pyrox.dev
Merge pull request #10474 from abbradar/nginx-pam-modules
nginx: factor out modules into a separate file, add new "pam" module
+8
-105
pkgs/servers/http/nginx/default.nix
+8
-105
pkgs/servers/http/nginx/default.nix
···
1
1
{ stdenv, fetchurl, fetchFromGitHub, openssl, zlib, pcre, libxml2, libxslt, expat
2
-
, gd, geoip, luajit
3
-
, curl, apr, aprutil, apacheHttpd, yajl, libcap, modsecurity_standalone
4
-
, rtmp ? false
5
-
, fullWebDAV ? false
6
-
, syslog ? false
7
-
, moreheaders ? false
8
-
, echo ? false
9
-
, modsecurity ? false
10
-
, ngx_lua ? modsecurity || false
11
-
, set_misc ? false
12
-
, fluent ? false
13
-
, extraModules ? []
2
+
, gd, geoip
3
+
, modules ? []
14
4
}:
15
5
16
6
with stdenv.lib;
···
22
12
sha256 = "1mgkkmmwkhmpn68sdvbd73ssv6lpqhh864fsyvc1ij4hk4is3k13";
23
13
};
24
14
25
-
rtmp-ext = fetchFromGitHub {
26
-
owner = "arut";
27
-
repo = "nginx-rtmp-module";
28
-
rev = "v1.1.7";
29
-
sha256 = "0i0fa1znkj7cipy5nlkw4k40klhp9jzk28wxy2vrvd2jvh91x3ma";
30
-
};
31
-
32
-
dav-ext = fetchFromGitHub {
33
-
owner = "arut";
34
-
repo = "nginx-dav-ext-module";
35
-
rev = "v0.0.3";
36
-
sha256 = "1qck8jclxddncjad8yv911s9z7lrd58bp96jf13m0iqk54xghx91";
37
-
};
38
-
39
-
syslog-ext = fetchFromGitHub {
40
-
owner = "yaoweibin";
41
-
repo = "nginx_syslog_patch";
42
-
rev = "3ca5ba65541637f74467038aa032e2586321d0cb";
43
-
sha256 = "0y8dxkx8m1jw4v5zsvw1gfah9vh3ryq0hfmrcbjzcmwp5b5lb1i8";
44
-
};
45
-
46
-
moreheaders-ext = fetchFromGitHub {
47
-
owner = "openresty";
48
-
repo = "headers-more-nginx-module";
49
-
rev = "v0.26";
50
-
sha256 = "01wkqhk8mk8jgmzi7jbzmg5kamffx3lmhj5yfwryvnvs6xqs74wn";
51
-
};
52
-
53
-
modsecurity-ext = modsecurity_standalone.nginx;
54
-
55
-
echo-ext = fetchFromGitHub {
56
-
owner = "openresty";
57
-
repo = "echo-nginx-module";
58
-
rev = "v0.57";
59
-
sha256 = "1q0f0zprcn0ypl2qh964cq186l3f40p0z7n7x22m8cxj367vf000";
60
-
};
61
-
62
-
lua-ext = fetchFromGitHub {
63
-
owner = "openresty";
64
-
repo = "lua-nginx-module";
65
-
rev = "v0.9.16";
66
-
sha256 = "0dvdam228jhsrayb22ishljdkgib08bakh8ygn84sq0c2xbidzlp";
67
-
};
68
-
69
-
set-misc-ext = fetchFromGitHub {
70
-
owner = "openresty";
71
-
repo = "set-misc-nginx-module";
72
-
rev = "v0.28";
73
-
sha256 = "1vixj60q0liri7k5ax85grj7q9vvgybkx421bwphbhai5xrjip96";
74
-
};
75
-
76
-
fluentd = fetchFromGitHub {
77
-
owner = "fluent";
78
-
repo = "nginx-fluentd-module";
79
-
rev = "8af234043059c857be27879bc547c141eafd5c13";
80
-
sha256 = "1ycb5zd9sw60ra53jpak1m73zwrjikwhrrh9q6266h1mlyns7zxm";
81
-
};
82
-
83
-
develkit-ext = fetchFromGitHub {
84
-
owner = "simpl";
85
-
repo = "ngx_devel_kit";
86
-
rev = "v0.2.19";
87
-
sha256 = "1cqcasp4lc6yq5pihfcdw4vp4wicngvdc3nqg3bg52r63c1qrz76";
88
-
};
89
-
90
-
91
15
in
92
16
93
17
stdenv.mkDerivation rec {
···
95
19
src = mainSrc;
96
20
97
21
buildInputs =
98
-
[ openssl zlib pcre libxml2 libxslt gd geoip
99
-
] ++ optional fullWebDAV expat
100
-
++ optional ngx_lua luajit
101
-
++ optionals modsecurity [ curl apr aprutil apacheHttpd yajl ];
102
-
103
-
LUAJIT_LIB = if ngx_lua then "${luajit}/lib" else "";
104
-
LUAJIT_INC = if ngx_lua then "${luajit}/include/luajit-2.0" else "";
105
-
106
-
patches = if syslog then [ "${syslog-ext}/syslog-1.5.6.patch" ] else [];
22
+
[ openssl zlib pcre libxml2 libxslt gd geoip ]
23
+
++ concatMap (mod: mod.inputs or []) modules;
107
24
108
25
configureFlags = [
109
26
"--with-select_module"
···
130
47
"--with-ipv6"
131
48
# Install destination problems
132
49
# "--with-http_perl_module"
133
-
] ++ optional rtmp "--add-module=${rtmp-ext}"
134
-
++ optional fullWebDAV "--add-module=${dav-ext}"
135
-
++ optional syslog "--add-module=${syslog-ext}"
136
-
++ optional moreheaders "--add-module=${moreheaders-ext}"
137
-
++ optional echo "--add-module=${echo-ext}"
138
-
++ optional ngx_lua "--add-module=${develkit-ext} --add-module=${lua-ext}"
139
-
++ optional set_misc "--add-module=${set-misc-ext}"
140
-
++ optionals (elem stdenv.system (with platforms; linux ++ freebsd))
50
+
] ++ optionals (elem stdenv.system (with platforms; linux ++ freebsd))
141
51
[ "--with-file-aio" "--with-aio_module" ]
142
-
++ optional fluent "--add-module=${fluentd}"
143
-
++ optional modsecurity "--add-module=${modsecurity-ext}/nginx/modsecurity"
144
-
++ (map (m: "--add-module=${m}") extraModules);
145
-
52
+
++ map (mod: "--add-module=${mod.src}") modules;
146
53
147
-
additionalFlags = optionalString stdenv.isDarwin "-Wno-error=deprecated-declarations -Wno-error=conditional-uninitialized";
54
+
NIX_CFLAGS_COMPILE = [ "-I${libxml2}/include/libxml2" ] ++ optional stdenv.isDarwin "-Wno-error=deprecated-declarations -Wno-error=conditional-uninitialized";
148
55
149
-
NIX_CFLAGS_COMPILE = optionalString modsecurity "-I${aprutil}/include/apr-1 -I${apacheHttpd}/include -I${apr}/include/apr-1 -I${yajl}/include";
150
-
151
-
preConfigure = ''
152
-
export NIX_CFLAGS_COMPILE="$NIX_CFLAGS_COMPILE -I${libxml2}/include/libxml2 $additionalFlags"
153
-
'';
56
+
preConfigure = concatMapStringsSep "\n" (mod: mod.preConfigure or "") modules;
154
57
155
58
meta = {
156
59
description = "A reverse proxy and lightweight webserver";
+111
pkgs/servers/http/nginx/modules.nix
+111
pkgs/servers/http/nginx/modules.nix
···
1
+
{ fetchFromGitHub, pkgs }:
2
+
3
+
{
4
+
rtmp = {
5
+
src = fetchFromGitHub {
6
+
owner = "arut";
7
+
repo = "nginx-rtmp-module";
8
+
rev = "v1.1.7";
9
+
sha256 = "0i0fa1znkj7cipy5nlkw4k40klhp9jzk28wxy2vrvd2jvh91x3ma";
10
+
};
11
+
};
12
+
13
+
dav = {
14
+
src = fetchFromGitHub {
15
+
owner = "arut";
16
+
repo = "nginx-dav-ext-module";
17
+
rev = "v0.0.3";
18
+
sha256 = "1qck8jclxddncjad8yv911s9z7lrd58bp96jf13m0iqk54xghx91";
19
+
};
20
+
inputs = [ pkgs.expat ];
21
+
};
22
+
23
+
syslog = rec {
24
+
src = fetchFromGitHub {
25
+
owner = "yaoweibin";
26
+
repo = "nginx_syslog_patch";
27
+
rev = "3ca5ba65541637f74467038aa032e2586321d0cb";
28
+
sha256 = "0y8dxkx8m1jw4v5zsvw1gfah9vh3ryq0hfmrcbjzcmwp5b5lb1i8";
29
+
};
30
+
preConfigure = ''
31
+
patch -p1 < "${src}/syslog-1.7.0.patch"
32
+
'';
33
+
};
34
+
35
+
moreheaders = {
36
+
src = fetchFromGitHub {
37
+
owner = "openresty";
38
+
repo = "headers-more-nginx-module";
39
+
rev = "v0.26";
40
+
sha256 = "01wkqhk8mk8jgmzi7jbzmg5kamffx3lmhj5yfwryvnvs6xqs74wn";
41
+
};
42
+
};
43
+
44
+
modsecurity = {
45
+
src = "${pkgs.modsecurity_standalone.nginx}/nginx/modsecurity";
46
+
inputs = [ pkgs.curl pkgs.apr pkgs.aprutil pkgs.apacheHttpd pkgs.yajl ];
47
+
preConfigure = ''
48
+
export NIX_CFLAGS_COMPILE="$NIX_CFLAGS_COMPILE -I${pkgs.aprutil}/include/apr-1 -I${pkgs.apacheHttpd}/include -I${pkgs.apr}/include/apr-1 -I${pkgs.yajl}/include"
49
+
'';
50
+
};
51
+
52
+
echo = {
53
+
src = fetchFromGitHub {
54
+
owner = "openresty";
55
+
repo = "echo-nginx-module";
56
+
rev = "v0.57";
57
+
sha256 = "1q0f0zprcn0ypl2qh964cq186l3f40p0z7n7x22m8cxj367vf000";
58
+
};
59
+
};
60
+
61
+
develkit = {
62
+
src = fetchFromGitHub {
63
+
owner = "simpl";
64
+
repo = "ngx_devel_kit";
65
+
rev = "v0.2.19";
66
+
sha256 = "1cqcasp4lc6yq5pihfcdw4vp4wicngvdc3nqg3bg52r63c1qrz76";
67
+
};
68
+
};
69
+
70
+
lua = {
71
+
src = fetchFromGitHub {
72
+
owner = "openresty";
73
+
repo = "lua-nginx-module";
74
+
rev = "v0.9.16";
75
+
sha256 = "0dvdam228jhsrayb22ishljdkgib08bakh8ygn84sq0c2xbidzlp";
76
+
};
77
+
inputs = [ pkgs.luajit ];
78
+
preConfigure = ''
79
+
export LUAJIT_LIB="${pkgs.luajit}/lib"
80
+
export LUAJIT_INC="${pkgs.luajit}/include/luajit-2.0"
81
+
'';
82
+
};
83
+
84
+
set-misc = {
85
+
src = fetchFromGitHub {
86
+
owner = "openresty";
87
+
repo = "set-misc-nginx-module";
88
+
rev = "v0.28";
89
+
sha256 = "1vixj60q0liri7k5ax85grj7q9vvgybkx421bwphbhai5xrjip96";
90
+
};
91
+
};
92
+
93
+
fluentd = {
94
+
src = fetchFromGitHub {
95
+
owner = "fluent";
96
+
repo = "nginx-fluentd-module";
97
+
rev = "8af234043059c857be27879bc547c141eafd5c13";
98
+
sha256 = "1ycb5zd9sw60ra53jpak1m73zwrjikwhrrh9q6266h1mlyns7zxm";
99
+
};
100
+
};
101
+
102
+
pam = {
103
+
src = fetchFromGitHub {
104
+
owner = "stogh";
105
+
repo = "ngx_http_auth_pam_module";
106
+
rev = "v1.4";
107
+
sha256 = "068zwyrc1dji55rlaj2kx6n0v2n5rpj7nz26ipvz26ida712md35";
108
+
};
109
+
inputs = [ pkgs.pam ];
110
+
};
111
+
}
+11
-78
pkgs/servers/http/nginx/unstable.nix
+11
-78
pkgs/servers/http/nginx/unstable.nix
···
1
1
{ stdenv, fetchurl, fetchFromGitHub, openssl, zlib, pcre, libxml2, libxslt, expat
2
-
, gd, geoip, luajit
3
-
, rtmp ? false
4
-
, fullWebDAV ? false
5
-
, syslog ? false
6
-
, moreheaders ? false
7
-
, echo ? false
8
-
, ngx_lua ? false
9
-
, withStream ? false }:
2
+
, gd, geoip
3
+
, withStream ? false
4
+
, modules ? []
5
+
}:
10
6
11
7
with stdenv.lib;
12
8
···
17
13
sha256 = "1a1bixw2a4s5c3qzw3583s4a4y6i0sdzhihhlbab5rkyfh1hr6s7";
18
14
};
19
15
20
-
rtmp-ext = fetchFromGitHub {
21
-
owner = "arut";
22
-
repo = "nginx-rtmp-module";
23
-
rev = "v1.1.5";
24
-
sha256 = "1d9ws4prxz22yq3nhh5h18jrs331zivrdh784l6wznc1chg3gphn";
25
-
};
26
-
27
-
dav-ext = fetchFromGitHub {
28
-
owner = "arut";
29
-
repo = "nginx-dav-ext-module";
30
-
rev = "v0.0.3";
31
-
sha256 = "1qck8jclxddncjad8yv911s9z7lrd58bp96jf13m0iqk54xghx91";
32
-
};
33
-
34
-
syslog-ext = fetchFromGitHub {
35
-
owner = "yaoweibin";
36
-
repo = "nginx_syslog_patch";
37
-
rev = "v0.25";
38
-
sha256 = "0734f884838wcjyrrddn8wzj834wid1zffrk093jrx18447cryxl";
39
-
};
40
-
41
-
moreheaders-ext = fetchFromGitHub {
42
-
owner = "openresty";
43
-
repo = "headers-more-nginx-module";
44
-
rev = "v0.25";
45
-
sha256 = "1d71y1i0smi4gkzz731fhn58gr03b3s6jz6ipnfzxxaizmgxm3rb";
46
-
};
47
-
48
-
echo-ext = fetchFromGitHub {
49
-
owner = "openresty";
50
-
repo = "echo-nginx-module";
51
-
rev = "v0.56";
52
-
sha256 = "03vaf1ffhkj2s089f90h45n079h3zw47h6y5zpk752f4ydiagpgd";
53
-
};
54
-
55
-
develkit-ext = fetchFromGitHub {
56
-
owner = "simpl";
57
-
repo = "ngx_devel_kit";
58
-
rev = "v0.2.19";
59
-
sha256 = "1cqcasp4lc6yq5pihfcdw4vp4wicngvdc3nqg3bg52r63c1qrz76";
60
-
};
61
-
62
-
lua-ext = fetchFromGitHub {
63
-
owner = "openresty";
64
-
repo = "lua-nginx-module";
65
-
rev = "v0.9.16";
66
-
sha256 = "0dvdam228jhsrayb22ishljdkgib08bakh8ygn84sq0c2xbidzlp";
67
-
};
68
-
69
16
in
70
17
71
18
stdenv.mkDerivation rec {
···
73
20
src = mainSrc;
74
21
75
22
buildInputs =
76
-
[ openssl zlib pcre libxml2 libxslt gd geoip
77
-
] ++ optional fullWebDAV expat
78
-
++ optional ngx_lua luajit;
79
-
80
-
LUAJIT_LIB = if ngx_lua then "${luajit}/lib" else "";
81
-
LUAJIT_INC = if ngx_lua then "${luajit}/include/luajit-2.0" else "";
82
-
83
-
patches = if syslog then [ "${syslog-ext}/syslog-1.5.6.patch" ] else [];
23
+
[ openssl zlib pcre libxml2 libxslt gd geoip ]
24
+
++ concatMap (mod: mod.inputs or []) modules;
84
25
85
26
configureFlags = [
86
27
"--with-http_ssl_module"
···
104
45
"--with-ipv6"
105
46
# Install destination problems
106
47
# "--with-http_perl_module"
107
-
] ++ optional rtmp "--add-module=${rtmp-ext}"
108
-
++ optional fullWebDAV "--add-module=${dav-ext}"
109
-
++ optional syslog "--add-module=${syslog-ext}"
110
-
++ optional moreheaders "--add-module=${moreheaders-ext}"
111
-
++ optional echo "--add-module=${echo-ext}"
112
-
++ optional ngx_lua "--add-module=${develkit-ext} --add-module=${lua-ext}"
113
-
++ optional withStream "--with-stream"
114
-
++ optional (elem stdenv.system (with platforms; linux ++ freebsd)) "--with-file-aio";
115
-
48
+
] ++ optional withStream "--with-stream"
49
+
++ optional (elem stdenv.system (with platforms; linux ++ freebsd)) "--with-file-aio"
50
+
++ map (mod: "--add-module=${mod.src}") modules;
116
51
117
-
additionalFlags = optionalString stdenv.isDarwin "-Wno-error=deprecated-declarations";
52
+
NIX_CFLAGS_COMPILE = [ "-I${libxml2}/include/libxml2" ] ++ optional stdenv.isDarwin "-Wno-error=deprecated-declarations";
118
53
119
-
preConfigure = ''
120
-
export NIX_CFLAGS_COMPILE="$NIX_CFLAGS_COMPILE -I${libxml2}/include/libxml2 $additionalFlags"
121
-
'';
54
+
preConfigure = concatMapStringsSep "\n" (mod: mod.preConfigure or "") modules;
122
55
123
56
postInstall = ''
124
57
mv $out/sbin $out/bin
+7
-7
pkgs/top-level/all-packages.nix
+7
-7
pkgs/top-level/all-packages.nix
···
9192
9192
neard = callPackage ../servers/neard { };
9193
9193
9194
9194
nginx = callPackage ../servers/http/nginx {
9195
-
rtmp = true;
9196
-
fullWebDAV = true;
9197
-
syslog = false; # the patch is not found
9198
-
moreheaders = true;
9195
+
# We don't use `with` statement here on purpose!
9196
+
# See https://github.com/NixOS/nixpkgs/pull/10474/files#r42369334
9197
+
modules = [ nginxModules.rtmp nginxModules.dav nginxModules.moreheaders ];
9199
9198
};
9199
+
9200
9200
nginxUnstable = callPackage ../servers/http/nginx/unstable.nix {
9201
-
fullWebDAV = true;
9202
-
syslog = false; # the patch is not found
9203
-
moreheaders = true;
9201
+
modules = [ nginxModules.rtmp nginxModules.dav nginxModules.moreheaders ];
9204
9202
};
9203
+
9204
+
nginxModules = callPackage ../servers/http/nginx/modules.nix { };
9205
9205
9206
9206
ngircd = callPackage ../servers/irc/ngircd { };
9207
9207