JakeHillion/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
191,956 Commits 2 Branches 0 Tags 13 GiB
3722f1d20e
Commit Graph

81 Commits

Author SHA1 Message Date
Maximilian Bosch
56a7bc05e1
nixos/treewide: drop dependencies to keys.target 
The `keys.target` is used to indicate whether all NixOps keys were
successfully uploaded on an unattended reboot. However this can cause
startup issues e.g. with NixOS containers (see #67265) and can block
boots even though this might not be needed (e.g. with a dovecot2
instance running that doesn't need any of the NixOps keys).

As described in the NixOps manual[1], dependencies to keys should be
defined like this now:

``` nix
{
  systemd.services.myservice = {
    after = [ "secret-key.service" ];
    wants = [ "secret-key.service" ];
  };
}
```

However I'd leave the issue open until it's discussed whether or not to
keep `keys.target` in `nixpkgs`.

[1] https://nixos.org/nixops/manual/#idm140737322342384
 2019-08-27 18:55:55 +02:00
Aaron Andersen
5596b69771 nixos/httpd: remove duplicate module entries from httpd.conf 2019-07-26 17:51:06 -04:00
Aaron Andersen
9b970d07f3 nixos/httpd: drop postgresql reference 2019-07-20 18:36:24 -04:00
Aaron Andersen
0fd69629c7 nixos/httpd: mark extraSubservices option as deprecated 2019-07-20 18:36:19 -04:00
Aaron Andersen
505df09d50 nixos/httpd: drop the port option 2019-07-20 18:29:46 -04:00
Aaron Andersen
fae95c2c82
Merge pull request #60021 from aanderse/httpd-cleanup 
nixos/httpd: cleanup old apache2.2 syntax
 2019-06-06 06:46:05 -04:00
Daniel Schaefer
786f02f7a4 treewide: Remove usage of isNull 
isNull "is deprecated; just write e == null instead" says the Nix manual
 2019-04-29 14:05:50 +02:00
Aaron Andersen
e5b583bef4 nixos/httpd: cleanup old apache2.2 syntax 2019-04-20 07:32:55 -04:00
Aaron Andersen
9c9a6f380e nixos/httpd: replace ssmtp with system-sendmail 2019-04-06 06:34:46 -04:00
Symphorien Gibol
a915b33315 nixos: add preferLocalBuild=true; on derivations for config files 2019-02-22 20:11:27 +01:00
aanderse
a9358c4356 nixos/httpd: update documentation to reflect changes from https://github.com/NixOS/nixpkgs/pull/54529 (#56079) 2019-02-20 14:43:25 +02:00
Aaron Andersen
1bec75301b nixos/httpd: don't advertise php 2019-02-07 14:25:55 -05:00
Aaron Andersen
70be5b6bb2 nixos/httpd: disable HTTP TRACE method by default 2019-02-07 14:13:45 -05:00
Aaron Andersen
dd610ce84f nixos/httpd: disable TLSv1 by default for better security 2019-02-07 14:05:44 -05:00
aanderse
c6cd07707b nixos/httpd: rename apache log files to have a .log file extension (#54529) 
nixos/httpd: rename apache log files to have a .log file extension
 2019-01-31 04:04:58 +02:00
Aaron Andersen
fd5a88687c nixos/httpd: add options sslCiphers & sslProtocols 2019-01-09 11:30:19 -05:00
volth
87f5930c3f [bot]: remove unreferenced code 2018-07-20 18:48:37 +00:00
Silvan Mosberger
b9c95c7d60
httpd: Fix typo 2018-07-13 02:59:00 +02:00
Florian Klink
fff5923686 nixos/modules: users.(extraUsers|extraGroup->users|group) 2018-06-30 03:02:58 +02:00
Bas van Dijk
527781ebc4 apache-httpd: fix nix evaluation error 
This only sets the timezone when it's not null to prevent:

  error: cannot coerce null to a string, at
  nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix:676:7
 2017-10-31 17:33:54 +01:00
Ekaterina Vaartis
c0df448d54 apache-httpd: fix mod_perl by refering to apacheHttpdPackages (#26579) 2017-06-15 13:07:14 +02:00
Joachim Schiele
d491728653 httpd: added serviceExpression which extends the serviceType concept -> allows that httpd services can live outside of nixpkgs (#22269) 2017-02-06 01:08:58 +01:00
Dan Peebles
df7b4f4f6f httpd module: don't create documentRoot directory if it doesn't exist 
It hides bugs and do you ever actually want to serve up an empty directory?
It was pretty confusing to me when it tried to write into a read-only store
path because I accidentally pointed it to the wrong store path.
 2017-01-05 21:19:16 -05:00
Rok Garbas
e6fa6b21e1 apacheHttpdPackages.mod_perl: init at 2.0.10 2016-12-22 13:36:44 +01:00
Marc Weber
b51f165334 apache-httpd 
* Introduce listen = [ { ip = "*"; port = 443; } ]; configuartion.
* deprecated port = 443 option which is no longer needed
 2016-11-12 15:35:38 +01:00
Eric Sagnes
ff074ec7a4 apache-httpd: add phpPackage option 2016-06-22 21:24:25 +09:00
Kranium Gikos Mendoza
25fbac5b52 mod_auth_mellon: init at 0.12.0 2016-05-23 02:02:25 +08:00
Eric Sagnes
a8bc5b67f8 php: add default php.ini 2016-04-29 15:26:20 +09:00
Vladimír Čunát
30f14243c3 Merge branch 'master' into closure-size 
Comparison to master evaluations on Hydra:
  - 1255515 for nixos
  - 1255502 for nixpkgs
 2016-04-10 11:17:52 +02:00
Eelco Dolstra
133e6e1ea6 httpd.service: Support reload 
This is useful when ACME has generated a new TLS certificate.
 2016-04-07 17:53:46 +02:00
Vladimír Čunát
c801cd1a04 php: fixup build when configured with httpd via nixos 2016-03-11 11:54:53 +01:00
Vladimír Čunát
09af15654f Merge master into closure-size 
The kde-5 stuff still didn't merge well.
I hand-fixed what I saw, but there may be more problems.
 2016-03-08 09:58:19 +01:00
Eelco Dolstra
f3d94cfc23 Revert "Add the tool "nixos-typecheck" that can check an option declaration to:" 
This reverts commit cad8957eab. It
breaks NixOps, but more importantly, such major changes to the module
system really need to be reviewed.
 2016-03-01 20:52:06 +01:00
Thomas Strobel
cad8957eab Add the tool "nixos-typecheck" that can check an option declaration to: 
- Enforce that an option declaration has a "defaultText" if and only if the
   type of the option derives from "package", "packageSet" or "nixpkgsConfig"
   and if a "default" attribute is defined.

 - Enforce that the value of the "example" attribute is wrapped with "literalExample"
   if the type of the option derives from "package", "packageSet" or "nixpkgsConfig".

 - Warn if a "defaultText" is defined in an option declaration if the type of
   the option does not derive from "package", "packageSet" or "nixpkgsConfig".

 - Warn if no "type" is defined in an option declaration.
 2016-02-29 01:09:00 +01:00
zimbatm
a7715e3e06 Merge pull request #10231 from zimbatm/apache-intermediate-ssl 
apache-httpd: adopt mozilla's SSL configuration recommendation
 2016-02-20 19:14:51 +00:00
Vladimír Čunát
716aac2519 Merge branch 'staging' into closure-size 2016-01-19 09:55:31 +01:00
Thomas Strobel
a04a7272aa Add missing 'type', 'defaultText' and 'literalExample' in module definitions 
- add missing types in module definitions
- add missing 'defaultText' in module definitions
- wrap example with 'literalExample' where necessary in module definitions
 2016-01-17 19:41:23 +01:00
Tuomas Tynkkynen
58dfef2792 treewide: Fix references to apacheHttpd_2_* 2015-10-28 10:23:03 +01:00
zimbatm
f5f039eeb4 apache-httpd: harden default SSL cipher list 
A couple of tweaks on the SSL cipher list.

Disabled RC4 which is now considered broken.
https://community.qualys.com/blogs/securitylabs/2013/03/19/rc4-in-tls-is-broken-now-what

Enabled Forward Secrecy for modern browsers.
https://en.wikipedia.org/wiki/Forward_secrecy

Without the change, NixOS servers are capped at Grade B on
https://www.ssllabs.com/ssltest/index.html
 2015-10-05 17:19:53 +01:00
Eelco Dolstra
9d82f7e53e Revert "Apache service module: allow compression" 
This reverts commit 164f6ff2a8 per
https://github.com/NixOS/nixpkgs/pull/9407#issuecomment-134523359
(it's too site-specific). Furthermore this should be an option at the
virtual host level.
 2015-08-28 12:41:06 +02:00
Wout Mertens
164f6ff2a8 Apache service module: allow compression 2015-08-23 15:13:52 +02:00
Eelco Dolstra
9fa19cfcea apache-httpd: Don't set default content encodings 
In general, you don't want a .tar.gz file to be served with
"Content-Encoding: x-gzip", because this causes browsers (like Chrome
or "curl --compressed") to decompress the file on the fly. So you end
up with a .tar rather than .tar.gz file, which is unexpected.

If people want such encodings, they should set them in their own NixOS
configuration.
 2015-07-07 12:12:49 +02:00
Peter Feigl
e5b3918f85 apache-httpd: adding support for sslServerChain 2015-04-13 15:41:10 +02:00
Eelco Dolstra
8cb3e3b864 httpd: Disable insecure protocols/ciphers by default 
This makes us resistant to FREAK and similar attacks.
 2015-03-09 14:18:12 +01:00
Matej Cotman
6630e3e4fe apache-httpd: add restartSec option 2015-01-21 22:49:22 +01:00
Eelco Dolstra
cfe26e4438 Fix using Apache httpd 2.2 2014-12-15 13:13:17 +01:00
Longrin Wischnewski
490232bd2e apache-httpd: add mod_access_compat for compatibility with old httpd-22 configurations 2014-11-12 13:18:02 +01:00
Rickard Nilsson
2b3c3d0e32 Fixes to Apache 2.4 configuration 2014-11-06 21:58:40 +01:00
Eelco Dolstra
b3eb981a95 apache-httpd: Make 2.4 the default 
The NixOS 14.11 release is a good time to finally make 2.4 the
default.
 2014-11-06 14:55:44 +01:00
Eelco Dolstra
0de982d75b httpd: Add option for specifying robots.txt 2014-09-18 19:05:26 +02:00