diff options
author | Oleksii Filonenko <brightone@protonmail.com> | 2020-09-08 11:17:55 +0300 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-09-08 11:17:55 +0300 |
commit | 45d7f59da84623dae24841d858ae6c7f6c3c4545 (patch) | |
tree | e2211a602bf61205c0305276a64261b0e1038a56 /nixos/modules/services/web-servers | |
parent | ef4e81d756b044ed0d8c6cf54595664a90578511 (diff) | |
parent | 94ed8606c6851e326d91dde1b79774c157b2681f (diff) | |
download | nixpkgs-45d7f59da84623dae24841d858ae6c7f6c3c4545.tar nixpkgs-45d7f59da84623dae24841d858ae6c7f6c3c4545.tar.gz nixpkgs-45d7f59da84623dae24841d858ae6c7f6c3c4545.tar.bz2 nixpkgs-45d7f59da84623dae24841d858ae6c7f6c3c4545.tar.lz nixpkgs-45d7f59da84623dae24841d858ae6c7f6c3c4545.tar.xz nixpkgs-45d7f59da84623dae24841d858ae6c7f6c3c4545.tar.zst nixpkgs-45d7f59da84623dae24841d858ae6c7f6c3c4545.zip |
Merge pull request #97217 from sephii/nixos-caddy-v2-migration
Diffstat (limited to 'nixos/modules/services/web-servers')
-rw-r--r-- | nixos/modules/services/web-servers/caddy.nix | 66 |
1 files changed, 55 insertions, 11 deletions
diff --git a/nixos/modules/services/web-servers/caddy.nix b/nixos/modules/services/web-servers/caddy.nix index 0e6e10a5f47..dda26fe491a 100644 --- a/nixos/modules/services/web-servers/caddy.nix +++ b/nixos/modules/services/web-servers/caddy.nix @@ -5,6 +5,26 @@ with lib; let cfg = config.services.caddy; configFile = pkgs.writeText "Caddyfile" cfg.config; + + # v2-specific options + isCaddy2 = versionAtLeast cfg.package.version "2.0"; + tlsConfig = { + apps.tls.automation.policies = [{ + issuer = { + inherit (cfg) ca email; + module = "acme"; + }; + }]; + }; + + adaptedConfig = pkgs.runCommand "caddy-config-adapted.json" { } '' + ${cfg.package}/bin/caddy adapt \ + --config ${configFile} --adapter ${cfg.adapter} > $out + ''; + tlsJSON = pkgs.writeText "tls.json" (builtins.toJSON tlsConfig); + configJSON = pkgs.runCommand "caddy-config.json" { } '' + ${pkgs.jq}/bin/jq -s '.[0] * .[1]' ${adaptedConfig} ${tlsJSON} > $out + ''; in { options.services.caddy = { enable = mkEnableOption "Caddy web server"; @@ -13,15 +33,26 @@ in { default = ""; example = '' example.com { - gzip - minify - log syslog - - root /srv/http + encode gzip + log + root /srv/http } ''; type = types.lines; - description = "Verbatim Caddyfile to use"; + description = '' + Verbatim Caddyfile to use. + Caddy v2 supports multiple config formats via adapters (see <option>services.caddy.adapter</option>). + ''; + }; + + adapter = mkOption { + default = "caddyfile"; + example = "nginx"; + type = types.str; + description = '' + Name of the config adapter to use. Not applicable to Caddy v1. + See https://caddyserver.com/docs/config-adapters for the full list. + ''; }; ca = mkOption { @@ -50,33 +81,46 @@ in { The data directory, for storing certificates. Before 17.09, this would create a .caddy directory. With 17.09 the contents of the .caddy directory are in the specified data directory instead. + + Caddy v2 replaced CADDYPATH with XDG directories. + See https://caddyserver.com/docs/conventions#file-locations. ''; }; package = mkOption { default = pkgs.caddy; defaultText = "pkgs.caddy"; + example = "pkgs.caddy1"; type = types.package; - description = "Caddy package to use."; + description = '' + Caddy package to use. + To use Caddy v1 (obsolete), set this to <literal>pkgs.caddy1</literal>. + ''; }; }; config = mkIf cfg.enable { systemd.services.caddy = { description = "Caddy web server"; - # upstream unit: https://github.com/caddyserver/caddy/blob/master/dist/init/linux-systemd/caddy.service + # upstream unit: https://github.com/caddyserver/dist/blob/master/init/caddy.service after = [ "network-online.target" ]; wants = [ "network-online.target" ]; # systemd-networkd-wait-online.service wantedBy = [ "multi-user.target" ]; - environment = mkIf (versionAtLeast config.system.stateVersion "17.09") + environment = mkIf (versionAtLeast config.system.stateVersion "17.09" && !isCaddy2) { CADDYPATH = cfg.dataDir; }; serviceConfig = { - ExecStart = '' + ExecStart = if isCaddy2 then '' + ${cfg.package}/bin/caddy run --config ${configJSON} + '' else '' ${cfg.package}/bin/caddy -log stdout -log-timestamps=false \ -root=/var/tmp -conf=${configFile} \ -ca=${cfg.ca} -email=${cfg.email} ${optionalString cfg.agree "-agree"} ''; - ExecReload = "${pkgs.coreutils}/bin/kill -USR1 $MAINPID"; + ExecReload = + if isCaddy2 then + "${cfg.package}/bin/caddy reload --config ${configJSON}" + else + "${pkgs.coreutils}/bin/kill -USR1 $MAINPID"; Type = "simple"; User = "caddy"; Group = "caddy"; |