working postgreql import
This commit is contained in:
parent
c93749d9a6
commit
4bf8832d1b
|
@ -0,0 +1,7 @@
|
|||
{ config, pkgs, lib, ... }: {
|
||||
version = "1.27.0";
|
||||
src = with lib; pkgs.fetchurl {
|
||||
url = "https://releases.wikimedia.org/mediawiki/${versions.majorMinor version}/mediawiki-${version}.tar.gz";
|
||||
sha256 = "sha256-x50AMSpLdJkn5PP5YAs7z5/pFKiYt/5PhRjp9Zro0Sg=";
|
||||
};
|
||||
}
|
|
@ -0,0 +1,54 @@
|
|||
{ config, lib, name, ... }:
|
||||
let
|
||||
inherit (lib) mkOption types;
|
||||
in
|
||||
{
|
||||
options = {
|
||||
|
||||
proxyPass = mkOption {
|
||||
type = with types; nullOr str;
|
||||
default = null;
|
||||
example = "http://www.example.org/";
|
||||
description = ''
|
||||
Sets up a simple reverse proxy as described by <link xlink:href="https://httpd.apache.org/docs/2.4/howto/reverse_proxy.html#simple" />.
|
||||
'';
|
||||
};
|
||||
|
||||
index = mkOption {
|
||||
type = with types; nullOr str;
|
||||
default = null;
|
||||
example = "index.php index.html";
|
||||
description = ''
|
||||
Adds DirectoryIndex directive. See <link xlink:href="https://httpd.apache.org/docs/2.4/mod/mod_dir.html#directoryindex" />.
|
||||
'';
|
||||
};
|
||||
|
||||
alias = mkOption {
|
||||
type = with types; nullOr path;
|
||||
default = null;
|
||||
example = "/your/alias/directory";
|
||||
description = ''
|
||||
Alias directory for requests. See <link xlink:href="https://httpd.apache.org/docs/2.4/mod/mod_alias.html#alias" />.
|
||||
'';
|
||||
};
|
||||
|
||||
extraConfig = mkOption {
|
||||
type = types.lines;
|
||||
default = "";
|
||||
description = ''
|
||||
These lines go to the end of the location verbatim.
|
||||
'';
|
||||
};
|
||||
|
||||
priority = mkOption {
|
||||
type = types.int;
|
||||
default = 1000;
|
||||
description = ''
|
||||
Order of this location block in relation to the others in the vhost.
|
||||
The semantics are the same as with `lib.mkOrder`. Smaller values have
|
||||
a greater priority.
|
||||
'';
|
||||
};
|
||||
|
||||
};
|
||||
}
|
|
@ -0,0 +1,475 @@
|
|||
{ config, pkgs, lib, ... }:
|
||||
|
||||
let
|
||||
|
||||
inherit (lib) mkDefault mkEnableOption mkForce mkIf mkMerge mkOption;
|
||||
inherit (lib) concatStringsSep literalExpression mapAttrsToList optional optionals optionalString types;
|
||||
|
||||
cfg = config.services.mymediawiki;
|
||||
fpm = config.services.phpfpm.pools.mediawiki;
|
||||
user = "mediawiki";
|
||||
group = config.services.httpd.group;
|
||||
cacheDir = "/var/cache/mediawiki";
|
||||
stateDir = "/var/lib/mediawiki";
|
||||
|
||||
pkg = pkgs.stdenv.mkDerivation rec {
|
||||
pname = "mediawiki-full";
|
||||
version = src.version;
|
||||
src = cfg.package;
|
||||
|
||||
installPhase = ''
|
||||
mkdir -p $out
|
||||
cp -r * $out/
|
||||
|
||||
rm -rf $out/share/mediawiki/skins/*
|
||||
rm -rf $out/share/mediawiki/extensions/*
|
||||
|
||||
${concatStringsSep "\n" (mapAttrsToList (k: v: ''
|
||||
ln -s ${v} $out/share/mediawiki/skins/${k}
|
||||
'') cfg.skins)}
|
||||
|
||||
${concatStringsSep "\n" (mapAttrsToList (k: v: ''
|
||||
ln -s ${if v != null then v else "$src/share/mediawiki/extensions/${k}"} $out/share/mediawiki/extensions/${k}
|
||||
'') cfg.extensions)}
|
||||
'';
|
||||
};
|
||||
|
||||
mediawikiScripts = pkgs.runCommand "mediawiki-scripts" {
|
||||
buildInputs = [ pkgs.makeWrapper ];
|
||||
preferLocalBuild = true;
|
||||
} ''
|
||||
mkdir -p $out/bin
|
||||
for i in changePassword.php createAndPromote.php userOptions.php edit.php nukePage.php update.php; do
|
||||
makeWrapper ${pkgs.php}/bin/php $out/bin/mediawiki-$(basename $i .php) \
|
||||
--set MEDIAWIKI_CONFIG ${mediawikiConfig} \
|
||||
--add-flags ${pkg}/share/mediawiki/maintenance/$i
|
||||
done
|
||||
'';
|
||||
|
||||
mediawikiConfig = pkgs.writeText "LocalSettings.php" ''
|
||||
<?php
|
||||
# Protect against web entry
|
||||
if ( !defined( 'MEDIAWIKI' ) ) {
|
||||
exit;
|
||||
}
|
||||
|
||||
$wgSitename = "${cfg.name}";
|
||||
$wgMetaNamespace = false;
|
||||
|
||||
## The URL base path to the directory containing the wiki;
|
||||
## defaults for all runtime URL paths are based off of this.
|
||||
## For more information on customizing the URLs
|
||||
## (like /w/index.php/Page_title to /wiki/Page_title) please see:
|
||||
## https://www.mediawiki.org/wiki/Manual:Short_URL
|
||||
$wgScriptPath = "";
|
||||
|
||||
## The protocol and server name to use in fully-qualified URLs
|
||||
$wgServer = "${if cfg.virtualHost.addSSL || cfg.virtualHost.forceSSL || cfg.virtualHost.onlySSL then "https" else "http"}://${cfg.virtualHost.hostName}";
|
||||
|
||||
## The URL path to static resources (images, scripts, etc.)
|
||||
$wgResourceBasePath = $wgScriptPath;
|
||||
|
||||
## The URL path to the logo. Make sure you change this from the default,
|
||||
## or else you'll overwrite your logo when you upgrade!
|
||||
$wgLogo = "$wgResourceBasePath/resources/assets/wiki.png";
|
||||
|
||||
## UPO means: this is also a user preference option
|
||||
|
||||
$wgEnableEmail = true;
|
||||
$wgEnableUserEmail = true; # UPO
|
||||
|
||||
$wgEmergencyContact = "${if cfg.virtualHost.adminAddr != null then cfg.virtualHost.adminAddr else config.services.httpd.adminAddr}";
|
||||
$wgPasswordSender = $wgEmergencyContact;
|
||||
|
||||
$wgEnotifUserTalk = false; # UPO
|
||||
$wgEnotifWatchlist = false; # UPO
|
||||
$wgEmailAuthentication = true;
|
||||
|
||||
## Database settings
|
||||
$wgDBtype = "${cfg.database.type}";
|
||||
$wgDBserver = "${cfg.database.host}:${if cfg.database.socket != null then cfg.database.socket else toString cfg.database.port}";
|
||||
$wgDBname = "${cfg.database.name}";
|
||||
$wgDBuser = "${cfg.database.user}";
|
||||
${optionalString (cfg.database.passwordFile != null) "$wgDBpassword = file_get_contents(\"${cfg.database.passwordFile}\");"}
|
||||
|
||||
${optionalString (cfg.database.type == "mysql" && cfg.database.tablePrefix != null) ''
|
||||
# MySQL specific settings
|
||||
$wgDBprefix = "${cfg.database.tablePrefix}";
|
||||
''}
|
||||
|
||||
${optionalString (cfg.database.type == "mysql") ''
|
||||
# MySQL table options to use during installation or update
|
||||
$wgDBTableOptions = "ENGINE=InnoDB, DEFAULT CHARSET=binary";
|
||||
''}
|
||||
|
||||
## Shared memory settings
|
||||
$wgMainCacheType = CACHE_NONE;
|
||||
$wgMemCachedServers = [];
|
||||
|
||||
${optionalString (cfg.uploadsDir != null) ''
|
||||
$wgEnableUploads = true;
|
||||
$wgUploadDirectory = "${cfg.uploadsDir}";
|
||||
''}
|
||||
|
||||
$wgUseImageMagick = true;
|
||||
$wgImageMagickConvertCommand = "${pkgs.imagemagick}/bin/convert";
|
||||
|
||||
# InstantCommons allows wiki to use images from https://commons.wikimedia.org
|
||||
$wgUseInstantCommons = false;
|
||||
|
||||
# Periodically send a pingback to https://www.mediawiki.org/ with basic data
|
||||
# about this MediaWiki instance. The Wikimedia Foundation shares this data
|
||||
# with MediaWiki developers to help guide future development efforts.
|
||||
$wgPingback = true;
|
||||
|
||||
## If you use ImageMagick (or any other shell command) on a
|
||||
## Linux server, this will need to be set to the name of an
|
||||
## available UTF-8 locale
|
||||
$wgShellLocale = "C.UTF-8";
|
||||
|
||||
## Set $wgCacheDirectory to a writable directory on the web server
|
||||
## to make your wiki go slightly faster. The directory should not
|
||||
## be publically accessible from the web.
|
||||
$wgCacheDirectory = "${cacheDir}";
|
||||
|
||||
# Site language code, should be one of the list in ./languages/data/Names.php
|
||||
$wgLanguageCode = "en";
|
||||
|
||||
$wgSecretKey = file_get_contents("${stateDir}/secret.key");
|
||||
|
||||
# Changing this will log out all existing sessions.
|
||||
$wgAuthenticationTokenVersion = "";
|
||||
|
||||
## For attaching licensing metadata to pages, and displaying an
|
||||
## appropriate copyright notice / icon. GNU Free Documentation
|
||||
## License and Creative Commons licenses are supported so far.
|
||||
$wgRightsPage = ""; # Set to the title of a wiki page that describes your license/copyright
|
||||
$wgRightsUrl = "";
|
||||
$wgRightsText = "";
|
||||
$wgRightsIcon = "";
|
||||
|
||||
# Path to the GNU diff3 utility. Used for conflict resolution.
|
||||
$wgDiff = "${pkgs.diffutils}/bin/diff";
|
||||
$wgDiff3 = "${pkgs.diffutils}/bin/diff3";
|
||||
|
||||
# Enabled skins.
|
||||
${concatStringsSep "\n" (mapAttrsToList (k: v: "wfLoadSkin('${k}');") cfg.skins)}
|
||||
|
||||
# Enabled extensions.
|
||||
${concatStringsSep "\n" (mapAttrsToList (k: v: "wfLoadExtension('${k}');") cfg.extensions)}
|
||||
|
||||
|
||||
# End of automatically generated settings.
|
||||
# Add more configuration options below.
|
||||
|
||||
${cfg.extraConfig}
|
||||
|
||||
#Hello World
|
||||
'';
|
||||
|
||||
in
|
||||
{
|
||||
# interface
|
||||
options = {
|
||||
services.mymediawiki = {
|
||||
|
||||
enable = mkEnableOption "MediaWiki";
|
||||
|
||||
package = mkOption {
|
||||
type = types.package;
|
||||
default = pkgs.mediawiki;
|
||||
defaultText = literalExpression "pkgs.mediawiki";
|
||||
description = "Which MediaWiki package to use.";
|
||||
};
|
||||
|
||||
name = mkOption {
|
||||
type = types.str;
|
||||
default = "MediaWiki";
|
||||
example = "Foobar Wiki";
|
||||
description = "Name of the wiki.";
|
||||
};
|
||||
|
||||
uploadsDir = mkOption {
|
||||
type = types.nullOr types.path;
|
||||
default = "${stateDir}/uploads";
|
||||
description = ''
|
||||
This directory is used for uploads of pictures. The directory passed here is automatically
|
||||
created and permissions adjusted as required.
|
||||
'';
|
||||
};
|
||||
|
||||
passwordFile = mkOption {
|
||||
type = types.path;
|
||||
description = "A file containing the initial password for the admin user.";
|
||||
example = "/run/keys/mediawiki-password";
|
||||
};
|
||||
|
||||
skins = mkOption {
|
||||
default = {};
|
||||
type = types.attrsOf types.path;
|
||||
description = ''
|
||||
Attribute set of paths whose content is copied to the <filename>skins</filename>
|
||||
subdirectory of the MediaWiki installation in addition to the default skins.
|
||||
'';
|
||||
};
|
||||
|
||||
extensions = mkOption {
|
||||
default = {};
|
||||
type = types.attrsOf (types.nullOr types.path);
|
||||
description = ''
|
||||
Attribute set of paths whose content is copied to the <filename>extensions</filename>
|
||||
subdirectory of the MediaWiki installation and enabled in configuration.
|
||||
|
||||
Use <literal>null</literal> instead of path to enable extensions that are part of MediaWiki.
|
||||
'';
|
||||
example = literalExpression ''
|
||||
{
|
||||
Matomo = pkgs.fetchzip {
|
||||
url = "https://github.com/DaSchTour/matomo-mediawiki-extension/archive/v4.0.1.tar.gz";
|
||||
sha256 = "0g5rd3zp0avwlmqagc59cg9bbkn3r7wx7p6yr80s644mj6dlvs1b";
|
||||
};
|
||||
ParserFunctions = null;
|
||||
}
|
||||
'';
|
||||
};
|
||||
|
||||
database = {
|
||||
type = mkOption {
|
||||
type = types.enum [ "mysql" "postgres" "sqlite" "mssql" "oracle" ];
|
||||
default = "mysql";
|
||||
description = "Database engine to use. MySQL/MariaDB is the database of choice by MediaWiki developers.";
|
||||
};
|
||||
|
||||
host = mkOption {
|
||||
type = types.str;
|
||||
default = "localhost";
|
||||
description = "Database host address.";
|
||||
};
|
||||
|
||||
port = mkOption {
|
||||
type = types.port;
|
||||
default = 3306;
|
||||
description = "Database host port.";
|
||||
};
|
||||
|
||||
name = mkOption {
|
||||
type = types.str;
|
||||
default = "mediawiki";
|
||||
description = "Database name.";
|
||||
};
|
||||
|
||||
user = mkOption {
|
||||
type = types.str;
|
||||
default = "mediawiki";
|
||||
description = "Database user.";
|
||||
};
|
||||
|
||||
passwordFile = mkOption {
|
||||
type = types.nullOr types.path;
|
||||
default = null;
|
||||
example = "/run/keys/mediawiki-dbpassword";
|
||||
description = ''
|
||||
A file containing the password corresponding to
|
||||
<option>database.user</option>.
|
||||
'';
|
||||
};
|
||||
|
||||
tablePrefix = mkOption {
|
||||
type = types.nullOr types.str;
|
||||
default = null;
|
||||
description = ''
|
||||
If you only have access to a single database and wish to install more than
|
||||
one version of MediaWiki, or have other applications that also use the
|
||||
database, you can give the table names a unique prefix to stop any naming
|
||||
conflicts or confusion.
|
||||
See <link xlink:href='https://www.mediawiki.org/wiki/Manual:$wgDBprefix'/>.
|
||||
'';
|
||||
};
|
||||
|
||||
socket = mkOption {
|
||||
type = types.nullOr types.path;
|
||||
default = if cfg.database.createLocally then "/run/mysqld/mysqld.sock" else null;
|
||||
defaultText = literalExpression "/run/mysqld/mysqld.sock";
|
||||
description = "Path to the unix socket file to use for authentication.";
|
||||
};
|
||||
|
||||
createLocally = mkOption {
|
||||
type = types.bool;
|
||||
default = cfg.database.type == "mysql";
|
||||
defaultText = literalExpression "true";
|
||||
description = ''
|
||||
Create the database and database user locally.
|
||||
This currently only applies if database type "mysql" is selected.
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
virtualHost = mkOption {
|
||||
type = types.submodule (import ./vhost-options.nix);
|
||||
example = literalExpression ''
|
||||
{
|
||||
hostName = "mediawiki.example.org";
|
||||
adminAddr = "webmaster@example.org";
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
}
|
||||
'';
|
||||
description = ''
|
||||
Apache configuration can be done by adapting <option>services.httpd.virtualHosts</option>.
|
||||
See <xref linkend="opt-services.httpd.virtualHosts"/> for further information.
|
||||
'';
|
||||
};
|
||||
|
||||
poolConfig = mkOption {
|
||||
type = with types; attrsOf (oneOf [ str int bool ]);
|
||||
default = {
|
||||
"pm" = "dynamic";
|
||||
"pm.max_children" = 32;
|
||||
"pm.start_servers" = 2;
|
||||
"pm.min_spare_servers" = 2;
|
||||
"pm.max_spare_servers" = 4;
|
||||
"pm.max_requests" = 500;
|
||||
};
|
||||
description = ''
|
||||
Options for the MediaWiki PHP pool. See the documentation on <literal>php-fpm.conf</literal>
|
||||
for details on configuration directives.
|
||||
'';
|
||||
};
|
||||
|
||||
extraConfig = mkOption {
|
||||
type = types.lines;
|
||||
description = ''
|
||||
Any additional text to be appended to MediaWiki's
|
||||
LocalSettings.php configuration file. For configuration
|
||||
settings, see <link xlink:href="https://www.mediawiki.org/wiki/Manual:Configuration_settings"/>.
|
||||
'';
|
||||
default = "";
|
||||
example = ''
|
||||
$wgEnableEmail = false;
|
||||
'';
|
||||
};
|
||||
|
||||
};
|
||||
};
|
||||
|
||||
# implementation
|
||||
config = mkIf cfg.enable {
|
||||
|
||||
assertions = [
|
||||
{ assertion = cfg.database.createLocally -> cfg.database.type == "mysql";
|
||||
message = "services.mediawiki.createLocally is currently only supported for database type 'mysql'";
|
||||
}
|
||||
{ assertion = cfg.database.createLocally -> cfg.database.user == user;
|
||||
message = "services.mediawiki.database.user must be set to ${user} if services.mediawiki.database.createLocally is set true";
|
||||
}
|
||||
{ assertion = cfg.database.createLocally -> cfg.database.socket != null;
|
||||
message = "services.mediawiki.database.socket must be set if services.mediawiki.database.createLocally is set to true";
|
||||
}
|
||||
{ assertion = cfg.database.createLocally -> cfg.database.passwordFile == null;
|
||||
message = "a password cannot be specified if services.mediawiki.database.createLocally is set to true";
|
||||
}
|
||||
];
|
||||
|
||||
services.mymediawiki.skins = {
|
||||
Vector = "${cfg.package}/share/mediawiki/skins/Vector";
|
||||
};
|
||||
|
||||
services.mysql = mkIf cfg.database.createLocally {
|
||||
enable = true;
|
||||
package = mkDefault pkgs.mariadb;
|
||||
ensureDatabases = [ cfg.database.name ];
|
||||
ensureUsers = [
|
||||
{ name = cfg.database.user;
|
||||
ensurePermissions = { "${cfg.database.name}.*" = "ALL PRIVILEGES"; };
|
||||
}
|
||||
];
|
||||
};
|
||||
|
||||
services.phpfpm.pools.mediawiki = {
|
||||
inherit user group;
|
||||
phpEnv.MEDIAWIKI_CONFIG = "${mediawikiConfig}";
|
||||
settings = {
|
||||
"listen.owner" = config.services.httpd.user;
|
||||
"listen.group" = config.services.httpd.group;
|
||||
} // cfg.poolConfig;
|
||||
};
|
||||
|
||||
services.httpd = {
|
||||
enable = true;
|
||||
extraModules = [ "proxy_fcgi" ];
|
||||
virtualHosts.${cfg.virtualHost.hostName} = mkMerge [ cfg.virtualHost {
|
||||
documentRoot = mkForce "${pkg}/share/mediawiki";
|
||||
extraConfig = ''
|
||||
<Directory "${pkg}/share/mediawiki">
|
||||
<FilesMatch "\.php$">
|
||||
<If "-f %{REQUEST_FILENAME}">
|
||||
SetHandler "proxy:unix:${fpm.socket}|fcgi://localhost/"
|
||||
</If>
|
||||
</FilesMatch>
|
||||
|
||||
Require all granted
|
||||
DirectoryIndex index.php
|
||||
AllowOverride All
|
||||
</Directory>
|
||||
'' + optionalString (cfg.uploadsDir != null) ''
|
||||
Alias "/images" "${cfg.uploadsDir}"
|
||||
<Directory "${cfg.uploadsDir}">
|
||||
Require all granted
|
||||
</Directory>
|
||||
'';
|
||||
} ];
|
||||
};
|
||||
|
||||
systemd.tmpfiles.rules = [
|
||||
"d '${stateDir}' 0750 ${user} ${group} - -"
|
||||
"d '${cacheDir}' 0750 ${user} ${group} - -"
|
||||
] ++ optionals (cfg.uploadsDir != null) [
|
||||
"d '${cfg.uploadsDir}' 0750 ${user} ${group} - -"
|
||||
"Z '${cfg.uploadsDir}' 0750 ${user} ${group} - -"
|
||||
];
|
||||
|
||||
systemd.services.mediawiki-init = {
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
before = [ "phpfpm-mediawiki.service" ];
|
||||
after = optional cfg.database.createLocally "mysql.service";
|
||||
script = ''
|
||||
if ! test -e "${stateDir}/secret.key"; then
|
||||
tr -dc A-Za-z0-9 </dev/urandom 2>/dev/null | head -c 64 > ${stateDir}/secret.key
|
||||
fi
|
||||
|
||||
echo "exit( wfGetDB( DB_MASTER )->tableExists( 'user' ) ? 1 : 0 );" | \
|
||||
${pkgs.php}/bin/php ${pkg}/share/mediawiki/maintenance/eval.php --conf ${mediawikiConfig} && \
|
||||
${pkgs.php}/bin/php ${pkg}/share/mediawiki/maintenance/install.php \
|
||||
--confpath /tmp \
|
||||
--scriptpath / \
|
||||
--dbserver ${cfg.database.host}${optionalString (cfg.database.socket != null) ":${cfg.database.socket}"} \
|
||||
--dbport ${toString cfg.database.port} \
|
||||
--dbname ${cfg.database.name} \
|
||||
${optionalString (cfg.database.tablePrefix != null) "--dbprefix ${cfg.database.tablePrefix}"} \
|
||||
--dbuser ${cfg.database.user} \
|
||||
${optionalString (cfg.database.passwordFile != null) "--dbpassfile ${cfg.database.passwordFile}"} \
|
||||
--passfile ${cfg.passwordFile} \
|
||||
${cfg.name} \
|
||||
admin
|
||||
|
||||
${pkgs.php}/bin/php ${pkg}/share/mediawiki/maintenance/update.php --conf ${mediawikiConfig} --quick
|
||||
'';
|
||||
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
User = user;
|
||||
Group = group;
|
||||
PrivateTmp = true;
|
||||
};
|
||||
};
|
||||
|
||||
systemd.services.httpd.after = optional (cfg.database.createLocally && cfg.database.type == "mysql") "mysql.service";
|
||||
|
||||
users.users.${user} = {
|
||||
group = group;
|
||||
isSystemUser = true;
|
||||
};
|
||||
|
||||
environment.systemPackages = [ mediawikiScripts ];
|
||||
};
|
||||
}
|
|
@ -0,0 +1,295 @@
|
|||
{ config, lib, name, ... }:
|
||||
let
|
||||
inherit (lib) literalExpression mkOption nameValuePair types;
|
||||
in
|
||||
{
|
||||
options = {
|
||||
|
||||
hostName = mkOption {
|
||||
type = types.str;
|
||||
default = name;
|
||||
description = "Canonical hostname for the server.";
|
||||
};
|
||||
|
||||
serverAliases = mkOption {
|
||||
type = types.listOf types.str;
|
||||
default = [];
|
||||
example = ["www.example.org" "www.example.org:8080" "example.org"];
|
||||
description = ''
|
||||
Additional names of virtual hosts served by this virtual host configuration.
|
||||
'';
|
||||
};
|
||||
|
||||
listen = mkOption {
|
||||
type = with types; listOf (submodule ({
|
||||
options = {
|
||||
port = mkOption {
|
||||
type = types.port;
|
||||
description = "Port to listen on";
|
||||
};
|
||||
ip = mkOption {
|
||||
type = types.str;
|
||||
default = "*";
|
||||
description = "IP to listen on. 0.0.0.0 for IPv4 only, * for all.";
|
||||
};
|
||||
ssl = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = "Whether to enable SSL (https) support.";
|
||||
};
|
||||
};
|
||||
}));
|
||||
default = [];
|
||||
example = [
|
||||
{ ip = "195.154.1.1"; port = 443; ssl = true;}
|
||||
{ ip = "192.154.1.1"; port = 80; }
|
||||
{ ip = "*"; port = 8080; }
|
||||
];
|
||||
description = ''
|
||||
Listen addresses and ports for this virtual host.
|
||||
<note>
|
||||
<para>
|
||||
This option overrides <literal>addSSL</literal>, <literal>forceSSL</literal> and <literal>onlySSL</literal>.
|
||||
</para>
|
||||
<para>
|
||||
If you only want to set the addresses manually and not the ports, take a look at <literal>listenAddresses</literal>.
|
||||
</para>
|
||||
</note>
|
||||
'';
|
||||
};
|
||||
|
||||
listenAddresses = mkOption {
|
||||
type = with types; nonEmptyListOf str;
|
||||
|
||||
description = ''
|
||||
Listen addresses for this virtual host.
|
||||
Compared to <literal>listen</literal> this only sets the addreses
|
||||
and the ports are chosen automatically.
|
||||
'';
|
||||
default = [ "*" ];
|
||||
example = [ "127.0.0.1" ];
|
||||
};
|
||||
|
||||
enableSSL = mkOption {
|
||||
type = types.bool;
|
||||
visible = false;
|
||||
default = false;
|
||||
};
|
||||
|
||||
addSSL = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
Whether to enable HTTPS in addition to plain HTTP. This will set defaults for
|
||||
<literal>listen</literal> to listen on all interfaces on the respective default
|
||||
ports (80, 443).
|
||||
'';
|
||||
};
|
||||
|
||||
onlySSL = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
Whether to enable HTTPS and reject plain HTTP connections. This will set
|
||||
defaults for <literal>listen</literal> to listen on all interfaces on port 443.
|
||||
'';
|
||||
};
|
||||
|
||||
forceSSL = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
Whether to add a separate nginx server block that permanently redirects (301)
|
||||
all plain HTTP traffic to HTTPS. This will set defaults for
|
||||
<literal>listen</literal> to listen on all interfaces on the respective default
|
||||
ports (80, 443), where the non-SSL listens are used for the redirect vhosts.
|
||||
'';
|
||||
};
|
||||
|
||||
enableACME = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
Whether to ask Let's Encrypt to sign a certificate for this vhost.
|
||||
Alternately, you can use an existing certificate through <option>useACMEHost</option>.
|
||||
'';
|
||||
};
|
||||
|
||||
useACMEHost = mkOption {
|
||||
type = types.nullOr types.str;
|
||||
default = null;
|
||||
description = ''
|
||||
A host of an existing Let's Encrypt certificate to use.
|
||||
This is useful if you have many subdomains and want to avoid hitting the
|
||||
<link xlink:href="https://letsencrypt.org/docs/rate-limits/">rate limit</link>.
|
||||
Alternately, you can generate a certificate through <option>enableACME</option>.
|
||||
<emphasis>Note that this option does not create any certificates, nor it does add subdomains to existing ones – you will need to create them manually using <xref linkend="opt-security.acme.certs"/>.</emphasis>
|
||||
'';
|
||||
};
|
||||
|
||||
acmeRoot = mkOption {
|
||||
type = types.nullOr types.str;
|
||||
default = "/var/lib/acme/acme-challenge";
|
||||
description = ''
|
||||
Directory for the acme challenge which is PUBLIC, don't put certs or keys in here.
|
||||
Set to null to inherit from config.security.acme.
|
||||
'';
|
||||
};
|
||||
|
||||
sslServerCert = mkOption {
|
||||
type = types.path;
|
||||
example = "/var/host.cert";
|
||||
description = "Path to server SSL certificate.";
|
||||
};
|
||||
|
||||
sslServerKey = mkOption {
|
||||
type = types.path;
|
||||
example = "/var/host.key";
|
||||
description = "Path to server SSL certificate key.";
|
||||
};
|
||||
|
||||
sslServerChain = mkOption {
|
||||
type = types.nullOr types.path;
|
||||
default = null;
|
||||
example = "/var/ca.pem";
|
||||
description = "Path to server SSL chain file.";
|
||||
};
|
||||
|
||||
http2 = mkOption {
|
||||
type = types.bool;
|
||||
default = true;
|
||||
description = ''
|
||||
Whether to enable HTTP 2. HTTP/2 is supported in all multi-processing modules that come with httpd. <emphasis>However, if you use the prefork mpm, there will
|
||||
be severe restrictions.</emphasis> Refer to <link xlink:href="https://httpd.apache.org/docs/2.4/howto/http2.html#mpm-config"/> for details.
|
||||
'';
|
||||
};
|
||||
|
||||
adminAddr = mkOption {
|
||||
type = types.nullOr types.str;
|
||||
default = null;
|
||||
example = "admin@example.org";
|
||||
description = "E-mail address of the server administrator.";
|
||||
};
|
||||
|
||||
documentRoot = mkOption {
|
||||
type = types.nullOr types.path;
|
||||
default = null;
|
||||
example = "/data/webserver/docs";
|
||||
description = ''
|
||||
The path of Apache's document root directory. If left undefined,
|
||||
an empty directory in the Nix store will be used as root.
|
||||
'';
|
||||
};
|
||||
|
||||
servedDirs = mkOption {
|
||||
type = types.listOf types.attrs;
|
||||
default = [];
|
||||
example = [
|
||||
{ urlPath = "/nix";
|
||||
dir = "/home/eelco/Dev/nix-homepage";
|
||||
}
|
||||
];
|
||||
description = ''
|
||||
This option provides a simple way to serve static directories.
|
||||
'';
|
||||
};
|
||||
|
||||
servedFiles = mkOption {
|
||||
type = types.listOf types.attrs;
|
||||
default = [];
|
||||
example = [
|
||||
{ urlPath = "/foo/bar.png";
|
||||
file = "/home/eelco/some-file.png";
|
||||
}
|
||||
];
|
||||
description = ''
|
||||
This option provides a simple way to serve individual, static files.
|
||||
|
||||
<note><para>
|
||||
This option has been deprecated and will be removed in a future
|
||||
version of NixOS. You can achieve the same result by making use of
|
||||
the <literal>locations.<name>.alias</literal> option.
|
||||
</para></note>
|
||||
'';
|
||||
};
|
||||
|
||||
extraConfig = mkOption {
|
||||
type = types.lines;
|
||||
default = "";
|
||||
example = ''
|
||||
<Directory /home>
|
||||
Options FollowSymlinks
|
||||
AllowOverride All
|
||||
</Directory>
|
||||
'';
|
||||
description = ''
|
||||
These lines go to httpd.conf verbatim. They will go after
|
||||
directories and directory aliases defined by default.
|
||||
'';
|
||||
};
|
||||
|
||||
enableUserDir = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
Whether to enable serving <filename>~/public_html</filename> as
|
||||
<literal>/~<replaceable>username</replaceable></literal>.
|
||||
'';
|
||||
};
|
||||
|
||||
globalRedirect = mkOption {
|
||||
type = types.nullOr types.str;
|
||||
default = null;
|
||||
example = "http://newserver.example.org/";
|
||||
description = ''
|
||||
If set, all requests for this host are redirected permanently to
|
||||
the given URL.
|
||||
'';
|
||||
};
|
||||
|
||||
logFormat = mkOption {
|
||||
type = types.str;
|
||||
default = "common";
|
||||
example = "combined";
|
||||
description = ''
|
||||
Log format for Apache's log files. Possible values are: combined, common, referer, agent.
|
||||
'';
|
||||
};
|
||||
|
||||
robotsEntries = mkOption {
|
||||
type = types.lines;
|
||||
default = "";
|
||||
example = "Disallow: /foo/";
|
||||
description = ''
|
||||
Specification of pages to be ignored by web crawlers. See <link
|
||||
xlink:href='http://www.robotstxt.org/'/> for details.
|
||||
'';
|
||||
};
|
||||
|
||||
locations = mkOption {
|
||||
type = with types; attrsOf (submodule (import ./location-options.nix));
|
||||
default = {};
|
||||
example = literalExpression ''
|
||||
{
|
||||
"/" = {
|
||||
proxyPass = "http://localhost:3000";
|
||||
};
|
||||
"/foo/bar.png" = {
|
||||
alias = "/home/eelco/some-file.png";
|
||||
};
|
||||
};
|
||||
'';
|
||||
description = ''
|
||||
Declarative location config. See <link
|
||||
xlink:href="https://httpd.apache.org/docs/2.4/mod/core.html#location"/> for details.
|
||||
'';
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
config = {
|
||||
|
||||
locations = builtins.listToAttrs (map (elem: nameValuePair elem.urlPath { alias = elem.file; }) config.servedFiles);
|
||||
|
||||
};
|
||||
}
|
Loading…
Reference in New Issue