commit 519b64592d5bd89c0975b44120b88ec2684d8352 · pyrox.dev/nixpkgs

maintainers/maintainer-list.nix

···

       1760
       1760
        
           github = "tftio";

     

       1761
       1761
        
           name = "James Felix Black";

     

       1762
       1762
        
         };

     

       1763
       1763
       +
         jflanglois = {

     

       1764
       1764
       +
           email = "yourstruly@julienlanglois.me";

     

       1765
       1765
       +
           github = "jflanglois";

     

       1766
       1766
       +
           name = "Julien Langlois";

     

       1767
       1767
       +
         };

     

       1763
       1768
        
         jfrankenau = {

     

       1764
       1769
        
           email = "johannes@frankenau.net";

     

       1765
       1770
        
           github = "jfrankenau";

nixos/modules/module-list.nix

···

       651
       651
        
         ./services/web-servers/apache-httpd/default.nix

     

       652
       652
        
         ./services/web-servers/caddy.nix

     

       653
       653
        
         ./services/web-servers/fcgiwrap.nix

     

       654
       654
       +
         ./services/web-servers/hitch/default.nix

     

       654
       655
        
         ./services/web-servers/jboss/default.nix

     

       655
       656
        
         ./services/web-servers/lighttpd/cgit.nix

     

       656
       657
        
         ./services/web-servers/lighttpd/collectd.nix

+108

nixos/modules/services/web-servers/hitch/default.nix

···

       1
       1
       +
       { config, lib, pkgs, ...}:

     

       2
       2
       +
       let

     

       3
       3
       +
         cfg = config.services.hitch;

     

       4
       4
       +
         ocspDir = lib.optionalString cfg.ocsp-stapling.enabled "/var/cache/hitch/ocsp";

     

       5
       5
       +
         hitchConfig = with lib; pkgs.writeText "hitch.conf" (concatStringsSep "\n" [

     

       6
       6
       +
           ("backend = \"${cfg.backend}\"")

     

       7
       7
       +
           (concatMapStrings (s: "frontend = \"${s}\"\n") cfg.frontend)

     

       8
       8
       +
           (concatMapStrings (s: "pem-file = \"${s}\"\n") cfg.pem-files)

     

       9
       9
       +
           ("ciphers = \"${cfg.ciphers}\"")

     

       10
       10
       +
           ("ocsp-dir = \"${ocspDir}\"")

     

       11
       11
       +
           "user = \"${cfg.user}\""

     

       12
       12
       +
           "group = \"${cfg.group}\""

     

       13
       13
       +
           cfg.extraConfig

     

       14
       14
       +
         ]);

     

       15
       15
       +
       in

     

       16
       16
       +
       with lib;

     

       17
       17
       +
       {

     

       18
       18
       +
         options = {

     

       19
       19
       +
           services.hitch = {

     

       20
       20
       +
             enable = mkEnableOption "Hitch Server";

     

       21
       21
       +
       

     

       22
       22
       +
             backend = mkOption {

     

       23
       23
       +
               type = types.str;

     

       24
       24
       +
               description = ''

     

       25
       25
       +
                 The host and port Hitch connects to when receiving

     

       26
       26
       +
                 a connection in the form [HOST]:PORT

     

       27
       27
       +
               '';

     

       28
       28
       +
             };

     

       29
       29
       +
       

     

       30
       30
       +
             ciphers = mkOption {

     

       31
       31
       +
               type = types.str;

     

       32
       32
       +
               default = "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";

     

       33
       33
       +
               description = "The list of ciphers to use";

     

       34
       34
       +
             };

     

       35
       35
       +
       

     

       36
       36
       +
             frontend = mkOption {

     

       37
       37
       +
               type = types.either types.str (types.listOf types.str);

     

       38
       38
       +
               default = "[127.0.0.1]:443";

     

       39
       39
       +
               description = ''

     

       40
       40
       +
                 The port and interface of the listen endpoint in the

     

       41
       41
       +
       +         form [HOST]:PORT[+CERT].

     

       42
       42
       +
               '';

     

       43
       43
       +
               apply = toList;

     

       44
       44
       +
             };

     

       45
       45
       +
       

     

       46
       46
       +
             pem-files = mkOption {

     

       47
       47
       +
               type = types.listOf types.path;

     

       48
       48
       +
               default = [];

     

       49
       49
       +
               description = "PEM files to use";

     

       50
       50
       +
             };

     

       51
       51
       +
       

     

       52
       52
       +
             ocsp-stapling = {

     

       53
       53
       +
               enabled = mkOption {

     

       54
       54
       +
                 type = types.bool;

     

       55
       55
       +
                 default = true;

     

       56
       56
       +
                 description = "Whether to enable OCSP Stapling";

     

       57
       57
       +
               };

     

       58
       58
       +
             };

     

       59
       59
       +
       

     

       60
       60
       +
             user = mkOption {

     

       61
       61
       +
               type = types.str;

     

       62
       62
       +
               default = "hitch";

     

       63
       63
       +
               description = "The user to run as";

     

       64
       64
       +
             };

     

       65
       65
       +
       

     

       66
       66
       +
             group = mkOption {

     

       67
       67
       +
               type = types.str;

     

       68
       68
       +
               default = "hitch";

     

       69
       69
       +
               description = "The group to run as";

     

       70
       70
       +
             };

     

       71
       71
       +
       

     

       72
       72
       +
             extraConfig = mkOption {

     

       73
       73
       +
               type = types.lines;

     

       74
       74
       +
               default = "";

     

       75
       75
       +
               description = "Additional configuration lines";

     

       76
       76
       +
             };

     

       77
       77
       +
           };

     

       78
       78
       +
       

     

       79
       79
       +
         };

     

       80
       80
       +
       

     

       81
       81
       +
         config = mkIf cfg.enable {

     

       82
       82
       +
       

     

       83
       83
       +
           systemd.services.hitch = {

     

       84
       84
       +
             description = "Hitch";

     

       85
       85
       +
             wantedBy = [ "multi-user.target" ];

     

       86
       86
       +
             after = [ "network.target" ];

     

       87
       87
       +
             preStart = ''

     

       88
       88
       +
               ${pkgs.hitch}/sbin/hitch -t --config ${hitchConfig}

     

       89
       89
       +
             '' + (optionalString cfg.ocsp-stapling.enabled ''

     

       90
       90
       +
               mkdir -p ${ocspDir}

     

       91
       91
       +
               chown -R hitch:hitch ${ocspDir}

     

       92
       92
       +
             '');

     

       93
       93
       +
             serviceConfig = {

     

       94
       94
       +
               Type = "forking";

     

       95
       95
       +
               ExecStart = "${pkgs.hitch}/sbin/hitch --daemon --config ${hitchConfig}";

     

       96
       96
       +
               ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";

     

       97
       97
       +
               Restart = "always";

     

       98
       98
       +
               RestartSec = "5s";

     

       99
       99
       +
               LimitNOFILE = 131072;

     

       100
       100
       +
             };

     

       101
       101
       +
           };

     

       102
       102
       +
       

     

       103
       103
       +
           environment.systemPackages = [ pkgs.hitch ];

     

       104
       104
       +
       

     

       105
       105
       +
           users.extraUsers.hitch.group = "hitch";

     

       106
       106
       +
           users.extraGroups.hitch = {};

     

       107
       107
       +
         };

     

       108
       108
       +
       }

nixos/release.nix

···

       297
       297
        
         tests.graphite = callTest tests/graphite.nix {};

     

       298
       298
        
         tests.hardened = callTest tests/hardened.nix { };

     

       299
       299
        
         tests.hibernate = callTest tests/hibernate.nix {};

     

       300
       300
       +
         tests.hitch = callTest tests/hitch {};

     

       300
       301
        
         tests.home-assistant = callTest tests/home-assistant.nix { };

     

       301
       302
        
         tests.hound = callTest tests/hound.nix {};

     

       302
       303
        
         tests.hocker-fetchdocker = callTest tests/hocker-fetchdocker {};

+33

nixos/tests/hitch/default.nix

···

       1
       1
       +
       import ../make-test.nix ({ pkgs, ... }:

     

       2
       2
       +
       {

     

       3
       3
       +
         name = "hitch";

     

       4
       4
       +
         meta = with pkgs.stdenv.lib.maintainers; {

     

       5
       5
       +
           maintainers = [ jflanglois ];

     

       6
       6
       +
         };

     

       7
       7
       +
         machine = { config, pkgs, ... }: {

     

       8
       8
       +
           environment.systemPackages = [ pkgs.curl ];

     

       9
       9
       +
           services.hitch = {

     

       10
       10
       +
             enable = true;

     

       11
       11
       +
             backend = "[127.0.0.1]:80";

     

       12
       12
       +
             pem-files = [

     

       13
       13
       +
               ./example.pem

     

       14
       14
       +
             ];

     

       15
       15
       +
           };

     

       16
       16
       +
       

     

       17
       17
       +
           services.httpd = {

     

       18
       18
       +
             enable = true;

     

       19
       19
       +
             documentRoot = ./example;

     

       20
       20
       +
             adminAddr = "noone@testing.nowhere";

     

       21
       21
       +
           };

     

       22
       22
       +
         };

     

       23
       23
       +
       

     

       24
       24
       +
         testScript =

     

       25
       25
       +
           ''

     

       26
       26
       +
             startAll;

     

       27
       27
       +
       

     

       28
       28
       +
             $machine->waitForUnit('multi-user.target');

     

       29
       29
       +
             $machine->waitForUnit('hitch.service');

     

       30
       30
       +
             $machine->waitForOpenPort(443);

     

       31
       31
       +
             $machine->succeed('curl -k https://localhost:443/index.txt | grep "We are all good!"');

     

       32
       32
       +
           '';

     

       33
       33
       +
       })

+53

nixos/tests/hitch/example.pem

···

       1
       1
       +
       -----BEGIN CERTIFICATE-----

     

       2
       2
       +
       MIIEKTCCAxGgAwIBAgIJAIFAWQXSZ7lIMA0GCSqGSIb3DQEBCwUAMIGqMQswCQYD

     

       3
       3
       +
       VQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEVMBMGA1UEBwwMUmVkd29vZCBD

     

       4
       4
       +
       aXR5MRkwFwYDVQQKDBBUZXN0aW5nIDEyMyBJbmMuMRQwEgYDVQQLDAtJVCBTZXJ2

     

       5
       5
       +
       aWNlczEYMBYGA1UEAwwPdGVzdGluZy5ub3doZXJlMSQwIgYJKoZIhvcNAQkBFhVu

     

       6
       6
       +
       b29uZUB0ZXN0aW5nLm5vd2hlcmUwHhcNMTgwNDIzMDcxMTI5WhcNMTkwNDIzMDcx

     

       7
       7
       +
       MTI5WjCBqjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFTATBgNV

     

       8
       8
       +
       BAcMDFJlZHdvb2QgQ2l0eTEZMBcGA1UECgwQVGVzdGluZyAxMjMgSW5jLjEUMBIG

     

       9
       9
       +
       A1UECwwLSVQgU2VydmljZXMxGDAWBgNVBAMMD3Rlc3Rpbmcubm93aGVyZTEkMCIG

     

       10
       10
       +
       CSqGSIb3DQEJARYVbm9vbmVAdGVzdGluZy5ub3doZXJlMIIBIjANBgkqhkiG9w0B

     

       11
       11
       +
       AQEFAAOCAQ8AMIIBCgKCAQEAxQq6AA9o/QErMbQwfgDF4mqXcvglRTwPr2zPE6Rv

     

       12
       12
       +
       1g0ncRBSMM8iKbPapHM6qHNfg2e1fU2SFqzD6HkyZqHHLCgLzkdzswEcEjsMqiUP

     

       13
       13
       +
       OR++5g4CWoQrdTi31itzYzCjnQ45BrAMrLEhBQgDTNwrEE+Tit0gpOGggtj/ktLk

     

       14
       14
       +
       OD8BKa640lkmWEUGF18fd3rYTUC4hwM5qhAVXTe21vj9ZWsgprpQKdN61v0dCUap

     

       15
       15
       +
       C5eAgvZ8Re+Cd0Id674hK4cJ4SekqfHKv/jLyIg3Vsdc9nkhmiC4O6KH5f1Zzq2i

     

       16
       16
       +
       E4Kd5mnJDFxfSzIErKWmbhriLWsj3KEJ983AGLJ9hxQTAwIDAQABo1AwTjAdBgNV

     

       17
       17
       +
       HQ4EFgQU76Mm6DP/BePJRQUNrJ9z038zjocwHwYDVR0jBBgwFoAU76Mm6DP/BePJ

     

       18
       18
       +
       RQUNrJ9z038zjocwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAAZzt

     

       19
       19
       +
       VdPaUqrvDAh5rMYqzYMJ3tj6daNYoX6CbTFoevK5J5D4FESM0D/FMKgpNiVz39kB

     

       20
       20
       +
       8Cjaw5rPHMHY61rHz7JRDK1sWXsonwzCF21BK7Tx0G1CIfLpYHWYb/FfdWGROx+O

     

       21
       21
       +
       hPgKuoMRWQB+txozkZp5BqWJmk5MOyFCDEXhMOmrfsJq0IYU6QaH3Lsf1oJRy4yU

     

       22
       22
       +
       afFrT9o3DLOyYLG/j/HXijCu8DVjZVa4aboum79ecYzPjjGF1posrFUnvQiuAeYy

     

       23
       23
       +
       t7cuHNUB8gW9lWR5J7tP8fzFWtIcyT2oRL8u3H+fXf0i4bW73wtOBOoeULBzBNE7

     

       24
       24
       +
       6rphcSrQunSZQIc+hg==

     

       25
       25
       +
       -----END CERTIFICATE-----

     

       26
       26
       +
       -----BEGIN PRIVATE KEY-----

     

       27
       27
       +
       MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDFCroAD2j9ASsx

     

       28
       28
       +
       tDB+AMXiapdy+CVFPA+vbM8TpG/WDSdxEFIwzyIps9qkczqoc1+DZ7V9TZIWrMPo

     

       29
       29
       +
       eTJmoccsKAvOR3OzARwSOwyqJQ85H77mDgJahCt1OLfWK3NjMKOdDjkGsAyssSEF

     

       30
       30
       +
       CANM3CsQT5OK3SCk4aCC2P+S0uQ4PwEprrjSWSZYRQYXXx93ethNQLiHAzmqEBVd

     

       31
       31
       +
       N7bW+P1layCmulAp03rW/R0JRqkLl4CC9nxF74J3Qh3rviErhwnhJ6Sp8cq/+MvI

     

       32
       32
       +
       iDdWx1z2eSGaILg7oofl/VnOraITgp3mackMXF9LMgSspaZuGuItayPcoQn3zcAY

     

       33
       33
       +
       sn2HFBMDAgMBAAECggEAcaR8HijFHpab+PC5vxJnDuz3KEHiDQpU6ZJR5DxEnCm+

     

       34
       34
       +
       A8GsBaaRR4gJpCspO5o/DiS0Ue55QUanPt8XqIXJv7fhBznCiw0qyYDxDviMzR94

     

       35
       35
       +
       FGskBFySS+tIa+dnh1+4HY7kaO0Egl0udB5o+N1KoP+kUsSyXSYcUxsgW+fx5FW9

     

       36
       36
       +
       22Ya3HNWnWxMCSfSGGlTFXGj2whf25SkL25dM9iblO4ZOx4MX8kaXij7TaYy8hMM

     

       37
       37
       +
       Vf6/OMnXqtPKho+ctZZVKZkE9PxdS4f/pnp5EsdoOZwNBtfQ1WqVLWd3DlGWhnsH

     

       38
       38
       +
       7L8ZSP2HkoI4Pd1wtkpOKZc+yM2bFXWa8WY4TcmpUQKBgQD33HxGdtmtZehrexSA

     

       39
       39
       +
       /ZwWJlMslUsNz4Ivv6s7J4WCRhdh94+r9TWQP/yHdT9Ry5bvn84I5ZLUdp+aA962

     

       40
       40
       +
       mvjz+GIglkCGpA7HU/hqurB1O63pj2cIDB8qhV21zjVIoqXcQ7IBJ+tqD79nF8vm

     

       41
       41
       +
       h3KfuHUhuu1rayGepbtIyNhLdwKBgQDLgw4TJBg/QB8RzYECk78QnfZpCExsQA/z

     

       42
       42
       +
       YJpc+dF2/nsid5R2u9jWzfmgHM2Jjo2/+ofRUaTqcFYU0K57CqmQkOLIzsbNQoYt

     

       43
       43
       +
       e2NOANNVHiZLuzTZC2r3BrrkNbo3YvQzhAesUA5lS6LfrxBLUKiwo2LU9NlmJs3b

     

       44
       44
       +
       UPVFYI0/1QKBgCswxIcS1sOcam+wNtZzWuuRKhUuvrFdY3YmlBPuwxj8Vb7AgMya

     

       45
       45
       +
       IgdM3xhLmgkKzPZchm6OcpOLSCxyWDDBuHfq5E6BYCUWGW0qeLNAbNdA2wFD99Qz

     

       46
       46
       +
       KIskSjwP/sD1dql3MmF5L1CABf5U6zb0i0jBv8ds50o8lNMsVgJM3UPpAoGBAL1+

     

       47
       47
       +
       nzllb4pdi1CJWKnspoizfQCZsIdPM0r71V/jYY36MO+MBtpz2NlSWzAiAaQm74gl

     

       48
       48
       +
       oBdgfT2qMg0Zro11BSRONEykdOolGkj5TiMQk7b65s+3VeMPRZ8UTis2d9kgs5/Q

     

       49
       49
       +
       PVDODkl1nwfGu1ZVmW04BUujXVZHpYCkJm1eFMetAoGAImE7gWj+qRMhpbtCCGCg

     

       50
       50
       +
       z06gDKvMrF6S+GJsvUoSyM8oUtfdPodI6gWAC65NfYkIiqbpCaEVNzfui73f5Lnz

     

       51
       51
       +
       p5X1IbzhuH5UZs/k5A3OR2PPDbPs3lqEw7YJdBdLVRmO1o824uaXaJJwkL/1C+lq

     

       52
       52
       +
       8dh1wV3CnynNmZApkz4vpzQ=

     

       53
       53
       +
       -----END PRIVATE KEY-----

nixos/tests/hitch/example/index.txt

···

       1
       1
       +
       We are all good!

+23

pkgs/servers/hitch/default.nix

···

       1
       1
       +
       { stdenv, fetchurl, docutils, libev, openssl, pkgconfig }:

     

       2
       2
       +
       stdenv.mkDerivation rec {

     

       3
       3
       +
         version = "1.4.8";

     

       4
       4
       +
         name = "hitch-${version}";

     

       5
       5
       +
       

     

       6
       6
       +
         src = fetchurl {

     

       7
       7
       +
           url = "https://hitch-tls.org/source/${name}.tar.gz";

     

       8
       8
       +
           sha256 = "1hqs5p69gr1lb3xldbrgq7d6d0vk4za0wpizlzybn98cv68acaym";

     

       9
       9
       +
         };

     

       10
       10
       +
       

     

       11
       11
       +
         nativeBuildInputs = [ pkgconfig ];

     

       12
       12
       +
         buildInputs = [ docutils libev openssl ];

     

       13
       13
       +
       

     

       14
       14
       +
         outputs = [ "out" "doc" "man" ];

     

       15
       15
       +
       

     

       16
       16
       +
         meta = with stdenv.lib; {

     

       17
       17
       +
           description = "Hitch is a libev-based high performance SSL/TLS proxy by Varnish Software";

     

       18
       18
       +
           homepage = https://hitch-tls.org/;

     

       19
       19
       +
           license = licenses.bsd2;

     

       20
       20
       +
           maintainers = [ maintainers.jflanglois ];

     

       21
       21
       +
           platforms = platforms.linux;

     

       22
       22
       +
         };

     

       23
       23
       +
       }

pkgs/top-level/all-packages.nix

···

       5611
       5611
        
         varnishPackages = varnish5Packages;

     

       5612
       5612
        
         varnish = varnishPackages.varnish;

     

       5613
       5613
        
       

     

       5614
       5614
       +
         hitch = callPackage ../servers/hitch { };

     

       5615
       5615
       +
       

     

       5614
       5616
        
         venus = callPackage ../tools/misc/venus {

     

       5615
       5617
        
           python = python27;

     

       5616
       5618
        
         };