commit 6c61c436cf8f9e5f03fc40facbbdb0bf16034b78 · pyrox.dev/nixpkgs

+1 -1

nixos/tests/nginx-modsecurity.nix

···

       4
       4
        
         nodes.machine = { config, lib, pkgs, ... }: {

     

       5
       5
        
           services.nginx = {

     

       6
       6
        
             enable = true;

     

       7
       7
       -
             additionalModules = [ pkgs.nginxModules.modsecurity-nginx ];

     

       7
       7
       +
             additionalModules = [ pkgs.nginxModules.modsecurity ];

     

       8
       8
        
             virtualHosts.localhost =

     

       9
       9
        
               let modsecurity_conf = pkgs.writeText "modsecurity.conf" ''

     

       10
       10
        
                 SecRuleEngine On

pkgs/servers/http/nginx/generic.nix

···

       32
       32
        
       

     

       33
       33
        
       let

     

       34
       34
        
       

     

       35
       35
       +
         moduleNames = map (mod: mod.name or (throw "The nginx module with source ${toString mod.src} does not have a `name` attribute. This prevents duplicate module detection and is no longer supported."))

     

       36
       36
       +
           modules;

     

       37
       37
       +
       

     

       35
       38
        
         mapModules = attrPath: flip concatMap modules

     

       36
       39
        
           (mod:

     

       37
       40
        
             let supports = mod.supports or (_: true);

     
···

       40
       43
        
               else throw "Module at ${toString mod.src} does not support nginx version ${nginxVersion}!");

     

       41
       44
        
       

     

       42
       45
        
       in

     

       46
       46
       +
       

     

       47
       47
       +
       assert assertMsg (unique moduleNames == moduleNames)

     

       48
       48
       +
         "nginx: duplicate modules: ${concatStringsSep ", " moduleNames}. A common cause for this is that services.nginx.additionalModules adds a module which the nixos module itself already adds.";

     

       43
       49
        
       

     

       44
       50
        
       stdenv.mkDerivation {

     

       45
       51
        
         inherit pname;

+60 -19

pkgs/servers/http/nginx/modules.nix

···

       1
       1
       -
       { fetchFromGitHub, fetchFromGitLab, fetchhg, lib, pkgs }:

     

       1
       1
       +
       { config, fetchFromGitHub, fetchFromGitLab, fetchhg, lib, pkgs }:

     

       2
       2
        
       

     

       3
       3
        
       let

     

       4
       4
        
       

     

       5
       5
        
         http_proxy_connect_module_generic = patchName: rec {

     

       6
       6
       +
           name = "http_proxy_connect";

     

       6
       7
        
           src = fetchFromGitHub {

     

       7
       8
        
             name = "http_proxy_connect_module_generic";

     

       8
       9
        
             owner = "chobits";

     
···

       10
       11
        
             rev = "96ae4e06381f821218f368ad0ba964f87cbe0266";

     

       11
       12
        
             sha256 = "1nc7z31i7x9dzp67kzgvs34hs6ps749y26wcpi3wf5mm63i803rh";

     

       12
       13
        
           };

     

       13
       13
       -
       

     

       14
       14
        
           patches = [

     

       15
       15
        
             "${src}/patch/${patchName}.patch"

     

       16
       16
        
           ];

     
···

       18
       18
        
       

     

       19
       19
        
       in

     

       20
       20
        
       

     

       21
       21
       -
       {

     

       21
       21
       +
       let self = {

     

       22
       22
        
         fastcgi-cache-purge = throw "fastcgi-cache-purge was renamed to cache-purge";

     

       23
       23
        
         ngx_aws_auth = throw "ngx_aws_auth was renamed to aws-auth";

     

       24
       24
        
       

     

       25
       25
        
         akamai-token-validate = {

     

       26
       26
       +
           name = "akamai-token-validate";

     

       26
       27
        
           src = fetchFromGitHub {

     

       27
       28
        
             name = "akamai-token-validate";

     

       28
       29
        
             owner = "kaltura";

     
···

       34
       35
        
         };

     

       35
       36
        
       

     

       36
       37
        
         auth-a2aclr = {

     

       38
       38
       +
           name = "auth-a2aclr";

     

       37
       39
        
           src = fetchFromGitLab {

     

       38
       40
        
             name = "auth-a2aclr";

     

       39
       41
        
             owner = "arpa2";

     
···

       57
       59
        
         };

     

       58
       60
        
       

     

       59
       61
        
         aws-auth = {

     

       62
       62
       +
           name = "aws-auth";

     

       60
       63
        
           src = fetchFromGitHub {

     

       61
       64
        
             name = "aws-auth";

     

       62
       65
        
             owner = "anomalizer";

     
···

       67
       70
        
         };

     

       68
       71
        
       

     

       69
       72
        
         brotli = {

     

       73
       73
       +
           name = "brotli";

     

       70
       74
        
           src = let gitsrc = pkgs.fetchFromGitHub {

     

       71
       75
        
             name = "brotli";

     

       72
       76
        
             owner = "google";

     
···

       83
       87
        
         };

     

       84
       88
        
       

     

       85
       89
        
         cache-purge = {

     

       90
       90
       +
           name = "cache-purge";

     

       86
       91
        
           src = fetchFromGitHub {

     

       87
       92
        
             name = "cache-purge";

     

       88
       93
        
             owner = "nginx-modules";

     
···

       93
       98
        
         };

     

       94
       99
        
       

     

       95
       100
        
         coolkit = {

     

       101
       101
       +
           name = "coolkit";

     

       96
       102
        
           src = fetchFromGitHub {

     

       97
       103
        
             name = "coolkit";

     

       98
       104
        
             owner = "FRiCKLE";

     
···

       103
       109
        
         };

     

       104
       110
        
       

     

       105
       111
        
         dav = {

     

       112
       112
       +
           name = "dav";

     

       106
       113
        
           src = fetchFromGitHub {

     

       107
       114
        
             name = "dav";

     

       108
       115
        
             owner = "arut";

     
···

       114
       121
        
         };

     

       115
       122
        
       

     

       116
       123
        
         develkit = {

     

       124
       124
       +
           name = "develkit";

     

       117
       125
        
           src = fetchFromGitHub {

     

       118
       126
        
             name = "develkit";

     

       119
       127
        
             owner = "vision5";

     
···

       124
       132
        
         };

     

       125
       133
        
       

     

       126
       134
        
         echo = {

     

       135
       135
       +
           name = "echo";

     

       127
       136
        
           src = fetchFromGitHub {

     

       128
       137
        
             name = "echo";

     

       129
       138
        
             owner = "openresty";

     
···

       134
       143
        
         };

     

       135
       144
        
       

     

       136
       145
        
         fancyindex = {

     

       146
       146
       +
           name = "fancyindex";

     

       137
       147
        
           src = fetchFromGitHub {

     

       138
       148
        
             name = "fancyindex";

     

       139
       149
        
             owner = "aperezdc";

     
···

       147
       157
        
         };

     

       148
       158
        
       

     

       149
       159
        
         fluentd = {

     

       160
       160
       +
           name = "fluentd";

     

       150
       161
        
           src = fetchFromGitHub {

     

       151
       162
        
             name = "fluentd";

     

       152
       163
        
             owner = "fluent";

     
···

       157
       168
        
         };

     

       158
       169
        
       

     

       159
       170
        
         geoip2 = {

     

       171
       171
       +
           name = "geoip2";

     

       160
       172
        
           src = fetchFromGitHub {

     

       161
       173
        
             name = "geoip2";

     

       162
       174
        
             owner = "leev";

     
···

       180
       192
        
         };

     

       181
       193
        
       

     

       182
       194
        
         ipscrub = {

     

       195
       195
       +
           name = "ipscrub";

     

       183
       196
        
           src = fetchFromGitHub

     

       184
       197
        
             {

     

       185
       198
        
               name = "ipscrub";

     
···

       192
       205
        
         };

     

       193
       206
        
       

     

       194
       207
        
         limit-speed = {

     

       208
       208
       +
           name = "limit-speed";

     

       195
       209
        
           src = fetchFromGitHub {

     

       196
       210
        
             name = "limit-speed";

     

       197
       211
        
             owner = "yaoweibin";

     
···

       202
       216
        
         };

     

       203
       217
        
       

     

       204
       218
        
         live = {

     

       219
       219
       +
           name = "live";

     

       205
       220
        
           src = fetchFromGitHub {

     

       206
       221
        
             name = "live";

     

       207
       222
        
             owner = "arut";

     
···

       212
       227
        
         };

     

       213
       228
        
       

     

       214
       229
        
         lua = {

     

       230
       230
       +
           name = "lua";

     

       215
       231
        
           src = fetchFromGitHub {

     

       216
       232
        
             name = "lua";

     

       217
       233
        
             owner = "openresty";

     
···

       228
       244
        
         };

     

       229
       245
        
       

     

       230
       246
        
         lua-upstream = {

     

       247
       247
       +
           name = "lua-upstream";

     

       231
       248
        
           src = fetchFromGitHub {

     

       232
       249
        
             name = "lua-upstream";

     

       233
       250
        
             owner = "openresty";

     
···

       240
       257
        
         };

     

       241
       258
        
       

     

       242
       259
        
         modsecurity = {

     

       243
       243
       -
           src = "${pkgs.modsecurity_standalone.nginx}/nginx/modsecurity";

     

       244
       244
       -
           inputs = [ pkgs.curl pkgs.apr pkgs.aprutil pkgs.apacheHttpd pkgs.yajl ];

     

       245
       245
       -
           preConfigure = ''

     

       246
       246
       -
             export NIX_CFLAGS_COMPILE="$NIX_CFLAGS_COMPILE -I${pkgs.aprutil.dev}/include/apr-1 -I${pkgs.apacheHttpd.dev}/include -I${pkgs.apr.dev}/include/apr-1 -I${pkgs.yajl}/include"

     

       247
       247
       -
           '';

     

       248
       248
       -
         };

     

       249
       249
       -
       

     

       250
       250
       -
         modsecurity-nginx = {

     

       260
       260
       +
           name = "modsecurity";

     

       251
       261
        
           src = fetchFromGitHub {

     

       252
       262
        
             name = "modsecurity-nginx";

     

       253
       263
        
             owner = "SpiderLabs";

     
···

       260
       270
        
         };

     

       261
       271
        
       

     

       262
       272
        
         moreheaders = {

     

       273
       273
       +
           name = "moreheaders";

     

       263
       274
        
           src = fetchFromGitHub {

     

       264
       275
        
             name = "moreheaders";

     

       265
       276
        
             owner = "openresty";

     
···

       270
       281
        
         };

     

       271
       282
        
       

     

       272
       283
        
         mpeg-ts = {

     

       284
       284
       +
           name = "mpeg-ts";

     

       273
       285
        
           src = fetchFromGitHub {

     

       274
       286
        
             name = "mpeg-ts";

     

       275
       287
        
             owner = "arut";

     
···

       280
       292
        
         };

     

       281
       293
        
       

     

       282
       294
        
         naxsi = {

     

       283
       283
       -
           src = fetchFromGitHub

     

       284
       284
       -
             {

     

       285
       285
       -
               name = "naxsi";

     

       286
       286
       -
               owner = "nbs-system";

     

       287
       287
       -
               repo = "naxsi";

     

       288
       288
       -
               rev = "95ac520eed2ea04098a76305fd0ad7e9158840b7";

     

       289
       289
       -
               sha256 = "0b5pnqkgg18kbw5rf2ifiq7lsx5rqmpqsql6hx5ycxjzxj6acfb3";

     

       290
       290
       -
             } + "/naxsi_src";

     

       295
       295
       +
           name = "naxsi";

     

       296
       296
       +
           src = fetchFromGitHub {

     

       297
       297
       +
             name = "naxsi";

     

       298
       298
       +
             owner = "nbs-system";

     

       299
       299
       +
             repo = "naxsi";

     

       300
       300
       +
             rev = "95ac520eed2ea04098a76305fd0ad7e9158840b7";

     

       301
       301
       +
             sha256 = "0b5pnqkgg18kbw5rf2ifiq7lsx5rqmpqsql6hx5ycxjzxj6acfb3";

     

       302
       302
       +
           } + "/naxsi_src";

     

       291
       303
        
         };

     

       292
       304
        
       

     

       293
       305
        
         njs = rec {

     

       306
       306
       +
           name = "njs";

     

       294
       307
        
           src = fetchhg {

     

       295
       308
        
             url = "https://hg.nginx.org/njs";

     

       296
       309
        
             rev = "0.7.8";

     
···

       313
       326
        
         };

     

       314
       327
        
       

     

       315
       328
        
         opentracing = {

     

       329
       329
       +
           name = "opentracing";

     

       316
       330
        
           src =

     

       317
       331
        
             let src' = fetchFromGitHub {

     

       318
       332
        
               name = "opentracing";

     
···

       353
       367
        
               '';

     

       354
       368
        
           in

     

       355
       369
        
           {

     

       370
       370
       +
             name = "pagespeed";

     

       356
       371
        
             src = ngx_pagespeed;

     

       357
       372
        
             inputs = [ pkgs.zlib pkgs.libuuid ]; # psol deps

     

       358
       373
        
             allowMemoryWriteExecute = true;

     

       359
       374
        
           };

     

       360
       375
        
       

     

       361
       376
        
         pam = {

     

       377
       377
       +
           name = "pam";

     

       362
       378
        
           src = fetchFromGitHub {

     

       363
       379
        
             name = "pam";

     

       364
       380
        
             owner = "sto";

     
···

       370
       386
        
         };

     

       371
       387
        
       

     

       372
       388
        
         pinba = {

     

       389
       389
       +
           name = "pinba";

     

       373
       390
        
           src = fetchFromGitHub {

     

       374
       391
        
             name = "pinba";

     

       375
       392
        
             owner = "tony2001";

     
···

       380
       397
        
         };

     

       381
       398
        
       

     

       382
       399
        
         push-stream = {

     

       400
       400
       +
           name = "push-stream";

     

       383
       401
        
           src = fetchFromGitHub {

     

       384
       402
        
             name = "push-stream";

     

       385
       403
        
             owner = "wandenberg";

     
···

       390
       408
        
         };

     

       391
       409
        
       

     

       392
       410
        
         rtmp = {

     

       411
       411
       +
           name = "rtmp";

     

       393
       412
        
           src = fetchFromGitHub {

     

       394
       413
        
             name = "rtmp";

     

       395
       414
        
             owner = "arut";

     
···

       400
       419
        
         };

     

       401
       420
        
       

     

       402
       421
        
         secure-token = {

     

       422
       422
       +
           name = "secure-token";

     

       403
       423
        
           src = fetchFromGitHub {

     

       404
       424
        
             name = "secure-token";

     

       405
       425
        
             owner = "kaltura";

     
···

       411
       431
        
         };

     

       412
       432
        
       

     

       413
       433
        
         set-misc = {

     

       434
       434
       +
           name = "set-misc";

     

       414
       435
        
           src = fetchFromGitHub {

     

       415
       436
        
             name = "set-misc";

     

       416
       437
        
             owner = "openresty";

     
···

       421
       442
        
         };

     

       422
       443
        
       

     

       423
       444
        
         shibboleth = {

     

       445
       445
       +
           name = "shibboleth";

     

       424
       446
        
           src = fetchFromGitHub {

     

       425
       447
        
             name = "shibboleth";

     

       426
       448
        
             owner = "nginx-shib";

     
···

       431
       453
        
         };

     

       432
       454
        
       

     

       433
       455
        
         sla = {

     

       456
       456
       +
           name = "sla";

     

       434
       457
        
           src = fetchFromGitHub {

     

       435
       458
        
             name = "sla";

     

       436
       459
        
             owner = "goldenclone";

     
···

       441
       464
        
         };

     

       442
       465
        
       

     

       443
       466
        
         slowfs-cache = {

     

       467
       467
       +
           name = "slowfs-cache";

     

       444
       468
        
           src = fetchFromGitHub {

     

       445
       469
        
             name = "slowfs-cache";

     

       446
       470
        
             owner = "FRiCKLE";

     
···

       451
       475
        
         };

     

       452
       476
        
       

     

       453
       477
        
         sorted-querystring = {

     

       478
       478
       +
           name = "sorted-querystring";

     

       454
       479
        
           src = fetchFromGitHub {

     

       455
       480
        
             name = "sorted-querystring";

     

       456
       481
        
             owner = "wandenberg";

     
···

       461
       486
        
         };

     

       462
       487
        
       

     

       463
       488
        
         spnego-http-auth = {

     

       489
       489
       +
           name = "spnego-http-auth";

     

       464
       490
        
           src = fetchFromGitHub {

     

       465
       491
        
             name = "spnego-http-auth";

     

       466
       492
        
             owner = "stnoonan";

     
···

       471
       497
        
         };

     

       472
       498
        
       

     

       473
       499
        
         statsd = {

     

       500
       500
       +
           name = "statsd";

     

       474
       501
        
           src = fetchFromGitHub {

     

       475
       502
        
             name = "statsd";

     

       476
       503
        
             owner = "harvesthq";

     
···

       481
       508
        
         };

     

       482
       509
        
       

     

       483
       510
        
         stream-sts = {

     

       511
       511
       +
           name = "stream-sts";

     

       484
       512
        
           src = fetchFromGitHub {

     

       485
       513
        
             name = "stream-sts";

     

       486
       514
        
             owner = "vozlt";

     
···

       491
       519
        
         };

     

       492
       520
        
       

     

       493
       521
        
         sts = {

     

       522
       522
       +
           name = "sts";

     

       494
       523
        
           src = fetchFromGitHub {

     

       495
       524
        
             name = "sts";

     

       496
       525
        
             owner = "vozlt";

     
···

       501
       530
        
         };

     

       502
       531
        
       

     

       503
       532
        
         subsFilter = {

     

       533
       533
       +
           name = "subsFilter";

     

       504
       534
        
           src = fetchFromGitHub {

     

       505
       535
        
             name = "subsFilter";

     

       506
       536
        
             owner = "yaoweibin";

     
···

       511
       541
        
         };

     

       512
       542
        
       

     

       513
       543
        
         sysguard = {

     

       544
       544
       +
           name = "sysguard";

     

       514
       545
        
           src = fetchFromGitHub {

     

       515
       546
        
             name = "sysguard";

     

       516
       547
        
             owner = "vozlt";

     
···

       521
       552
        
         };

     

       522
       553
        
       

     

       523
       554
        
         upload = {

     

       555
       555
       +
           name = "upload";

     

       524
       556
        
           src = fetchFromGitHub {

     

       525
       557
        
             name = "upload";

     

       526
       558
        
             owner = "fdintino";

     
···

       531
       563
        
         };

     

       532
       564
        
       

     

       533
       565
        
         upstream-check = {

     

       566
       566
       +
           name = "upstream-check";

     

       534
       567
        
           src = fetchFromGitHub {

     

       535
       568
        
             name = "upstream-check";

     

       536
       569
        
             owner = "yaoweibin";

     
···

       541
       574
        
         };

     

       542
       575
        
       

     

       543
       576
        
         upstream-tarantool = {

     

       577
       577
       +
           name = "upstream-tarantool";

     

       544
       578
        
           src = fetchFromGitHub {

     

       545
       579
        
             name = "upstream-tarantool";

     

       546
       580
        
             owner = "tarantool";

     
···

       552
       586
        
         };

     

       553
       587
        
       

     

       554
       588
        
         url = {

     

       589
       589
       +
           name = "url";

     

       555
       590
        
           src = fetchFromGitHub {

     

       556
       591
        
             name = "url";

     

       557
       592
        
             owner = "vozlt";

     
···

       562
       597
        
         };

     

       563
       598
        
       

     

       564
       599
        
         video-thumbextractor = {

     

       600
       600
       +
           name = "video-thumbextractor";

     

       565
       601
        
           src = fetchFromGitHub {

     

       566
       602
        
             name = "video-thumbextractor";

     

       567
       603
        
             owner = "wandenberg";

     
···

       573
       609
        
         };

     

       574
       610
        
       

     

       575
       611
        
         vod = {

     

       612
       612
       +
           name = "vod";

     

       576
       613
        
           src = fetchFromGitHub {

     

       577
       614
        
             name = "vod";

     

       578
       615
        
             owner = "kaltura";

     
···

       584
       621
        
         };

     

       585
       622
        
       

     

       586
       623
        
         vts = {

     

       624
       624
       +
           name = "vts";

     

       587
       625
        
           src = fetchFromGitHub {

     

       588
       626
        
             name = "vts";

     

       589
       627
        
             owner = "vozlt";

     
···

       592
       630
        
             sha256 = "sha256-x4ry5ljPeJQY+7Mp04/xYIGf22d6Nee7CSqHezdK4gQ=";

     

       593
       631
        
           };

     

       594
       632
        
         };

     

       633
       633
       +
       }; in self // lib.optionalAttrs config.allowAliases {

     

       634
       634
       +
         # deprecated or renamed packages

     

       635
       635
       +
         modsecurity-nginx = self.modsecurity;

     

       595
       636
        
       }

+1 -1

pkgs/top-level/all-packages.nix

···

       34907
       34907
        
       

     

       34908
       34908
        
         tengine = callPackage ../servers/http/tengine {

     

       34909
       34909
        
           openssl = openssl_1_1;

     

       34910
       34910
       -
           modules = with nginxModules; [ rtmp dav moreheaders modsecurity-nginx ];

     

       34910
       34910
       +
           modules = with nginxModules; [ rtmp dav moreheaders modsecurity ];

     

       34911
       34911
        
         };

     

       34912
       34912
        
       

     

       34913
       34913
        
         tennix = callPackage ../games/tennix { };