···
7
-
mainCfg = config.services.httpd;
7
+
cfg = config.services.httpd;
runtimeDir = "/run/httpd";
11
-
httpd = mainCfg.package.out;
11
+
pkg = cfg.package.out;
13
-
httpdConf = mainCfg.configFile;
13
+
httpdConf = cfg.configFile;
15
-
php = mainCfg.phpPackage.override { apacheHttpd = httpd.dev; /* otherwise it only gets .out */ };
15
+
php = cfg.phpPackage.override { apacheHttpd = pkg.dev; /* otherwise it only gets .out */ };
phpMajorVersion = lib.versions.major (lib.getVersion php);
19
-
mod_perl = pkgs.apacheHttpdPackages.mod_perl.override { apacheHttpd = httpd; };
19
+
mod_perl = pkgs.apacheHttpdPackages.mod_perl.override { apacheHttpd = pkg; };
21
-
vhosts = attrValues mainCfg.virtualHosts;
21
+
vhosts = attrValues cfg.virtualHosts;
if hostOpts.listen != [] then hostOpts.listen
···
"mime" "autoindex" "negotiation" "dir"
"unixd" "slotmem_shm" "socache_shmcb"
44
-
"mpm_${mainCfg.multiProcessingModule}"
44
+
"mpm_${cfg.multiProcessingModule}"
46
-
++ (if mainCfg.multiProcessingModule == "prefork" then [ "cgi" ] else [ "cgid" ])
46
+
++ (if cfg.multiProcessingModule == "prefork" then [ "cgi" ] else [ "cgid" ])
++ optional enableSSL "ssl"
++ optional enableUserDir "userdir"
49
-
++ optional mainCfg.enableMellon { name = "auth_mellon"; path = "${pkgs.apacheHttpdPackages.mod_auth_mellon}/modules/mod_auth_mellon.so"; }
50
-
++ optional mainCfg.enablePHP { name = "php${phpMajorVersion}"; path = "${php}/modules/libphp${phpMajorVersion}.so"; }
51
-
++ optional mainCfg.enablePerl { name = "perl"; path = "${mod_perl}/modules/mod_perl.so"; }
52
-
++ mainCfg.extraModules;
49
+
++ optional cfg.enableMellon { name = "auth_mellon"; path = "${pkgs.apacheHttpdPackages.mod_auth_mellon}/modules/mod_auth_mellon.so"; }
50
+
++ optional cfg.enablePHP { name = "php${phpMajorVersion}"; path = "${php}/modules/libphp${phpMajorVersion}.so"; }
51
+
++ optional cfg.enablePerl { name = "perl"; path = "${mod_perl}/modules/mod_perl.so"; }
52
+
++ cfg.extraModules;
55
-
allDenied = "Require all denied";
56
-
allGranted = "Require all granted";
59
-
loggingConf = (if mainCfg.logFormat != "none" then ''
60
-
ErrorLog ${mainCfg.logDir}/error.log
54
+
loggingConf = (if cfg.logFormat != "none" then ''
55
+
ErrorLog ${cfg.logDir}/error.log
···
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
69
-
CustomLog ${mainCfg.logDir}/access.log ${mainCfg.logFormat}
64
+
CustomLog ${cfg.logDir}/access.log ${cfg.logFormat}
···
91
-
SSLSessionCache shmcb:${runtimeDir}/ssl_scache(512000)
86
+
<IfModule mod_ssl.c>
87
+
SSLSessionCache shmcb:${runtimeDir}/ssl_scache(512000)
95
-
SSLRandomSeed startup builtin
96
-
SSLRandomSeed connect builtin
91
+
SSLRandomSeed startup builtin
92
+
SSLRandomSeed connect builtin
98
-
SSLProtocol ${mainCfg.sslProtocols}
99
-
SSLCipherSuite ${mainCfg.sslCiphers}
100
-
SSLHonorCipherOrder on
94
+
SSLProtocol ${cfg.sslProtocols}
95
+
SSLCipherSuite ${cfg.sslCiphers}
96
+
SSLHonorCipherOrder on
105
-
TypesConfig ${httpd}/conf/mime.types
102
+
TypesConfig ${pkg}/conf/mime.types
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
AddType application/x-httpd-php .php .phtml
<IfModule mod_mime_magic.c>
112
-
MIMEMagicFile ${httpd}/conf/magic
109
+
MIMEMagicFile ${pkg}/conf/magic
118
-
adminAddr = if hostOpts.adminAddr != null then hostOpts.adminAddr else mainCfg.adminAddr;
115
+
adminAddr = if hostOpts.adminAddr != null then hostOpts.adminAddr else cfg.adminAddr;
listen = filter (listen: !listen.ssl) (mkListenInfo hostOpts);
listenSSL = filter (listen: listen.ssl) (mkListenInfo hostOpts);
···
'') (sortProperties (mapAttrsToList (k: v: v // { location = k; }) locations)));
206
-
${optionalString mainCfg.logPerVirtualHost ''
207
-
ErrorLog ${mainCfg.logDir}/error-${hostOpts.hostName}.log
208
-
CustomLog ${mainCfg.logDir}/access-${hostOpts.hostName}.log ${hostOpts.logFormat}
203
+
${optionalString cfg.logPerVirtualHost ''
204
+
ErrorLog ${cfg.logDir}/error-${hostOpts.hostName}.log
205
+
CustomLog ${cfg.logDir}/access-${hostOpts.hostName}.log ${hostOpts.logFormat}
${optionalString (hostOpts.robotsEntries != "") ''
···
<Directory "${documentRoot}">
Options Indexes FollowSymLinks
217
+
Require all granted
${optionalString hostOpts.enableUserDir ''
···
Alias ${elem.urlPath} ${elem.dir}/
244
+
Require all granted
···
confFile = pkgs.writeText "httpd.conf" ''
262
-
ServerRoot ${httpd}
ServerName ${config.networking.hostName}
DefaultRuntimeDir ${runtimeDir}/runtime
PidFile ${runtimeDir}/httpd.pid
268
-
${optionalString (mainCfg.multiProcessingModule != "prefork") ''
265
+
${optionalString (cfg.multiProcessingModule != "prefork") ''
# mod_cgid requires this.
ScriptSock ${runtimeDir}/cgisock
274
-
MaxClients ${toString mainCfg.maxClients}
275
-
MaxRequestsPerChild ${toString mainCfg.maxRequestsPerChild}
271
+
MaxClients ${toString cfg.maxClients}
272
+
MaxRequestsPerChild ${toString cfg.maxRequestsPerChild}
···
in concatStringsSep "\n" uniqueListen
284
-
User ${mainCfg.user}
285
-
Group ${mainCfg.group}
289
-
if isString module then { name = module; path = "${httpd}/modules/mod_${module}.so"; }
286
+
if isString module then { name = module; path = "${pkg}/modules/mod_${module}.so"; }
else if isAttrs module then { inherit (module) name path; }
else throw "Expecting either a string or attribute set including a name and path.";
···
306
-
Include ${httpd}/conf/extra/httpd-default.conf
307
-
Include ${httpd}/conf/extra/httpd-autoindex.conf
308
-
Include ${httpd}/conf/extra/httpd-multilang-errordoc.conf
309
-
Include ${httpd}/conf/extra/httpd-languages.conf
303
+
Include ${pkg}/conf/extra/httpd-default.conf
304
+
Include ${pkg}/conf/extra/httpd-autoindex.conf
305
+
Include ${pkg}/conf/extra/httpd-multilang-errordoc.conf
306
+
Include ${pkg}/conf/extra/httpd-languages.conf
313
-
${if enableSSL then sslConf else ""}
# Fascist default - deny access to everything.
# But do allow access to files in the store so that we don't have
# to generate <Directory> clauses for every generated file that we
323
+
Require all granted
329
-
${mainCfg.extraConfig}
${concatMapStringsSep "\n" mkVHostConf vhosts}
···
# Generate the PHP configuration file. Should probably be factored
# out into a separate module.
phpIni = pkgs.runCommand "php.ini"
337
-
{ options = mainCfg.phpOptions;
334
+
{ options = cfg.phpOptions;
···
(mkRemovedOptionModule [ "services" "httpd" "sslServerKey" ] "Please define a virtual host using `services.httpd.virtualHosts`.")
376
-
enable = mkOption {
379
-
description = "Whether to enable the Apache HTTP Server.";
373
+
enable = mkEnableOption "the Apache HTTP Server";
···
Configuration lines appended to the generated Apache
407
-
configuration file. Note that this mechanism may not work
400
+
configuration file. Note that this mechanism will not work
when <option>configFile</option> is overridden.
···
422
-
Additional Apache modules to be used. These can be
415
+
Additional Apache modules to be used. These can be
specified as a string in the case of modules distributed
with Apache, or as an attribute set specifying the
<varname>name</varname> and <varname>path</varname> of the
···
461
-
User account under which httpd runs. The account is created
462
-
automatically if it doesn't exist.
454
+
User account under which httpd runs.
···
470
-
Group under which httpd runs. The account is created
471
-
automatically if it doesn't exist.
462
+
Group under which httpd runs.
···
default = "/var/log/httpd";
479
-
Directory for Apache's log files. It is created automatically.
470
+
Directory for Apache's log files. It is created automatically.
virtualHosts = mkOption {
484
-
type = with types; attrsOf (submodule (import ./per-server-options.nix));
475
+
type = with types; attrsOf (submodule (import ./vhost-options.nix));
487
-
documentRoot = "${httpd}/htdocs";
478
+
documentRoot = "${pkg}/htdocs";
example = literalExample ''
···
544
-
"Options appended to the PHP configuration file <filename>php.ini</filename>.";
535
+
Options appended to the PHP configuration file <filename>php.ini</filename>.
multiProcessingModule = mkOption {
540
+
type = types.enum [ "event" "prefork" "worker" ];
553
-
Multi-processing module to be used by Apache. Available
545
+
Multi-processing module to be used by Apache. Available
modules are <literal>prefork</literal> (the default;
handles each request in a separate child process),
<literal>worker</literal> (hybrid approach that starts a
···
576
-
"Maximum number of httpd requests answered per httpd child (prefork), 0 means unlimited";
568
+
Maximum number of httpd requests answered per httpd child (prefork), 0 means unlimited.
···
596
-
###### implementation
598
-
config = mkIf config.services.httpd.enable {
590
+
config = mkIf cfg.enable {
···
mapAttrsToList (name: hostOpts: ''
Using config.services.httpd.virtualHosts."${name}".servedFiles is deprecated and will become unsupported in a future release. Your configuration will continue to work as is but please migrate your configuration to config.services.httpd.virtualHosts."${name}".locations before the 20.09 release of NixOS.
629
-
'') (filterAttrs (name: hostOpts: hostOpts.servedFiles != []) mainCfg.virtualHosts);
621
+
'') (filterAttrs (name: hostOpts: hostOpts.servedFiles != []) cfg.virtualHosts);
631
-
users.users = optionalAttrs (mainCfg.user == "wwwrun") {
623
+
users.users = optionalAttrs (cfg.user == "wwwrun") {
633
-
group = mainCfg.group;
description = "Apache httpd user";
uid = config.ids.uids.wwwrun;
639
-
users.groups = optionalAttrs (mainCfg.group == "wwwrun") {
631
+
users.groups = optionalAttrs (cfg.group == "wwwrun") {
wwwrun.gid = config.ids.gids.wwwrun;
security.acme.certs = mapAttrs (name: hostOpts: {
644
-
user = mainCfg.user;
645
-
group = mkDefault mainCfg.group;
646
-
email = if hostOpts.adminAddr != null then hostOpts.adminAddr else mainCfg.adminAddr;
637
+
group = mkDefault cfg.group;
638
+
email = if hostOpts.adminAddr != null then hostOpts.adminAddr else cfg.adminAddr;
webroot = hostOpts.acmeRoot;
extraDomains = genAttrs hostOpts.serverAliases (alias: null);
postRun = "systemctl reload httpd.service";
650
-
}) (filterAttrs (name: hostOpts: hostOpts.enableACME) mainCfg.virtualHosts);
642
+
}) (filterAttrs (name: hostOpts: hostOpts.enableACME) cfg.virtualHosts);
652
-
environment.systemPackages = [httpd];
644
+
environment.systemPackages = [ pkg ];
# required for "apachectl configtest"
environment.etc."httpd/httpd.conf".source = httpdConf;
···
after = [ "network.target" "fs.target" ] ++ map (hostOpts: "acme-selfsigned-${hostOpts.hostName}.service") vhostsACME;
703
-
[ httpd pkgs.coreutils pkgs.gnugrep ]
704
-
++ optional mainCfg.enablePHP pkgs.system-sendmail; # Needed for PHP's mail() function.
695
+
[ pkg pkgs.coreutils pkgs.gnugrep ]
696
+
++ optional cfg.enablePHP pkgs.system-sendmail; # Needed for PHP's mail() function.
707
-
optionalAttrs mainCfg.enablePHP { PHPRC = phpIni; }
708
-
// optionalAttrs mainCfg.enableMellon { LD_LIBRARY_PATH = "${pkgs.xmlsec}/lib"; };
699
+
optionalAttrs cfg.enablePHP { PHPRC = phpIni; }
700
+
// optionalAttrs cfg.enableMellon { LD_LIBRARY_PATH = "${pkgs.xmlsec}/lib"; };
712
-
mkdir -m 0700 -p ${mainCfg.logDir}
704
+
mkdir -m 0700 -p ${cfg.logDir}
# Get rid of old semaphores. These tend to accumulate across
# server restarts, eventually preventing it from restarting
717
-
for i in $(${pkgs.utillinux}/bin/ipcs -s | grep ' ${mainCfg.user} ' | cut -f2 -d ' '); do
709
+
for i in $(${pkgs.utillinux}/bin/ipcs -s | grep ' ${cfg.user} ' | cut -f2 -d ' '); do
${pkgs.utillinux}/bin/ipcrm -s $i
722
-
serviceConfig.ExecStart = "@${httpd}/bin/httpd httpd -f ${httpdConf}";
723
-
serviceConfig.ExecStop = "${httpd}/bin/httpd -f ${httpdConf} -k graceful-stop";
724
-
serviceConfig.ExecReload = "${httpd}/bin/httpd -f ${httpdConf} -k graceful";
725
-
serviceConfig.Group = mainCfg.group;
726
-
serviceConfig.Type = "forking";
727
-
serviceConfig.PIDFile = "${runtimeDir}/httpd.pid";
728
-
serviceConfig.Restart = "always";
729
-
serviceConfig.RestartSec = "5s";
730
-
serviceConfig.RuntimeDirectory = "httpd httpd/runtime";
731
-
serviceConfig.RuntimeDirectoryMode = "0750";
715
+
ExecStart = "@${pkg}/bin/httpd httpd -f ${httpdConf}";
716
+
ExecStop = "${pkg}/bin/httpd -f ${httpdConf} -k graceful-stop";
717
+
ExecReload = "${pkg}/bin/httpd -f ${httpdConf} -k graceful";
720
+
PIDFile = "${runtimeDir}/httpd.pid";
721
+
Restart = "always";
723
+
RuntimeDirectory = "httpd httpd/runtime";
724
+
RuntimeDirectoryMode = "0750";
pyrox.dev