2020-04-24 23:36:52 +00:00
|
|
|
|
{ config, lib, name, ... }:
|
|
|
|
|
let
|
2021-10-06 13:57:05 +00:00
|
|
|
|
inherit (lib) literalExpression mkOption nameValuePair types;
|
2020-04-24 23:36:52 +00:00
|
|
|
|
in
|
|
|
|
|
{
|
|
|
|
|
options = {
|
|
|
|
|
|
|
|
|
|
hostName = mkOption {
|
|
|
|
|
type = types.str;
|
|
|
|
|
default = name;
|
2022-08-21 13:32:41 +00:00
|
|
|
|
description = lib.mdDoc "Canonical hostname for the server.";
|
2020-04-24 23:36:52 +00:00
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
serverAliases = mkOption {
|
|
|
|
|
type = types.listOf types.str;
|
|
|
|
|
default = [];
|
|
|
|
|
example = ["www.example.org" "www.example.org:8080" "example.org"];
|
2022-08-21 13:32:41 +00:00
|
|
|
|
description = lib.mdDoc ''
|
2020-04-24 23:36:52 +00:00
|
|
|
|
Additional names of virtual hosts served by this virtual host configuration.
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
listen = mkOption {
|
|
|
|
|
type = with types; listOf (submodule ({
|
|
|
|
|
options = {
|
|
|
|
|
port = mkOption {
|
|
|
|
|
type = types.port;
|
2022-08-21 13:32:41 +00:00
|
|
|
|
description = lib.mdDoc "Port to listen on";
|
2020-04-24 23:36:52 +00:00
|
|
|
|
};
|
|
|
|
|
ip = mkOption {
|
|
|
|
|
type = types.str;
|
|
|
|
|
default = "*";
|
2022-08-21 13:32:41 +00:00
|
|
|
|
description = lib.mdDoc "IP to listen on. 0.0.0.0 for IPv4 only, * for all.";
|
2020-04-24 23:36:52 +00:00
|
|
|
|
};
|
|
|
|
|
ssl = mkOption {
|
|
|
|
|
type = types.bool;
|
|
|
|
|
default = false;
|
2022-08-21 13:32:41 +00:00
|
|
|
|
description = lib.mdDoc "Whether to enable SSL (https) support.";
|
2020-04-24 23:36:52 +00:00
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
}));
|
|
|
|
|
default = [];
|
|
|
|
|
example = [
|
|
|
|
|
{ ip = "195.154.1.1"; port = 443; ssl = true;}
|
|
|
|
|
{ ip = "192.154.1.1"; port = 80; }
|
|
|
|
|
{ ip = "*"; port = 8080; }
|
|
|
|
|
];
|
2022-09-09 14:08:57 +00:00
|
|
|
|
description = lib.mdDoc ''
|
2020-04-24 23:36:52 +00:00
|
|
|
|
Listen addresses and ports for this virtual host.
|
2022-09-09 14:08:57 +00:00
|
|
|
|
|
|
|
|
|
::: {.note}
|
|
|
|
|
This option overrides `addSSL`, `forceSSL` and `onlySSL`.
|
|
|
|
|
|
|
|
|
|
If you only want to set the addresses manually and not the ports, take a look at `listenAddresses`.
|
|
|
|
|
:::
|
2020-04-24 23:36:52 +00:00
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
2021-08-22 07:53:02 +00:00
|
|
|
|
listenAddresses = mkOption {
|
|
|
|
|
type = with types; nonEmptyListOf str;
|
|
|
|
|
|
2022-08-21 13:32:41 +00:00
|
|
|
|
description = lib.mdDoc ''
|
2021-08-22 07:53:02 +00:00
|
|
|
|
Listen addresses for this virtual host.
|
2022-12-28 21:21:41 +00:00
|
|
|
|
Compared to `listen` this only sets the addresses
|
2021-08-22 07:53:02 +00:00
|
|
|
|
and the ports are chosen automatically.
|
|
|
|
|
'';
|
|
|
|
|
default = [ "*" ];
|
|
|
|
|
example = [ "127.0.0.1" ];
|
|
|
|
|
};
|
|
|
|
|
|
2020-04-24 23:36:52 +00:00
|
|
|
|
enableSSL = mkOption {
|
|
|
|
|
type = types.bool;
|
|
|
|
|
visible = false;
|
|
|
|
|
default = false;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
addSSL = mkOption {
|
|
|
|
|
type = types.bool;
|
|
|
|
|
default = false;
|
2022-08-21 13:32:41 +00:00
|
|
|
|
description = lib.mdDoc ''
|
2020-04-24 23:36:52 +00:00
|
|
|
|
Whether to enable HTTPS in addition to plain HTTP. This will set defaults for
|
2022-08-21 13:32:41 +00:00
|
|
|
|
`listen` to listen on all interfaces on the respective default
|
2020-04-24 23:36:52 +00:00
|
|
|
|
ports (80, 443).
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
onlySSL = mkOption {
|
|
|
|
|
type = types.bool;
|
|
|
|
|
default = false;
|
2022-08-21 13:32:41 +00:00
|
|
|
|
description = lib.mdDoc ''
|
2020-04-24 23:36:52 +00:00
|
|
|
|
Whether to enable HTTPS and reject plain HTTP connections. This will set
|
2022-08-21 13:32:41 +00:00
|
|
|
|
defaults for `listen` to listen on all interfaces on port 443.
|
2020-04-24 23:36:52 +00:00
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
forceSSL = mkOption {
|
|
|
|
|
type = types.bool;
|
|
|
|
|
default = false;
|
2022-08-21 13:32:41 +00:00
|
|
|
|
description = lib.mdDoc ''
|
2020-04-24 23:36:52 +00:00
|
|
|
|
Whether to add a separate nginx server block that permanently redirects (301)
|
|
|
|
|
all plain HTTP traffic to HTTPS. This will set defaults for
|
2022-08-21 13:32:41 +00:00
|
|
|
|
`listen` to listen on all interfaces on the respective default
|
2020-04-24 23:36:52 +00:00
|
|
|
|
ports (80, 443), where the non-SSL listens are used for the redirect vhosts.
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
enableACME = mkOption {
|
|
|
|
|
type = types.bool;
|
|
|
|
|
default = false;
|
2022-08-21 13:32:41 +00:00
|
|
|
|
description = lib.mdDoc ''
|
2020-04-24 23:36:52 +00:00
|
|
|
|
Whether to ask Let's Encrypt to sign a certificate for this vhost.
|
2022-08-21 13:32:41 +00:00
|
|
|
|
Alternately, you can use an existing certificate through {option}`useACMEHost`.
|
2020-04-24 23:36:52 +00:00
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
useACMEHost = mkOption {
|
|
|
|
|
type = types.nullOr types.str;
|
|
|
|
|
default = null;
|
2022-09-09 14:08:57 +00:00
|
|
|
|
description = lib.mdDoc ''
|
2020-04-24 23:36:52 +00:00
|
|
|
|
A host of an existing Let's Encrypt certificate to use.
|
|
|
|
|
This is useful if you have many subdomains and want to avoid hitting the
|
2022-09-09 14:08:57 +00:00
|
|
|
|
[rate limit](https://letsencrypt.org/docs/rate-limits).
|
|
|
|
|
Alternately, you can generate a certificate through {option}`enableACME`.
|
|
|
|
|
*Note that this option does not create any certificates, nor it does add subdomains to existing ones – you will need to create them manually using [](#opt-security.acme.certs).*
|
2020-04-24 23:36:52 +00:00
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
acmeRoot = mkOption {
|
2021-12-30 13:39:12 +00:00
|
|
|
|
type = types.nullOr types.str;
|
2021-02-05 17:12:51 +00:00
|
|
|
|
default = "/var/lib/acme/acme-challenge";
|
2022-08-21 13:32:41 +00:00
|
|
|
|
description = lib.mdDoc ''
|
2021-12-30 13:39:12 +00:00
|
|
|
|
Directory for the acme challenge which is PUBLIC, don't put certs or keys in here.
|
|
|
|
|
Set to null to inherit from config.security.acme.
|
|
|
|
|
'';
|
2020-04-24 23:36:52 +00:00
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
sslServerCert = mkOption {
|
|
|
|
|
type = types.path;
|
|
|
|
|
example = "/var/host.cert";
|
2022-08-21 13:32:41 +00:00
|
|
|
|
description = lib.mdDoc "Path to server SSL certificate.";
|
2020-04-24 23:36:52 +00:00
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
sslServerKey = mkOption {
|
|
|
|
|
type = types.path;
|
|
|
|
|
example = "/var/host.key";
|
2022-08-21 13:32:41 +00:00
|
|
|
|
description = lib.mdDoc "Path to server SSL certificate key.";
|
2020-04-24 23:36:52 +00:00
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
sslServerChain = mkOption {
|
|
|
|
|
type = types.nullOr types.path;
|
|
|
|
|
default = null;
|
|
|
|
|
example = "/var/ca.pem";
|
2022-08-21 13:32:41 +00:00
|
|
|
|
description = lib.mdDoc "Path to server SSL chain file.";
|
2020-04-24 23:36:52 +00:00
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
http2 = mkOption {
|
|
|
|
|
type = types.bool;
|
2020-05-03 17:38:23 +00:00
|
|
|
|
default = true;
|
2022-08-21 13:32:41 +00:00
|
|
|
|
description = lib.mdDoc ''
|
|
|
|
|
Whether to enable HTTP 2. HTTP/2 is supported in all multi-processing modules that come with httpd. *However, if you use the prefork mpm, there will
|
|
|
|
|
be severe restrictions.* Refer to <https://httpd.apache.org/docs/2.4/howto/http2.html#mpm-config> for details.
|
2020-04-24 23:36:52 +00:00
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
adminAddr = mkOption {
|
|
|
|
|
type = types.nullOr types.str;
|
|
|
|
|
default = null;
|
|
|
|
|
example = "admin@example.org";
|
2022-08-21 13:32:41 +00:00
|
|
|
|
description = lib.mdDoc "E-mail address of the server administrator.";
|
2020-04-24 23:36:52 +00:00
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
documentRoot = mkOption {
|
|
|
|
|
type = types.nullOr types.path;
|
|
|
|
|
default = null;
|
|
|
|
|
example = "/data/webserver/docs";
|
2022-08-21 13:32:41 +00:00
|
|
|
|
description = lib.mdDoc ''
|
2020-04-24 23:36:52 +00:00
|
|
|
|
The path of Apache's document root directory. If left undefined,
|
|
|
|
|
an empty directory in the Nix store will be used as root.
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
servedDirs = mkOption {
|
|
|
|
|
type = types.listOf types.attrs;
|
|
|
|
|
default = [];
|
|
|
|
|
example = [
|
|
|
|
|
{ urlPath = "/nix";
|
|
|
|
|
dir = "/home/eelco/Dev/nix-homepage";
|
|
|
|
|
}
|
|
|
|
|
];
|
2022-08-21 13:32:41 +00:00
|
|
|
|
description = lib.mdDoc ''
|
2020-04-24 23:36:52 +00:00
|
|
|
|
This option provides a simple way to serve static directories.
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
servedFiles = mkOption {
|
|
|
|
|
type = types.listOf types.attrs;
|
|
|
|
|
default = [];
|
|
|
|
|
example = [
|
|
|
|
|
{ urlPath = "/foo/bar.png";
|
|
|
|
|
file = "/home/eelco/some-file.png";
|
|
|
|
|
}
|
|
|
|
|
];
|
2022-09-09 14:08:57 +00:00
|
|
|
|
description = lib.mdDoc ''
|
2020-04-24 23:36:52 +00:00
|
|
|
|
This option provides a simple way to serve individual, static files.
|
|
|
|
|
|
2022-09-09 14:08:57 +00:00
|
|
|
|
::: {.note}
|
|
|
|
|
This option has been deprecated and will be removed in a future
|
|
|
|
|
version of NixOS. You can achieve the same result by making use of
|
|
|
|
|
the `locations.<name>.alias` option.
|
|
|
|
|
:::
|
2020-04-24 23:36:52 +00:00
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
extraConfig = mkOption {
|
|
|
|
|
type = types.lines;
|
|
|
|
|
default = "";
|
|
|
|
|
example = ''
|
|
|
|
|
<Directory /home>
|
|
|
|
|
Options FollowSymlinks
|
|
|
|
|
AllowOverride All
|
|
|
|
|
</Directory>
|
|
|
|
|
'';
|
2022-08-21 13:32:41 +00:00
|
|
|
|
description = lib.mdDoc ''
|
2020-04-24 23:36:52 +00:00
|
|
|
|
These lines go to httpd.conf verbatim. They will go after
|
|
|
|
|
directories and directory aliases defined by default.
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
enableUserDir = mkOption {
|
|
|
|
|
type = types.bool;
|
|
|
|
|
default = false;
|
2022-08-21 13:32:41 +00:00
|
|
|
|
description = lib.mdDoc ''
|
|
|
|
|
Whether to enable serving {file}`~/public_html` as
|
|
|
|
|
`/~«username»`.
|
2020-04-24 23:36:52 +00:00
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
globalRedirect = mkOption {
|
|
|
|
|
type = types.nullOr types.str;
|
|
|
|
|
default = null;
|
|
|
|
|
example = "http://newserver.example.org/";
|
2022-08-21 13:32:41 +00:00
|
|
|
|
description = lib.mdDoc ''
|
2020-04-24 23:36:52 +00:00
|
|
|
|
If set, all requests for this host are redirected permanently to
|
|
|
|
|
the given URL.
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
logFormat = mkOption {
|
|
|
|
|
type = types.str;
|
|
|
|
|
default = "common";
|
|
|
|
|
example = "combined";
|
2022-08-21 13:32:41 +00:00
|
|
|
|
description = lib.mdDoc ''
|
2020-04-24 23:36:52 +00:00
|
|
|
|
Log format for Apache's log files. Possible values are: combined, common, referer, agent.
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
robotsEntries = mkOption {
|
|
|
|
|
type = types.lines;
|
|
|
|
|
default = "";
|
|
|
|
|
example = "Disallow: /foo/";
|
2022-08-21 13:32:41 +00:00
|
|
|
|
description = lib.mdDoc ''
|
|
|
|
|
Specification of pages to be ignored by web crawlers. See <http://www.robotstxt.org/> for details.
|
2020-04-24 23:36:52 +00:00
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
locations = mkOption {
|
|
|
|
|
type = with types; attrsOf (submodule (import ./location-options.nix));
|
|
|
|
|
default = {};
|
2021-10-06 13:57:05 +00:00
|
|
|
|
example = literalExpression ''
|
2020-04-24 23:36:52 +00:00
|
|
|
|
{
|
|
|
|
|
"/" = {
|
|
|
|
|
proxyPass = "http://localhost:3000";
|
|
|
|
|
};
|
|
|
|
|
"/foo/bar.png" = {
|
|
|
|
|
alias = "/home/eelco/some-file.png";
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
'';
|
2022-08-21 13:32:41 +00:00
|
|
|
|
description = lib.mdDoc ''
|
|
|
|
|
Declarative location config. See <https://httpd.apache.org/docs/2.4/mod/core.html#location> for details.
|
2020-04-24 23:36:52 +00:00
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
config = {
|
|
|
|
|
|
|
|
|
|
locations = builtins.listToAttrs (map (elem: nameValuePair elem.urlPath { alias = elem.file; }) config.servedFiles);
|
|
|
|
|
|
|
|
|
|
};
|
|
|
|
|
}
|