From ab7e6995ac9df61ceac5188a0ec499e4eb3a825b Mon Sep 17 00:00:00 2001 From: Daniel Olsen Date: Mon, 24 Jan 2022 02:13:00 +0100 Subject: [PATCH] nixos/nginx: Add defaultListenAddresses option Lets you specify the default listen address if none are listed in the vhost configuration. Useful for hosts with more than one ip --- .../services/web-servers/nginx/default.nix | 19 +++++++++++++------ 1 file changed, 13 insertions(+), 6 deletions(-) diff --git a/nixos/modules/services/web-servers/nginx/default.nix b/nixos/modules/services/web-servers/nginx/default.nix index 41bce3669c58..a8610047f5f3 100644 --- a/nixos/modules/services/web-servers/nginx/default.nix +++ b/nixos/modules/services/web-servers/nginx/default.nix @@ -245,12 +245,9 @@ let defaultListen = if vhost.listen != [] then vhost.listen else - let addrs = if vhost.listenAddresses != [] then vhost.listenAddresses else ( - [ "0.0.0.0" ] ++ optional enableIPv6 "[::0]" - ); - in - optionals (hasSSL || vhost.rejectSSL) (map (addr: { inherit addr; port = 443; ssl = true; }) addrs) - ++ optionals (!onlySSL) (map (addr: { inherit addr; port = 80; ssl = false; }) addrs); + let addrs = if vhost.listenAddresses != [] then vhost.listenAddresses else cfg.defaultListenAddresses; + in optionals (hasSSL || vhost.rejectSSL) (map (addr: { inherit addr; port = 443; ssl = true; }) addrs) + ++ optionals (!onlySSL) (map (addr: { inherit addr; port = 80; ssl = false; }) addrs); hostListen = if vhost.forceSSL @@ -432,6 +429,16 @@ in "; }; + defaultListenAddresses = mkOption { + type = types.listOf types.str; + default = [ "0.0.0.0" ] ++ optional enableIPv6 "[::0]"; + defaultText = literalExpression ''[ "0.0.0.0" ] ++ lib.optional config.networking.enableIPv6 "[::0]"''; + example = literalExpression ''[ "10.0.0.12" "[2002:a00:1::]" ]''; + description = " + If vhosts do not specify listenAddresses, use these addresses by default. + "; + }; + package = mkOption { default = pkgs.nginxStable; defaultText = literalExpression "pkgs.nginxStable";