commit 01ccb67598f8a475bee13c97d90a6d95013ab5ce · pyrox.dev/nixpkgs

+1 -1

nixos/modules/services/monitoring/nagios.nix

···

       154
        
             };

     

       155
        
       

     

       156
        
             virtualHost = mkOption {

     

       157
       -
               type = types.submodule (import ../web-servers/apache-httpd/per-server-options.nix);

     

       158
        
               example = literalExample ''

     

       159
        
                 { hostName = "example.org";

     

       160
        
                   adminAddr = "webmaster@example.org";

···

       154
        
             };

     

       155
        
       

     

       156
        
             virtualHost = mkOption {

     

       157
       +
               type = types.submodule (import ../web-servers/apache-httpd/vhost-options.nix);

     

       158
        
               example = literalExample ''

     

       159
        
                 { hostName = "example.org";

     

       160
        
                   adminAddr = "webmaster@example.org";

+1 -1

nixos/modules/services/web-apps/limesurvey.nix

···

       100
        
           };

     

       101
        
       

     

       102
        
           virtualHost = mkOption {

     

       103
       -
             type = types.submodule (import ../web-servers/apache-httpd/per-server-options.nix);

     

       104
        
             example = literalExample ''

     

       105
        
               {

     

       106
        
                 hostName = "survey.example.org";

···

       100
        
           };

     

       101
        
       

     

       102
        
           virtualHost = mkOption {

     

       103
       +
             type = types.submodule (import ../web-servers/apache-httpd/vhost-options.nix);

     

       104
        
             example = literalExample ''

     

       105
        
               {

     

       106
        
                 hostName = "survey.example.org";

+1 -1

nixos/modules/services/web-apps/mediawiki.nix

···

       290
        
             };

     

       291
        
       

     

       292
        
             virtualHost = mkOption {

     

       293
       -
               type = types.submodule (import ../web-servers/apache-httpd/per-server-options.nix);

     

       294
        
               example = literalExample ''

     

       295
        
                 {

     

       296
        
                   hostName = "mediawiki.example.org";

···

       290
        
             };

     

       291
        
       

     

       292
        
             virtualHost = mkOption {

     

       293
       +
               type = types.submodule (import ../web-servers/apache-httpd/vhost-options.nix);

     

       294
        
               example = literalExample ''

     

       295
        
                 {

     

       296
        
                   hostName = "mediawiki.example.org";

+1 -1

nixos/modules/services/web-apps/moodle.nix

···

       140
        
           };

     

       141
        
       

     

       142
        
           virtualHost = mkOption {

     

       143
       -
             type = types.submodule (import ../web-servers/apache-httpd/per-server-options.nix);

     

       144
        
             example = literalExample ''

     

       145
        
               {

     

       146
        
                 hostName = "moodle.example.org";

···

       140
        
           };

     

       141
        
       

     

       142
        
           virtualHost = mkOption {

     

       143
       +
             type = types.submodule (import ../web-servers/apache-httpd/vhost-options.nix);

     

       144
        
             example = literalExample ''

     

       145
        
               {

     

       146
        
                 hostName = "moodle.example.org";

+1 -1

nixos/modules/services/web-apps/wordpress.nix

···

       209
        
               };

     

       210
        
       

     

       211
        
               virtualHost = mkOption {

     

       212
       -
                 type = types.submodule (import ../web-servers/apache-httpd/per-server-options.nix);

     

       213
        
                 example = literalExample ''

     

       214
        
                   {

     

       215
        
                     adminAddr = "webmaster@example.org";

···

       209
        
               };

     

       210
        
       

     

       211
        
               virtualHost = mkOption {

     

       212
       +
                 type = types.submodule (import ../web-servers/apache-httpd/vhost-options.nix);

     

       213
        
                 example = literalExample ''

     

       214
        
                   {

     

       215
        
                     adminAddr = "webmaster@example.org";

+1 -1

nixos/modules/services/web-apps/zabbix.nix

···

       113
        
             };

     

       114
        
       

     

       115
        
             virtualHost = mkOption {

     

       116
       -
               type = types.submodule (import ../web-servers/apache-httpd/per-server-options.nix);

     

       117
        
               example = literalExample ''

     

       118
        
                 {

     

       119
        
                   hostName = "zabbix.example.org";

···

       113
        
             };

     

       114
        
       

     

       115
        
             virtualHost = mkOption {

     

       116
       +
               type = types.submodule (import ../web-servers/apache-httpd/vhost-options.nix);

     

       117
        
               example = literalExample ''

     

       118
        
                 {

     

       119
        
                   hostName = "zabbix.example.org";

+95 -101

nixos/modules/services/web-servers/apache-httpd/default.nix

···

       4
        
       

     

       5
        
       let

     

       6
        
       

     

       7
       -
         mainCfg = config.services.httpd;

     

       8
        
       

     

       9
        
         runtimeDir = "/run/httpd";

     

       10
        
       

     

       11
       -
         httpd = mainCfg.package.out;

     

       12
        
       

     

       13
       -
         httpdConf = mainCfg.configFile;

     

       14
        
       

     

       15
       -
         php = mainCfg.phpPackage.override { apacheHttpd = httpd.dev; /* otherwise it only gets .out */ };

     

       16
        
       

     

       17
        
         phpMajorVersion = lib.versions.major (lib.getVersion php);

     

       18
        
       

     

       19
       -
         mod_perl = pkgs.apacheHttpdPackages.mod_perl.override { apacheHttpd = httpd; };

     

       20
        
       

     

       21
       -
         vhosts = attrValues mainCfg.virtualHosts;

     

       22
        
       

     

       23
        
         mkListenInfo = hostOpts:

     

       24
        
           if hostOpts.listen != [] then hostOpts.listen

     
···

       41
        
             "mime" "autoindex" "negotiation" "dir"

     

       42
        
             "alias" "rewrite"

     

       43
        
             "unixd" "slotmem_shm" "socache_shmcb"

     

       44
       -
             "mpm_${mainCfg.multiProcessingModule}"

     

       45
        
           ]

     

       46
       -
           ++ (if mainCfg.multiProcessingModule == "prefork" then [ "cgi" ] else [ "cgid" ])

     

       47
        
           ++ optional enableSSL "ssl"

     

       48
        
           ++ optional enableUserDir "userdir"

     

       49
       -
           ++ optional mainCfg.enableMellon { name = "auth_mellon"; path = "${pkgs.apacheHttpdPackages.mod_auth_mellon}/modules/mod_auth_mellon.so"; }

     

       50
       -
           ++ optional mainCfg.enablePHP { name = "php${phpMajorVersion}"; path = "${php}/modules/libphp${phpMajorVersion}.so"; }

     

       51
       -
           ++ optional mainCfg.enablePerl { name = "perl"; path = "${mod_perl}/modules/mod_perl.so"; }

     

       52
       -
           ++ mainCfg.extraModules;

     

       53
        
       

     

       54
       -
       

     

       55
       -
         allDenied = "Require all denied";

     

       56
       -
         allGranted = "Require all granted";

     

       57
       -
       

     

       58
       -
       

     

       59
       -
         loggingConf = (if mainCfg.logFormat != "none" then ''

     

       60
       -
           ErrorLog ${mainCfg.logDir}/error.log

     

       61
        
       

     

       62
        
           LogLevel notice

     

       63
        
       

     
···

       66
        
           LogFormat "%{Referer}i -> %U" referer

     

       67
        
           LogFormat "%{User-agent}i" agent

     

       68
        
       

     

       69
       -
           CustomLog ${mainCfg.logDir}/access.log ${mainCfg.logFormat}

     

       70
        
         '' else ''

     

       71
        
           ErrorLog /dev/null

     

       72
        
         '');

     
···

       88
        
       

     

       89
        
       

     

       90
        
         sslConf = ''

     

       91
       -
           SSLSessionCache shmcb:${runtimeDir}/ssl_scache(512000)

     

       0
        
       
     

       92
        
       

     

       93
       -
           Mutex posixsem

     

       94
        
       

     

       95
       -
           SSLRandomSeed startup builtin

     

       96
       -
           SSLRandomSeed connect builtin

     

       97
        
       

     

       98
       -
           SSLProtocol ${mainCfg.sslProtocols}

     

       99
       -
           SSLCipherSuite ${mainCfg.sslCiphers}

     

       100
       -
           SSLHonorCipherOrder on

     

       0
        
       
     

       101
        
         '';

     

       102
        
       

     

       103
        
       

     

       104
        
         mimeConf = ''

     

       105
       -
           TypesConfig ${httpd}/conf/mime.types

     

       106
        
       

     

       107
        
           AddType application/x-x509-ca-cert .crt

     

       108
        
           AddType application/x-pkcs7-crl    .crl

     

       109
        
           AddType application/x-httpd-php    .php .phtml

     

       110
        
       

     

       111
        
           <IfModule mod_mime_magic.c>

     

       112
       -
               MIMEMagicFile ${httpd}/conf/magic

     

       113
        
           </IfModule>

     

       114
        
         '';

     

       115
        
       

     

       116
        
         mkVHostConf = hostOpts:

     

       117
        
           let

     

       118
       -
             adminAddr = if hostOpts.adminAddr != null then hostOpts.adminAddr else mainCfg.adminAddr;

     

       119
        
             listen = filter (listen: !listen.ssl) (mkListenInfo hostOpts);

     

       120
        
             listenSSL = filter (listen: listen.ssl) (mkListenInfo hostOpts);

     

       121
        
       

     
···

       203
        
             '') (sortProperties (mapAttrsToList (k: v: v // { location = k; }) locations)));

     

       204
        
           in

     

       205
        
             ''

     

       206
       -
               ${optionalString mainCfg.logPerVirtualHost ''

     

       207
       -
                 ErrorLog ${mainCfg.logDir}/error-${hostOpts.hostName}.log

     

       208
       -
                 CustomLog ${mainCfg.logDir}/access-${hostOpts.hostName}.log ${hostOpts.logFormat}

     

       209
        
               ''}

     

       210
        
       

     

       211
        
               ${optionalString (hostOpts.robotsEntries != "") ''

     
···

       217
        
               <Directory "${documentRoot}">

     

       218
        
                   Options Indexes FollowSymLinks

     

       219
        
                   AllowOverride None

     

       220
       -
                   ${allGranted}

     

       221
        
               </Directory>

     

       222
        
       

     

       223
        
               ${optionalString hostOpts.enableUserDir ''

     
···

       244
        
                       Alias ${elem.urlPath} ${elem.dir}/

     

       245
        
                       <Directory ${elem.dir}>

     

       246
        
                           Options +Indexes

     

       247
       -
                           ${allGranted}

     

       248
        
                           AllowOverride All

     

       249
        
                       </Directory>

     

       250
        
                     '';

     
···

       259
        
       

     

       260
        
         confFile = pkgs.writeText "httpd.conf" ''

     

       261
        
       

     

       262
       -
           ServerRoot ${httpd}

     

       263
        
           ServerName ${config.networking.hostName}

     

       264
        
           DefaultRuntimeDir ${runtimeDir}/runtime

     

       265
        
       

     

       266
        
           PidFile ${runtimeDir}/httpd.pid

     

       267
        
       

     

       268
       -
           ${optionalString (mainCfg.multiProcessingModule != "prefork") ''

     

       269
        
             # mod_cgid requires this.

     

       270
        
             ScriptSock ${runtimeDir}/cgisock

     

       271
        
           ''}

     

       272
        
       

     

       273
        
           <IfModule prefork.c>

     

       274
       -
               MaxClients           ${toString mainCfg.maxClients}

     

       275
       -
               MaxRequestsPerChild  ${toString mainCfg.maxRequestsPerChild}

     

       276
        
           </IfModule>

     

       277
        
       

     

       278
        
           ${let

     
···

       281
        
             in concatStringsSep "\n" uniqueListen

     

       282
        
           }

     

       283
        
       

     

       284
       -
           User ${mainCfg.user}

     

       285
       -
           Group ${mainCfg.group}

     

       286
        
       

     

       287
        
           ${let

     

       288
        
               mkModule = module:

     

       289
       -
                 if isString module then { name = module; path = "${httpd}/modules/mod_${module}.so"; }

     

       290
        
                 else if isAttrs module then { inherit (module) name path; }

     

       291
        
                 else throw "Expecting either a string or attribute set including a name and path.";

     

       292
        
             in

     
···

       296
        
           AddHandler type-map var

     

       297
        
       

     

       298
        
           <Files ~ "^\.ht">

     

       299
       -
               ${allDenied}

     

       300
        
           </Files>

     

       301
        
       

     

       302
        
           ${mimeConf}

     

       303
        
           ${loggingConf}

     

       304
        
           ${browserHacks}

     

       305
        
       

     

       306
       -
           Include ${httpd}/conf/extra/httpd-default.conf

     

       307
       -
           Include ${httpd}/conf/extra/httpd-autoindex.conf

     

       308
       -
           Include ${httpd}/conf/extra/httpd-multilang-errordoc.conf

     

       309
       -
           Include ${httpd}/conf/extra/httpd-languages.conf

     

       310
        
       

     

       311
        
           TraceEnable off

     

       312
        
       

     

       313
       -
           ${if enableSSL then sslConf else ""}

     

       314
        
       

     

       315
        
           # Fascist default - deny access to everything.

     

       316
        
           <Directory />

     

       317
        
               Options FollowSymLinks

     

       318
        
               AllowOverride None

     

       319
       -
               ${allDenied}

     

       320
        
           </Directory>

     

       321
        
       

     

       322
        
           # But do allow access to files in the store so that we don't have

     

       323
        
           # to generate <Directory> clauses for every generated file that we

     

       324
        
           # want to serve.

     

       325
        
           <Directory /nix/store>

     

       326
       -
               ${allGranted}

     

       327
        
           </Directory>

     

       328
        
       

     

       329
       -
           ${mainCfg.extraConfig}

     

       330
        
       

     

       331
        
           ${concatMapStringsSep "\n" mkVHostConf vhosts}

     

       332
        
         '';

     
···

       334
        
         # Generate the PHP configuration file.  Should probably be factored

     

       335
        
         # out into a separate module.

     

       336
        
         phpIni = pkgs.runCommand "php.ini"

     

       337
       -
           { options = mainCfg.phpOptions;

     

       338
        
             preferLocalBuild = true;

     

       339
        
           }

     

       340
        
           ''

     
···

       367
        
           (mkRemovedOptionModule [ "services" "httpd" "sslServerKey" ] "Please define a virtual host using `services.httpd.virtualHosts`.")

     

       368
        
         ];

     

       369
        
       

     

       370
       -
         ###### interface

     

       371
        
       

     

       372
        
         options = {

     

       373
        
       

     

       374
        
           services.httpd = {

     

       375
        
       

     

       376
       -
             enable = mkOption {

     

       377
       -
               type = types.bool;

     

       378
       -
               default = false;

     

       379
       -
               description = "Whether to enable the Apache HTTP Server.";

     

       380
       -
             };

     

       381
        
       

     

       382
        
             package = mkOption {

     

       383
        
               type = types.package;

     
···

       404
        
               default = "";

     

       405
        
               description = ''

     

       406
        
                 Configuration lines appended to the generated Apache

     

       407
       -
                 configuration file. Note that this mechanism may not work

     

       408
        
                 when <option>configFile</option> is overridden.

     

       409
        
               '';

     

       410
        
             };

     
···

       419
        
                 ]

     

       420
        
               '';

     

       421
        
               description = ''

     

       422
       -
                 Additional Apache modules to be used.  These can be

     

       423
        
                 specified as a string in the case of modules distributed

     

       424
        
                 with Apache, or as an attribute set specifying the

     

       425
        
                 <varname>name</varname> and <varname>path</varname> of the

     
···

       458
        
               type = types.str;

     

       459
        
               default = "wwwrun";

     

       460
        
               description = ''

     

       461
       -
                 User account under which httpd runs.  The account is created

     

       462
       -
                 automatically if it doesn't exist.

     

       463
        
               '';

     

       464
        
             };

     

       465
        
       

     
···

       467
        
               type = types.str;

     

       468
        
               default = "wwwrun";

     

       469
        
               description = ''

     

       470
       -
                 Group under which httpd runs.  The account is created

     

       471
       -
                 automatically if it doesn't exist.

     

       472
        
               '';

     

       473
        
             };

     

       474
        
       

     
···

       476
        
               type = types.path;

     

       477
        
               default = "/var/log/httpd";

     

       478
        
               description = ''

     

       479
       -
                 Directory for Apache's log files.  It is created automatically.

     

       480
        
               '';

     

       481
        
             };

     

       482
        
       

     

       483
        
             virtualHosts = mkOption {

     

       484
       -
               type = with types; attrsOf (submodule (import ./per-server-options.nix));

     

       485
        
               default = {

     

       486
        
                 localhost = {

     

       487
       -
                   documentRoot = "${httpd}/htdocs";

     

       488
        
                 };

     

       489
        
               };

     

       490
        
               example = literalExample ''

     
···

       540
        
                 ''

     

       541
        
                   date.timezone = "CET"

     

       542
        
                 '';

     

       543
       -
               description =

     

       544
       -
                 "Options appended to the PHP configuration file <filename>php.ini</filename>.";

     

       0
        
       
     

       545
        
             };

     

       546
        
       

     

       547
        
             multiProcessingModule = mkOption {

     

       548
       -
               type = types.str;

     

       549
        
               default = "prefork";

     

       550
        
               example = "worker";

     

       551
        
               description =

     

       552
        
                 ''

     

       553
       -
                   Multi-processing module to be used by Apache.  Available

     

       554
        
                   modules are <literal>prefork</literal> (the default;

     

       555
        
                   handles each request in a separate child process),

     

       556
        
                   <literal>worker</literal> (hybrid approach that starts a

     
···

       572
        
               type = types.int;

     

       573
        
               default = 0;

     

       574
        
               example = 500;

     

       575
       -
               description =

     

       576
       -
                 "Maximum number of httpd requests answered per httpd child (prefork), 0 means unlimited";

     

       0
        
       
     

       577
        
             };

     

       578
        
       

     

       579
        
             sslCiphers = mkOption {

     
···

       592
        
       

     

       593
        
         };

     

       594
        
       

     

       0
        
       
     

       595
        
       

     

       596
       -
         ###### implementation

     

       597
       -
       

     

       598
       -
         config = mkIf config.services.httpd.enable {

     

       599
        
       

     

       600
        
           assertions = [

     

       601
        
             {

     
···

       626
        
           warnings =

     

       627
        
             mapAttrsToList (name: hostOpts: ''

     

       628
        
               Using config.services.httpd.virtualHosts."${name}".servedFiles is deprecated and will become unsupported in a future release. Your configuration will continue to work as is but please migrate your configuration to config.services.httpd.virtualHosts."${name}".locations before the 20.09 release of NixOS.

     

       629
       -
             '') (filterAttrs (name: hostOpts: hostOpts.servedFiles != []) mainCfg.virtualHosts);

     

       630
        
       

     

       631
       -
           users.users = optionalAttrs (mainCfg.user == "wwwrun") {

     

       632
        
             wwwrun = {

     

       633
       -
               group = mainCfg.group;

     

       634
        
               description = "Apache httpd user";

     

       635
        
               uid = config.ids.uids.wwwrun;

     

       636
        
             };

     

       637
        
           };

     

       638
        
       

     

       639
       -
           users.groups = optionalAttrs (mainCfg.group == "wwwrun") {

     

       640
        
             wwwrun.gid = config.ids.gids.wwwrun;

     

       641
        
           };

     

       642
        
       

     

       643
        
           security.acme.certs = mapAttrs (name: hostOpts: {

     

       644
       -
             user = mainCfg.user;

     

       645
       -
             group = mkDefault mainCfg.group;

     

       646
       -
             email = if hostOpts.adminAddr != null then hostOpts.adminAddr else mainCfg.adminAddr;

     

       647
        
             webroot = hostOpts.acmeRoot;

     

       648
        
             extraDomains = genAttrs hostOpts.serverAliases (alias: null);

     

       649
        
             postRun = "systemctl reload httpd.service";

     

       650
       -
           }) (filterAttrs (name: hostOpts: hostOpts.enableACME) mainCfg.virtualHosts);

     

       651
        
       

     

       652
       -
           environment.systemPackages = [httpd];

     

       653
        
       

     

       654
        
           # required for "apachectl configtest"

     

       655
        
           environment.etc."httpd/httpd.conf".source = httpdConf;

     
···

       700
        
               after = [ "network.target" "fs.target" ] ++ map (hostOpts: "acme-selfsigned-${hostOpts.hostName}.service") vhostsACME;

     

       701
        
       

     

       702
        
               path =

     

       703
       -
                 [ httpd pkgs.coreutils pkgs.gnugrep ]

     

       704
       -
                 ++ optional mainCfg.enablePHP pkgs.system-sendmail; # Needed for PHP's mail() function.

     

       705
        
       

     

       706
        
               environment =

     

       707
       -
                 optionalAttrs mainCfg.enablePHP { PHPRC = phpIni; }

     

       708
       -
                 // optionalAttrs mainCfg.enableMellon { LD_LIBRARY_PATH  = "${pkgs.xmlsec}/lib"; };

     

       709
        
       

     

       710
        
               preStart =

     

       711
        
                 ''

     

       712
       -
                   mkdir -m 0700 -p ${mainCfg.logDir}

     

       713
        
       

     

       714
        
                   # Get rid of old semaphores.  These tend to accumulate across

     

       715
        
                   # server restarts, eventually preventing it from restarting

     

       716
        
                   # successfully.

     

       717
       -
                   for i in $(${pkgs.utillinux}/bin/ipcs -s | grep ' ${mainCfg.user} ' | cut -f2 -d ' '); do

     

       718
        
                       ${pkgs.utillinux}/bin/ipcrm -s $i

     

       719
        
                   done

     

       720
        
                 '';

     

       721
        
       

     

       722
       -
               serviceConfig.ExecStart = "@${httpd}/bin/httpd httpd -f ${httpdConf}";

     

       723
       -
               serviceConfig.ExecStop = "${httpd}/bin/httpd -f ${httpdConf} -k graceful-stop";

     

       724
       -
               serviceConfig.ExecReload = "${httpd}/bin/httpd -f ${httpdConf} -k graceful";

     

       725
       -
               serviceConfig.Group = mainCfg.group;

     

       726
       -
               serviceConfig.Type = "forking";

     

       727
       -
               serviceConfig.PIDFile = "${runtimeDir}/httpd.pid";

     

       728
       -
               serviceConfig.Restart = "always";

     

       729
       -
               serviceConfig.RestartSec = "5s";

     

       730
       -
               serviceConfig.RuntimeDirectory = "httpd httpd/runtime";

     

       731
       -
               serviceConfig.RuntimeDirectoryMode = "0750";

     

       0
        
       
     

       0
        
       
     

       732
        
             };

     

       733
        
       

     

       734
        
         };

···

       4
        
       

     

       5
        
       let

     

       6
        
       

     

       7
       +
         cfg = config.services.httpd;

     

       8
        
       

     

       9
        
         runtimeDir = "/run/httpd";

     

       10
        
       

     

       11
       +
         pkg = cfg.package.out;

     

       12
        
       

     

       13
       +
         httpdConf = cfg.configFile;

     

       14
        
       

     

       15
       +
         php = cfg.phpPackage.override { apacheHttpd = pkg.dev; /* otherwise it only gets .out */ };

     

       16
        
       

     

       17
        
         phpMajorVersion = lib.versions.major (lib.getVersion php);

     

       18
        
       

     

       19
       +
         mod_perl = pkgs.apacheHttpdPackages.mod_perl.override { apacheHttpd = pkg; };

     

       20
        
       

     

       21
       +
         vhosts = attrValues cfg.virtualHosts;

     

       22
        
       

     

       23
        
         mkListenInfo = hostOpts:

     

       24
        
           if hostOpts.listen != [] then hostOpts.listen

     
···

       41
        
             "mime" "autoindex" "negotiation" "dir"

     

       42
        
             "alias" "rewrite"

     

       43
        
             "unixd" "slotmem_shm" "socache_shmcb"

     

       44
       +
             "mpm_${cfg.multiProcessingModule}"

     

       45
        
           ]

     

       46
       +
           ++ (if cfg.multiProcessingModule == "prefork" then [ "cgi" ] else [ "cgid" ])

     

       47
        
           ++ optional enableSSL "ssl"

     

       48
        
           ++ optional enableUserDir "userdir"

     

       49
       +
           ++ optional cfg.enableMellon { name = "auth_mellon"; path = "${pkgs.apacheHttpdPackages.mod_auth_mellon}/modules/mod_auth_mellon.so"; }

     

       50
       +
           ++ optional cfg.enablePHP { name = "php${phpMajorVersion}"; path = "${php}/modules/libphp${phpMajorVersion}.so"; }

     

       51
       +
           ++ optional cfg.enablePerl { name = "perl"; path = "${mod_perl}/modules/mod_perl.so"; }

     

       52
       +
           ++ cfg.extraModules;

     

       53
        
       

     

       54
       +
         loggingConf = (if cfg.logFormat != "none" then ''

     

       55
       +
           ErrorLog ${cfg.logDir}/error.log

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       56
        
       

     

       57
        
           LogLevel notice

     

       58
        
       

     
···

       61
        
           LogFormat "%{Referer}i -> %U" referer

     

       62
        
           LogFormat "%{User-agent}i" agent

     

       63
        
       

     

       64
       +
           CustomLog ${cfg.logDir}/access.log ${cfg.logFormat}

     

       65
        
         '' else ''

     

       66
        
           ErrorLog /dev/null

     

       67
        
         '');

     
···

       83
        
       

     

       84
        
       

     

       85
        
         sslConf = ''

     

       86
       +
           <IfModule mod_ssl.c>

     

       87
       +
               SSLSessionCache shmcb:${runtimeDir}/ssl_scache(512000)

     

       88
        
       

     

       89
       +
               Mutex posixsem

     

       90
        
       

     

       91
       +
               SSLRandomSeed startup builtin

     

       92
       +
               SSLRandomSeed connect builtin

     

       93
        
       

     

       94
       +
               SSLProtocol ${cfg.sslProtocols}

     

       95
       +
               SSLCipherSuite ${cfg.sslCiphers}

     

       96
       +
               SSLHonorCipherOrder on

     

       97
       +
           </IfModule>

     

       98
        
         '';

     

       99
        
       

     

       100
        
       

     

       101
        
         mimeConf = ''

     

       102
       +
           TypesConfig ${pkg}/conf/mime.types

     

       103
        
       

     

       104
        
           AddType application/x-x509-ca-cert .crt

     

       105
        
           AddType application/x-pkcs7-crl    .crl

     

       106
        
           AddType application/x-httpd-php    .php .phtml

     

       107
        
       

     

       108
        
           <IfModule mod_mime_magic.c>

     

       109
       +
               MIMEMagicFile ${pkg}/conf/magic

     

       110
        
           </IfModule>

     

       111
        
         '';

     

       112
        
       

     

       113
        
         mkVHostConf = hostOpts:

     

       114
        
           let

     

       115
       +
             adminAddr = if hostOpts.adminAddr != null then hostOpts.adminAddr else cfg.adminAddr;

     

       116
        
             listen = filter (listen: !listen.ssl) (mkListenInfo hostOpts);

     

       117
        
             listenSSL = filter (listen: listen.ssl) (mkListenInfo hostOpts);

     

       118
        
       

     
···

       200
        
             '') (sortProperties (mapAttrsToList (k: v: v // { location = k; }) locations)));

     

       201
        
           in

     

       202
        
             ''

     

       203
       +
               ${optionalString cfg.logPerVirtualHost ''

     

       204
       +
                 ErrorLog ${cfg.logDir}/error-${hostOpts.hostName}.log

     

       205
       +
                 CustomLog ${cfg.logDir}/access-${hostOpts.hostName}.log ${hostOpts.logFormat}

     

       206
        
               ''}

     

       207
        
       

     

       208
        
               ${optionalString (hostOpts.robotsEntries != "") ''

     
···

       214
        
               <Directory "${documentRoot}">

     

       215
        
                   Options Indexes FollowSymLinks

     

       216
        
                   AllowOverride None

     

       217
       +
                   Require all granted

     

       218
        
               </Directory>

     

       219
        
       

     

       220
        
               ${optionalString hostOpts.enableUserDir ''

     
···

       241
        
                       Alias ${elem.urlPath} ${elem.dir}/

     

       242
        
                       <Directory ${elem.dir}>

     

       243
        
                           Options +Indexes

     

       244
       +
                           Require all granted

     

       245
        
                           AllowOverride All

     

       246
        
                       </Directory>

     

       247
        
                     '';

     
···

       256
        
       

     

       257
        
         confFile = pkgs.writeText "httpd.conf" ''

     

       258
        
       

     

       259
       +
           ServerRoot ${pkg}

     

       260
        
           ServerName ${config.networking.hostName}

     

       261
        
           DefaultRuntimeDir ${runtimeDir}/runtime

     

       262
        
       

     

       263
        
           PidFile ${runtimeDir}/httpd.pid

     

       264
        
       

     

       265
       +
           ${optionalString (cfg.multiProcessingModule != "prefork") ''

     

       266
        
             # mod_cgid requires this.

     

       267
        
             ScriptSock ${runtimeDir}/cgisock

     

       268
        
           ''}

     

       269
        
       

     

       270
        
           <IfModule prefork.c>

     

       271
       +
               MaxClients           ${toString cfg.maxClients}

     

       272
       +
               MaxRequestsPerChild  ${toString cfg.maxRequestsPerChild}

     

       273
        
           </IfModule>

     

       274
        
       

     

       275
        
           ${let

     
···

       278
        
             in concatStringsSep "\n" uniqueListen

     

       279
        
           }

     

       280
        
       

     

       281
       +
           User ${cfg.user}

     

       282
       +
           Group ${cfg.group}

     

       283
        
       

     

       284
        
           ${let

     

       285
        
               mkModule = module:

     

       286
       +
                 if isString module then { name = module; path = "${pkg}/modules/mod_${module}.so"; }

     

       287
        
                 else if isAttrs module then { inherit (module) name path; }

     

       288
        
                 else throw "Expecting either a string or attribute set including a name and path.";

     

       289
        
             in

     
···

       293
        
           AddHandler type-map var

     

       294
        
       

     

       295
        
           <Files ~ "^\.ht">

     

       296
       +
               Require all denied

     

       297
        
           </Files>

     

       298
        
       

     

       299
        
           ${mimeConf}

     

       300
        
           ${loggingConf}

     

       301
        
           ${browserHacks}

     

       302
        
       

     

       303
       +
           Include ${pkg}/conf/extra/httpd-default.conf

     

       304
       +
           Include ${pkg}/conf/extra/httpd-autoindex.conf

     

       305
       +
           Include ${pkg}/conf/extra/httpd-multilang-errordoc.conf

     

       306
       +
           Include ${pkg}/conf/extra/httpd-languages.conf

     

       307
        
       

     

       308
        
           TraceEnable off

     

       309
        
       

     

       310
       +
           ${sslConf}

     

       311
        
       

     

       312
        
           # Fascist default - deny access to everything.

     

       313
        
           <Directory />

     

       314
        
               Options FollowSymLinks

     

       315
        
               AllowOverride None

     

       316
       +
               Require all denied

     

       317
        
           </Directory>

     

       318
        
       

     

       319
        
           # But do allow access to files in the store so that we don't have

     

       320
        
           # to generate <Directory> clauses for every generated file that we

     

       321
        
           # want to serve.

     

       322
        
           <Directory /nix/store>

     

       323
       +
               Require all granted

     

       324
        
           </Directory>

     

       325
        
       

     

       326
       +
           ${cfg.extraConfig}

     

       327
        
       

     

       328
        
           ${concatMapStringsSep "\n" mkVHostConf vhosts}

     

       329
        
         '';

     
···

       331
        
         # Generate the PHP configuration file.  Should probably be factored

     

       332
        
         # out into a separate module.

     

       333
        
         phpIni = pkgs.runCommand "php.ini"

     

       334
       +
           { options = cfg.phpOptions;

     

       335
        
             preferLocalBuild = true;

     

       336
        
           }

     

       337
        
           ''

     
···

       364
        
           (mkRemovedOptionModule [ "services" "httpd" "sslServerKey" ] "Please define a virtual host using `services.httpd.virtualHosts`.")

     

       365
        
         ];

     

       366
        
       

     

       367
       +
         # interface

     

       368
        
       

     

       369
        
         options = {

     

       370
        
       

     

       371
        
           services.httpd = {

     

       372
        
       

     

       373
       +
             enable = mkEnableOption "the Apache HTTP Server";

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       374
        
       

     

       375
        
             package = mkOption {

     

       376
        
               type = types.package;

     
···

       397
        
               default = "";

     

       398
        
               description = ''

     

       399
        
                 Configuration lines appended to the generated Apache

     

       400
       +
                 configuration file. Note that this mechanism will not work

     

       401
        
                 when <option>configFile</option> is overridden.

     

       402
        
               '';

     

       403
        
             };

     
···

       412
        
                 ]

     

       413
        
               '';

     

       414
        
               description = ''

     

       415
       +
                 Additional Apache modules to be used. These can be

     

       416
        
                 specified as a string in the case of modules distributed

     

       417
        
                 with Apache, or as an attribute set specifying the

     

       418
        
                 <varname>name</varname> and <varname>path</varname> of the

     
···

       451
        
               type = types.str;

     

       452
        
               default = "wwwrun";

     

       453
        
               description = ''

     

       454
       +
                 User account under which httpd runs.

     

       0
        
       
     

       455
        
               '';

     

       456
        
             };

     

       457
        
       

     
···

       459
        
               type = types.str;

     

       460
        
               default = "wwwrun";

     

       461
        
               description = ''

     

       462
       +
                 Group under which httpd runs.

     

       0
        
       
     

       463
        
               '';

     

       464
        
             };

     

       465
        
       

     
···

       467
        
               type = types.path;

     

       468
        
               default = "/var/log/httpd";

     

       469
        
               description = ''

     

       470
       +
                 Directory for Apache's log files. It is created automatically.

     

       471
        
               '';

     

       472
        
             };

     

       473
        
       

     

       474
        
             virtualHosts = mkOption {

     

       475
       +
               type = with types; attrsOf (submodule (import ./vhost-options.nix));

     

       476
        
               default = {

     

       477
        
                 localhost = {

     

       478
       +
                   documentRoot = "${pkg}/htdocs";

     

       479
        
                 };

     

       480
        
               };

     

       481
        
               example = literalExample ''

     
···

       531
        
                 ''

     

       532
        
                   date.timezone = "CET"

     

       533
        
                 '';

     

       534
       +
               description = ''

     

       535
       +
                 Options appended to the PHP configuration file <filename>php.ini</filename>.

     

       536
       +
               '';

     

       537
        
             };

     

       538
        
       

     

       539
        
             multiProcessingModule = mkOption {

     

       540
       +
               type = types.enum [ "event" "prefork" "worker" ];

     

       541
        
               default = "prefork";

     

       542
        
               example = "worker";

     

       543
        
               description =

     

       544
        
                 ''

     

       545
       +
                   Multi-processing module to be used by Apache. Available

     

       546
        
                   modules are <literal>prefork</literal> (the default;

     

       547
        
                   handles each request in a separate child process),

     

       548
        
                   <literal>worker</literal> (hybrid approach that starts a

     
···

       564
        
               type = types.int;

     

       565
        
               default = 0;

     

       566
        
               example = 500;

     

       567
       +
               description = ''

     

       568
       +
                 Maximum number of httpd requests answered per httpd child (prefork), 0 means unlimited.

     

       569
       +
               '';

     

       570
        
             };

     

       571
        
       

     

       572
        
             sslCiphers = mkOption {

     
···

       585
        
       

     

       586
        
         };

     

       587
        
       

     

       588
       +
         # implementation

     

       589
        
       

     

       590
       +
         config = mkIf cfg.enable {

     

       0
        
       
     

       0
        
       
     

       591
        
       

     

       592
        
           assertions = [

     

       593
        
             {

     
···

       618
        
           warnings =

     

       619
        
             mapAttrsToList (name: hostOpts: ''

     

       620
        
               Using config.services.httpd.virtualHosts."${name}".servedFiles is deprecated and will become unsupported in a future release. Your configuration will continue to work as is but please migrate your configuration to config.services.httpd.virtualHosts."${name}".locations before the 20.09 release of NixOS.

     

       621
       +
             '') (filterAttrs (name: hostOpts: hostOpts.servedFiles != []) cfg.virtualHosts);

     

       622
        
       

     

       623
       +
           users.users = optionalAttrs (cfg.user == "wwwrun") {

     

       624
        
             wwwrun = {

     

       625
       +
               group = cfg.group;

     

       626
        
               description = "Apache httpd user";

     

       627
        
               uid = config.ids.uids.wwwrun;

     

       628
        
             };

     

       629
        
           };

     

       630
        
       

     

       631
       +
           users.groups = optionalAttrs (cfg.group == "wwwrun") {

     

       632
        
             wwwrun.gid = config.ids.gids.wwwrun;

     

       633
        
           };

     

       634
        
       

     

       635
        
           security.acme.certs = mapAttrs (name: hostOpts: {

     

       636
       +
             user = cfg.user;

     

       637
       +
             group = mkDefault cfg.group;

     

       638
       +
             email = if hostOpts.adminAddr != null then hostOpts.adminAddr else cfg.adminAddr;

     

       639
        
             webroot = hostOpts.acmeRoot;

     

       640
        
             extraDomains = genAttrs hostOpts.serverAliases (alias: null);

     

       641
        
             postRun = "systemctl reload httpd.service";

     

       642
       +
           }) (filterAttrs (name: hostOpts: hostOpts.enableACME) cfg.virtualHosts);

     

       643
        
       

     

       644
       +
           environment.systemPackages = [ pkg ];

     

       645
        
       

     

       646
        
           # required for "apachectl configtest"

     

       647
        
           environment.etc."httpd/httpd.conf".source = httpdConf;

     
···

       692
        
               after = [ "network.target" "fs.target" ] ++ map (hostOpts: "acme-selfsigned-${hostOpts.hostName}.service") vhostsACME;

     

       693
        
       

     

       694
        
               path =

     

       695
       +
                 [ pkg pkgs.coreutils pkgs.gnugrep ]

     

       696
       +
                 ++ optional cfg.enablePHP pkgs.system-sendmail; # Needed for PHP's mail() function.

     

       697
        
       

     

       698
        
               environment =

     

       699
       +
                 optionalAttrs cfg.enablePHP { PHPRC = phpIni; }

     

       700
       +
                 // optionalAttrs cfg.enableMellon { LD_LIBRARY_PATH  = "${pkgs.xmlsec}/lib"; };

     

       701
        
       

     

       702
        
               preStart =

     

       703
        
                 ''

     

       704
       +
                   mkdir -m 0700 -p ${cfg.logDir}

     

       705
        
       

     

       706
        
                   # Get rid of old semaphores.  These tend to accumulate across

     

       707
        
                   # server restarts, eventually preventing it from restarting

     

       708
        
                   # successfully.

     

       709
       +
                   for i in $(${pkgs.utillinux}/bin/ipcs -s | grep ' ${cfg.user} ' | cut -f2 -d ' '); do

     

       710
        
                       ${pkgs.utillinux}/bin/ipcrm -s $i

     

       711
        
                   done

     

       712
        
                 '';

     

       713
        
       

     

       714
       +
               serviceConfig = {

     

       715
       +
                 ExecStart = "@${pkg}/bin/httpd httpd -f ${httpdConf}";

     

       716
       +
                 ExecStop = "${pkg}/bin/httpd -f ${httpdConf} -k graceful-stop";

     

       717
       +
                 ExecReload = "${pkg}/bin/httpd -f ${httpdConf} -k graceful";

     

       718
       +
                 Group = cfg.group;

     

       719
       +
                 Type = "forking";

     

       720
       +
                 PIDFile = "${runtimeDir}/httpd.pid";

     

       721
       +
                 Restart = "always";

     

       722
       +
                 RestartSec = "5s";

     

       723
       +
                 RuntimeDirectory = "httpd httpd/runtime";

     

       724
       +
                 RuntimeDirectoryMode = "0750";

     

       725
       +
               };

     

       726
        
             };

     

       727
        
       

     

       728
        
         };

nixos/modules/services/web-servers/apache-httpd/per-server-options.nix nixos/modules/services/web-servers/apache-httpd/vhost-options.nix