From 98e354074fdd30c23b8d64f5bc963d6a2c87a231 Mon Sep 17 00:00:00 2001 From: Aaron Andersen Date: Sat, 14 Aug 2021 08:35:30 -0400 Subject: [PATCH] nixos/httpd: add virtualHosts..listenAddresses option --- .../web-servers/apache-httpd/default.nix | 11 +++++----- .../apache-httpd/vhost-options.nix | 21 +++++++++++++++++-- 2 files changed, 25 insertions(+), 7 deletions(-) diff --git a/nixos/modules/services/web-servers/apache-httpd/default.nix b/nixos/modules/services/web-servers/apache-httpd/default.nix index df7035c03cc2..17cfdfb24462 100644 --- a/nixos/modules/services/web-servers/apache-httpd/default.nix +++ b/nixos/modules/services/web-servers/apache-httpd/default.nix @@ -36,11 +36,12 @@ let dependentCertNames = unique (map (hostOpts: hostOpts.certName) acmeEnabledVhosts); mkListenInfo = hostOpts: - if hostOpts.listen != [] then hostOpts.listen - else ( - optional (hostOpts.onlySSL || hostOpts.addSSL || hostOpts.forceSSL) { ip = "*"; port = 443; ssl = true; } ++ - optional (!hostOpts.onlySSL) { ip = "*"; port = 80; ssl = false; } - ); + if hostOpts.listen != [] then + hostOpts.listen + else + optionals (hostOpts.onlySSL || hostOpts.addSSL || hostOpts.forceSSL) (map (addr: { ip = addr; port = 443; ssl = true; }) hostOpts.listenAddresses) ++ + optionals (!hostOpts.onlySSL) (map (addr: { ip = addr; port = 80; ssl = false; }) hostOpts.listenAddresses) + ; listenInfo = unique (concatMap mkListenInfo vhosts); diff --git a/nixos/modules/services/web-servers/apache-httpd/vhost-options.nix b/nixos/modules/services/web-servers/apache-httpd/vhost-options.nix index 394f9a305546..3f732a5c9f33 100644 --- a/nixos/modules/services/web-servers/apache-httpd/vhost-options.nix +++ b/nixos/modules/services/web-servers/apache-httpd/vhost-options.nix @@ -47,12 +47,29 @@ in ]; description = '' Listen addresses and ports for this virtual host. - + + This option overrides addSSL, forceSSL and onlySSL. - + + + If you only want to set the addresses manually and not the ports, take a look at listenAddresses. + + ''; }; + listenAddresses = mkOption { + type = with types; nonEmptyListOf str; + + description = '' + Listen addresses for this virtual host. + Compared to listen this only sets the addreses + and the ports are chosen automatically. + ''; + default = [ "*" ]; + example = [ "127.0.0.1" ]; + }; + enableSSL = mkOption { type = types.bool; visible = false;