diff options
author | Franz Pletz <fpletz@fnordicwalking.de> | 2019-12-26 14:16:15 +0100 |
---|---|---|
committer | Franz Pletz <fpletz@fnordicwalking.de> | 2019-12-26 14:17:36 +0100 |
commit | 77b6c3cd06a679140fb5a44f81f904497007f333 (patch) | |
tree | e8ed1606b326cdafba719cc2a14c527c1b601f2e /nixos/modules/services/web-servers/nginx | |
parent | 602bccd1a8262d4e6bd787838d21fc3c2c1c50ba (diff) | |
parent | 4d2dd1554618831f0a5b159b8a4dff86612c02a9 (diff) | |
download | nixpkgs-77b6c3cd06a679140fb5a44f81f904497007f333.tar nixpkgs-77b6c3cd06a679140fb5a44f81f904497007f333.tar.gz nixpkgs-77b6c3cd06a679140fb5a44f81f904497007f333.tar.bz2 nixpkgs-77b6c3cd06a679140fb5a44f81f904497007f333.tar.lz nixpkgs-77b6c3cd06a679140fb5a44f81f904497007f333.tar.xz nixpkgs-77b6c3cd06a679140fb5a44f81f904497007f333.tar.zst nixpkgs-77b6c3cd06a679140fb5a44f81f904497007f333.zip |
Merge remote-tracking branch 'origin/master' into gcc-9
Diffstat (limited to 'nixos/modules/services/web-servers/nginx')
3 files changed, 24 insertions, 16 deletions
diff --git a/nixos/modules/services/web-servers/nginx/default.nix b/nixos/modules/services/web-servers/nginx/default.nix index eb90dae94df..ada7a25604c 100644 --- a/nixos/modules/services/web-servers/nginx/default.nix +++ b/nixos/modules/services/web-servers/nginx/default.nix @@ -47,7 +47,7 @@ let '')); configFile = pkgs.writers.writeNginxConfig "nginx.conf" '' - user ${cfg.user} ${cfg.group}; + pid /run/nginx/nginx.pid; error_log ${cfg.logError}; daemon off; @@ -366,12 +366,7 @@ in preStart = mkOption { type = types.lines; - default = '' - test -d ${cfg.stateDir}/logs || mkdir -m 750 -p ${cfg.stateDir}/logs - test `stat -c %a ${cfg.stateDir}` = "750" || chmod 750 ${cfg.stateDir} - test `stat -c %a ${cfg.stateDir}/logs` = "750" || chmod 750 ${cfg.stateDir}/logs - chown -R ${cfg.user}:${cfg.group} ${cfg.stateDir} - ''; + default = ""; description = " Shell commands executed before the service's nginx is started. "; @@ -673,23 +668,36 @@ in } ]; + systemd.tmpfiles.rules = [ + "d '${cfg.stateDir}' 0750 ${cfg.user} ${cfg.group} - -" + "d '${cfg.stateDir}/logs' 0750 ${cfg.user} ${cfg.group} - -" + "Z '${cfg.stateDir}' - ${cfg.user} ${cfg.group} - -" + ]; + systemd.services.nginx = { description = "Nginx Web Server"; wantedBy = [ "multi-user.target" ]; wants = concatLists (map (vhostConfig: ["acme-${vhostConfig.serverName}.service" "acme-selfsigned-${vhostConfig.serverName}.service"]) acmeEnabledVhosts); after = [ "network.target" ] ++ map (vhostConfig: "acme-selfsigned-${vhostConfig.serverName}.service") acmeEnabledVhosts; stopIfChanged = false; - preStart = - '' + preStart = '' ${cfg.preStart} - ${cfg.package}/bin/nginx -c ${configPath} -p ${cfg.stateDir} -t - ''; + ${cfg.package}/bin/nginx -c '${configPath}' -p '${cfg.stateDir}' -t + ''; serviceConfig = { - ExecStart = "${cfg.package}/bin/nginx -c ${configPath} -p ${cfg.stateDir}"; + ExecStart = "${cfg.package}/bin/nginx -c '${configPath}' -p '${cfg.stateDir}'"; ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID"; Restart = "always"; RestartSec = "10s"; StartLimitInterval = "1min"; + # User and group + User = cfg.user; + Group = cfg.group; + # Runtime directory and mode + RuntimeDirectory = "nginx"; + RuntimeDirectoryMode = "0750"; + # Capabilities + AmbientCapabilities = [ "CAP_NET_BIND_SERVICE" "CAP_SYS_RESOURCE" ]; }; }; diff --git a/nixos/modules/services/web-servers/nginx/location-options.nix b/nixos/modules/services/web-servers/nginx/location-options.nix index aeb9b1dd79e..3d9e391ecf2 100644 --- a/nixos/modules/services/web-servers/nginx/location-options.nix +++ b/nixos/modules/services/web-servers/nginx/location-options.nix @@ -1,4 +1,4 @@ -# This file defines the options that can be used both for the Apache +# This file defines the options that can be used both for the Nginx # main server configuration, and for the virtual hosts. (The latter # has additional options that affect the web server as a whole, like # the user/group to run under.) @@ -67,7 +67,7 @@ with lib; return = mkOption { type = types.nullOr types.str; default = null; - example = "301 http://example.com$request_uri;"; + example = "301 http://example.com$request_uri"; description = '' Adds a return directive, for e.g. redirections. ''; @@ -92,4 +92,3 @@ with lib; }; }; } - diff --git a/nixos/modules/services/web-servers/nginx/vhost-options.nix b/nixos/modules/services/web-servers/nginx/vhost-options.nix index 15b933c984a..455854e2a96 100644 --- a/nixos/modules/services/web-servers/nginx/vhost-options.nix +++ b/nixos/modules/services/web-servers/nginx/vhost-options.nix @@ -1,4 +1,4 @@ -# This file defines the options that can be used both for the Apache +# This file defines the options that can be used both for the Nginx # main server configuration, and for the virtual hosts. (The latter # has additional options that affect the web server as a whole, like # the user/group to run under.) @@ -207,6 +207,7 @@ with lib; default = null; description = '' Basic Auth password file for a vhost. + Can be created via: <command>htpasswd -c <filename> <username></command> ''; }; |