diff options
author | Aaron Andersen <aaron@fosslib.net> | 2019-11-04 16:24:55 -0500 |
---|---|---|
committer | Aaron Andersen <aaron@fosslib.net> | 2019-12-24 20:27:48 -0500 |
commit | 79215f0df1ddf4bf0db7dc4c5789f8dae9f9bb02 (patch) | |
tree | 8ceee3dc89f5c391a72389fef26adf505b3d80f5 /nixos/modules/services/web-apps/limesurvey.nix | |
parent | d5bbb86bcb70cf3a5b252bd5d6d7d17b3e7921eb (diff) | |
download | nixlib-79215f0df1ddf4bf0db7dc4c5789f8dae9f9bb02.tar nixlib-79215f0df1ddf4bf0db7dc4c5789f8dae9f9bb02.tar.gz nixlib-79215f0df1ddf4bf0db7dc4c5789f8dae9f9bb02.tar.bz2 nixlib-79215f0df1ddf4bf0db7dc4c5789f8dae9f9bb02.tar.lz nixlib-79215f0df1ddf4bf0db7dc4c5789f8dae9f9bb02.tar.xz nixlib-79215f0df1ddf4bf0db7dc4c5789f8dae9f9bb02.tar.zst nixlib-79215f0df1ddf4bf0db7dc4c5789f8dae9f9bb02.zip |
nixos/httpd: limit serving web content to virtual hosts, convert virtualHosts option type from listOf to attrsOf, add ACME integration
Diffstat (limited to 'nixos/modules/services/web-apps/limesurvey.nix')
-rw-r--r-- | nixos/modules/services/web-apps/limesurvey.nix | 88 |
1 files changed, 41 insertions, 47 deletions
diff --git a/nixos/modules/services/web-apps/limesurvey.nix b/nixos/modules/services/web-apps/limesurvey.nix index bd524524130d..e00a47191c6f 100644 --- a/nixos/modules/services/web-apps/limesurvey.nix +++ b/nixos/modules/services/web-apps/limesurvey.nix @@ -3,7 +3,7 @@ let inherit (lib) mkDefault mkEnableOption mkForce mkIf mkMerge mkOption; - inherit (lib) mapAttrs optional optionalString types; + inherit (lib) literalExample mapAttrs optional optionalString types; cfg = config.services.limesurvey; fpm = config.services.phpfpm.pools.limesurvey; @@ -100,19 +100,15 @@ in }; virtualHost = mkOption { - type = types.submodule ({ - options = import ../web-servers/apache-httpd/per-server-options.nix { - inherit lib; - forMainServer = false; - }; - }); - example = { - hostName = "survey.example.org"; - enableSSL = true; - adminAddr = "webmaster@example.org"; - sslServerCert = "/var/lib/acme/survey.example.org/full.pem"; - sslServerKey = "/var/lib/acme/survey.example.org/key.pem"; - }; + type = types.submodule (import ../web-servers/apache-httpd/per-server-options.nix); + example = literalExample '' + { + hostName = "survey.example.org"; + adminAddr = "webmaster@example.org"; + forceSSL = true; + enableACME = true; + } + ''; description = '' Apache configuration can be done by adapting <literal>services.httpd.virtualHosts.<name></literal>. See <xref linkend="opt-services.httpd.virtualHosts"/> for further information. @@ -184,7 +180,7 @@ in config = { tempdir = "${stateDir}/tmp"; uploaddir = "${stateDir}/upload"; - force_ssl = mkIf cfg.virtualHost.enableSSL "on"; + force_ssl = mkIf (cfg.virtualHost.addSSL || cfg.virtualHost.forceSSL || cfg.virtualHost.onlySSL) "on"; config.defaultlang = "en"; }; }; @@ -215,38 +211,36 @@ in enable = true; adminAddr = mkDefault cfg.virtualHost.adminAddr; extraModules = [ "proxy_fcgi" ]; - virtualHosts = [ (mkMerge [ - cfg.virtualHost { - documentRoot = mkForce "${pkg}/share/limesurvey"; - extraConfig = '' - Alias "/tmp" "${stateDir}/tmp" - <Directory "${stateDir}"> - AllowOverride all - Require all granted - Options -Indexes +FollowSymlinks - </Directory> - - Alias "/upload" "${stateDir}/upload" - <Directory "${stateDir}/upload"> - AllowOverride all - Require all granted - Options -Indexes - </Directory> - - <Directory "${pkg}/share/limesurvey"> - <FilesMatch "\.php$"> - <If "-f %{REQUEST_FILENAME}"> - SetHandler "proxy:unix:${fpm.socket}|fcgi://localhost/" - </If> - </FilesMatch> - - AllowOverride all - Options -Indexes - DirectoryIndex index.php - </Directory> - ''; - } - ]) ]; + virtualHosts.${cfg.virtualHost.hostName} = mkMerge [ cfg.virtualHost { + documentRoot = mkForce "${pkg}/share/limesurvey"; + extraConfig = '' + Alias "/tmp" "${stateDir}/tmp" + <Directory "${stateDir}"> + AllowOverride all + Require all granted + Options -Indexes +FollowSymlinks + </Directory> + + Alias "/upload" "${stateDir}/upload" + <Directory "${stateDir}/upload"> + AllowOverride all + Require all granted + Options -Indexes + </Directory> + + <Directory "${pkg}/share/limesurvey"> + <FilesMatch "\.php$"> + <If "-f %{REQUEST_FILENAME}"> + SetHandler "proxy:unix:${fpm.socket}|fcgi://localhost/" + </If> + </FilesMatch> + + AllowOverride all + Options -Indexes + DirectoryIndex index.php + </Directory> + ''; + } ]; }; systemd.tmpfiles.rules = [ |