Commit Graph

717 Commits

Author SHA1 Message Date
Daniel Șerbănescu
792e517070 nixos/httpd: add none option to logFormat 2021-08-22 10:17:28 +02:00
Robert Hensing
a1cdf552dc
Merge pull request #134008 from aanderse/httpd
nixos/httpd: add virtualHosts.<name>.listenAddresses option
2021-08-21 09:30:35 +02:00
Aaron Andersen
98e354074f nixos/httpd: add virtualHosts.<name>.listenAddresses option 2021-08-20 10:29:16 -04:00
happysalada
abeef13d12 caddy: add virtualHosts stub 2021-08-20 12:21:19 +09:00
Martin Minka
22719ca7de nixos/caddy: add resume option
Without this option all changes done with Caddy API are lost after reboot.

Current service is not supporting Caddy --resume parameter. There is reference to original unit https://github.com/caddyserver/dist/blob/master/init/caddy.service which also mentions --resume and that it should be used if new Caddy API will be used.
2021-08-17 18:46:29 +09:00
Ruby Iris Juric
035dcc0e7e
nixos/nginx: fix typo in listenAdresses 2021-08-15 20:51:09 +10:00
Aaron Andersen
cf17e439bc
Merge pull request #133671 from jlesquembre/caddy
nixos/caddy: update ca option
2021-08-14 08:53:45 -04:00
Maciej Krüger
934698a378
nixos/nginx: make serverNamesHash{Bucket,Max}Size configurable 2021-08-13 07:27:39 +02:00
José Luis Lafuente
679d54dcb3
nixos/caddy: update ca option
The generated json configuration returns this warning:
the 'issuer' field is deprecated and will be removed in the future; use 'issuers' instead

Updated the config to use "issuers" instead of "issuer"

Also, now it's possible to set the ca option null to not inject
automatically any ca. This is useful if you don't want to generate any
certificates or if you want to define a more fine-graned ca config
manually (e.g.: use different ca per domain)
2021-08-12 22:02:12 +02:00
Maciej Krüger
5d73f669a8
Merge pull request #131962 from mkg20001/fc-nginx 2021-08-12 14:07:48 +02:00
Pascal Bach
3417f18f96 nixos/minio: allow configuring console port 2021-08-10 22:37:30 +02:00
Vincent Bernat
85209382c1 nginx: allow overriding SSL trusted certificates when using ACME
Some ACME providers (like Buypass) are using a different certificate
to sign OCSP responses than for server certificates. Therefore,
sslTrustedCertificate should be provided by the user and we need to
allow that.
2021-08-08 16:07:11 +02:00
Maciej Krüger
a4ca45acd7
nginx: add listenAddresses
This allows the user to manually specify the addresses nginx shoud 
listen on, while still having the convinience to use the *SSL options 
and have the ports automatically applied
2021-07-29 16:33:10 +02:00
github-actions[bot]
629cea2cd0
Merge master into staging-next 2021-06-30 12:04:22 +00:00
Pascal Bach
69f2fd9721
Merge pull request #123834 from bachp/minio-module-update
nixos/minio: replace deprecated variables
2021-06-30 08:10:27 +02:00
github-actions[bot]
3a3d290719
Merge master into staging-next 2021-06-28 18:12:01 +00:00
Maciej Krüger
3029af3051
Merge pull request #128522 from j0hax/patch-1 2021-06-28 18:18:31 +02:00
Johannes Arnold
3a30f52676
nixos/nginx: fix typo 2021-06-28 18:08:31 +02:00
Daniel Nagy
4161c37628
nixos/ttyd: use port type 2021-06-18 17:28:17 +02:00
github-actions[bot]
9a860729b2
Merge staging-next into staging 2021-06-14 00:08:51 +00:00
Robert Hensing
d48591123f nixos/apache-httpd: Use pkgs.emptyDirectory 2021-06-12 17:28:42 +02:00
Pascal Bach
b1b9e003dc nixos/minio: credentialfile 2021-06-04 23:27:12 +02:00
Daniel Nagy
941fd008ed
nixos/lighttpd: set port type to types.port 2021-05-30 14:38:18 +02:00
Daniel Nagy
a5321aecfb
nixos/darkhttpd: set port type to types.port 2021-05-30 14:38:18 +02:00
Naïm Favier
821ca7d4cc
nixos/nginx: add option rejectSSL exposing ssl_reject_handshake 2021-05-24 15:10:09 +02:00
Jörg Thalheim
b900661f6e
Merge pull request #122825 from Izorkin/update-duplicates-systemcallfilters
treewide: remove duplicates SystemCallFilters
2021-05-17 12:06:06 +01:00
Richard Marko
16b0f07890 nixos/nginx: fix comment about acme postRun not running as root
As of 67a5d66 this is no longer true, since acme postRun runs as root.
The idea of the service is good so reword a comment a bit.
2021-05-17 18:03:04 +09:00
Richard Marko
7423afb5e4 nixos/molly-brown: fix description of certPath
`allowKeysForGroup` is no longer available so this drops

```
security.acme.certs."example.com".allowKeysForGroup = true;
```

line. `SupplementaryGroups` should be enough for
allowing access to certificates.
2021-05-17 18:03:04 +09:00
Sandro
ec1dd62608
Merge pull request #118521 from SuperSandro2000/nginx-proxy-timeout
nixos/nginx: add option to change proxy timeouts
2021-05-17 03:15:54 +02:00
Sandro
700942d2a5
Merge pull request #121119 from SuperSandro2000/remove-gnidorah
treewide: remove gnidorah
2021-05-17 02:42:24 +02:00
Sandro Jäckel
51166f90c6
nixos/nginx: add option to change proxy timeouts 2021-05-17 02:37:44 +02:00
Aaron Andersen
21f5dd5c6e
Merge pull request #122647 from onny/caddy
nixos/caddy: support user and group options
2021-05-16 17:23:57 -04:00
Jonas Heinrich
fff9cf00fd caddy: support user and group options 2021-05-15 10:32:49 +02:00
Aaron Andersen
fc63be7ac8
Merge pull request #122658 from aanderse/httpd-reload
nixos/httpd: provide a stable path stable path to the configuration f…
2021-05-14 23:50:43 -04:00
Izorkin
feebe402f5
treewide: remove duplicates SystemCallFilters 2021-05-13 15:44:56 +03:00
Aaron Andersen
f20aa073e1 nixos/httpd: provide a stable path stable path to the configuration file for reloads 2021-05-11 22:36:55 -04:00
Luke Granger-Brown
d922cad4d6
Merge pull request #119172 from midchildan/package/trafficserver
nixos/trafficserver: init
2021-05-03 09:48:07 +01:00
Martin Weinelt
506bc7ba02
nixos/nginx: update hardening settings
- Set an explicit umask that allows u+rwx and g+r.
- Adds `ProtectControlGroups` and `ProtectKernelLogs`, there should be
  no need to access either.
- Adds `ProtectClock` to prevent write-access to the system clock.
- `ProtectProc` hides processes from other users within the /proc
  filesystem and `ProcSubSet` hides all files/directories unrelated to
  the process management of the units process.
- Sets `RemoveIPC`, as there is no SysV or POSIX IPC within nginx that I
  know of.
- Restricts the creation of arbitrary namespaces
- Adds a reasonable `SystemCallFilter` preventing calls to @privileged,
  @obsolete and others.

And finally applies some sorting based on the order these options appear
in systemd.exec(5).
2021-04-30 18:49:43 +02:00
Sandro Jäckel
ae02415ee8
treewide: remove gnidorah
due to github account removal/deletion and not other mean of contact.
2021-04-30 01:48:19 +02:00
midchildan
28e608f84b
nixos/trafficserver: init 2021-04-27 00:02:16 +09:00
Lassulus
ea5759474a
Merge pull request #119803 from SuperSandro2000/SuperSandro2000-patch-1
nixos/nginx: set isSystemUser
2021-04-24 22:37:46 +02:00
Maciej Krüger
9530794548
nginx: add vhost.http3
Co-authored-by: Sandro <sandro.jaeckel@gmail.com>
2021-04-18 20:20:24 +02:00
Sandro
15cd5fc57e
nixos/nginx: set isSystemUser 2021-04-18 16:15:48 +02:00
Sandro
0139874db9
nixos/nginx: add upstreams examples (#118447)
* nixos/nginx: add upstreams examples

I am not fully sure if they are fully correct but they deployed the right syntax.

* nixos/nginx: use literal example

* Update nixos/modules/services/web-servers/nginx/default.nix

* Update nixos/modules/services/web-servers/nginx/default.nix
2021-04-17 00:25:03 +02:00
talyz
06dee38345
Revert "nixos/nginx: fix eval for tengine"
This reverts commit 2d3200e010.
2021-04-14 16:34:10 +02:00
taku0
4c87cb87a2
Merge pull request #67684 from indiscipline/minio
nixos/minio: allow multiple data directories for erasure coding
2021-04-13 18:29:28 +09:00
Sandro
39060b241c
Merge pull request #118445 from SuperSandro2000/SuperSandro2000-patch-3 2021-04-12 17:18:50 +02:00
Indiscipline
9ffc4ad790 nixos/minio: allow multiple data directories for erasure coding 2021-04-10 14:44:45 +03:00
Kim Lindberger
5a1bd5ff66
Merge pull request #116074 from talyz/discourse
discourse: Add package and NixOS module
2021-04-08 14:19:49 +02:00
Luke Granger-Brown
ddf4795824 nixos/pomerium: fix useACMEHost
useACMEHost doesn't work properly, because I forgot to actually define
the variable that is being relied upon here. Oops.
2021-04-07 01:26:44 +00:00