From 2bcc666fd591dbf7543fc550ff1772508695a746 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Isma=C3=ABl=20Bouya?= Date: Sun, 5 Apr 2020 15:57:20 +0200 Subject: Upgrade to nixos-unstable --- modules/naemon/default.nix | 18 +- modules/opendmarc.nix | 14 +- modules/webapps/diaspora.nix | 28 +-- modules/webapps/mastodon.nix | 26 +-- modules/webapps/mediagoblin.nix | 26 +-- modules/webapps/peertube.nix | 26 +-- modules/websites/httpd-service-builder.nix | 2 +- modules/websites/location-options.nix | 54 ------ modules/websites/vhost-options.nix | 275 ----------------------------- 9 files changed, 75 insertions(+), 394 deletions(-) delete mode 100644 modules/websites/location-options.nix delete mode 100644 modules/websites/vhost-options.nix (limited to 'modules') diff --git a/modules/naemon/default.nix b/modules/naemon/default.nix index 38e99a9c..976de693 100644 --- a/modules/naemon/default.nix +++ b/modules/naemon/default.nix @@ -137,18 +137,18 @@ in } ]; - users.users = optionalAttrs (cfg.user == "naemon") (singleton - { - name = "naemon"; + users.users = optionalAttrs (cfg.user == "naemon") { + naemon = { group = cfg.group; uid = config.ids.uids.nagios; extraGroups = [ "keys" ]; - }); - users.groups = optionalAttrs (cfg.user == "naemon") (singleton - { - name = "naemon"; - gid = config.ids.gids.nagios; - }); + }; + }; + users.groups = optionalAttrs (cfg.user == "naemon") { + naemon = { + gid = config.ids.gids.nagios; + }; + }; services.filesWatcher.naemon = { paths = [ config.secrets.fullPaths."naemon/resources.cfg" ]; diff --git a/modules/opendmarc.nix b/modules/opendmarc.nix index e18ec82a..6137d100 100644 --- a/modules/opendmarc.nix +++ b/modules/opendmarc.nix @@ -59,16 +59,18 @@ in { config = mkIf cfg.enable { - users.users = optionalAttrs (cfg.user == "opendmarc") (singleton - { name = "opendmarc"; + users.users = optionalAttrs (cfg.user == "opendmarc") { + opendmarc = { group = cfg.group; uid = config.ids.uids.opendmarc; - }); + }; + }; - users.groups = optionalAttrs (cfg.group == "opendmarc") (singleton - { name = "opendmarc"; + users.groups = optionalAttrs (cfg.group == "opendmarc") { + opendmarc = { gid = config.ids.gids.opendmarc; - }); + }; + }; environment.systemPackages = [ pkgs.opendmarc ]; diff --git a/modules/webapps/diaspora.nix b/modules/webapps/diaspora.nix index 65599b73..d9e9989f 100644 --- a/modules/webapps/diaspora.nix +++ b/modules/webapps/diaspora.nix @@ -108,19 +108,21 @@ in }; config = lib.mkIf cfg.enable { - users.users = lib.optionalAttrs (cfg.user == name) (lib.singleton { - inherit name; - inherit uid; - group = cfg.group; - description = "Diaspora user"; - home = cfg.dataDir; - packages = [ cfg.workdir.gems pkgs.nodejs cfg.workdir.gems.ruby ]; - useDefaultShell = true; - }); - users.groups = lib.optionalAttrs (cfg.group == name) (lib.singleton { - inherit name; - inherit gid; - }); + users.users = lib.optionalAttrs (cfg.user == name) { + "${name}" = { + inherit uid; + group = cfg.group; + description = "Diaspora user"; + home = cfg.dataDir; + packages = [ cfg.workdir.gems pkgs.nodejs cfg.workdir.gems.ruby ]; + useDefaultShell = true; + }; + }; + users.groups = lib.optionalAttrs (cfg.group == name) { + "${name}" = { + inherit gid; + }; + }; systemd.services.diaspora = { description = "Diaspora"; diff --git a/modules/webapps/mastodon.nix b/modules/webapps/mastodon.nix index 68531cf3..cd550c0e 100644 --- a/modules/webapps/mastodon.nix +++ b/modules/webapps/mastodon.nix @@ -96,18 +96,20 @@ in }; config = lib.mkIf cfg.enable { - users.users = lib.optionalAttrs (cfg.user == name) (lib.singleton { - inherit name; - inherit uid; - group = cfg.group; - description = "Mastodon user"; - home = cfg.dataDir; - useDefaultShell = true; - }); - users.groups = lib.optionalAttrs (cfg.group == name) (lib.singleton { - inherit name; - inherit gid; - }); + users.users = lib.optionalAttrs (cfg.user == name) { + "${name}" = { + inherit uid; + group = cfg.group; + description = "Mastodon user"; + home = cfg.dataDir; + useDefaultShell = true; + }; + }; + users.groups = lib.optionalAttrs (cfg.group == name) { + "${name}" = { + inherit gid; + }; + }; systemd.services.mastodon-streaming = { description = "Mastodon Streaming"; diff --git a/modules/webapps/mediagoblin.nix b/modules/webapps/mediagoblin.nix index 78bbef6f..dbc4c2b1 100644 --- a/modules/webapps/mediagoblin.nix +++ b/modules/webapps/mediagoblin.nix @@ -151,18 +151,20 @@ in }; config = lib.mkIf cfg.enable { - users.users = lib.optionalAttrs (cfg.user == name) (lib.singleton { - inherit name; - inherit uid; - group = cfg.group; - description = "Mediagoblin user"; - home = cfg.dataDir; - useDefaultShell = true; - }); - users.groups = lib.optionalAttrs (cfg.group == name) (lib.singleton { - inherit name; - inherit gid; - }); + users.users = lib.optionalAttrs (cfg.user == name) { + "${name}" = { + inherit uid; + group = cfg.group; + description = "Mediagoblin user"; + home = cfg.dataDir; + useDefaultShell = true; + }; + }; + users.groups = lib.optionalAttrs (cfg.group == name) { + "${name}" = { + inherit gid; + }; + }; systemd.services.mediagoblin-web = { description = "Mediagoblin service"; diff --git a/modules/webapps/peertube.nix b/modules/webapps/peertube.nix index 89dcc67a..281ff8bc 100644 --- a/modules/webapps/peertube.nix +++ b/modules/webapps/peertube.nix @@ -53,18 +53,20 @@ in }; config = lib.mkIf cfg.enable { - users.users = lib.optionalAttrs (cfg.user == name) (lib.singleton { - inherit name; - inherit uid; - group = cfg.group; - description = "Peertube user"; - home = cfg.dataDir; - useDefaultShell = true; - }); - users.groups = lib.optionalAttrs (cfg.group == name) (lib.singleton { - inherit name; - inherit gid; - }); + users.users = lib.optionalAttrs (cfg.user == name) { + "${name}" = { + inherit uid; + group = cfg.group; + description = "Peertube user"; + home = cfg.dataDir; + useDefaultShell = true; + }; + }; + users.groups = lib.optionalAttrs (cfg.group == name) { + "${name}" = { + inherit gid; + }; + }; systemd.services.peertube = { description = "Peertube"; diff --git a/modules/websites/httpd-service-builder.nix b/modules/websites/httpd-service-builder.nix index ec79a90c..c5f72f96 100644 --- a/modules/websites/httpd-service-builder.nix +++ b/modules/websites/httpd-service-builder.nix @@ -470,7 +470,7 @@ in }; virtualHosts = mkOption { - type = with types; attrsOf (submodule (import ./vhost-options.nix)); + type = with types; attrsOf (submodule (import )); default = { localhost = { documentRoot = "${pkg}/htdocs"; diff --git a/modules/websites/location-options.nix b/modules/websites/location-options.nix deleted file mode 100644 index 8ea88f94..00000000 --- a/modules/websites/location-options.nix +++ /dev/null @@ -1,54 +0,0 @@ -{ config, lib, name, ... }: -let - inherit (lib) mkOption types; -in -{ - options = { - - proxyPass = mkOption { - type = with types; nullOr str; - default = null; - example = "http://www.example.org/"; - description = '' - Sets up a simple reverse proxy as described by . - ''; - }; - - index = mkOption { - type = with types; nullOr str; - default = null; - example = "index.php index.html"; - description = '' - Adds DirectoryIndex directive. See . - ''; - }; - - alias = mkOption { - type = with types; nullOr path; - default = null; - example = "/your/alias/directory"; - description = '' - Alias directory for requests. See . - ''; - }; - - extraConfig = mkOption { - type = types.lines; - default = ""; - description = '' - These lines go to the end of the location verbatim. - ''; - }; - - priority = mkOption { - type = types.int; - default = 1000; - description = '' - Order of this location block in relation to the others in the vhost. - The semantics are the same as with `lib.mkOrder`. Smaller values have - a greater priority. - ''; - }; - - }; -} diff --git a/modules/websites/vhost-options.nix b/modules/websites/vhost-options.nix deleted file mode 100644 index 263980ad..00000000 --- a/modules/websites/vhost-options.nix +++ /dev/null @@ -1,275 +0,0 @@ -{ config, lib, name, ... }: -let - inherit (lib) literalExample mkOption nameValuePair types; -in -{ - options = { - - hostName = mkOption { - type = types.str; - default = name; - description = "Canonical hostname for the server."; - }; - - serverAliases = mkOption { - type = types.listOf types.str; - default = []; - example = ["www.example.org" "www.example.org:8080" "example.org"]; - description = '' - Additional names of virtual hosts served by this virtual host configuration. - ''; - }; - - listen = mkOption { - type = with types; listOf (submodule ({ - options = { - port = mkOption { - type = types.port; - description = "Port to listen on"; - }; - ip = mkOption { - type = types.str; - default = "*"; - description = "IP to listen on. 0.0.0.0 for IPv4 only, * for all."; - }; - ssl = mkOption { - type = types.bool; - default = false; - description = "Whether to enable SSL (https) support."; - }; - }; - })); - default = []; - example = [ - { ip = "195.154.1.1"; port = 443; ssl = true;} - { ip = "192.154.1.1"; port = 80; } - { ip = "*"; port = 8080; } - ]; - description = '' - Listen addresses and ports for this virtual host. - - This option overrides addSSL, forceSSL and onlySSL. - - ''; - }; - - enableSSL = mkOption { - type = types.bool; - visible = false; - default = false; - }; - - addSSL = mkOption { - type = types.bool; - default = false; - description = '' - Whether to enable HTTPS in addition to plain HTTP. This will set defaults for - listen to listen on all interfaces on the respective default - ports (80, 443). - ''; - }; - - onlySSL = mkOption { - type = types.bool; - default = false; - description = '' - Whether to enable HTTPS and reject plain HTTP connections. This will set - defaults for listen to listen on all interfaces on port 443. - ''; - }; - - forceSSL = mkOption { - type = types.bool; - default = false; - description = '' - Whether to add a separate nginx server block that permanently redirects (301) - all plain HTTP traffic to HTTPS. This will set defaults for - listen to listen on all interfaces on the respective default - ports (80, 443), where the non-SSL listens are used for the redirect vhosts. - ''; - }; - - enableACME = mkOption { - type = types.bool; - default = false; - description = '' - Whether to ask Let's Encrypt to sign a certificate for this vhost. - Alternately, you can use an existing certificate through . - ''; - }; - - useACMEHost = mkOption { - type = types.nullOr types.str; - default = null; - description = '' - A host of an existing Let's Encrypt certificate to use. - This is useful if you have many subdomains and want to avoid hitting the - rate limit. - Alternately, you can generate a certificate through . - Note that this option does not create any certificates, nor it does add subdomains to existing ones – you will need to create them manually using . - ''; - }; - - acmeRoot = mkOption { - type = types.str; - default = "/var/lib/acme/acme-challenges"; - description = "Directory for the acme challenge which is PUBLIC, don't put certs or keys in here"; - }; - - sslServerCert = mkOption { - type = types.path; - example = "/var/host.cert"; - description = "Path to server SSL certificate."; - }; - - sslServerKey = mkOption { - type = types.path; - example = "/var/host.key"; - description = "Path to server SSL certificate key."; - }; - - sslServerChain = mkOption { - type = types.nullOr types.path; - default = null; - example = "/var/ca.pem"; - description = "Path to server SSL chain file."; - }; - - http2 = mkOption { - type = types.bool; - default = false; - description = '' - Whether to enable HTTP 2. HTTP/2 is supported in all multi-processing modules that come with httpd. However, if you use the prefork mpm, there will - be severe restrictions. Refer to for details. - ''; - }; - - adminAddr = mkOption { - type = types.nullOr types.str; - default = null; - example = "admin@example.org"; - description = "E-mail address of the server administrator."; - }; - - documentRoot = mkOption { - type = types.nullOr types.path; - default = null; - example = "/data/webserver/docs"; - description = '' - The path of Apache's document root directory. If left undefined, - an empty directory in the Nix store will be used as root. - ''; - }; - - servedDirs = mkOption { - type = types.listOf types.attrs; - default = []; - example = [ - { urlPath = "/nix"; - dir = "/home/eelco/Dev/nix-homepage"; - } - ]; - description = '' - This option provides a simple way to serve static directories. - ''; - }; - - servedFiles = mkOption { - type = types.listOf types.attrs; - default = []; - example = [ - { urlPath = "/foo/bar.png"; - file = "/home/eelco/some-file.png"; - } - ]; - description = '' - This option provides a simple way to serve individual, static files. - - - This option has been deprecated and will be removed in a future - version of NixOS. You can achieve the same result by making use of - the locations.<name>.alias option. - - ''; - }; - - extraConfig = mkOption { - type = types.lines; - default = ""; - example = '' - - Options FollowSymlinks - AllowOverride All - - ''; - description = '' - These lines go to httpd.conf verbatim. They will go after - directories and directory aliases defined by default. - ''; - }; - - enableUserDir = mkOption { - type = types.bool; - default = false; - description = '' - Whether to enable serving ~/public_html as - /~username. - ''; - }; - - globalRedirect = mkOption { - type = types.nullOr types.str; - default = null; - example = http://newserver.example.org/; - description = '' - If set, all requests for this host are redirected permanently to - the given URL. - ''; - }; - - logFormat = mkOption { - type = types.str; - default = "common"; - example = "combined"; - description = '' - Log format for Apache's log files. Possible values are: combined, common, referer, agent. - ''; - }; - - robotsEntries = mkOption { - type = types.lines; - default = ""; - example = "Disallow: /foo/"; - description = '' - Specification of pages to be ignored by web crawlers. See for details. - ''; - }; - - locations = mkOption { - type = with types; attrsOf (submodule (import ./location-options.nix)); - default = {}; - example = literalExample '' - { - "/" = { - proxyPass = "http://localhost:3000"; - }; - "/foo/bar.png" = { - alias = "/home/eelco/some-file.png"; - }; - }; - ''; - description = '' - Declarative location config. See for details. - ''; - }; - - }; - - config = { - - locations = builtins.listToAttrs (map (elem: nameValuePair elem.urlPath { alias = elem.file; }) config.servedFiles); - - }; -} -- cgit v1.2.3