ca2fa4416e
This commit permits incantations like `pkgs.nginx.override { gd = null; }` to produce a slimmed-down nginx. When used, this functionality removes a pile of stuff from nginx's closure. The resulting nginx's closure: $ nix-store -q -R /nix/store/wk3h0a4dmdmjmxkbd0q09iw0wfq0yzpz-nginx-1.10.2 | wc -l 12 $ nix-store -q -R /nix/store/gpcx77anqrj05qz0mrwm7hf4wgxry5py-nginx-1.10.2 | wc -l 24
68 lines
1.9 KiB
Nix
68 lines
1.9 KiB
Nix
{ stdenv, fetchurl, fetchFromGitHub, openssl, zlib, pcre, libxml2, libxslt, expat
|
|
, gd, geoip
|
|
, withStream ? false
|
|
, modules ? []
|
|
, hardening ? true
|
|
, version, sha256, ...
|
|
}:
|
|
|
|
with stdenv.lib;
|
|
|
|
stdenv.mkDerivation {
|
|
name = "nginx-${version}";
|
|
|
|
src = fetchurl {
|
|
url = "http://nginx.org/download/nginx-${version}.tar.gz";
|
|
inherit sha256;
|
|
};
|
|
|
|
|
|
buildInputs =
|
|
[ openssl zlib pcre libxml2 libxslt gd geoip ]
|
|
++ concatMap (mod: mod.inputs or []) modules;
|
|
|
|
configureFlags = [
|
|
"--with-http_ssl_module"
|
|
"--with-http_v2_module"
|
|
"--with-http_realip_module"
|
|
"--with-http_addition_module"
|
|
"--with-http_xslt_module"
|
|
"--with-http_geoip_module"
|
|
"--with-http_sub_module"
|
|
"--with-http_dav_module"
|
|
"--with-http_flv_module"
|
|
"--with-http_mp4_module"
|
|
"--with-http_gunzip_module"
|
|
"--with-http_gzip_static_module"
|
|
"--with-http_auth_request_module"
|
|
"--with-http_random_index_module"
|
|
"--with-http_secure_link_module"
|
|
"--with-http_degradation_module"
|
|
"--with-http_stub_status_module"
|
|
"--with-ipv6"
|
|
# Install destination problems
|
|
# "--with-http_perl_module"
|
|
] ++ optional withStream "--with-stream"
|
|
++ optional (gd != null) "--with-http_image_filter_module"
|
|
++ optional (elem stdenv.system (with platforms; linux ++ freebsd)) "--with-file-aio"
|
|
++ map (mod: "--add-module=${mod.src}") modules;
|
|
|
|
NIX_CFLAGS_COMPILE = [ "-I${libxml2.dev}/include/libxml2" ] ++ optional stdenv.isDarwin "-Wno-error=deprecated-declarations";
|
|
|
|
preConfigure = (concatMapStringsSep "\n" (mod: mod.preConfigure or "") modules);
|
|
|
|
hardeningEnable = [ "pie" ];
|
|
|
|
postInstall = ''
|
|
mv $out/sbin $out/bin
|
|
'';
|
|
|
|
meta = {
|
|
description = "A reverse proxy and lightweight webserver";
|
|
homepage = http://nginx.org;
|
|
license = licenses.bsd2;
|
|
platforms = platforms.all;
|
|
maintainers = with maintainers; [ thoughtpolice raskin ];
|
|
};
|
|
}
|