JakeHillion/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
262,504 Commits 2 Branches 0 Tags 13 GiB
ee12216b9b
Commit Graph

642 Commits

Author SHA1 Message Date
Andreas Rammhold
768336a74b
Merge pull request #56233 from jtojnar/nginx-tlsv13 
nixos/nginx: Enable TLS 1.3 support
 2019-03-03 14:19:38 +01:00
Jan Tojnar
f93ff28c62 nixos/nginx: Enable TLS 1.3 support 2019-02-25 16:47:19 +01:00
Izorkin
569248b3c2 nginx: fix formating the config file 2019-02-24 19:50:58 +03:00
Izorkin
0394b177c7 nginx: formating the config file 2019-02-24 10:17:11 +03:00
Symphorien Gibol
a915b33315 nixos: add preferLocalBuild=true; on derivations for config files 2019-02-22 20:11:27 +01:00
aanderse
a9358c4356 nixos/httpd: update documentation to reflect changes from https://github.com/NixOS/nixpkgs/pull/54529 (#56079) 2019-02-20 14:43:25 +02:00
Silvan Mosberger
a3f85f0dc0
Merge pull request #55410 from aanderse/apache-defaults 
nixos/httpd: improve security in configuration file
 2019-02-18 03:27:18 +01:00
Aaron Andersen
5eef3590ae nixos/phpfpm: allow configuring php.ini files per-pool 2019-02-13 19:58:02 -05:00
Aaron Andersen
1bec75301b nixos/httpd: don't advertise php 2019-02-07 14:25:55 -05:00
Aaron Andersen
70be5b6bb2 nixos/httpd: disable HTTP TRACE method by default 2019-02-07 14:13:45 -05:00
Aaron Andersen
dd610ce84f nixos/httpd: disable TLSv1 by default for better security 2019-02-07 14:05:44 -05:00
aanderse
c6cd07707b nixos/httpd: rename apache log files to have a .log file extension (#54529) 
nixos/httpd: rename apache log files to have a .log file extension
 2019-01-31 04:04:58 +02:00
John Wiegley
0305c55888
Merge pull request #53702 from aanderse/apache-ssl-opt 
nixos/httpd: add options sslCiphers & sslProtocols
 2019-01-23 19:27:17 -08:00
Wout Mertens
e445eabbe8
Merge pull request #41440 from wmertens/php-per-pool 
phpfpm: allow configuring PHP package per-pool
 2019-01-21 08:35:49 +01:00
Aaron Andersen
fd5a88687c nixos/httpd: add options sslCiphers & sslProtocols 2019-01-09 11:30:19 -05:00
Bas van Dijk
6ac10cd764
Merge pull request #53399 from LumiGuide/feat-wordpress-copy-plugins 
apache-httpd/wordpress: copy plugins and themes instead of symlinking
 2019-01-07 13:41:29 +01:00
Falco Peijnenburg
9d2c9157d7 nixos/apache-httpd/wordpress: copy plugins and themes instead of symlinking 
Symlinking works for most plugins and themes, but Avada, for instance, fails to
understand the symlink, causing its file path stripping to fail. This results in
requests that look like:

https://example.com/wp-content//nix/store/...plugin/path/some-file.js

Since hard linking directories is not allowed, copying is the next best thing.
 2019-01-06 17:51:31 +01:00
volth
fed7914539
Merge branch 'staging' into make-perl-pathd 2018-12-18 17:13:27 +00:00
Florian Klink
91c65721f7 owncloud: remove server 
pkgs.owncloud still pointed to owncloud 7.0.15 (from May 13 2016)

Last owncloud server update in nixpkgs was in Jun 2016.
At the same time Nextcloud forked away from it, indicating users
switched over to that.

cc @matej (original maintainer)
 2018-12-16 15:05:53 +01:00
Florian Klink
50500219af apache-httpd/limesurvey.nix: fix copypasta from owncloud 2018-12-16 15:05:53 +01:00
volth
bb9557eb7c lib.makePerlPath -> perlPackages.makePerlPath 2018-12-15 03:50:31 +00:00
Jappie Klooster
e576c3b385 doc: Fix insecure nginx docs (#51840) 2018-12-11 11:02:56 +00:00
Red Davies
4173b845ca mediawiki: 1.29.1 -> 1.31.1 
1.29.1 is out of support and has security vulnerabilities. 1.31.1 is current LTS.
 2018-12-03 21:04:08 +00:00
c0bw3b
5e4ceba7bf nixos/mediawiki: fetch over https 2018-11-24 23:18:26 +01:00
Pavel Goran
a57bbf4e63 nixos/tomcat: add purifyOnStart option 
With this option enabled, before creating file/directories/symlinks in baseDir
according to configuration, old occurences of them are removed.

This prevents remainders of an old configuration (libraries, webapps, you name
it) from persisting after activating a new configuration.
 2018-10-29 18:26:22 +07:00
Wout Mertens
69936b5655 phpfpm: allow configuring PHP package per-pool 
props to @4levels
 2018-10-26 16:11:07 +01:00
Izorkin
af8ae49395 nginx: add custom options 2018-10-23 21:04:07 +03:00
Michael Raskin
3491dd06a1
Merge pull request #47224 from pvgoran/tomcat-virtualhost-aliases 
nixos/tomcat: add aliases sub-option for virtual hosts
 2018-10-21 07:54:52 +00:00
Franz Pletz
ebd38185c8 nixos/nextcloud: init 
Co-authored-by: Franz Pletz <fpletz@fnordicwalking.de>
Co-authored-by: Robin Gloster <mail@glob.in>
Co-authored-by: Janne Heß <janne@hess.ooo>
Co-authored-by: Florian Klink <flokli@flokli.de>
 2018-10-01 02:07:43 +09:30
Pavel Goran
5e16e671ea nixos/tomcat: add aliases sub-option for virtual hosts 2018-09-23 21:49:17 +07:00
Uli Baum
15e6e1ff6f nixos/nginx: fix type of sslTrustedCertificate option 
The option was added in 1251b34b5b
with type `types.path` but default `null`, so eval failed with
the default setting. This broke the acme and certmgr tests.

cc: @vincentbernat @fpletz
 2018-09-02 01:35:59 +02:00
Vincent Bernat
1251b34b5b nixos/nginx: ensure TLS OCSP stapling works out of the box with LE 
The recommended TLS configuration comes with `ssl_stapling on` and
`ssl_stapling_verify on`. However, this last directive also requires
the use of `ssl_trusted_certificate` to verify the received answer.
When using `enableACME` or similar, we can help the user by providing
the correct value for the directive.

The result can be tested with:

    openssl s_client -connect web.example.com:443 -status 2> /dev/null

Without OCSP stapling, we get:

    OCSP response: no response sent

After this change, we get:

    OCSP Response Data:
        OCSP Response Status: successful (0x0)
        Response Type: Basic OCSP Response
        Version: 1 (0x0)
        Responder Id: C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
        Produced At: Aug 30 20:46:00 2018 GMT
 2018-08-30 22:47:41 +02:00
Vincent Bernat
bd075eb914 nginx: add more gzipped MIME types 
The additions are:

 - image/svg+xml for SVG images
 - application/atom+xml for Atom feeds

These types are also present in mime.types. For better readability,
the list is sorted and formatted with one type per line.
 2018-08-26 21:48:55 +02:00
Vincent Bernat
06a5fb2ada nginx: use a compression level of 5 in recommended configuration 
While there is little gain of space to use a compression level of 9,
the CPU usage is significant. Many experiments point to use something
between 4 and 6. For example:

 - https://mjanja.ch/2015/03/finding-the-nginx-gzip_comp_level-sweet-spot/
 - 3bda5b93ed/nginx.conf (L93)
 2018-08-26 21:43:34 +02:00
Okina Matara
aba87b85ef nixos/hydron: Various tweaks 
Make timer persistent
Start timer after hydron
Change interval from hourly to weekly
 2018-08-15 22:00:13 -05:00
Okina Matara
36ab89900b nixos/meguca: Various fixes 2018-08-03 10:59:06 -05:00
Okina Matara
d49b5bdfb9 nixos/hydron: Various fixes, create db_conf.json and link to it 2018-08-03 10:43:53 -05:00
Silvan Mosberger
150f4fe9c4
Merge pull request #44371 from pvgoran/tomcat-webapps-listOfPaths 
nixos/tomcat: allow non-package paths in services.tomcat.webapps
 2018-08-02 23:32:33 +02:00
Pavel Goran
7fb40c6503 nixos/tomcat: correct type specification for virtualHosts 
The wrong specification was introduced as part of commit 472f16d.

Fixes #44361.
 2018-08-02 23:37:09 +07:00
Pavel Goran
b2b5b97468 nixos/tomcat: allow non-package paths in services.tomcat.webapps 
Resolves #44370.
 2018-08-02 23:26:21 +07:00
Tuomas Tynkkynen
96190535e5 Revert "nixos: rename system.{stateVersion,defaultChannel} -> system.nixos.\1" 
This reverts commit 095fe5b43d.

Pointless renames considered harmful. All they do is force people to
spend extra work updating their configs for no benefit, and hindering
the ability to switch between unstable and stable versions of NixOS.

Like, what was the value of having the "nixos." there? I mean, by
definition anything in a NixOS module has something to do with NixOS...
 2018-07-28 00:12:55 +03:00
volth
2e979e8ceb [bot] nixos/*: remove unused arguments in lambdas 2018-07-20 20:56:59 +00:00
Frederik Rietdijk
1a6af9f88e
Merge pull request #43857 from volth/unused 
[bot] treewide: remove unreferenced code
 2018-07-20 21:06:32 +02:00
volth
87f5930c3f [bot]: remove unreferenced code 2018-07-20 18:48:37 +00:00
Maximilian Bosch
0adca53c79
inginious: remove 
Fallout of 9db7f15ea3ce57eee25458daf87cce7a04ea98b2 which removed
simpleldap.

@layus suggests to remove:

* https://github.com/NixOS/nixpkgs/pull/43782#issuecomment-406186881
* https://github.com/NixOS/nixpkgs/pull/31975#issuecomment-346647857
 2018-07-19 17:31:40 +02:00
Silvan Mosberger
810f91f46d
Merge pull request #43308 from Chiiruno/dev/hydron 
hydron: init at 2018-07-11
 2018-07-18 22:10:11 +02:00
Okina Matara
38f2a3efbf nixos/hydron: init 2018-07-18 13:16:50 -05:00
Silvan Mosberger
b9c95c7d60
httpd: Fix typo 2018-07-13 02:59:00 +02:00
Jörg Thalheim
8cf4a4725c
Merge pull request #41823 from Chiiruno/dev/meguca 
meguca: 2018-05-26 -> 2018-06-11
 2018-07-02 15:35:42 +01:00
Florian Klink
fff5923686 nixos/modules: users.(extraUsers|extraGroup->users|group) 2018-06-30 03:02:58 +02:00
Okina Matara
4b91c2428b meguca: 2018-05-26 -> 2018-06-10 2018-06-29 15:56:33 -05:00
Matthew Bauer
be3a8c4bdb
Merge pull request #41799 from pacien/patch-4 
cgit: Parametrise cgit subdirectory
 2018-06-28 22:13:42 -04:00
Aneesh Agrawal
c2ab820d6a nixos/uwsgi: use python.withPackages 2018-06-13 22:47:22 -07:00
Notkea
8b9559e417 cgit: parametrise subdirectory 
This proposal enables the user to choose the sub-directory in which to serve cgit.
The previous default behaviour isn't altered.
 2018-06-13 00:28:52 +02:00
Uli Baum
93cbb9b72f nixos/tomcat: fix eval error introduced by #40657 2018-06-11 11:02:54 +02:00
Tristan Helmich
1daa77160e tomcat service: fix webapps default option (#40657) 
The old package tomcat.webapps does not exist
 2018-06-10 20:10:01 +02:00
Hamish Mackenzie
0e5c971af8
minio: Output server logs & startup in json format 
Currently minio logs with enhanced tty data and journalctl does not include anything useful as a result:

```
Jun 08 11:03:28 alpha minio[17813]: [78B blob data]
Jun 08 11:03:28 alpha minio[17813]: [49B blob data]
Jun 08 11:03:28 alpha minio[17813]: [19B blob data]
Jun 08 11:03:28 alpha minio[17813]: [88B blob data]
Jun 08 11:03:28 alpha minio[17813]: [45B blob data]
Jun 08 11:03:28 alpha minio[17813]: [44B blob data]
Jun 08 11:03:28 alpha minio[17813]: [57B blob data]
```

Indicating that it detected some binary output.  With the `--json` flag it logs:

```
Jun 08 11:14:58 alpha minio[18573]: {"level":"FATAL","time":"2018-06-07T23:14:58.770637778Z","error":{"message":"--address input is invalid: address 127.0.0.1: missing port in address","source":["/build/go/src/github.com/minio/minio/cmd/server-main.go:121:cmd.serverHandleCmdArgs()"]}}
```
 2018-06-08 11:22:00 +12:00
Okina Matara
e2f1a05756 meguca: git-2018-05-17 -> git-2018-05-20 2018-05-26 07:03:49 -05:00
Okina Matara
14a26f0153 meguca: init at git-2018-05-17 2018-05-26 07:03:49 -05:00
Jan Tojnar
bd648f321c
nixos/nginx: emphasize that useACMEHost does not create certs 
It was not entirely clean that `services.nginx.virtualHosts.<name>.useACMEHost` does not create certificates, see https://github.com/NixOS/nixpkgs/issues/40593
 2018-05-17 20:48:02 +02:00
Jan Malakhovski
095fe5b43d nixos: rename system.{stateVersion,defaultChannel} -> system.nixos.\1 2018-05-12 19:27:09 +00:00
Nikolay Amiantov
a08645e9be nginx module: add upstream extraConfig 2018-05-08 16:32:11 +03:00
Julien Langlois
519b64592d hitch: init at 1.4.8 + service + test (#39358) 
Add the Hitch TLS reverse proxy as an option for TLS termination.
 2018-05-01 10:36:36 +01:00
Franz Pletz
dc62e8509a
nixos/caddy: fix ca api endpoint, now uses v2 2018-04-27 01:11:54 +02:00
Ben Wolsieffer
4d40adb86d nginx: allow basic auth passwords to be specified in a file 2018-04-25 15:37:09 +02:00
gnidorah
9029ed933c nixos/gitweb: add gitwebTheme option 2018-04-17 20:07:01 +03:00
Jörg Thalheim
41ec2c2223
Merge pull request #38362 from orbekk/acme-path 
fix: nixos/nginx certificate location
 2018-04-09 09:02:51 +01:00
gnidorah
073089914e nixos/nginx: fix gitweb submodule 2018-04-06 22:36:03 +03:00
Kjetil Ørbekk
8614e22297 fix: nixos/nginx certificate location 
Fix issue when using a cert location other than the default.
 2018-04-02 20:34:01 -04:00
Wout Mertens
b4e92e0b34
Merge pull request #37921 from gnidorah/gitweb 
nixos/nginx: add gitweb sub-service
 2018-03-30 00:18:44 +02:00
gnidorah
05b535c850 git: add more deps to gitweb 2018-03-29 16:46:11 +03:00
gnidorah
2821d3fed7 gitweb: use common options 2018-03-29 16:45:32 +03:00
gnidorah
69a0c9721e nixos/nginx: add gitweb sub-service 2018-03-29 09:06:54 +03:00
Justin Humm
169468c406
apache-httpd: fix typo in config servedFiles 2018-03-28 03:47:25 +02:00
volth
002b460822 varnish4: init at 4.1.9; varnish6: init at 6.0.0 2018-03-20 07:10:36 +00:00
Jan Malakhovski
7079e744d4 Merge branch 'master' into staging 
Resolved the following conflicts (by carefully applying patches from the both
branches since the fork point):

   pkgs/development/libraries/epoxy/default.nix
   pkgs/development/libraries/gtk+/3.x.nix
   pkgs/development/python-modules/asgiref/default.nix
   pkgs/development/python-modules/daphne/default.nix
   pkgs/os-specific/linux/systemd/default.nix
 2018-03-10 20:38:13 +00:00
Jörg Thalheim
196e21a160 nixos/tomcat: add types + proper systemd integration 
fixes #35443
 2018-03-08 09:09:42 +00:00
Benjamin Smith
024220bd7f nixos/tomcat: add serverXml, environment files and log directories 
* add serverXml verbatim override
* add environment file
* add log directory creation
 2018-03-08 09:09:42 +00:00
Shea Levy
fec543436d
nixos: Move uses of stdenv.shell to runtimeShell. 2018-03-01 14:38:53 -05:00
Joachim F
46afc63b6f
Merge pull request #32062 from volth/patch-73 
nixos/varnish: check .vcl syntax at compile time
 2018-02-20 19:22:28 +00:00
Niklas Hambüchen
f00a1514f9 nixos/nginx: validate config syntax in preStart (#24664) 2018-02-17 09:45:25 +00:00
Hamish
3a2b0cdf5c nixos/traefik: make group configurable for docker support (#34749) 2018-02-09 09:37:29 +00:00
Jan Tojnar
0f21306ca3
Merge pull request #33900 from jtojnar/nginx-acme 
nixos/nginx: allow using existing ACME certificate
 2018-01-29 01:38:45 +01:00
Francesco Gazzetta
356eeb0d4f nixos/mighttpd2: init 2018-01-16 21:04:09 +00:00
Jan Tojnar
41d252d7a4
nixos/nginx: allow using existing ACME certificate 
When a domain has a lot of subdomains, it is quite easy to hit the rate limit:

https://letsencrypt.org/docs/rate-limits/

Instead you can define the certificate manually in `security.acme.certs` and list the subdomains in the `extraDomains` option.
 2018-01-15 13:48:45 +01:00
Andreas Rammhold
637d5dd00c tomcat9: 9.0.0.M17 -> 9.0.2 
also renamed from tomcatUnstable to tomcat9
 2018-01-09 01:31:06 +01:00
Christoph Hrdinka
d890212ac8 nginx module: only turn on HTTP2 when SSL is enabled 
Signed-off-by: Christoph Hrdinka <c.github@hrdinka.at>
 2017-12-28 00:32:24 +01:00
Niklas Hambüchen
afa97cb981 nginx service: Make http2 an option. 
HTTP 2 can break some things, for example due to this Chrome bug:

  https://bugs.chromium.org/p/chromium/issues/detail?id=796199

So the service hardcoding it to be enabled is not helpful.

This commit adds an option so you can turn it off.
 2017-12-19 19:59:15 +01:00
Bjørn Forsman
b53407461a nixos/lighttpd: update allKnownModules list 
lighttpd 1.4.46+ got three new modules.
 2017-12-15 07:47:45 +01:00
volth
bfee336614
nixos/varnish: it does not matter where to check syntax, only when 2017-12-09 08:29:44 +00:00
Tuomas Tynkkynen
cb008da167 owncloud: Don't build during evaluation 
Issue #29774
 2017-11-27 12:08:57 +02:00
volth
25b178c745
nixos/varnish: check .vcl syntax at compile time (e.g. before nixops deployment) 2017-11-26 08:13:09 +00:00
Joachim F
822342ffdf
Merge pull request #31048 from LumiGuide/fix-owncloud 
Fix some but not all errors in owncloud
 2017-11-25 12:43:29 +00:00
Graham Christensen
2bbdd70b99
inginious: fix options eval 2017-11-23 09:33:59 -05:00
Bas van Dijk
cb4b9b1cc1 owncloud: fix some but not all errors 
* Don't set timezone when it's null

* Don't create the postgres role because the postgresqsl service
  already does that.

* Fix documentation

* Add a test suite
 2017-10-31 23:03:33 +01:00
Graham Christensen
e5a44f3034
Merge pull request #31044 from LumiGuide/fix-apache-httpd 
apache-httpd: fix nix evaluation error
 2017-10-31 17:50:57 -04:00
Piotr Bogdan
3165c56db9 apache-httpd/wordpress: disable built-in WordPress autoupdater 2017-10-31 17:37:11 +00:00
Bas van Dijk
527781ebc4 apache-httpd: fix nix evaluation error 
This only sets the timezone when it's not null to prevent:

  error: cannot coerce null to a string, at
  nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix:676:7
 2017-10-31 17:33:54 +01:00
Jan Tojnar
3c48a1e06d nixos/services.nginx: Fix globalRedirect example 
Virtual host globalRedirect attribute accepts a hostname not a URL

09a9a472ee/nixos/modules/services/web-servers/nginx/default.nix (L167)
 2017-10-22 15:38:08 +02:00
Bjørn Forsman
d26f8b5e00 nixos/lighttpd: add missing modules to allKnownModules 
The output of ./configure shows all modules/plugins, both enabled and
disabled. With this info we can finally build the _complete_ list of
modules. We were missing these:

  mod_authn_gssapi
  mod_authn_ldap
  mod_geoip

(I hit this as I was building lighttpd with ldap support and the NixOS
module said ldap was unsupported, due to these missing entries in
allKnownModules.)
 2017-10-10 20:14:38 +02:00
Joerg Thalheim
c2c843adf7 nixos/traefik: guard example path 2017-10-04 14:51:20 +01:00
Joerg Thalheim
a3200348b7 nixos/traefik: owner/group should be changed recursivly 2017-10-04 11:59:38 +01:00
Joerg Thalheim
3468c9e5cc nixos/traefik: create /var/lib/traefik with correct permissions 2017-10-04 11:49:42 +01:00
Hamish Hutchings
2e5297217d nixos/traefik create service 2017-10-04 11:26:39 +01:00
Samuel Dionne-Riel
0b1c73f4da mediawiki: 1.27.3 -> 1.29.1 2017-09-24 22:49:22 -04:00
Robin Gloster
97a2cd0748
nginx: module fix example 
Closes #28926
 2017-09-03 14:05:32 +02:00
Robin Gloster
7cd46a0594
nginx module: add proxyResolveWhileRunning option 2017-08-30 21:01:53 +02:00
Robin Gloster
4ffa9ddb30
nginx module: allow basic configuration of upstreams 2017-08-30 21:01:53 +02:00
Franz Pletz
759daba980
nginx module: first proxy_set_header takes precendence 2017-08-30 21:01:52 +02:00
Franz Pletz
65c2203ffc
nginx module: add option for proxying websocket requests 2017-08-30 21:01:52 +02:00
Franz Pletz
530282eebe
nginx module: fix applying recommended proxy headers 
Previously, if proxy_set_header would be used in an extraConfig of
a location, the headers defined in the http block by
recommendedProxySettings would be cleared. As this is not the intended
behaviour, these settings are now included from a separate file if
needed.
 2017-08-30 21:01:52 +02:00
Robin Gloster
0371f2b5cc
nginx module: clean up SSL/listen handling 2017-08-30 21:01:52 +02:00
Franz Pletz
8e622d2689
phpfpm service: allow netlink sockets for sendmail 
Fixes #26611.
 2017-08-29 00:41:31 +02:00
Peter Hoeg
ecdabb1b5b Merge pull request #28481 from mpcsh/master 
nixos/caddy: improve documentation
 2017-08-25 09:56:40 +08:00
Mark Cohen
8511a3378b nixos/caddy: improve documentation 
There was no documentation for the "config" option, and it wasn't quite
clear whether it was supposed to be a file, a string, or what. This
commit removes that ambiguity.
 2017-08-24 13:39:06 -04:00
Joachim F
f1514a5876 Merge pull request #27699 from volth/varnish-fixes-sq 
nixos/varnish: made compatible with varnish 5.1.2, add modules
 2017-08-22 22:01:00 +00:00
Franz Pletz
cfb716e6a5
phpfpm service: remove NoNewPrivileges systemd option 
This interferes with sendmail because suid won't work. Fixes #26611.
 2017-08-21 19:24:17 +02:00
Wout Mertens
339330b322 Merge pull request #27426 from rnhmjoj/nginx 
nginx: make enabling SSL port-specific
 2017-08-07 16:46:28 +02:00
Robin Gloster
94a2cba8d9
nginx module: add resolver config 2017-08-04 02:15:46 +02:00
Robin Gloster
75bbcd4215
nginx module: include uwsgi_params 2017-08-04 02:15:01 +02:00
Bjørn Forsman
aff0725a7d nixos/lighttpd: add enableUpstreamMimeTypes option 
enableUpstreamMimeTypes controls whether to include the list of mime
types bundled with lighttpd (upstream). This option is enabled by
default and gives a much more complete mime type list than we currently
have. If you disable this, no mime types will be added by NixOS and you
will have to add your own mime types in services.lighttpd.extraConfig.
 2017-07-29 14:24:40 +02:00
Bjørn Forsman
b339e6e13f nixos/lighttpd: update list of allowed module names 
* mod_dirlisting is auto-loaded by lighttpd and should not be explicitly
  loaded in the configuration file.
* The rest comes from looking at "ls -1 $lighttpd/lib/*.so" when
  lighttpd is built with "enableMagnet" and "enableMysql".
 2017-07-29 14:24:40 +02:00
rnhmjoj
a912a6a291
nginx: make enabling SSL port-specific 2017-07-27 03:45:53 +02:00
Volth
c6128d2feb nixos/varnish: made compatible with varnish 5.2.1, add modules 
* nixos/varnish: command line compatible with varnish 5.2.1, fixes
https://github.com/NixOS/nixpkgs/issues/27409
* nixos/varnish: add support for modules (services.varnish.extraModules)
* varnish-modules: init at 0.10.2
* varnish-geoip: init at 1.0.2
* varnish-rtstatus: init at 1.2.0
* varnish-digest: init at 1.0.1
* added services.varnish.extraCommandLine option
 2017-07-26 23:32:49 +00:00
Wout Mertens
c4783a982b nginx: add gzip_vary to recommended settings 
Google PageSpeed recommends turning this on to allow proxies to cache
 2017-07-17 20:15:59 +02:00
Franz Pletz
951b932456 Merge pull request #27403 from rnhmjoj/nginx 
nginx: make listen addresses configurable
 2017-07-16 13:50:18 +02:00
rnhmjoj
e40f3bea3e
nginx: make listen addresses configurable 2017-07-14 21:26:54 +02:00
Bjørn Forsman
407b56986e nixos/lighttpd: fix indent (tab -> space) 2017-07-14 20:37:25 +02:00
Pascal Bach
0fb8456b13 minio service: add additional config options 
Set access and secret key and disable browser.
Tests extended to do real operations against minio.
 2017-07-09 15:19:50 +02:00
Volth
99b8d5ebe6 lighttpd: add collectd submodule 2017-06-29 22:41:22 +00:00
Pascal Bach
aa66c9ad37 minio service: add inital service 
features:
- change listen port and address
- configure config and data directory
- basic test to check if minio server starts
 2017-06-26 04:07:37 +02:00
Ekaterina Vaartis
c0df448d54 apache-httpd: fix mod_perl by refering to apacheHttpdPackages (#26579) 2017-06-15 13:07:14 +02:00
Franz Pletz
ac5258edb2
caddy service: don't use extra dotdir in dataDir 2017-06-13 21:21:59 +02:00
Franz Pletz
071815cb24
caddy service: sync with upstream systemd unit 
Increases security and fixes minor issues.
 2017-06-13 21:21:59 +02:00
Eric Sagnes
5b30f246cb varnish module: remove unneeded gcc runtime dependency 2017-05-17 16:14:29 +02:00
Graham Christensen
4d44810fe7 Merge pull request #25365 from armijnhemel/mediawiki 
mediawiki: 1.27.1 -> 1.27.3
 2017-05-07 06:58:32 -04:00
goibhniu
248a06695f Merge pull request #22236 from Baughn/mediawiki 
apache-httpd: Add 'extensions' config option for mediawiki
 2017-05-01 19:17:36 +02:00
Armijn Hemel
cdebfa80ab mediawiki: 1.27.1 -> 1.27.3 2017-04-30 22:38:00 +02:00
Bjørn Forsman
d916ce2ef4 nixos/lighttpd: set $HOME for gitweb sub-service 
This allows gitweb to expand '~' in /etc/gitconfig. Without a $HOME
variable, it fails to list any projects and instead show the text
"No such projects found" in the UI.

Setting $HOME to the gitweb project root seems like a sensible value.
 2017-04-11 22:54:31 +02:00
Bas van Dijk
6f2eca1744 wordpress: replace the dbPassword option with dbPasswordFile (#24146) 
We shouldn't force users to store passwords in the world-readable Nix store.
 2017-03-28 17:38:16 +02:00
Nikolay Amiantov
417844b596 phpfpm service: don't use private /tmp 
This breaks local PostgreSQL connections.
 2017-03-25 14:52:44 +01:00
Domen Kožar
02129a8788 Merge pull request #23672 from edanaher/nginx-alias 
Nginx alias directive
 2017-03-21 15:04:02 +01:00
Franz Pletz
c13922f012
nginx: explicitly use stable version 
Also updates the documention of the NixOS option `services.nginx.package`
that upstream recommends using the mainline version instead.

Fixes #21665.
 2017-03-20 20:04:09 +01:00
Franz Pletz
fff8cc79df Merge pull request #23279 from mbbx6spp/make-nginx-module-less-gross 
nginx service: add commonHttpConfig option
 2017-03-20 19:03:20 +01:00
Franz Pletz
9536169074
nixos/treewide: remove boolean examples for options 
They contain no useful information and increase the length of the
autogenerated options documentation.

See discussion in #18816.
 2017-03-17 23:36:19 +01:00
Graham Christensen
e4c0613470 Merge pull request #23674 from c0bw3b/sec/jboss7 
JBoss AS: list known vulnerability
 2017-03-15 17:33:27 -04:00
Bas van Dijk
308c09d41f wordpress: security upgrade: 4.7.2 -> 4.7.3 & other improvements (#23837) 
* Moved the wordpress sources derivation to the attribute pkgs.wordpress. This
  makes it easier to override.

* Also introduce the `package` option for the wordpress virtual host config which
  defaults to pkgs.wordpress.

* Also fixed the test in nixos/tests/wordpress.nix.
 2017-03-14 16:11:51 +01:00
Renaud
72619a86c9 JBoss AS: list known vulnerability 
CVE-2015-7501

Warning in JBoss module
 2017-03-13 18:45:19 +01:00
Franz Pletz
323d0fdd5a
phpfpm module: set correct nixos sendmail path 2017-03-11 09:39:12 +01:00
Evan Danaher
a09246948c nginx: disallow alias directive on server level; it doesn't work. 2017-03-09 16:54:44 -05:00
Evan Danaher
e7358b192a nginx: Assert that either root or alias is null. 
If both are set, nginx won't start.  More error checking is certainly in
order, but this seems like a reasonable start.
 2017-03-09 13:02:49 -05:00
Evan Danaher
ff2e2e82cc nginx: Add alias configuration option for hosts and locations. 
It's like root, but doesn't keep the prefix.
 2017-03-09 13:02:29 -05:00
Franz Pletz
d7674dabba
phpfpm service: fix phpOptions 
Broken due to #23216.
 2017-03-07 15:08:55 +01:00
Susan Potter
251b9ca0e7
nginx service: add commonHttpConfig option 2017-02-28 09:36:56 -06:00
Franz Pletz
ec4ead0bfe
phpfpm service: add target and slice 2017-02-28 00:00:57 +01:00
Franz Pletz
e3d58dae7f
phpfpm service: one service per pool for isolation 2017-02-27 23:38:53 +01:00
Fabian Schmitthenner
ae67f060f2 phpfpm: eliminate build at evaluation time 
phpfpm currently uses `readFile` to read the php.ini file from the
phpPackage. This causes php to be build at evaluation time.

This eliminates the use of readFile and builds the php.ini at build
time.
 2017-02-26 23:35:12 +01:00
Franz Pletz
26a2822cf0
nginx service: restart instead of stop to reduce downtime 
cc #23127
 2017-02-25 20:12:37 +01:00
Franz Pletz
3a4dd97c55
nginx module: fix acme if vhost name != serverName 
cc #21931 @bobvanderlinden
 2017-02-25 08:04:38 +01:00
Joachim F
6dbe55ca68 Merge pull request #20456 from ericsagnes/feat/loaf-dep-1 
Use attrsOf in place of loaOf when relevant
 2017-02-19 15:49:25 +01:00
Robin Gloster
6e12406e30
Revert "nginx: Format the config file" 
This reverts commit e362a3d5c9.

See #22883
 2017-02-16 22:45:00 +01:00
davidak
d4766e789b caddy: set file descriptor limit to 8192, fixes #22454 
the value is recommended for production use
a warning is produced when not set
 2017-02-11 01:44:29 +01:00
Franz Pletz
65a1762a9b
nginx module: make acme group overrideable easily 2017-02-08 23:50:59 +01:00
Graham Christensen
7db1f727f3
moodle: Remove due to continued security issues. 2017-02-08 09:10:45 -05:00
Svein Ove Aas
e362a3d5c9 nginx: Format the config file 2017-02-07 16:19:11 +01:00
Joachim Schiele
d491728653 httpd: added serviceExpression which extends the serviceType concept -> allows that httpd services can live outside of nixpkgs (#22269) 2017-02-06 01:08:58 +01:00
Bas van Dijk
5cc75352f8 wordpress: 4.7.1 -> 4.7.2 
See: https://make.wordpress.org/core/2017/02/01/disclosure-of-additional-security-fix-in-wordpress-4-7-2/
 2017-02-02 16:41:32 +01:00
Svein Ove Aas
9b2d4a9fce apache-httpd: Add 'extensions' config option 2017-01-28 19:21:56 +00:00
Bob van der Linden
d9987f360a nginx: added serverName option for virtualHosts 
This allows overriding the `server_name` attribute of virtual
hosts. By doing so it is possible to have multiple virtualHost
definitions that share the same `server_name`. This is useful in
particular when you need a HTTP as well as a HTTPS virtualhost: same
server_name, different port.
 2017-01-25 14:55:55 +01:00
Graham Christensen
c0f3b8d629
wordpress: 4.6.1 -> 4.7.1 for multiple CVEs 
CVE-2017-5487 CVE-2017-5488 CVE-2017-5489 CVE-2017-5490 CVE-2017-5491 CVE-2017-5492 CVE-2017-5493
 2017-01-19 22:53:49 -05:00
Sheena Artrip
5c5648b1f6
caddy: add package config option 2017-01-13 22:29:26 -05:00
Dan Peebles
df7b4f4f6f httpd module: don't create documentRoot directory if it doesn't exist 
It hides bugs and do you ever actually want to serve up an empty directory?
It was pretty confusing to me when it tried to write into a read-only store
path because I accidentally pointed it to the wrong store path.
 2017-01-05 21:19:16 -05:00
volth
9bb6d91c73 httpd: setuptools is not top-level 2017-01-05 17:37:33 +00:00
Jörg Thalheim
c23032a8b1 docker: update service units from upstream 
All the new options in detail:

Enable docker in multi-user.target make container created with restart=always
to start. We still want socket activation as it decouples dependencies between
the existing of /var/run/docker.sock and the docker daemon. This means that
services can rely on the availability of this socket. Fixes #11478 #21303

  wantedBy = ["multi-user.target"];

This allows us to remove the postStart hack, as docker reports on its own when
it is ready.

  Type=notify

The following will set unset some limits because overhead in kernel's ressource
accounting was observed. Note that these limit only apply to containerd.
Containers will have their own limit set.

  LimitNPROC=infinity
  LimitCORE=infinity
  TasksMax=infinity

Upgrades may require schema migrations. This can delay the startup of dockerd.

  TimeoutStartSec=0

Allows docker to create its own cgroup subhierarchy to apply ressource limits on
containers.

  Delegate=true

When dockerd is killed, container should be not affected to allow
`live restore` to work.

  KillMode=process
 2016-12-23 21:39:38 +01:00
tv
de44544ceb nginx service: use default_server parameter instead of default (#21371) 2016-12-23 11:52:44 +01:00
Felix Richter
d8478c7912 services.nginx: allow startup with ipv6 disabled (#21360) 
currently services.nginx does not start up if `networking.enableIPv6 = false`
the commit changes the nginx behavior to handle this case accordingly.
The commit resolves #21308
 2016-12-23 11:49:35 +01:00
Rok Garbas
e6fa6b21e1 apacheHttpdPackages.mod_perl: init at 2.0.10 2016-12-22 13:36:44 +01:00
Nikolay Amiantov
9cca8e3f87 uwsgi service: fix for new pythonPackages 2016-12-08 21:03:41 +03:00
Michael Raskin
36010e7046 Merge pull request #20366 from MarcWeber/submit/apache-port-to-listen 
apache-httpd
 2016-11-26 13:37:02 +00:00
Eric Sagnes
821e8d4681 zope2 module: instance option loaOf -> attrsOf 2016-11-16 16:34:00 +09:00
Marc Weber
b51f165334 apache-httpd 
* Introduce listen = [ { ip = "*"; port = 443; } ]; configuartion.
* deprecated port = 443 option which is no longer needed
 2016-11-12 15:35:38 +01:00
Philipp Hausmann
632282300a nginx service: Add missing port toString conversion (#20252) 2016-11-08 13:34:04 +01:00
Eric Sagnes
797d40767d fcgiwrap module: use enum 2016-11-04 13:04:52 +09:00
Frederik Rietdijk
7077a270bf Merge remote-tracking branch 'upstream/master' into HEAD 2016-10-26 13:06:43 +02:00
Emery Hemingway
b675619391 nixos: use types.lines for extraConfig 2016-10-23 19:41:43 +02:00
Frederik Rietdijk
e56832d730 Merge remote-tracking branch 'upstream/master' into HEAD 2016-10-22 17:23:24 +02:00
Robin Gloster
d05d063572
nginx: set correct acme permissions 2016-10-20 11:18:25 +02:00
Frederik Rietdijk
104c50dd1a Python: remove modules and pythonFull 2016-10-10 10:33:24 +02:00
Franz Pletz
a3ec0f1593
nixos/nginx: reload on acme cert renewal 2016-10-09 12:55:24 +02:00
Peter Hoeg
47a8f1ea85 php-fpm: add reload support 
Upstream recommends sending USR2 for a graceful reload.
 2016-10-06 10:22:24 +08:00
Peter Hoeg
5a6626f47c php fpm: add systemd support 
PHP FPM will now notify systemd when it's done initializing and ready to
serve requests.

Additionally ```systemctl status phpfpm``` will now show statistics such
as:

```
Status: "Processes active: 0, idle: 8, Requests: 0, slow: 0, Traffic: 0req/sec"
```
 2016-10-05 23:30:31 +08:00
Joachim F
0906a0f197 Merge pull request #18491 from groxxda/network-interfaces 
Replace Network-interfaces.target
 2016-10-02 16:34:37 +02:00
Joachim F
7e80c42b0e Merge pull request #18511 from ericsagnes/feat/remove-optionSet 
modules: optionSet -> submodule
 2016-10-01 17:57:45 +02:00
Joachim F
4d3282a8fe Merge pull request #18993 from ericsagnes/mod/php-fpm 
php-fpm module: cleanup
 2016-09-29 13:14:32 +02:00
Graham Christensen
e2688e072d
moodle: mark as broken 
https://github.com/NixOS/nixpkgs/issues/18856
 2016-09-28 08:52:18 -04:00
Graham Christensen
8504237863
mediawiki: 1.23.13 -> 1.27.1 2016-09-26 21:53:36 -04:00
Eric Sagnes
b14ecbb96f php-fpm module: cleanup 
- Added example for the pool option
- Unified PHP-FPM spelling
 2016-09-27 10:20:22 +09:00
Graham Christensen
4671806183
wordpress: 4.3.1 -> 4.6.1 + add a test 2016-09-26 19:36:07 -04:00
Wilhelm Schuster
54c5154b90 nginx module: Add option to configure events block 2016-09-26 12:16:53 +02:00
Alexander Ried
3ada966bd5 treewide: minor format / style / documentation fixes 2016-09-13 11:19:22 +02:00
Joachim Fasting
3dc69799b6 tomcat: remove use of network-interfaces.target 2016-09-13 11:19:22 +02:00
Eric Sagnes
03ee88f666 zope2 module: optionSet -> submodule 2016-09-13 12:53:12 +09:00
Eric Sagnes
c16d03ddc5 winstone module: optionSet -> submodule 2016-09-13 12:53:12 +09:00
danbst
63f9ef9f19 tomcat service: bump default tomcat to 8.5 
See migration changelogs at
- 7.0 -> 8.0: https://tomcat.apache.org/migration-8.html
- 8.0 -> 8.5: https://tomcat.apache.org/migration-85.html
 2016-09-09 18:29:12 +02:00
danbst
a01d4ee3f4 tomcat: add danbst as maintainer 2016-09-09 18:29:12 +02:00
danbst
f1072611a4 tomcat service: call shutdown in preStop, because postStop is too late (systemd kills process) 2016-09-09 18:29:12 +02:00
danbst
0c2d943529 tomcat: split default webapps to separate output (~6M) 2016-09-09 18:29:12 +02:00
Alexander Ried
e84b803300 security.acme: remove loop when no fallbackHost is given 2016-09-06 17:47:00 +02:00
Robin Gloster
c011aa86ab
nginx module: add index and tryFiles 2016-08-25 23:27:56 +00:00
Robin Lambertz
dacc3fa985 phpfpm: allow old config format as well (#17754) 2016-08-15 14:41:26 +02:00
Robin Gloster
3cf5d5ebed nginx module: fixup events in config 2016-08-09 17:11:28 +00:00
Robin Gloster
b0b0a45bb1 nginx module: fix cfg.config backwards compatibility 
fixes #17604
 2016-08-09 12:02:21 +00:00
Al Zohali
2aba1c4962 phpfpm service: restructured pool configuration 
From @fpletz: Keep poolConfigs option for backwards-compatibility.

The original commit 6b3f5b5a42 was previously
reverted by c7860cae1a but the issues were
resolved.
 2016-08-08 05:53:53 +02:00
Christian Kauhaus
ea7e705cd9 varnish: fix localstatedir for varnish* tools (#17508) 
The varnish tools (varnishstat, varnishlog, ...) tried to load the VSM
file from a spurious var directory in the Nix store. Fix the default so
the tools "just work" when also keeping services.varnish.stateDir at the
default.

Notes:
- The tools use $localstatedir/$HOSTNAME so I've adapted the default for
  stateDir as well to contain hostName.
- Added postStop action to remove the localstatedir. There is no point
  in keeping it around when varnish does not run, as it regenerates it
  on startup anyway.

Fixes #7495
 2016-08-04 15:25:23 +02:00
Franz Pletz
c90a43f4c5 nginx module: fix evaluation of root location option 2016-08-01 19:38:10 +02:00
Robin Gloster
a193fecf0e nginx module: improve statusPage generated code 
Adds ::1 as allowed host and turns of access_log for the status page.
 2016-07-28 11:59:13 +00:00
Robin Gloster
3ccfca7d6b nginx module: httpConfig backward compatibility 
Revert httpConfig its old behaviour and make it mutually exclusive to
the new structured configuration. Adds appendHttpConfig to have the
ability to write custom config in the generated http block.
 2016-07-28 11:59:13 +00:00
Robin Gloster
511410789b nginx module: make client_max_body_size configurable 2016-07-28 11:59:13 +00:00
Tristan Helmich
8c61b3af03 nginx: fixed duplicate http declaration 2016-07-28 11:59:13 +00:00
Robin Gloster
91680de317 nginx module: add statusPage option 2016-07-28 11:59:13 +00:00
Robin Gloster
a294ad01b3 nginx module: make recommended settings optional 2016-07-28 11:59:13 +00:00
Robin Gloster
186a8400ed nginx module: make httpConfig backward compatible 2016-07-28 11:59:13 +00:00
Robin Gloster
5dd7cf964a nginx module: improve documentation 2016-07-28 11:59:13 +00:00
Franz Pletz
de8008a1b1 nginx module: Enable http2 2016-07-28 11:59:13 +00:00
Franz Pletz
e982aeae6a nginx module: Add default proxy headers for tomcat 2016-07-28 11:59:13 +00:00
Robin Gloster
3830a890ab nginx module: add option to make vhost default 2016-07-28 11:59:13 +00:00
Robin Gloster
138945500e nginx module: implement basic auth 2016-07-28 11:59:13 +00:00
Robin Gloster
ff12ee35b7 nginx module: redirect to same protocol 2016-07-28 11:59:13 +00:00
Robin Gloster
e18f8e8b66 nginx module: turn off basic auth on acme locations 2016-07-28 11:59:13 +00:00
Franz Pletz
4e5c7913e9 nginx module: Add acmeFallbackHost vhost option 2016-07-28 11:59:13 +00:00
Franz Pletz
811f243ce6 nginx module: Add extraConfig for locations 2016-07-28 11:59:13 +00:00
Franz Pletz
d5a097fdb6 nginx module: Don't create acme certs if acme is not enabled 2016-07-28 11:59:13 +00:00
Tristan Helmich
c61157b7e6 nginx module: Add dhParams option 2016-07-28 11:59:13 +00:00
Tristan Helmich
35d76a72ab nginx module: Add sslCiphers option 2016-07-28 11:59:13 +00:00
Tristan Helmich
8bd1f401bb nginx module: Add sslProtocols option 2016-07-28 11:59:13 +00:00
Tristan Helmich
900b311a38 nginx module: Fix ACME extraDomains, fix challenge url to not redirect to allow renewals 2016-07-28 11:59:13 +00:00
Tristan Helmich
4676983990 nginx module: Add ACME support for ssl sites 2016-07-28 11:59:13 +00:00
Robin Gloster
f298be9ef4 nginx module: declarative config 2016-07-28 11:58:37 +00:00
Robin Gloster
356c2fe00d Revert "nginx: Verify that configuration is syntactically correct" (#17337) 2016-07-28 13:55:06 +02:00
Bjørn Forsman
c7860cae1a Revert "phpfpm service: restructured pool configuration" 
This reverts commit 6b3f5b5a42 because it
introduced a non-backwards compatible change in the phpfpm interface,
without really needing to. The new interface, if needed, can be re-added
alongside the old interface.

Commit 98e419c0e2 ("tt-rss service: init at 16.3")
depends on the new interface, so this commit updates the tt-rss service
to work with the old services.phpfpm.poolConfigs interface.
 2016-07-27 23:53:58 +02:00
Robin Lambertz
103805dec5 nginx: Verify that configuration is syntactically correct (#17208) 2016-07-27 22:24:08 +02:00
Bjørn Forsman
0a2174f195 nixos/lighttpd: move cgit setup to cgit.nix 
To where it really belongs. Separation of concern.
 2016-07-26 15:37:24 +02:00
Rok Garbas
d73c115aa4 Merge pull request #16132 from zohl/tt-rss 
tt-rss service: init at 16.3
 2016-07-21 20:48:18 +02:00
davidak
83bdc8e858 caddy service: add options to change ACME certificate authority (#16969) 
and agree to let's encrypt subscriber agreement
 2016-07-21 01:51:09 +02:00
davidak
d2164cfcda caddy service: fix nix store output path 
systemd[11376]: caddy.service: Failed at step EXEC spawning /nix/store/ghpcwj6paccc92l1gk7ykb6gf2i2w6fi-go1.6-caddy-0.8.3/bin/caddy: No such file or directory
 2016-07-14 22:04:55 +02:00
Eric Sagnes
ff074ec7a4 apache-httpd: add phpPackage option 2016-06-22 21:24:25 +09:00
Frederik Rietdijk
9e2866d5de Merge pull request #16086 from layus/inginious 
INGInious: provide a NixOS module
 2016-06-21 16:37:29 +02:00
Al Zohali
6b3f5b5a42 phpfpm service: restructured pool configuration 2016-06-20 01:00:03 +03:00
Guillaume Maudoux
0fef9ed3ed inginious: init NixOS module 2016-06-14 11:09:21 +02:00
zimbatm
a95229a963 Merge pull request #15677 from womfoo/mod_auth_mellon 
mod_auth_mellon: init at 0.12.0 and dependency lasso: init at 2.5.1
 2016-06-12 23:38:57 +01:00