JakeHillion/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
391,308 Commits 2 Branches 0 Tags 12 GiB
afc60d017b
Commit Graph

772 Commits

Author SHA1 Message Date
Lin Jian
d1b90cf540
nixos/caddy: force caddy to reload config in ExecReload 
This patch follows an upstream commit[1].

Before this patch, if acme module is used, caddy will still use an old
cert even a new one is available. The cause is that without --force
flag, caddy will not reload an unchanged config.

Refer to that commit[1] message for more information.

[1]: 979e498d6d
 2022-06-29 10:36:24 +08:00
Winter
6c53004840 nixos/nginx: allow recommended proxy settings to be enabled per location 2022-06-12 19:52:35 -04:00
ajs124
30186896ee nixos/nginx: fix SystemCallFilter for openresty 2022-05-30 11:58:28 +02:00
Madoura
b18031c413
treewide/meta: Remove chiiruno and replace with Madouura (#169096) 
* maintainers: remove chiiruno

* nixos/zeronet.nix: replace chiiruno with Madouura

* nixos/hydron: replace chiiruno with Madouura

* nixos/tests/bcachefs: replace chiiruno with Madouura

* lutris: replace chiiruno with Madouura

* qtchan: replace chiiruno with Madouura

* tinygo: replace chiiruno with Madouura

* vlang: replace chiiruno with Madouura

* merkletools: replace chiiruno with Madouura

* easyjson: replace chiiruno with Madouura

* quicktemplate: replace chiiruno with Madouura

* statik: replace chiiruno with Madouura

* dumb: replace chiiruno with Madouura

* sndio: replace chiiruno with Madouura

* hydron: replace chiiruno with Madouura

* edid-decode-unstable: replace chiiruno with Madouura

* tewisay: replace chiiruno with Madouura

* svt-av1: replace chiiruno with Madouura
 2022-04-18 02:13:36 +03:00
Izorkin
e87240e216 nixos/nginx: add extraParameters to http3 protocol 2022-04-11 22:33:12 +02:00
Izorkin
c508da303b nixos/nginx: add reuseport option 2022-04-11 22:33:12 +02:00
Izorkin
660a36f173 nixos/nginx: fix http3 configuration 2022-04-11 22:33:12 +02:00
Dominique Martinet
b0a04e4105 nginx/logrotate: run logrotate as nginx user 2022-04-01 07:09:27 +09:00
Dominique Martinet
e92c05349c nixos/logrotate: convert to freeform 
using freeform is the new standard way of using modules and should replace
extraConfig.
In particular, this will allow us to place a condition on mails
 2022-04-01 07:09:26 +09:00
Sander van der Burg
43543a6bbc
Merge pull request #163716 from svanderburg/fixtomcat 
nixos/tomcat: configure default group and fix broken default package …
 2022-03-13 21:43:45 +01:00
Sander van der Burg
d12186a601 nixos/tomcat: configure default group and fix broken default package reference 
Without this fix, evaluating a NixOS configuration with Tomcat enabled and the
default settings results in the following evaluation error:

Failed assertions:
- users.users.tomcat.group is unset. This used to default to
nogroup, but this is unsafe. For example you can create a group
for this user with:
users.users.tomcat.group = "tomcat";
users.groups.tomcat = {};
 2022-03-13 14:00:09 +01:00
Luke Granger-Brown
3004e58f6a nixos/pomerium: avoid blocking when renewing ACME certificates 2022-03-11 14:09:19 +00:00
Izorkin
b672e4dd2c
nginxModules: add option disableIPC 
The disableIPC option is required to checking enabled nginxModules
and disable the SystemCallFilter IPC filter.
 2022-03-08 14:37:11 +03:00
Janne Heß
e5823f77b3
Merge pull request #159187 from martinetd/logrotate 
logrotate service enhancements
 2022-02-23 11:24:17 +01:00
Sandro
5a57844cf6
Merge pull request #158592 from SuperSandro2000/nginx-nixos 2022-02-20 16:32:09 +01:00
Sandro
a6d259faf3
Merge pull request #141650 from 06kellyjac/agate 2022-02-16 00:56:27 +01:00
Dominique Martinet
c7618fbd9b nginx: add logrotate rule for nginx logs 2022-02-11 21:07:37 +09:00
ajs124
3ecddf791d nixos/shellinabox: drop 2022-02-08 18:59:47 -05:00
Sandro Jäckel
ae66e2d5ec
treewide: use configured nginx package 2022-02-08 12:13:30 +01:00
06kellyjac
0a6d22c6c3 nixos/agate: init 2022-02-07 16:03:44 +00:00
Jörg Thalheim
fd382c011a
Merge branch 'master' into nginx 2022-01-31 05:44:42 +01:00
Jörg Thalheim
26ea046ed7
Update nixos/modules/services/web-servers/nginx/default.nix 2022-01-31 05:43:53 +01:00
Daniel Olsen
ab7e6995ac nixos/nginx: Add defaultListenAddresses option 
Lets you specify the default listen address if none are listed in the vhost configuration.

Useful for hosts with more than one ip
 2022-01-24 02:20:30 +01:00
Martin Weinelt
f0f67400bc
Merge pull request #153942 from winterqt/acme-web-server-ownership-assertions 2022-01-11 15:03:43 +01:00
Nikolay Amiantov
e8daaa85d4
Merge pull request #153589 from abbradar/uwsgi-fixes 
uWSGI configuration generation fixes
 2022-01-09 09:49:05 +03:00
Winter
b52607f43b nixos/acme: ensure web servers using certs can access them 2022-01-08 15:05:34 -05:00
Aaron Andersen
45477f7ce5 nixos/caddy: add globalConfig option 2022-01-06 09:25:58 -05:00
Nikolay Amiantov
2be5e93ecc uwsgi service: deduplicate plugins list 
Duplicates can lead to unnecessary `uwsgi` rebuilds and conflicts.
 2022-01-05 14:18:59 +03:00
Nikolay Amiantov
4be78f0dd3 uwsgi service: redefine PATH envvar 
Previously if user had `PATH` variable set we would define several
`PATH` variables and trigger a conflict.
 2022-01-05 14:18:59 +03:00
Naïm Favier
ec150abd1a
Revert "nixos/nginx: disable rejectSSL activation when https is disabled" 
This reverts commit 2f66ac01e9.
 2022-01-02 21:01:29 +01:00
Lucas Savva
377c6bcefc
nixos/acme: Add defaults and inheritDefaults option 
Allows configuring many default settings for certificates,
all of which can still be overridden on a per-cert basis.
Some options have been moved into .defaults from security.acme,
namely email, server, validMinDays and renewInterval. These
changes will not break existing configurations thanks to
mkChangedOptionModule.

With this, it is also now possible to configure DNS-01 with
web servers whose virtualHosts utilise enableACME. The only
requirement is you set `acmeRoot = null` for each vhost.

The test suite has been revamped to cover these additions
and also to generally make it easier to maintain. Test config
for apache and nginx has been fully standardised, and it
is now much easier to add a new web server if it follows
the same configuration patterns as those two. I have also
optimised the use of switch-to-configuration which should
speed up testing.
 2021-12-26 16:44:10 +00:00
Aaron Andersen
baa0e61569
Merge pull request #147973 from aanderse/nixos/caddy 
nixos/caddy: introduce several new options
 2021-12-25 17:01:54 -05:00
7c6f434c
b0f154fd44
Merge pull request #147027 from Izorkin/update-nginx-ktls 
nginxMainline: enable ktls support
 2021-12-24 10:23:17 +00:00
Aaron Andersen
81a67a3353 nixos/caddy: introduce several new options 2021-12-20 20:00:42 -05:00
Graham Christensen
06edb74413
Merge pull request #148785 from pennae/more-option-doc-staticizing 
treewide: more defaultText for options
 2021-12-17 11:14:08 -05:00
pennae
2d564521c0 treewide: add literalDocBook text to options with complex defaults 
some options have default that are best described in prose, such as
defaults that depend on the system stateVersion, defaults that are
derivations specific to the surrounding context, or those where the
expression is much longer and harder to understand than a simple text
snippet.
 2021-12-09 01:38:24 +01:00
Sandro
e1f9dbf673
Merge pull request #139815 from ncfavier/fastcgiParams-path 2021-12-07 20:38:55 +01:00
Jörg Thalheim
8a5777dcf6 nixos/nginx: fix mincore filtering 
Mincore is a syscall, not a group.
 2021-12-05 12:04:20 +01:00
pennae
3e9c5fc8ca nixos/*: escape config reference in examples and descriptions 2021-12-02 22:35:05 +01:00
pennae
2512455639 nixos/*: add trivial defaultText for options with simple defaults 2021-12-02 22:35:04 +01:00
Sandro
06811e74f3
Merge pull request #146533 from SuperSandro2000/nginx 2021-11-30 21:16:09 +01:00
Aaron Andersen
a4977db2e8
caddy: include and utilize systemd service from upstream (#147305) 2021-11-29 23:16:25 +09:00
Izorkin
2f66ac01e9
nixos/nginx: disable rejectSSL activation when https is disabled 2021-11-27 09:39:57 +03:00
Izorkin
7376f4e34f
nixos/nginx: tengine requires allowing @ipc calls 2021-11-27 09:39:57 +03:00
Izorkin
78546bbbc5
nixos/nginx: add kTLS option 2021-11-27 09:39:57 +03:00
Sandro
9cb930ff68
nixos/nginx: fix start when recommendedOptimisation is off 
Also done by other distros for example Fedora https://bodhi.fedoraproject.org/updates/FEDORA-2020-78690e2cdd
 2021-11-18 21:47:12 +01:00
ajs124
c408cd921f nixos/nginx: fix SystemCallFilter after 1fc113f0df 2021-11-16 17:30:57 +01:00
Sandro Jäckel
8547db919a
treewide: switch `builtins.fromJSON(builtins.readFile ./file.json)` to lib.importJSON ./file.json 2021-11-03 14:43:52 +01:00
Bruno Bigras
2ceae2db61 nixos/nginx: disable MemoryDenyWriteExecute for pkgs.openresty 
fix #140655

Co-authored-by: Yurii Izorkin <izorkin@elven.pw>
 2021-10-12 16:28:53 -04:00
ajs124
e3ac5e1502 nixos/varnish: add enableConfigCheck 2021-10-06 22:05:46 +02:00