From 10c06cb0608bfad0ad3b1e83017f208fca859cdb Mon Sep 17 00:00:00 2001 From: Izorkin Date: Sun, 31 Dec 2023 18:12:40 +0300 Subject: [PATCH] nginx: enable ktls support by default --- nixos/modules/services/web-servers/nginx/default.nix | 10 ++-------- pkgs/servers/http/nginx/generic.nix | 2 +- 2 files changed, 3 insertions(+), 9 deletions(-) diff --git a/nixos/modules/services/web-servers/nginx/default.nix b/nixos/modules/services/web-servers/nginx/default.nix index f44400eb4159..1285c2bbb916 100644 --- a/nixos/modules/services/web-servers/nginx/default.nix +++ b/nixos/modules/services/web-servers/nginx/default.nix @@ -1132,14 +1132,6 @@ in ''; } - { - assertion = any (host: host.kTLS) (attrValues virtualHosts) -> versionAtLeast cfg.package.version "1.21.4"; - message = '' - services.nginx.virtualHosts..kTLS requires nginx version - 1.21.4 or above; see the documentation for services.nginx.package. - ''; - } - { assertion = all (host: !(host.enableACME && host.useACMEHost != null)) (attrValues virtualHosts); message = '' @@ -1348,6 +1340,8 @@ in nginx.gid = config.ids.gids.nginx; }; + boot.kernelModules = optional (versionAtLeast config.boot.kernelPackages.kernel.version "4.17") "tls"; + # do not delete the default temp directories created upon nginx startup systemd.tmpfiles.rules = [ "X /tmp/systemd-private-%b-nginx.service-*/tmp/nginx_*" diff --git a/pkgs/servers/http/nginx/generic.nix b/pkgs/servers/http/nginx/generic.nix index b3ce65abf5f1..ac521f59634f 100644 --- a/pkgs/servers/http/nginx/generic.nix +++ b/pkgs/servers/http/nginx/generic.nix @@ -4,7 +4,7 @@ outer@{ lib, stdenv, fetchurl, fetchpatch, openssl, zlib, pcre, libxml2, libxslt , nixosTests , installShellFiles, substituteAll, removeReferencesTo, gd, geoip, perl , withDebug ? false -, withKTLS ? false +, withKTLS ? true , withStream ? true , withMail ? false , withPerl ? true