 | options = { | ||
26 | port = mkOption { | ||
27 | type = types.port; | ||
28 | description = "Port to listen on"; | ||
29 | }; | ||
30 | ip = mkOption { | ||
31 | type = types.str; | ||
32 | default = "*"; | ||
33 | description = "IP to listen on. 0.0.0.0 for IPv4 only, * for all."; | ||
34 | }; | ||
35 | ssl = mkOption { | ||
36 | type = types.bool; | ||
37 | default = false; | ||
38 | description = "Whether to enable SSL (https) support."; | ||
39 | }; | ||
40 | }; | ||
41 | })); | ||
42 | default = []; | ||
43 | example = [ | ||
44 | { ip = "195.154.1.1"; port = 443; ssl = true;} | ||
45 | { ip = "192.154.1.1"; port = 80; } | ||
46 | { ip = "*"; port = 8080; } | ||
47 | ]; | ||
48 | description = '' | ||
49 | Listen addresses and ports for this virtual host. | ||
50 | <note><para> | ||
51 | This option overrides <literal>addSSL</literal>, <literal>forceSSL</literal> and <literal>onlySSL</literal>. | ||
52 | </para></note> | ||
53 | ''; | ||
54 | }; | ||
55 | |||
56 | enableSSL = mkOption { | ||
57 | type = types.bool; | ||
58 | visible = false; | ||
59 | default = false; | ||
60 | }; | ||
61 | |||
62 | addSSL = mkOption { | ||
63 | type = types.bool; | ||
64 | default = false; | ||
65 | description = '' | ||
66 | Whether to enable HTTPS in addition to plain HTTP. This will set defaults for | ||
67 | <literal>listen</literal> to listen on all interfaces on the respective default | ||
68 | ports (80, 443). | ||
69 | ''; | ||
70 | }; | ||
71 | |||
72 | onlySSL = mkOption { | ||
73 | type = types.bool; | ||
74 | default = false; | ||
75 | description = '' | ||
76 | Whether to enable HTTPS and reject plain HTTP connections. This will set | ||
77 | defaults for <literal>listen</literal> to listen on all interfaces on port 443. | ||
78 | ''; | ||
79 | }; | ||
80 | |||
81 | forceSSL = mkOption { | ||
82 | type = types.bool; | ||
83 | default = false; | ||
84 | description = '' | ||
85 | Whether to add a separate nginx server block that permanently redirects (301) | ||
86 | all plain HTTP traffic to HTTPS. This will set defaults for | ||
87 | <literal>listen</literal> to listen on all interfaces on the respective default | ||
88 | ports (80, 443), where the non-SSL listens are used for the redirect vhosts. | ||
89 | ''; | ||
90 | }; | ||
91 | |||
92 | enableACME = mkOption { | ||
93 | type = types.bool; | ||
94 | default = false; | ||
95 | description = '' | ||
96 | Whether to ask Let's Encrypt to sign a certificate for this vhost. | ||
97 | Alternately, you can use an existing certificate through <option>useACMEHost</option>. | ||
98 | ''; | ||
99 | }; | ||
100 | |||
101 | useACMEHost = mkOption { | ||
102 | type = types.nullOr types.str; | ||
103 | default = null; | ||
104 | description = '' | ||
105 | A host of an existing Let's Encrypt certificate to use. | ||
106 | This is useful if you have many subdomains and want to avoid hitting the | ||
107 | <link xlink:href="https://letsencrypt.org/docs/rate-limits/">rate limit</link>. | ||
108 | Alternately, you can generate a certificate through <option>enableACME</option>. | ||
109 | <emphasis>Note that this option does not create any certificates, nor it does add subdomains to existing ones – you will need to create them manually using <xref linkend="opt-security.acme.certs"/>.</emphasis> | ||
110 | ''; | ||
111 | }; | ||
112 | |||
113 | acmeRoot = mkOption { | ||
114 | type = types.str; | ||
115 | default = "/var/lib/acme/acme-challenges"; | ||
116 | description = "Directory for the acme challenge which is PUBLIC, don't put certs or keys in here"; | ||
117 | }; | ||
118 | |||
119 | sslServerCert = mkOption { | ||
120 | type = types.path; | ||
121 | example = "/var/host.cert"; | ||
122 | description = "Path to server SSL certificate."; | ||
123 | }; | ||
124 | |||
125 | sslServerKey = mkOption { | ||
126 | type = types.path; | ||
127 | example = "/var/host.key"; | ||
128 | description = "Path to server SSL certificate key."; | ||
129 | }; | ||
130 | |||
131 | sslServerChain = mkOption { | ||
132 | type = types.nullOr types.path; | ||
133 | default = null; | ||
134 | example = "/var/ca.pem"; | ||
135 | description = "Path to server SSL chain file."; | ||
136 | }; | ||
137 | |||
138 | http2 = mkOption { | ||
139 | type = types.bool; | ||
140 | default = false; | ||
141 | description = '' | ||
142 | Whether to enable HTTP 2. HTTP/2 is supported in all multi-processing modules that come with httpd. <emphasis>However, if you use the prefork mpm, there will | ||
143 | be severe restrictions.</emphasis> Refer to <link xlink:href="https://httpd.apache.org/docs/2.4/howto/http2.html#mpm-config"/> for details. | ||
144 | ''; | ||
145 | }; | ||
146 | |||
147 | adminAddr = mkOption { | ||
148 | type = types.nullOr types.str; | ||
149 | default = null; | ||
150 | example = "admin@example.org"; | ||
151 | description = "E-mail address of the server administrator."; | ||
152 | }; | ||
153 | |||
154 | documentRoot = mkOption { | ||
155 | type = types.nullOr types.path; | ||
156 | default = null; | ||
157 | example = "/data/webserver/docs"; | ||
158 | description = '' | ||
159 | The path of Apache's document root directory. If left undefined, | ||
160 | an empty directory in the Nix store will be used as root. | ||
161 | ''; | ||
162 | }; | ||
163 | |||
164 | servedDirs = mkOption { | ||
165 | type = types.listOf types.attrs; | ||
166 | default = []; | ||
167 | example = [ | ||
168 | { urlPath = "/nix"; | ||
169 | dir = "/home/eelco/Dev/nix-homepage"; | ||
170 | } | ||
171 | ]; | ||
172 | description = '' | ||
173 | This option provides a simple way to serve static directories. | ||
174 | ''; | ||
175 | }; | ||
176 | |||
177 | servedFiles = mkOption { | ||
178 | type = types.listOf types.attrs; | ||
179 | default = []; | ||
180 | example = [ | ||
181 | { urlPath = "/foo/bar.png"; | ||
182 | file = "/home/eelco/some-file.png"; | ||
183 | } | ||
184 | ]; | ||
185 | description = '' | ||
186 | This option provides a simple way to serve individual, static files. | ||
187 | |||
188 | <note><para> | ||
189 | This option has been deprecated and will be removed in a future | ||
190 | version of NixOS. You can achieve the same result by making use of | ||
191 | the <literal>locations.<name>.alias</literal> option. | ||
192 | </para></note> | ||
193 | ''; | ||
194 | }; | ||
195 | |||
196 | extraConfig = mkOption { | ||
197 | type = types.lines; | ||
198 | default = ""; | ||
199 | example = '' | ||
200 | <Directory /home> | ||
201 | Options FollowSymlinks | ||
202 | AllowOverride All | ||
203 | </Directory> | ||
204 | ''; | ||
205 | description = '' | ||
206 | These lines go to httpd.conf verbatim. They will go after | ||
207 | directories and directory aliases defined by default. | ||
208 | ''; | ||
209 | }; | ||
210 | |||
211 | enableUserDir = mkOption { | ||
212 | type = types.bool; | ||
213 | default = false; | ||
214 | description = '' | ||
215 | Whether to enable serving <filename>~/public_html</filename> as | ||
216 | <literal>/~<replaceable>username</replaceable></literal>. | ||
217 | ''; | ||
218 | }; | ||
219 | |||
220 | globalRedirect = mkOption { | ||
221 | type = types.nullOr types.str; | ||
222 | default = null; | ||
223 | example = http://newserver.example.org/; | ||
224 | description = '' | ||
225 | If set, all requests for this host are redirected permanently to | ||
226 | the given URL. | ||
227 | ''; | ||
228 | }; | ||
229 | |||
230 | logFormat = mkOption { | ||
231 | type = types.str; | ||
232 | default = "common"; | ||
233 | example = "combined"; | ||
234 | description = '' | ||
235 | Log format for Apache's log files. Possible values are: combined, common, referer, agent. | ||
236 | ''; | ||
237 | }; | ||
238 | |||
239 | robotsEntries = mkOption { | ||
240 | type = types.lines; | ||
241 | default = ""; | ||
242 | example = "Disallow: /foo/"; | ||
243 | description = '' | ||
244 | Specification of pages to be ignored by web crawlers. See <link | ||
245 | xlink:href='http://www.robotstxt.org/'/> for details. | ||
246 | ''; | ||
247 | }; | ||
248 | |||
249 | locations = mkOption { | ||
250 | type = with types; attrsOf (submodule (import ./location-options.nix)); | ||
251 | default = {}; | ||
252 | example = literalExample '' | ||
253 | { | ||
254 | "/" = { | ||
255 | proxyPass = "http://localhost:3000"; | ||
256 | }; | ||
257 | "/foo/bar.png" = { | ||
258 | alias = "/home/eelco/some-file.png"; | ||
259 | }; | ||
260 | }; | ||
261 | ''; | ||
262 | description = '' | ||
263 | Declarative location config. See <link | ||
264 | xlink:href="https://httpd.apache.org/docs/2.4/mod/core.html#location"/> for details. | ||
265 | ''; | ||
266 | }; | ||
267 | |||
268 | }; | ||
269 | |||
270 | config = { | ||
271 | |||
272 | locations = builtins.listToAttrs (map (elem: nameValuePair elem.urlPath { alias = elem.file; }) config.servedFiles); | ||
273 | |||
274 | }; | ||
275 | } | ||