Loading nixos/modules/services/web-apps/gancio.nix +28 −21 Original line number Diff line number Diff line Loading @@ -54,24 +54,20 @@ in }; baseurl = mkOption { type = types.str; default = ""; example = "/gancio"; description = "The URL path under which the server is reachable."; default = "http${ lib.optionalString config.services.nginx.virtualHosts."${cfg.settings.hostname}".enableACME "s" }://${cfg.settings.hostname}"; defaultText = lib.literalExpression ''"https://''${cfg.settings.hostname}"''; example = "https://demo.gancio.org/gancio"; description = "The full URL under which the server is reachable."; }; server = { host = mkOption { type = types.str; default = "localhost"; example = "::"; description = '' The address (IPv4, IPv6 or DNS) for the gancio server to listen on. ''; }; port = mkOption { type = types.port; default = 13120; socket = mkOption { type = types.path; readOnly = true; default = "/run/gancio/socket"; description = '' Port number of the gancio server to listen on. The unix socket for the gancio server to listen on. ''; }; }; Loading Loading @@ -157,11 +153,18 @@ in }; nginx = mkOption { type = types.submodule (import ../web-servers/nginx/vhost-options.nix { inherit config lib; }); type = types.submodule ( lib.recursiveUpdate (import ../web-servers/nginx/vhost-options.nix { inherit config lib; }) { # enable encryption by default, # as sensitive login credentials should not be transmitted in clear text. options.forceSSL.default = true; options.enableACME.default = true; } ); default = { }; example = { enableACME = true; forceSSL = true; enableACME = false; forceSSL = false; }; description = "Extra configuration for the nginx virtual host of gancio."; }; Loading Loading @@ -224,6 +227,10 @@ in serviceConfig = { ExecStart = "${getExe cfg.package} start ${configFile}"; # set umask so that nginx can write to the server socket # FIXME: upstream socket permission configuration in Nuxt UMask = "0002"; RuntimeDirectory = "gancio"; StateDirectory = "gancio"; WorkingDirectory = "/var/lib/gancio"; LogsDirectory = "gancio"; Loading Loading @@ -260,8 +267,6 @@ in virtualHosts."${cfg.settings.hostname}" = mkMerge [ cfg.nginx { enableACME = mkDefault true; forceSSL = mkDefault true; locations = { "/" = { index = "index.html"; Loading @@ -269,12 +274,14 @@ in }; "@proxy" = { proxyWebsockets = true; proxyPass = "http://${cfg.settings.server.host}:${toString cfg.settings.server.port}"; proxyPass = "http://unix:${cfg.settings.server.socket}"; recommendedProxySettings = true; }; }; } ]; }; # for nginx to access gancio socket users.users."${config.services.nginx.user}".extraGroups = [ config.users.users.${cfg.user}.group ]; }; } nixos/tests/gancio.nix +1 −1 Original line number Diff line number Diff line Loading @@ -71,7 +71,7 @@ import ./make-test-python.nix ( server.wait_for_unit("postgresql") server.wait_for_unit("gancio") server.wait_for_unit("nginx") server.wait_for_open_port(13120) server.wait_for_file("/run/gancio/socket") server.wait_for_open_port(80) # Check can create user via cli Loading Loading
nixos/modules/services/web-apps/gancio.nix +28 −21 Original line number Diff line number Diff line Loading @@ -54,24 +54,20 @@ in }; baseurl = mkOption { type = types.str; default = ""; example = "/gancio"; description = "The URL path under which the server is reachable."; default = "http${ lib.optionalString config.services.nginx.virtualHosts."${cfg.settings.hostname}".enableACME "s" }://${cfg.settings.hostname}"; defaultText = lib.literalExpression ''"https://''${cfg.settings.hostname}"''; example = "https://demo.gancio.org/gancio"; description = "The full URL under which the server is reachable."; }; server = { host = mkOption { type = types.str; default = "localhost"; example = "::"; description = '' The address (IPv4, IPv6 or DNS) for the gancio server to listen on. ''; }; port = mkOption { type = types.port; default = 13120; socket = mkOption { type = types.path; readOnly = true; default = "/run/gancio/socket"; description = '' Port number of the gancio server to listen on. The unix socket for the gancio server to listen on. ''; }; }; Loading Loading @@ -157,11 +153,18 @@ in }; nginx = mkOption { type = types.submodule (import ../web-servers/nginx/vhost-options.nix { inherit config lib; }); type = types.submodule ( lib.recursiveUpdate (import ../web-servers/nginx/vhost-options.nix { inherit config lib; }) { # enable encryption by default, # as sensitive login credentials should not be transmitted in clear text. options.forceSSL.default = true; options.enableACME.default = true; } ); default = { }; example = { enableACME = true; forceSSL = true; enableACME = false; forceSSL = false; }; description = "Extra configuration for the nginx virtual host of gancio."; }; Loading Loading @@ -224,6 +227,10 @@ in serviceConfig = { ExecStart = "${getExe cfg.package} start ${configFile}"; # set umask so that nginx can write to the server socket # FIXME: upstream socket permission configuration in Nuxt UMask = "0002"; RuntimeDirectory = "gancio"; StateDirectory = "gancio"; WorkingDirectory = "/var/lib/gancio"; LogsDirectory = "gancio"; Loading Loading @@ -260,8 +267,6 @@ in virtualHosts."${cfg.settings.hostname}" = mkMerge [ cfg.nginx { enableACME = mkDefault true; forceSSL = mkDefault true; locations = { "/" = { index = "index.html"; Loading @@ -269,12 +274,14 @@ in }; "@proxy" = { proxyWebsockets = true; proxyPass = "http://${cfg.settings.server.host}:${toString cfg.settings.server.port}"; proxyPass = "http://unix:${cfg.settings.server.socket}"; recommendedProxySettings = true; }; }; } ]; }; # for nginx to access gancio socket users.users."${config.services.nginx.user}".extraGroups = [ config.users.users.${cfg.user}.group ]; }; }
nixos/tests/gancio.nix +1 −1 Original line number Diff line number Diff line Loading @@ -71,7 +71,7 @@ import ./make-test-python.nix ( server.wait_for_unit("postgresql") server.wait_for_unit("gancio") server.wait_for_unit("nginx") server.wait_for_open_port(13120) server.wait_for_file("/run/gancio/socket") server.wait_for_open_port(80) # Check can create user via cli Loading
