From 8cc592abfa34e9e45a506b679099419a336313fc Mon Sep 17 00:00:00 2001 From: Oleksii Filonenko Date: Mon, 4 May 2020 02:10:26 +0300 Subject: nixos/caddy: add support for v2 --- nixos/modules/services/web-servers/caddy.nix | 43 ++++++++++++++++++++++++++-- 1 file changed, 40 insertions(+), 3 deletions(-) (limited to 'nixos/modules') diff --git a/nixos/modules/services/web-servers/caddy.nix b/nixos/modules/services/web-servers/caddy.nix index 0e6e10a5f47d..4c024985dae5 100644 --- a/nixos/modules/services/web-servers/caddy.nix +++ b/nixos/modules/services/web-servers/caddy.nix @@ -5,12 +5,30 @@ with lib; let cfg = config.services.caddy; configFile = pkgs.writeText "Caddyfile" cfg.config; + + # v2-specific options + isCaddy2 = versionAtLeast cfg.package.version "2.0"; + tlsConfig = { + apps.tls.automation.policies = [{ + issuer = { + inherit (cfg) ca email; + module = "acme"; + }; + }]; + }; + adaptedConfig = importJSON (pkgs.runCommand "caddy-config-adapted.json" { } '' + ${cfg.package}/bin/caddy adapt \ + --config ${configFile} --adapter ${cfg.adapter} > $out + ''); + configJSON = pkgs.writeText "caddy-config.json" (builtins.toJSON + (recursiveUpdate adaptedConfig tlsConfig)); in { options.services.caddy = { enable = mkEnableOption "Caddy web server"; config = mkOption { default = ""; + # TODO: update example text on v2.0 release example = '' example.com { gzip @@ -24,6 +42,17 @@ in { description = "Verbatim Caddyfile to use"; }; + adapter = mkOption { + default = "caddyfile"; + example = "nginx"; + type = types.str; + description = '' + Name of the config adapter to use. + + See https://caddyserver.com/docs/config-adapters for the full list. + ''; + }; + ca = mkOption { default = "https://acme-v02.api.letsencrypt.org/directory"; example = "https://acme-staging-v02.api.letsencrypt.org/directory"; @@ -56,8 +85,14 @@ in { package = mkOption { default = pkgs.caddy; defaultText = "pkgs.caddy"; + example = "pkgs.caddy2"; type = types.package; - description = "Caddy package to use."; + description = '' + Caddy package to use. + + Note: to use Caddy v2, set this to . + v2 will become the default after it is released. + ''; }; }; @@ -68,10 +103,12 @@ in { after = [ "network-online.target" ]; wants = [ "network-online.target" ]; # systemd-networkd-wait-online.service wantedBy = [ "multi-user.target" ]; - environment = mkIf (versionAtLeast config.system.stateVersion "17.09") + environment = mkIf (versionAtLeast config.system.stateVersion "17.09" && !isCaddy2) { CADDYPATH = cfg.dataDir; }; serviceConfig = { - ExecStart = '' + ExecStart = if isCaddy2 then '' + ${cfg.package}/bin/caddy run --config ${configJSON} + '' else '' ${cfg.package}/bin/caddy -log stdout -log-timestamps=false \ -root=/var/tmp -conf=${configFile} \ -ca=${cfg.ca} -email=${cfg.email} ${optionalString cfg.agree "-agree"} -- cgit 1.4.1 From d71cadacd9bc67b0bd4dc207442a8edb5d492943 Mon Sep 17 00:00:00 2001 From: Oleksii Filonenko Date: Fri, 8 May 2020 09:35:55 +0000 Subject: nixos/caddy: use v2 by default --- nixos/modules/services/web-servers/caddy.nix | 33 ++++++++++++++-------------- 1 file changed, 17 insertions(+), 16 deletions(-) (limited to 'nixos/modules') diff --git a/nixos/modules/services/web-servers/caddy.nix b/nixos/modules/services/web-servers/caddy.nix index 4c024985dae5..65e9f12e6648 100644 --- a/nixos/modules/services/web-servers/caddy.nix +++ b/nixos/modules/services/web-servers/caddy.nix @@ -20,6 +20,7 @@ let ${cfg.package}/bin/caddy adapt \ --config ${configFile} --adapter ${cfg.adapter} > $out ''); + # TODO: validate with `caddy validate`? configJSON = pkgs.writeText "caddy-config.json" (builtins.toJSON (recursiveUpdate adaptedConfig tlsConfig)); in { @@ -28,18 +29,18 @@ in { config = mkOption { default = ""; - # TODO: update example text on v2.0 release example = '' example.com { - gzip - minify - log syslog - - root /srv/http + encode gzip + log + root /srv/http } ''; type = types.lines; - description = "Verbatim Caddyfile to use"; + description = '' + Verbatim Caddyfile to use. + Caddy v2 supports multiple config formats via adapters (see ). + ''; }; adapter = mkOption { @@ -47,8 +48,7 @@ in { example = "nginx"; type = types.str; description = '' - Name of the config adapter to use. - + Name of the config adapter to use. Not applicable to Caddy v1. See https://caddyserver.com/docs/config-adapters for the full list. ''; }; @@ -79,19 +79,20 @@ in { The data directory, for storing certificates. Before 17.09, this would create a .caddy directory. With 17.09 the contents of the .caddy directory are in the specified data directory instead. + + Caddy v2 replaced CADDYPATH with XDG directories. + See https://caddyserver.com/docs/conventions#file-locations. ''; }; package = mkOption { - default = pkgs.caddy; - defaultText = "pkgs.caddy"; - example = "pkgs.caddy2"; + default = pkgs.caddy2; + defaultText = "pkgs.caddy2"; + example = "pkgs.caddy"; type = types.package; description = '' Caddy package to use. - - Note: to use Caddy v2, set this to . - v2 will become the default after it is released. + To use Caddy v1 (obsolete), set this to . ''; }; }; @@ -99,7 +100,7 @@ in { config = mkIf cfg.enable { systemd.services.caddy = { description = "Caddy web server"; - # upstream unit: https://github.com/caddyserver/caddy/blob/master/dist/init/linux-systemd/caddy.service + # upstream unit: https://github.com/caddyserver/dist/blob/master/init/caddy.service after = [ "network-online.target" ]; wants = [ "network-online.target" ]; # systemd-networkd-wait-online.service wantedBy = [ "multi-user.target" ]; -- cgit 1.4.1 From 6322325a53cc7c681992fe5899fbfaf4f007957f Mon Sep 17 00:00:00 2001 From: Oleksii Filonenko Date: Fri, 8 May 2020 22:23:33 +0300 Subject: caddy: 1.0.5 -> 2.0.0 Rename legacy v1 to `caddy1` --- nixos/modules/services/web-servers/caddy.nix | 8 +++---- pkgs/servers/caddy/default.nix | 22 +++++------------ pkgs/servers/caddy/v1.nix | 36 ++++++++++++++++++++++++++++ pkgs/servers/caddy/v2.nix | 26 -------------------- pkgs/top-level/all-packages.nix | 8 ++----- 5 files changed, 48 insertions(+), 52 deletions(-) create mode 100644 pkgs/servers/caddy/v1.nix delete mode 100644 pkgs/servers/caddy/v2.nix (limited to 'nixos/modules') diff --git a/nixos/modules/services/web-servers/caddy.nix b/nixos/modules/services/web-servers/caddy.nix index 65e9f12e6648..e5f1df774bbc 100644 --- a/nixos/modules/services/web-servers/caddy.nix +++ b/nixos/modules/services/web-servers/caddy.nix @@ -86,13 +86,13 @@ in { }; package = mkOption { - default = pkgs.caddy2; - defaultText = "pkgs.caddy2"; - example = "pkgs.caddy"; + default = pkgs.caddy; + defaultText = "pkgs.caddy"; + example = "pkgs.caddy1"; type = types.package; description = '' Caddy package to use. - To use Caddy v1 (obsolete), set this to . + To use Caddy v1 (obsolete), set this to pkgs.caddy1. ''; }; }; diff --git a/pkgs/servers/caddy/default.nix b/pkgs/servers/caddy/default.nix index 05b69c30e6ce..5a7ac8f086f9 100644 --- a/pkgs/servers/caddy/default.nix +++ b/pkgs/servers/caddy/default.nix @@ -2,35 +2,25 @@ buildGoModule rec { pname = "caddy"; - version = "1.0.5"; + version = "2.0.0"; - subPackages = [ "caddy" ]; + subPackages = [ "cmd/caddy" ]; src = fetchFromGitHub { owner = "caddyserver"; repo = pname; rev = "v${version}"; - sha256 = "0jrhwmr6gggppskg5h450wybzkv17iq69dgw36hd1dp56q002i7g"; + sha256 = "1c1frfx0qkprhf4var70cncvrw8s9gjag2hygndbd9055hb52bvv"; }; - vendorSha256 = "09vnci9pp8zp7bvn8zj68wslz2nc54nhcd0ll31sqfjbp00215mj"; - doCheck = false; + vendorSha256 = "09vnci9pp8zp7bvn8zj68wslz2nc54nhcd0ll31sqfjbp00215mj"; - preBuild = '' - cat << EOF > caddy/main.go - package main - import "github.com/caddyserver/caddy/caddy/caddymain" - func main() { - caddymain.EnableTelemetry = false - caddymain.Run() - } - EOF - ''; + modSha256 = "19sxyvfq1bpg85w8cd1yk2s6rd8759cf2zqs5b6wyny4cak2bl83"; meta = with stdenv.lib; { homepage = "https://caddyserver.com"; description = "Fast, cross-platform HTTP/2 web server with automatic HTTPS"; license = licenses.asl20; - maintainers = with maintainers; [ rushmorem fpletz zimbatm filalex77 ]; + maintainers = with maintainers; [ filalex77 ]; }; } diff --git a/pkgs/servers/caddy/v1.nix b/pkgs/servers/caddy/v1.nix new file mode 100644 index 000000000000..bcd4b7065b58 --- /dev/null +++ b/pkgs/servers/caddy/v1.nix @@ -0,0 +1,36 @@ +{ stdenv, buildGoModule, fetchFromGitHub }: + +buildGoModule rec { + pname = "caddy"; + version = "1.0.5"; + + goPackagePath = "github.com/caddyserver/caddy"; + + subPackages = [ "caddy" ]; + + src = fetchFromGitHub { + owner = "caddyserver"; + repo = pname; + rev = "v${version}"; + sha256 = "0jrhwmr6gggppskg5h450wybzkv17iq69dgw36hd1dp56q002i7g"; + }; + modSha256 = "1gc0xvsihr4zp7hkrdfrplvzkaphz1y4q53rgwn2jhd8s98l57an"; + + preBuild = '' + cat << EOF > caddy/main.go + package main + import "github.com/caddyserver/caddy/caddy/caddymain" + func main() { + caddymain.EnableTelemetry = false + caddymain.Run() + } + EOF + ''; + + meta = with stdenv.lib; { + homepage = "https://caddyserver.com"; + description = "Fast, cross-platform HTTP/2 web server with automatic HTTPS"; + license = licenses.asl20; + maintainers = with maintainers; [ rushmorem fpletz zimbatm filalex77 ]; + }; +} diff --git a/pkgs/servers/caddy/v2.nix b/pkgs/servers/caddy/v2.nix deleted file mode 100644 index 4021e8298003..000000000000 --- a/pkgs/servers/caddy/v2.nix +++ /dev/null @@ -1,26 +0,0 @@ -{ stdenv, buildGoModule, fetchFromGitHub }: - -buildGoModule rec { - pname = "caddy"; - version = "2.1.1"; - - subPackages = [ "cmd/caddy" ]; - - src = fetchFromGitHub { - owner = "caddyserver"; - repo = pname; - rev = "v${version}"; - sha256 = "0c682zrivkawsxlps5hlx8js5zp4ddahg0zi5cr0861gnllbdll0"; - }; - - vendorSha256 = "0jzx00c2b8y7zwl73r2fh1826spcd15y39nfzr53s5lay3fvkybc"; - - doCheck = false; - - meta = with stdenv.lib; { - homepage = "https://caddyserver.com"; - description = "Fast, cross-platform HTTP/2 web server with automatic HTTPS"; - license = licenses.asl20; - maintainers = with maintainers; [ filalex77 ]; - }; -} diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 7a5414477e9d..dba9d0c793b7 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -1507,12 +1507,8 @@ in ''; }); - caddy = callPackage ../servers/caddy { - buildGoModule = buildGo114Module; - }; - caddy2 = callPackage ../servers/caddy/v2.nix { - buildGoModule = buildGo114Module; - }; + caddy = callPackage ../servers/caddy { }; + caddy1 = callPackage ../servers/caddy/v1.nix { }; traefik = callPackage ../servers/traefik { }; calamares = libsForQt5.callPackage ../tools/misc/calamares { -- cgit 1.4.1 From b8bfe941fa7912bc68fb952fb268bc529eb502ca Mon Sep 17 00:00:00 2001 From: Sylvain Fankhauser Date: Mon, 7 Sep 2020 09:42:00 +0200 Subject: caddy: address remaining MR comments for v2 --- nixos/modules/services/web-servers/caddy.nix | 18 ++++++++++++------ nixos/tests/caddy.nix | 8 ++++++-- pkgs/servers/caddy/v1.nix | 3 ++- pkgs/top-level/all-packages.nix | 4 ++-- 4 files changed, 22 insertions(+), 11 deletions(-) (limited to 'nixos/modules') diff --git a/nixos/modules/services/web-servers/caddy.nix b/nixos/modules/services/web-servers/caddy.nix index e5f1df774bbc..dda26fe491a1 100644 --- a/nixos/modules/services/web-servers/caddy.nix +++ b/nixos/modules/services/web-servers/caddy.nix @@ -16,13 +16,15 @@ let }; }]; }; - adaptedConfig = importJSON (pkgs.runCommand "caddy-config-adapted.json" { } '' + + adaptedConfig = pkgs.runCommand "caddy-config-adapted.json" { } '' ${cfg.package}/bin/caddy adapt \ --config ${configFile} --adapter ${cfg.adapter} > $out - ''); - # TODO: validate with `caddy validate`? - configJSON = pkgs.writeText "caddy-config.json" (builtins.toJSON - (recursiveUpdate adaptedConfig tlsConfig)); + ''; + tlsJSON = pkgs.writeText "tls.json" (builtins.toJSON tlsConfig); + configJSON = pkgs.runCommand "caddy-config.json" { } '' + ${pkgs.jq}/bin/jq -s '.[0] * .[1]' ${adaptedConfig} ${tlsJSON} > $out + ''; in { options.services.caddy = { enable = mkEnableOption "Caddy web server"; @@ -114,7 +116,11 @@ in { -root=/var/tmp -conf=${configFile} \ -ca=${cfg.ca} -email=${cfg.email} ${optionalString cfg.agree "-agree"} ''; - ExecReload = "${pkgs.coreutils}/bin/kill -USR1 $MAINPID"; + ExecReload = + if isCaddy2 then + "${cfg.package}/bin/caddy reload --config ${configJSON}" + else + "${pkgs.coreutils}/bin/kill -USR1 $MAINPID"; Type = "simple"; User = "caddy"; Group = "caddy"; diff --git a/nixos/tests/caddy.nix b/nixos/tests/caddy.nix index e9a93df4f486..445a7fa6b0b4 100644 --- a/nixos/tests/caddy.nix +++ b/nixos/tests/caddy.nix @@ -11,6 +11,7 @@ import ./make-test-python.nix ({ pkgs, ... }: { http://localhost { encode gzip + file_server root * ${ pkgs.runCommand "testdir" {} '' mkdir "$out" @@ -25,6 +26,7 @@ import ./make-test-python.nix ({ pkgs, ... }: { http://localhost { encode gzip + file_server root * ${ pkgs.runCommand "testdir2" {} '' mkdir "$out" @@ -59,9 +61,11 @@ import ./make-test-python.nix ({ pkgs, ... }: { ) etag = etag.replace("\r\n", " ") http_code = webserver.succeed( - "curl -w \"%{{http_code}}\" -X HEAD -H 'If-None-Match: {}' {}".format(etag, url) + "curl --silent --show-error -o /dev/null -w \"%{{http_code}}\" --head -H 'If-None-Match: {}' {}".format( + etag, url + ) ) - assert int(http_code) == 304, "HTTP code is not 304" + assert int(http_code) == 304, "HTTP code is {}, expected 304".format(http_code) return etag diff --git a/pkgs/servers/caddy/v1.nix b/pkgs/servers/caddy/v1.nix index bcd4b7065b58..8a18904af2c8 100644 --- a/pkgs/servers/caddy/v1.nix +++ b/pkgs/servers/caddy/v1.nix @@ -14,7 +14,8 @@ buildGoModule rec { rev = "v${version}"; sha256 = "0jrhwmr6gggppskg5h450wybzkv17iq69dgw36hd1dp56q002i7g"; }; - modSha256 = "1gc0xvsihr4zp7hkrdfrplvzkaphz1y4q53rgwn2jhd8s98l57an"; + + vendorSha256 = "09vnci9pp8zp7bvn8zj68wslz2nc54nhcd0ll31sqfjbp00215mj"; preBuild = '' cat << EOF > caddy/main.go diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index dba9d0c793b7..a3e555215477 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -1507,8 +1507,8 @@ in ''; }); - caddy = callPackage ../servers/caddy { }; - caddy1 = callPackage ../servers/caddy/v1.nix { }; + caddy = callPackage ../servers/caddy { buildGoModule = buildGo114Module; }; # https://github.com/lucas-clemente/quic-go/issues/2614 + caddy1 = callPackage ../servers/caddy/v1.nix { buildGoModule = buildGo114Module; }; traefik = callPackage ../servers/traefik { }; calamares = libsForQt5.callPackage ../tools/misc/calamares { -- cgit 1.4.1