commit 77d6fd36cfd50d2dd8363e18cc545628ca71055b · pyrox.dev/nixpkgs

nixos/doc/manual/release-notes/rl-2305.section.md

···

       187
        
       

     

       188
        
       - [services.xserver.videoDrivers](options.html#opt-services.xserver.videoDrivers) now defaults to the `modesetting` driver over device-specific ones. The `radeon`, `amdgpu` and `nouveau` drivers are still available, but effectively unmaintained and not recommended for use.

     

       189
        
       

     

       0
        
       
     

       0
        
       
     

       190
        
       - conntrack helper autodetection has been removed from kernels 6.0 and up upstream, and an assertion was added to ensure things don't silently stop working. Migrate your configuration to assign helpers explicitly or use an older LTS kernel branch as a temporary workaround.

     

       191
        
       

     

       192
        
       - The `services.pipewire.config` options have been removed, as they have basically never worked correctly. All behavior defined by the default configuration can be overridden with drop-in files as necessary - see [below](#sec-release-23.05-migration-pipewire) for details.

···

       187
        
       

     

       188
        
       - [services.xserver.videoDrivers](options.html#opt-services.xserver.videoDrivers) now defaults to the `modesetting` driver over device-specific ones. The `radeon`, `amdgpu` and `nouveau` drivers are still available, but effectively unmaintained and not recommended for use.

     

       189
        
       

     

       190
       +
       - To enable the HTTP3 (QUIC) protocol for a nginx virtual host, set the `quic` attribute on it to true, e.g. `services.nginx.virtualHosts.<name>.quic = true;`.

     

       191
       +
       

     

       192
        
       - conntrack helper autodetection has been removed from kernels 6.0 and up upstream, and an assertion was added to ensure things don't silently stop working. Migrate your configuration to assign helpers explicitly or use an older LTS kernel branch as a temporary workaround.

     

       193
        
       

     

       194
        
       - The `services.pipewire.config` options have been removed, as they have basically never worked correctly. All behavior defined by the default configuration can be overridden with drop-in files as necessary - see [below](#sec-release-23.05-migration-pipewire) for details.

+22 -6

nixos/modules/services/web-servers/nginx/default.nix

···

       311
        
                   else defaultListen;

     

       312
        
       

     

       313
        
               listenString = { addr, port, ssl, extraParameters ? [], ... }:

     

       314
       -
                 (if ssl && vhost.http3 then "

     

       315
       -
                 # UDP listener for **QUIC+HTTP/3

     

       316
       -
                 listen ${addr}:${toString port} http3 "

     

       317
        
                 + optionalString vhost.default "default_server "

     

       318
        
                 + optionalString vhost.reuseport "reuseport "

     

       319
       -
                 + optionalString (extraParameters != []) (concatStringsSep " " extraParameters)

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       320
        
                 + ";" else "")

     

       321
        
                 + "

     

       322
        
       

     
···

       363
        
               server {

     

       364
        
                 ${concatMapStringsSep "\n" listenString hostListen}

     

       365
        
                 server_name ${vhost.serverName} ${concatStringsSep " " vhost.serverAliases};

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       366
        
                 ${acmeLocation}

     

       367
        
                 ${optionalString (vhost.root != null) "root ${vhost.root};"}

     

       368
        
                 ${optionalString (vhost.globalRedirect != null) ''

     
···

       384
        
                   ssl_conf_command Options KTLS;

     

       385
        
                 ''}

     

       386
        
       

     

       387
       -
                 ${optionalString (hasSSL && vhost.http3) ''

     

       388
        
                   # Advertise that HTTP/3 is available

     

       389
       -
                   add_header Alt-Svc 'h3=":443"; ma=86400' always;

     

       0
        
       
     

       390
        
                 ''}

     

       391
        
       

     

       392
        
                 ${mkBasicAuth vhostName vhost}

     
···

       1025
        
               message = ''

     

       1026
        
                 Options services.nginx.service.virtualHosts.<name>.enableACME and

     

       1027
        
                 services.nginx.virtualHosts.<name>.useACMEHost are mutually exclusive.

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       1028
        
               '';

     

       1029
        
             }

     

       1030
        
           ] ++ map (name: mkCertOwnershipAssertion {

···

       311
        
                   else defaultListen;

     

       312
        
       

     

       313
        
               listenString = { addr, port, ssl, extraParameters ? [], ... }:

     

       314
       +
                 # UDP listener for QUIC transport protocol.

     

       315
       +
                 (if ssl && vhost.quic then "

     

       316
       +
                   listen ${addr}:${toString port} quic "

     

       317
        
                 + optionalString vhost.default "default_server "

     

       318
        
                 + optionalString vhost.reuseport "reuseport "

     

       319
       +
                 + optionalString (extraParameters != []) (concatStringsSep " " (

     

       320
       +
                   let inCompatibleParameters = [ "ssl" "proxy_protocol" "http2" ];

     

       321
       +
                       isCompatibleParameter = param: !(any (p: p == param) inCompatibleParameters);

     

       322
       +
                   in filter isCompatibleParameter extraParameters))

     

       323
        
                 + ";" else "")

     

       324
        
                 + "

     

       325
        
       

     
···

       366
        
               server {

     

       367
        
                 ${concatMapStringsSep "\n" listenString hostListen}

     

       368
        
                 server_name ${vhost.serverName} ${concatStringsSep " " vhost.serverAliases};

     

       369
       +
                 ${optionalString (hasSSL && vhost.quic) ''

     

       370
       +
                   http3 ${if vhost.http3 then "on" else "off"};

     

       371
       +
                   http3_hq ${if vhost.http3_hq then "on" else "off"};

     

       372
       +
                 ''}

     

       373
        
                 ${acmeLocation}

     

       374
        
                 ${optionalString (vhost.root != null) "root ${vhost.root};"}

     

       375
        
                 ${optionalString (vhost.globalRedirect != null) ''

     
···

       391
        
                   ssl_conf_command Options KTLS;

     

       392
        
                 ''}

     

       393
        
       

     

       394
       +
                 ${optionalString (hasSSL && vhost.quic && vhost.http3)

     

       395
        
                   # Advertise that HTTP/3 is available

     

       396
       +
                 ''

     

       397
       +
                   add_header Alt-Svc 'h3=":$server_port"; ma=86400';

     

       398
        
                 ''}

     

       399
        
       

     

       400
        
                 ${mkBasicAuth vhostName vhost}

     
···

       1033
        
               message = ''

     

       1034
        
                 Options services.nginx.service.virtualHosts.<name>.enableACME and

     

       1035
        
                 services.nginx.virtualHosts.<name>.useACMEHost are mutually exclusive.

     

       1036
       +
               '';

     

       1037
       +
             }

     

       1038
       +
       

     

       1039
       +
             {

     

       1040
       +
               assertion = cfg.package.pname != "nginxQuic" -> all (host: !host.quic) (attrValues virtualHosts);

     

       1041
       +
               message = ''

     

       1042
       +
                 services.nginx.service.virtualHosts.<name>.quic requires using nginxQuic package,

     

       1043
       +
                 which can be achieved by setting `services.nginx.package = pkgs.nginxQuic;`.

     

       1044
        
               '';

     

       1045
        
             }

     

       1046
        
           ] ++ map (name: mkCertOwnershipAssertion {

+35 -5

nixos/modules/services/web-servers/nginx/vhost-options.nix

···

       188
        
             type = types.bool;

     

       189
        
             default = true;

     

       190
        
             description = lib.mdDoc ''

     

       191
       -
               Whether to enable HTTP 2.

     

       192
        
               Note that (as of writing) due to nginx's implementation, to disable

     

       193
       -
               HTTP 2 you have to disable it on all vhosts that use a given

     

       194
        
               IP address / port.

     

       195
       -
               If there is one server block configured to enable http2,then it is

     

       196
        
               enabled for all server blocks on this IP.

     

       197
        
               See https://stackoverflow.com/a/39466948/263061.

     

       198
        
             '';

     
···

       200
        
       

     

       201
        
           http3 = mkOption {

     

       202
        
             type = types.bool;

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       203
        
             default = false;

     

       204
        
             description = lib.mdDoc ''

     

       205
       -
               Whether to enable HTTP 3.

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       206
        
               This requires using `pkgs.nginxQuic` package

     

       207
        
               which can be achieved by setting `services.nginx.package = pkgs.nginxQuic;`.

     

       208
       -
               Note that HTTP 3 support is experimental and

     

       209
        
               *not* yet recommended for production.

     

       210
        
               Read more at https://quic.nginx.org/

     

       211
        
             '';

···

       188
        
             type = types.bool;

     

       189
        
             default = true;

     

       190
        
             description = lib.mdDoc ''

     

       191
       +
               Whether to enable the HTTP/2 protocol.

     

       192
        
               Note that (as of writing) due to nginx's implementation, to disable

     

       193
       +
               HTTP/2 you have to disable it on all vhosts that use a given

     

       194
        
               IP address / port.

     

       195
       +
               If there is one server block configured to enable http2, then it is

     

       196
        
               enabled for all server blocks on this IP.

     

       197
        
               See https://stackoverflow.com/a/39466948/263061.

     

       198
        
             '';

     
···

       200
        
       

     

       201
        
           http3 = mkOption {

     

       202
        
             type = types.bool;

     

       203
       +
             default = true;

     

       204
       +
             description = lib.mdDoc ''

     

       205
       +
               Whether to enable the HTTP/3 protocol.

     

       206
       +
               This requires using `pkgs.nginxQuic` package

     

       207
       +
               which can be achieved by setting `services.nginx.package = pkgs.nginxQuic;`

     

       208
       +
               and activate the QUIC transport protocol

     

       209
       +
               `services.nginx.virtualHosts.<name>.quic = true;`.

     

       210
       +
               Note that HTTP/3 support is experimental and

     

       211
       +
               *not* yet recommended for production.

     

       212
       +
               Read more at https://quic.nginx.org/

     

       213
       +
             '';

     

       214
       +
           };

     

       215
       +
       

     

       216
       +
           http3_hq = mkOption {

     

       217
       +
             type = types.bool;

     

       218
        
             default = false;

     

       219
        
             description = lib.mdDoc ''

     

       220
       +
               Whether to enable the HTTP/0.9 protocol negotiation used in QUIC interoperability tests.

     

       221
       +
               This requires using `pkgs.nginxQuic` package

     

       222
       +
               which can be achieved by setting `services.nginx.package = pkgs.nginxQuic;`

     

       223
       +
               and activate the QUIC transport protocol

     

       224
       +
               `services.nginx.virtualHosts.<name>.quic = true;`.

     

       225
       +
               Note that special application protocol support is experimental and

     

       226
       +
               *not* yet recommended for production.

     

       227
       +
               Read more at https://quic.nginx.org/

     

       228
       +
             '';

     

       229
       +
           };

     

       230
       +
       

     

       231
       +
           quic = mkOption {

     

       232
       +
             type = types.bool;

     

       233
       +
             default = false;

     

       234
       +
             description = lib.mdDoc ''

     

       235
       +
               Whether to enable the QUIC transport protocol.

     

       236
        
               This requires using `pkgs.nginxQuic` package

     

       237
        
               which can be achieved by setting `services.nginx.package = pkgs.nginxQuic;`.

     

       238
       +
               Note that QUIC support is experimental and

     

       239
        
               *not* yet recommended for production.

     

       240
        
               Read more at https://quic.nginx.org/

     

       241
        
             '';