| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
| |
IE6 is long gone and this directive is not useful anymore. We can
spare a few CPU cycles (and maybe skip some bugs) by not trying to
disable gzip for MSIE6.
|
| |
|
|\
| |
| | |
nixos/darkhttpd: fix package reference
|
| | |
|
| |
| |
| |
| |
| |
| | |
And replace them with a more appropriate type
Also fix up some minor module problems along the way
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* nixos/acme: Fix ordering of cert requests
When subsequent certificates would be added, they would
not wake up nginx correctly due to target units only being triggered
once. We now added more fine-grained systemd dependencies to make sure
nginx always is aware of new certificates and doesn't restart too early
resulting in a crash.
Furthermore, the acme module has been refactored. Mostly to get
rid of the deprecated PermissionStartOnly systemd options which were
deprecated. Below is a summary of changes made.
* Use SERVICE_RESULT to determine status
This was added in systemd v232. we don't have to keep track
of the EXITCODE ourselves anymore.
* Add regression test for requesting mutliple domains
* Deprecate 'directory' option
We now use systemd's StateDirectory option to manage
create and permissions of the acme state directory.
* The webroot is created using a systemd.tmpfiles.rules rule
instead of the preStart script.
* Depend on certs directly
By getting rid of the target units, we make sure ordering
is correct in the case that you add new certs after already
having deployed some.
Reason it broke before: acme-certificates.target would
be in active state, and if you then add a new cert, it
would still be active and hence nginx would restart
without even requesting a new cert. Not good! We
make the dependencies more fine-grained now. this should fix that
* Remove activationDelay option
It complicated the code a lot, and is rather arbitrary. What if
your activation script takes more than activationDelay seconds?
Instead, one should use systemd dependencies to make sure some
action happens before setting the certificate live.
e.g. If you want to wait until your cert is published in DNS DANE /
TLSA, you could create a unit that blocks until it appears in DNS:
```
RequiredBy=acme-${cert}.service
After=acme-${cert}.service
ExecStart=publish-wait-for-dns-script
```
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The `keys.target` is used to indicate whether all NixOps keys were
successfully uploaded on an unattended reboot. However this can cause
startup issues e.g. with NixOS containers (see #67265) and can block
boots even though this might not be needed (e.g. with a dovecot2
instance running that doesn't need any of the NixOps keys).
As described in the NixOps manual[1], dependencies to keys should be
defined like this now:
``` nix
{
systemd.services.myservice = {
after = [ "secret-key.service" ];
wants = [ "secret-key.service" ];
};
}
```
However I'd leave the issue open until it's discussed whether or not to
keep `keys.target` in `nixpkgs`.
[1] https://nixos.org/nixops/manual/#idm140737322342384
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* nginx: expose generated config and allow nginx reloads
Fixes: https://github.com/NixOS/nixpkgs/issues/15906
Another try was done, but not yet merged in https://github.com/NixOS/nixpkgs/pull/24476
This add 2 new features: ability to review generated Nginx config
(and NixOS has sophisticated generation!) and reloading
of nginx on config changes. This preserves nginx restart on package
updates.
I've modified nginx test to use this new feature and check reload/restart
behavior.
* rename to enableReload
* add sleep(1) in ETag test (race condition) and rewrite rebuild-switch using `nesting.clone`
|
| |
|
|\
| |
| | |
nixos/httpd: remove duplicate module entries from httpd.conf
|
| | |
|
|/ |
|
| |
|
| |
|
| |
|
|\
| |
| | |
nixos/httpd: drop tomcat-connector httpd subservice
|
| | |
|
|\ \
| |/
|/| |
nixos/zabbix: overhaul package & module
|
| | |
|
| | |
|
|/ |
|
|\
| |
| | |
Staging next
|
| |\
| | |
| | |
| | |
| | | |
There are several thousand rebuilds from master already.
Hydra nixpkgs: ?compare=1528940
|
| |\ \ |
|
| | | | |
|
|\ \ \ \
| |_|_|/
|/| | | |
nixos/httpd: drop mercurial httpd subservice
|
| | |/
| |/| |
|
| | | |
|
| | |
| | |
| | |
| | |
| | | |
This reverts commit b5478fd1a2ef442a54c36031bf3a27a96b5ea31c, reversing
changes made to dbb00bfcbfb291e79d4d2d512041656e6bcfcd9a.
|
|/ /
| |
| |
| | |
This reverts commit 54645ce43a1cd2ecde5f1b6d035366b0311117cf.
|
| | |
|
|\ \
| | |
| | | |
phpfpm: do not run anything as root
|
| | | |
|
| | | |
|
| |/
|/|
| |
| |
| | |
The order of the keys matters: scan-path must be the last key for other settings
to be taken into account.
|
|/
|
|
|
|
| |
* treewide: remove unused variables
* making ofborg happy
|
|\
| |
| | |
drop unmaintained phabricator package, service, and httpd subservice
|
| | |
|
|/ |
|
|\
| |
| | |
nixos/httpd: cleanup old apache2.2 syntax
|
| | |
|
| | |
|
|\ \
| | |
| | | |
limesurvey: 2.05_plus_141210 -> 3.17.1+190408, init module
|