winzlieb/mediawiki-nix-container
winzlieb
/
mediawiki-nix-container
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

cleanup

This commit is contained in:
Winzlieb - 2022-06-22 20:10:39 +02:00
parent bd407482d1
commit 6102efd53d
7 changed files with 32 additions and 903 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
Makefile Normal file
View File

@ -0,0 +1,19 @@
nixos-rebuild:
sudo nixos-container update mediawiki --flake .#container
nixos-create:
sudo nixos-container create mediawiki --system-path `realpath container` --flake .#container
nixos-update: nixos-stop nixos-rebuild nixos-start
nixos-stop:
sudo nixos-container stop mediawiki
nixos-start:
sudo nixos-container start mediawiki
nixos-login: nixos-start
sudo nixos-container root-login mediawiki
nixos-destroy:
sudo nixos-container destroy mediawiki

83
flake.nix
View File

@ -2,26 +2,11 @@
inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-22.05";
outputs = { self, nixpkgs }: {
devShell.x86_64-linux = import ./shell.nix {
pkgs = import nixpkgs { system = "x86_64-linux"; };
};
defaultPackage.x86_64-linux =
let
pkgs = import nixpkgs { system = "x86_64-linux"; };
lib = pkgs.lib;
in
pkgs.mediawiki.overrideAttrs ({ pname, ... }: rec {
version = "1.27.0";
src = with lib; pkgs.fetchurl {
url = "https://releases.wikimedia.org/mediawiki/${versions.majorMinor version}/${pname}-${version}.tar.gz";
sha256 = "sha256-x50AMSpLdJkn5PP5YAs7z5/pFKiYt/5PhRjp9Zro0Sg=";
};
});
nixosConfigurations.container = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules =
@ -36,7 +21,7 @@
});
in
{
imports = [ ./module/mediawiki.nix ];
#imports = [ ./module/mediawiki.nix ];
boot.isContainer = true;
# Let 'nixos-version --json' know about the Git revision
@ -47,11 +32,6 @@
networking.useDHCP = false;
networking.firewall.allowedTCPPorts = [ 80 5432 ];
services.mysql = {
enable = false;
};
services.postgresql =
let
cfg = config.services.mediawiki;
@ -67,45 +47,19 @@
}
];
authentication = lib.mkForce ''
# Generated file; do not edit!
# TYPE DATABASE USER ADDRESS METHOD
local all all trust
host all all 127.0.0.1/32 trust
host all all 10.233.2.1/32 trust
host all all 169.254.155.231/32 trust
host all all ::1/128 trust
# TYPE DATABASE USER ADDRESS METHOD
local all all trust
host all all 127.0.0.1/32 trust
host all all 10.233.2.1/32 trust
host all all 169.254.155.231/32 trust
host all all ::1/128 trust
'';};
system.stateVersion = "22.05";
systemd.services.mediawiki-pg-init = let
cfg = config.services.mymediawiki;
stateDir = "/var/lib/mediawiki";
pkg = mediaWikiOld;
inherit (lib) concatStringsSep literalExample mapAttrsToList optional optionals optionalString types;
mediawikiConfig = config.services.phpfpm.pools.mediawiki.phpEnv.MEDIAWIKI_CONFIG;
services.mediawiki = let
cfg = config.services.mediawiki;
in {
enable = true;
wantedBy = [ "multi-user.target" ];
before = [ "phpfpm-mediawiki.service" ];
after = [ "postgresql.service" ];
script = ''
if ! test -e "${stateDir}/secret.key"; then
tr -dc A-Za-z0-9 </dev/urandom 2>/dev/null | head -c 64 > ${stateDir}/secret.key
fi
${pkgs.php}/bin/php ${pkg}/share/mediawiki/maintenance/update.php --conf ${mediawikiConfig} --quick
'';
serviceConfig = {
Type = "oneshot";
User = "mediawiki";
Group = config.services.httpd.group;
PrivateTmp = true;
};
};
services.mymediawiki = {
enable = true;
package = mediaWikiOld;
virtualHost = {
@ -117,12 +71,8 @@
# Hector = "${mediaWikiOld}/share/mediawiki/skins/Hector";
#};
extraConfig = ''
$wgShowExceptionDetails = true;
$wgDBserver = "/run/postgresql";
$wgDBport = "5432";
# $wgDBuser = "mediawiki";
# $wgDBname = "mediawiki";
$wgDBserver = "${cfg.database.socket}";
$wgDBmwschema = "mediawiki";
'';
extensions = {
@ -148,22 +98,13 @@
};
};
passwordFile = pkgs.writeText "password" "topSecretF0rAll!!!!";
#database = {
# type = "mysql";
# createLocally = true;
#};
database = {
type = "postgres";
# socket = "/run/postgresql";
# host = "localhost";
# port = 5432;
socket = "/run/postgresql";
user = "mediawiki";
name = "mediawiki";
passwordFile = pkgs.writeText "password" "";
};
};
})
];
};

7
mediawiki.nix
View File

@ -1,7 +0,0 @@
{ config, pkgs, lib, ... }: {
version = "1.27.0";
src = with lib; pkgs.fetchurl {
url = "https://releases.wikimedia.org/mediawiki/${versions.majorMinor version}/mediawiki-${version}.tar.gz";
sha256 = "sha256-x50AMSpLdJkn5PP5YAs7z5/pFKiYt/5PhRjp9Zro0Sg=";
};
}

54
module/location-options.nix
View File

@ -1,54 +0,0 @@
{ config, lib, name, ... }:
let
inherit (lib) mkOption types;
in
{
options = {
proxyPass = mkOption {
type = with types; nullOr str;
default = null;
example = "http://www.example.org/";
description = ''
Sets up a simple reverse proxy as described by <link xlink:href="https://httpd.apache.org/docs/2.4/howto/reverse_proxy.html#simple" />.
'';
};
index = mkOption {
type = with types; nullOr str;
default = null;
example = "index.php index.html";
description = ''
Adds DirectoryIndex directive. See <link xlink:href="https://httpd.apache.org/docs/2.4/mod/mod_dir.html#directoryindex" />.
'';
};
alias = mkOption {
type = with types; nullOr path;
default = null;
example = "/your/alias/directory";
description = ''
Alias directory for requests. See <link xlink:href="https://httpd.apache.org/docs/2.4/mod/mod_alias.html#alias" />.
'';
};
extraConfig = mkOption {
type = types.lines;
default = "";
description = ''
These lines go to the end of the location verbatim.
'';
};
priority = mkOption {
type = types.int;
default = 1000;
description = ''
Order of this location block in relation to the others in the vhost.
The semantics are the same as with `lib.mkOrder`. Smaller values have
a greater priority.
'';
};
};
}

475
module/mediawiki.nix
View File

@ -1,475 +0,0 @@
{ config, pkgs, lib, ... }:
let
inherit (lib) mkDefault mkEnableOption mkForce mkIf mkMerge mkOption;
inherit (lib) concatStringsSep literalExpression mapAttrsToList optional optionals optionalString types;
cfg = config.services.mymediawiki;
fpm = config.services.phpfpm.pools.mediawiki;
user = "mediawiki";
group = config.services.httpd.group;
cacheDir = "/var/cache/mediawiki";
stateDir = "/var/lib/mediawiki";
pkg = pkgs.stdenv.mkDerivation rec {
pname = "mediawiki-full";
version = src.version;
src = cfg.package;
installPhase = ''
mkdir -p $out
cp -r * $out/
rm -rf $out/share/mediawiki/skins/*
rm -rf $out/share/mediawiki/extensions/*
${concatStringsSep "\n" (mapAttrsToList (k: v: ''
ln -s ${v} $out/share/mediawiki/skins/${k}
'') cfg.skins)}
${concatStringsSep "\n" (mapAttrsToList (k: v: ''
ln -s ${if v != null then v else "$src/share/mediawiki/extensions/${k}"} $out/share/mediawiki/extensions/${k}
'') cfg.extensions)}
'';
};
mediawikiScripts = pkgs.runCommand "mediawiki-scripts" {
buildInputs = [ pkgs.makeWrapper ];
preferLocalBuild = true;
} ''
mkdir -p $out/bin
for i in changePassword.php createAndPromote.php userOptions.php edit.php nukePage.php update.php; do
makeWrapper ${pkgs.php}/bin/php $out/bin/mediawiki-$(basename $i .php) \
--set MEDIAWIKI_CONFIG ${mediawikiConfig} \
--add-flags ${pkg}/share/mediawiki/maintenance/$i
done
'';
mediawikiConfig = pkgs.writeText "LocalSettings.php" ''
<?php
# Protect against web entry
if ( !defined( 'MEDIAWIKI' ) ) {
exit;
}
$wgSitename = "${cfg.name}";
$wgMetaNamespace = false;
## The URL base path to the directory containing the wiki;
## defaults for all runtime URL paths are based off of this.
## For more information on customizing the URLs
## (like /w/index.php/Page_title to /wiki/Page_title) please see:
## https://www.mediawiki.org/wiki/Manual:Short_URL
$wgScriptPath = "";
## The protocol and server name to use in fully-qualified URLs
$wgServer = "${if cfg.virtualHost.addSSL || cfg.virtualHost.forceSSL || cfg.virtualHost.onlySSL then "https" else "http"}://${cfg.virtualHost.hostName}";
## The URL path to static resources (images, scripts, etc.)
$wgResourceBasePath = $wgScriptPath;
## The URL path to the logo. Make sure you change this from the default,
## or else you'll overwrite your logo when you upgrade!
$wgLogo = "$wgResourceBasePath/resources/assets/wiki.png";
## UPO means: this is also a user preference option
$wgEnableEmail = true;
$wgEnableUserEmail = true; # UPO
$wgEmergencyContact = "${if cfg.virtualHost.adminAddr != null then cfg.virtualHost.adminAddr else config.services.httpd.adminAddr}";
$wgPasswordSender = $wgEmergencyContact;
$wgEnotifUserTalk = false; # UPO
$wgEnotifWatchlist = false; # UPO
$wgEmailAuthentication = true;
## Database settings
$wgDBtype = "${cfg.database.type}";
$wgDBserver = "${cfg.database.host}:${if cfg.database.socket != null then cfg.database.socket else toString cfg.database.port}";
$wgDBname = "${cfg.database.name}";
$wgDBuser = "${cfg.database.user}";
${optionalString (cfg.database.passwordFile != null) "$wgDBpassword = file_get_contents(\"${cfg.database.passwordFile}\");"}
${optionalString (cfg.database.type == "mysql" && cfg.database.tablePrefix != null) ''
# MySQL specific settings
$wgDBprefix = "${cfg.database.tablePrefix}";
''}
${optionalString (cfg.database.type == "mysql") ''
# MySQL table options to use during installation or update
$wgDBTableOptions = "ENGINE=InnoDB, DEFAULT CHARSET=binary";
''}
## Shared memory settings
$wgMainCacheType = CACHE_NONE;
$wgMemCachedServers = [];
${optionalString (cfg.uploadsDir != null) ''
$wgEnableUploads = true;
$wgUploadDirectory = "${cfg.uploadsDir}";
''}
$wgUseImageMagick = true;
$wgImageMagickConvertCommand = "${pkgs.imagemagick}/bin/convert";
# InstantCommons allows wiki to use images from https://commons.wikimedia.org
$wgUseInstantCommons = false;
# Periodically send a pingback to https://www.mediawiki.org/ with basic data
# about this MediaWiki instance. The Wikimedia Foundation shares this data
# with MediaWiki developers to help guide future development efforts.
$wgPingback = true;
## If you use ImageMagick (or any other shell command) on a
## Linux server, this will need to be set to the name of an
## available UTF-8 locale
$wgShellLocale = "C.UTF-8";
## Set $wgCacheDirectory to a writable directory on the web server
## to make your wiki go slightly faster. The directory should not
## be publically accessible from the web.
$wgCacheDirectory = "${cacheDir}";
# Site language code, should be one of the list in ./languages/data/Names.php
$wgLanguageCode = "en";
$wgSecretKey = file_get_contents("${stateDir}/secret.key");
# Changing this will log out all existing sessions.
$wgAuthenticationTokenVersion = "";
## For attaching licensing metadata to pages, and displaying an
## appropriate copyright notice / icon. GNU Free Documentation
## License and Creative Commons licenses are supported so far.
$wgRightsPage = ""; # Set to the title of a wiki page that describes your license/copyright
$wgRightsUrl = "";
$wgRightsText = "";
$wgRightsIcon = "";
# Path to the GNU diff3 utility. Used for conflict resolution.
$wgDiff = "${pkgs.diffutils}/bin/diff";
$wgDiff3 = "${pkgs.diffutils}/bin/diff3";
# Enabled skins.
${concatStringsSep "\n" (mapAttrsToList (k: v: "wfLoadSkin('${k}');") cfg.skins)}
# Enabled extensions.
${concatStringsSep "\n" (mapAttrsToList (k: v: "wfLoadExtension('${k}');") cfg.extensions)}
# End of automatically generated settings.
# Add more configuration options below.
${cfg.extraConfig}
#Hello World
'';
in
{
# interface
options = {
services.mymediawiki = {
enable = mkEnableOption "MediaWiki";
package = mkOption {
type = types.package;
default = pkgs.mediawiki;
defaultText = literalExpression "pkgs.mediawiki";
description = "Which MediaWiki package to use.";
};
name = mkOption {
type = types.str;
default = "MediaWiki";
example = "Foobar Wiki";
description = "Name of the wiki.";
};
uploadsDir = mkOption {
type = types.nullOr types.path;
default = "${stateDir}/uploads";
description = ''
This directory is used for uploads of pictures. The directory passed here is automatically
created and permissions adjusted as required.
'';
};
passwordFile = mkOption {
type = types.path;
description = "A file containing the initial password for the admin user.";
example = "/run/keys/mediawiki-password";
};
skins = mkOption {
default = {};
type = types.attrsOf types.path;
description = ''
Attribute set of paths whose content is copied to the <filename>skins</filename>
subdirectory of the MediaWiki installation in addition to the default skins.
'';
};
extensions = mkOption {
default = {};
type = types.attrsOf (types.nullOr types.path);
description = ''
Attribute set of paths whose content is copied to the <filename>extensions</filename>
subdirectory of the MediaWiki installation and enabled in configuration.
Use <literal>null</literal> instead of path to enable extensions that are part of MediaWiki.
'';
example = literalExpression ''
{
Matomo = pkgs.fetchzip {
url = "https://github.com/DaSchTour/matomo-mediawiki-extension/archive/v4.0.1.tar.gz";
sha256 = "0g5rd3zp0avwlmqagc59cg9bbkn3r7wx7p6yr80s644mj6dlvs1b";
};
ParserFunctions = null;
}
'';
};
database = {
type = mkOption {
type = types.enum [ "mysql" "postgres" "sqlite" "mssql" "oracle" ];
default = "mysql";
description = "Database engine to use. MySQL/MariaDB is the database of choice by MediaWiki developers.";
};
host = mkOption {
type = types.str;
default = "localhost";
description = "Database host address.";
};
port = mkOption {
type = types.port;
default = 3306;
description = "Database host port.";
};
name = mkOption {
type = types.str;
default = "mediawiki";
description = "Database name.";
};
user = mkOption {
type = types.str;
default = "mediawiki";
description = "Database user.";
};
passwordFile = mkOption {
type = types.nullOr types.path;
default = null;
example = "/run/keys/mediawiki-dbpassword";
description = ''
A file containing the password corresponding to
<option>database.user</option>.
'';
};
tablePrefix = mkOption {
type = types.nullOr types.str;
default = null;
description = ''
If you only have access to a single database and wish to install more than
one version of MediaWiki, or have other applications that also use the
database, you can give the table names a unique prefix to stop any naming
conflicts or confusion.
See <link xlink:href='https://www.mediawiki.org/wiki/Manual:$wgDBprefix'/>.
'';
};
socket = mkOption {
type = types.nullOr types.path;
default = if cfg.database.createLocally then "/run/mysqld/mysqld.sock" else null;
defaultText = literalExpression "/run/mysqld/mysqld.sock";
description = "Path to the unix socket file to use for authentication.";
};
createLocally = mkOption {
type = types.bool;
default = cfg.database.type == "mysql";
defaultText = literalExpression "true";
description = ''
Create the database and database user locally.
This currently only applies if database type "mysql" is selected.
'';
};
};
virtualHost = mkOption {
type = types.submodule (import ./vhost-options.nix);
example = literalExpression ''
{
hostName = "mediawiki.example.org";
adminAddr = "webmaster@example.org";
forceSSL = true;
enableACME = true;
}
'';
description = ''
Apache configuration can be done by adapting <option>services.httpd.virtualHosts</option>.
See <xref linkend="opt-services.httpd.virtualHosts"/> for further information.
'';
};
poolConfig = mkOption {
type = with types; attrsOf (oneOf [ str int bool ]);
default = {
"pm" = "dynamic";
"pm.max_children" = 32;
"pm.start_servers" = 2;
"pm.min_spare_servers" = 2;
"pm.max_spare_servers" = 4;
"pm.max_requests" = 500;
};
description = ''
Options for the MediaWiki PHP pool. See the documentation on <literal>php-fpm.conf</literal>
for details on configuration directives.
'';
};
extraConfig = mkOption {
type = types.lines;
description = ''
Any additional text to be appended to MediaWiki's
LocalSettings.php configuration file. For configuration
settings, see <link xlink:href="https://www.mediawiki.org/wiki/Manual:Configuration_settings"/>.
'';
default = "";
example = ''
$wgEnableEmail = false;
'';
};
};
};
# implementation
config = mkIf cfg.enable {
assertions = [
{ assertion = cfg.database.createLocally -> cfg.database.type == "mysql";
message = "services.mediawiki.createLocally is currently only supported for database type 'mysql'";
}
{ assertion = cfg.database.createLocally -> cfg.database.user == user;
message = "services.mediawiki.database.user must be set to ${user} if services.mediawiki.database.createLocally is set true";
}
{ assertion = cfg.database.createLocally -> cfg.database.socket != null;
message = "services.mediawiki.database.socket must be set if services.mediawiki.database.createLocally is set to true";
}
{ assertion = cfg.database.createLocally -> cfg.database.passwordFile == null;
message = "a password cannot be specified if services.mediawiki.database.createLocally is set to true";
}
];
services.mymediawiki.skins = {
Vector = "${cfg.package}/share/mediawiki/skins/Vector";
};
services.mysql = mkIf cfg.database.createLocally {
enable = true;
package = mkDefault pkgs.mariadb;
ensureDatabases = [ cfg.database.name ];
ensureUsers = [
{ name = cfg.database.user;
ensurePermissions = { "${cfg.database.name}.*" = "ALL PRIVILEGES"; };
}
];
};
services.phpfpm.pools.mediawiki = {
inherit user group;
phpEnv.MEDIAWIKI_CONFIG = "${mediawikiConfig}";
settings = {
"listen.owner" = config.services.httpd.user;
"listen.group" = config.services.httpd.group;
} // cfg.poolConfig;
};
services.httpd = {
enable = true;
extraModules = [ "proxy_fcgi" ];
virtualHosts.${cfg.virtualHost.hostName} = mkMerge [ cfg.virtualHost {
documentRoot = mkForce "${pkg}/share/mediawiki";
extraConfig = ''
<Directory "${pkg}/share/mediawiki">
<FilesMatch "\.php$">
<If "-f %{REQUEST_FILENAME}">
SetHandler "proxy:unix:${fpm.socket}|fcgi://localhost/"
</If>
</FilesMatch>
Require all granted
DirectoryIndex index.php
AllowOverride All
</Directory>
'' + optionalString (cfg.uploadsDir != null) ''
Alias "/images" "${cfg.uploadsDir}"
<Directory "${cfg.uploadsDir}">
Require all granted
</Directory>
'';
} ];
};
systemd.tmpfiles.rules = [
"d '${stateDir}' 0750 ${user} ${group} - -"
"d '${cacheDir}' 0750 ${user} ${group} - -"
] ++ optionals (cfg.uploadsDir != null) [
"d '${cfg.uploadsDir}' 0750 ${user} ${group} - -"
"Z '${cfg.uploadsDir}' 0750 ${user} ${group} - -"
];
systemd.services.mediawiki-init = {
wantedBy = [ "multi-user.target" ];
before = [ "phpfpm-mediawiki.service" ];
after = optional cfg.database.createLocally "mysql.service";
script = ''
if ! test -e "${stateDir}/secret.key"; then
tr -dc A-Za-z0-9 </dev/urandom 2>/dev/null | head -c 64 > ${stateDir}/secret.key
fi
echo "exit( wfGetDB( DB_MASTER )->tableExists( 'user' ) ? 1 : 0 );" | \
${pkgs.php}/bin/php ${pkg}/share/mediawiki/maintenance/eval.php --conf ${mediawikiConfig} && \
${pkgs.php}/bin/php ${pkg}/share/mediawiki/maintenance/install.php \
--confpath /tmp \
--scriptpath / \
--dbserver ${cfg.database.host}${optionalString (cfg.database.socket != null) ":${cfg.database.socket}"} \
--dbport ${toString cfg.database.port} \
--dbname ${cfg.database.name} \
${optionalString (cfg.database.tablePrefix != null) "--dbprefix ${cfg.database.tablePrefix}"} \
--dbuser ${cfg.database.user} \
${optionalString (cfg.database.passwordFile != null) "--dbpassfile ${cfg.database.passwordFile}"} \
--passfile ${cfg.passwordFile} \
${cfg.name} \
admin
${pkgs.php}/bin/php ${pkg}/share/mediawiki/maintenance/update.php --conf ${mediawikiConfig} --quick
'';
serviceConfig = {
Type = "oneshot";
User = user;
Group = group;
PrivateTmp = true;
};
};
systemd.services.httpd.after = optional (cfg.database.createLocally && cfg.database.type == "mysql") "mysql.service";
users.users.${user} = {
group = group;
isSystemUser = true;
};
environment.systemPackages = [ mediawikiScripts ];
};
}

295
module/vhost-options.nix
View File

@ -1,295 +0,0 @@
{ config, lib, name, ... }:
let
inherit (lib) literalExpression mkOption nameValuePair types;
in
{
options = {
hostName = mkOption {
type = types.str;
default = name;
description = "Canonical hostname for the server.";
};
serverAliases = mkOption {
type = types.listOf types.str;
default = [];
example = ["www.example.org" "www.example.org:8080" "example.org"];
description = ''
Additional names of virtual hosts served by this virtual host configuration.
'';
};
listen = mkOption {
type = with types; listOf (submodule ({
options = {
port = mkOption {
type = types.port;
description = "Port to listen on";
};
ip = mkOption {
type = types.str;
default = "*";
description = "IP to listen on. 0.0.0.0 for IPv4 only, * for all.";
};
ssl = mkOption {
type = types.bool;
default = false;
description = "Whether to enable SSL (https) support.";
};
};
}));
default = [];
example = [
{ ip = "195.154.1.1"; port = 443; ssl = true;}
{ ip = "192.154.1.1"; port = 80; }
{ ip = "*"; port = 8080; }
];
description = ''
Listen addresses and ports for this virtual host.
<note>
<para>
This option overrides <literal>addSSL</literal>, <literal>forceSSL</literal> and <literal>onlySSL</literal>.
</para>
<para>
If you only want to set the addresses manually and not the ports, take a look at <literal>listenAddresses</literal>.
</para>
</note>
'';
};
listenAddresses = mkOption {
type = with types; nonEmptyListOf str;
description = ''
Listen addresses for this virtual host.
Compared to <literal>listen</literal> this only sets the addreses
and the ports are chosen automatically.
'';
default = [ "*" ];
example = [ "127.0.0.1" ];
};
enableSSL = mkOption {
type = types.bool;
visible = false;
default = false;
};
addSSL = mkOption {
type = types.bool;
default = false;
description = ''
Whether to enable HTTPS in addition to plain HTTP. This will set defaults for
<literal>listen</literal> to listen on all interfaces on the respective default
ports (80, 443).
'';
};
onlySSL = mkOption {
type = types.bool;
default = false;
description = ''
Whether to enable HTTPS and reject plain HTTP connections. This will set
defaults for <literal>listen</literal> to listen on all interfaces on port 443.
'';
};
forceSSL = mkOption {
type = types.bool;
default = false;
description = ''
Whether to add a separate nginx server block that permanently redirects (301)
all plain HTTP traffic to HTTPS. This will set defaults for
<literal>listen</literal> to listen on all interfaces on the respective default
ports (80, 443), where the non-SSL listens are used for the redirect vhosts.
'';
};
enableACME = mkOption {
type = types.bool;
default = false;
description = ''
Whether to ask Let's Encrypt to sign a certificate for this vhost.
Alternately, you can use an existing certificate through <option>useACMEHost</option>.
'';
};
useACMEHost = mkOption {
type = types.nullOr types.str;
default = null;
description = ''
A host of an existing Let's Encrypt certificate to use.
This is useful if you have many subdomains and want to avoid hitting the
<link xlink:href="https://letsencrypt.org/docs/rate-limits/">rate limit</link>.
Alternately, you can generate a certificate through <option>enableACME</option>.
<emphasis>Note that this option does not create any certificates, nor it does add subdomains to existing ones you will need to create them manually using <xref linkend="opt-security.acme.certs"/>.</emphasis>
'';
};
acmeRoot = mkOption {
type = types.nullOr types.str;
default = "/var/lib/acme/acme-challenge";
description = ''
Directory for the acme challenge which is PUBLIC, don't put certs or keys in here.
Set to null to inherit from config.security.acme.
'';
};
sslServerCert = mkOption {
type = types.path;
example = "/var/host.cert";
description = "Path to server SSL certificate.";
};
sslServerKey = mkOption {
type = types.path;
example = "/var/host.key";
description = "Path to server SSL certificate key.";
};
sslServerChain = mkOption {
type = types.nullOr types.path;
default = null;
example = "/var/ca.pem";
description = "Path to server SSL chain file.";
};
http2 = mkOption {
type = types.bool;
default = true;
description = ''
Whether to enable HTTP 2. HTTP/2 is supported in all multi-processing modules that come with httpd. <emphasis>However, if you use the prefork mpm, there will
be severe restrictions.</emphasis> Refer to <link xlink:href="https://httpd.apache.org/docs/2.4/howto/http2.html#mpm-config"/> for details.
'';
};
adminAddr = mkOption {
type = types.nullOr types.str;
default = null;
example = "admin@example.org";
description = "E-mail address of the server administrator.";
};
documentRoot = mkOption {
type = types.nullOr types.path;
default = null;
example = "/data/webserver/docs";
description = ''
The path of Apache's document root directory. If left undefined,
an empty directory in the Nix store will be used as root.
'';
};
servedDirs = mkOption {
type = types.listOf types.attrs;
default = [];
example = [
{ urlPath = "/nix";
dir = "/home/eelco/Dev/nix-homepage";
}
];
description = ''
This option provides a simple way to serve static directories.
'';
};
servedFiles = mkOption {
type = types.listOf types.attrs;
default = [];
example = [
{ urlPath = "/foo/bar.png";
file = "/home/eelco/some-file.png";
}
];
description = ''
This option provides a simple way to serve individual, static files.
<note><para>
This option has been deprecated and will be removed in a future
version of NixOS. You can achieve the same result by making use of
the <literal>locations.&lt;name&gt;.alias</literal> option.
</para></note>
'';
};
extraConfig = mkOption {
type = types.lines;
default = "";
example = ''
<Directory /home>
Options FollowSymlinks
AllowOverride All
</Directory>
'';
description = ''
These lines go to httpd.conf verbatim. They will go after
directories and directory aliases defined by default.
'';
};
enableUserDir = mkOption {
type = types.bool;
default = false;
description = ''
Whether to enable serving <filename>~/public_html</filename> as
<literal>/~<replaceable>username</replaceable></literal>.
'';
};
globalRedirect = mkOption {
type = types.nullOr types.str;
default = null;
example = "http://newserver.example.org/";
description = ''
If set, all requests for this host are redirected permanently to
the given URL.
'';
};
logFormat = mkOption {
type = types.str;
default = "common";
example = "combined";
description = ''
Log format for Apache's log files. Possible values are: combined, common, referer, agent.
'';
};
robotsEntries = mkOption {
type = types.lines;
default = "";
example = "Disallow: /foo/";
description = ''
Specification of pages to be ignored by web crawlers. See <link
xlink:href='http://www.robotstxt.org/'/> for details.
'';
};
locations = mkOption {
type = with types; attrsOf (submodule (import ./location-options.nix));
default = {};
example = literalExpression ''
{
"/" = {
proxyPass = "http://localhost:3000";
};
"/foo/bar.png" = {
alias = "/home/eelco/some-file.png";
};
};
'';
description = ''
Declarative location config. See <link
xlink:href="https://httpd.apache.org/docs/2.4/mod/core.html#location"/> for details.
'';
};
};
config = {
locations = builtins.listToAttrs (map (elem: nameValuePair elem.urlPath { alias = elem.file; }) config.servedFiles);
};
}

2
shell.nix
View File

@ -1,4 +1,4 @@
{ pkgs ? import <nixpkgs> {} }:
pkgs.mkShell {
nativeBuildInputs = [ pkgs.postgresql_11 ];
nativeBuildInputs = with pkgs;[ postgresql_11 gnumake ];
}