pkgs/servers/http/nginx/generic.nix at netboot-syslinux-multiplatform

tjh.dev / nixpkgs
fork atom
nixpkgs mirror (for testing) github.com/NixOS/nixpkgs
nix
fork atom
nixpkgs / pkgs / servers / http / nginx / generic.nix
at netboot-syslinux-multiplatform 195 lines 6.6 kB view raw
wrap content
  1outer@{ lib, stdenv, fetchurl, fetchpatch, openssl, zlib, pcre, libxml2, libxslt
  2, nginx-doc
  3
  4, nixosTests
  5, substituteAll, removeReferencesTo, gd, geoip, perl
  6, withDebug ? false
  7, withKTLS ? false
  8, withStream ? true
  9, withMail ? false
 10, withPerl ? true
 11, withSlice ? false
 12, modules ? []
 13, ...
 14}:
 15
 16{ pname ? "nginx"
 17, version
 18, nginxVersion ? version
 19, src ? null # defaults to upstream nginx ${version}
 20, hash ? null # when not specifying src
 21, configureFlags ? []
 22, nativeBuildInputs ? []
 23, buildInputs ? []
 24, extraPatches ? []
 25, fixPatch ? p: p
 26, postPatch ? ""
 27, preConfigure ? ""
 28, postInstall ? ""
 29, meta ? null
 30, nginx-doc ? outer.nginx-doc
 31, passthru ? { tests = {}; }
 32}:
 33
 34let
 35
 36  moduleNames = map (mod: mod.name or (throw "The nginx module with source ${toString mod.src} does not have a `name` attribute. This prevents duplicate module detection and is no longer supported."))
 37    modules;
 38
 39  mapModules = attrPath: lib.flip lib.concatMap modules
 40    (mod:
 41      let supports = mod.supports or (_: true);
 42      in
 43        if supports nginxVersion then mod.${attrPath} or []
 44        else throw "Module at ${toString mod.src} does not support nginx version ${nginxVersion}!");
 45
 46in
 47
 48assert lib.assertMsg (lib.unique moduleNames == moduleNames)
 49  "nginx: duplicate modules: ${lib.concatStringsSep ", " moduleNames}. A common cause for this is that services.nginx.additionalModules adds a module which the nixos module itself already adds.";
 50
 51stdenv.mkDerivation {
 52  inherit pname version nginxVersion;
 53
 54  outputs = ["out" "doc"];
 55
 56  src = if src != null then src else fetchurl {
 57    url = "https://nginx.org/download/nginx-${version}.tar.gz";
 58    inherit hash;
 59  };
 60
 61  nativeBuildInputs = [ removeReferencesTo ]
 62    ++ nativeBuildInputs;
 63
 64  buildInputs = [ openssl zlib pcre libxml2 libxslt gd geoip perl ]
 65    ++ buildInputs
 66    ++ mapModules "inputs";
 67
 68  configureFlags = [
 69    "--with-http_ssl_module"
 70    "--with-http_v2_module"
 71    "--with-http_realip_module"
 72    "--with-http_addition_module"
 73    "--with-http_xslt_module"
 74    "--with-http_sub_module"
 75    "--with-http_dav_module"
 76    "--with-http_flv_module"
 77    "--with-http_mp4_module"
 78    "--with-http_gunzip_module"
 79    "--with-http_gzip_static_module"
 80    "--with-http_auth_request_module"
 81    "--with-http_random_index_module"
 82    "--with-http_secure_link_module"
 83    "--with-http_degradation_module"
 84    "--with-http_stub_status_module"
 85    "--with-threads"
 86    "--with-pcre-jit"
 87    "--http-log-path=/var/log/nginx/access.log"
 88    "--error-log-path=/var/log/nginx/error.log"
 89    "--pid-path=/var/log/nginx/nginx.pid"
 90    "--http-client-body-temp-path=/tmp/nginx_client_body"
 91    "--http-proxy-temp-path=/tmp/nginx_proxy"
 92    "--http-fastcgi-temp-path=/tmp/nginx_fastcgi"
 93    "--http-uwsgi-temp-path=/tmp/nginx_uwsgi"
 94    "--http-scgi-temp-path=/tmp/nginx_scgi"
 95  ] ++ lib.optionals withDebug [
 96    "--with-debug"
 97  ] ++ lib.optionals withKTLS [
 98    "--with-openssl-opt=enable-ktls"
 99  ] ++ lib.optionals withStream [
100    "--with-stream"
101    "--with-stream_realip_module"
102    "--with-stream_ssl_module"
103    "--with-stream_ssl_preread_module"
104  ] ++ lib.optionals withMail [
105    "--with-mail"
106    "--with-mail_ssl_module"
107  ] ++ lib.optionals withPerl [
108    "--with-http_perl_module"
109    "--with-perl=${perl}/bin/perl"
110    "--with-perl_modules_path=lib/perl5"
111  ] ++ lib.optional withSlice "--with-http_slice_module"
112    ++ lib.optional (gd != null) "--with-http_image_filter_module"
113    ++ lib.optional (geoip != null) "--with-http_geoip_module"
114    ++ lib.optional (withStream && geoip != null) "--with-stream_geoip_module"
115    ++ lib.optional (with stdenv.hostPlatform; isLinux || isFreeBSD) "--with-file-aio"
116    ++ configureFlags
117    ++ map (mod: "--add-module=${mod.src}") modules;
118
119  env.NIX_CFLAGS_COMPILE = toString ([
120    "-I${libxml2.dev}/include/libxml2"
121    "-Wno-error=implicit-fallthrough"
122  ] ++ lib.optionals (stdenv.cc.isGNU && lib.versionAtLeast stdenv.cc.version "11") [
123    # fix build vts module on gcc11
124    "-Wno-error=stringop-overread"
125  ] ++ lib.optional stdenv.isDarwin "-Wno-error=deprecated-declarations");
126
127  configurePlatforms = [];
128
129  # Disable _multioutConfig hook which adds --bindir=$out/bin into configureFlags,
130  # which breaks build, since nginx does not actually use autoconf.
131  preConfigure = ''
132    setOutputFlags=
133  '' + preConfigure
134     + lib.concatMapStringsSep "\n" (mod: mod.preConfigure or "") modules;
135
136  patches = map fixPatch ([
137    (substituteAll {
138      src = ./nix-etag-1.15.4.patch;
139      preInstall = ''
140        export nixStoreDir="$NIX_STORE" nixStoreDirLen="''${#NIX_STORE}"
141      '';
142    })
143    ./nix-skip-check-logs-path.patch
144  ] ++ lib.optionals (stdenv.hostPlatform != stdenv.buildPlatform) [
145    (fetchpatch {
146      url = "https://raw.githubusercontent.com/openwrt/packages/c057dfb09c7027287c7862afab965a4cd95293a3/net/nginx/patches/102-sizeof_test_fix.patch";
147      sha256 = "0i2k30ac8d7inj9l6bl0684kjglam2f68z8lf3xggcc2i5wzhh8a";
148    })
149    (fetchpatch {
150      url = "https://raw.githubusercontent.com/openwrt/packages/c057dfb09c7027287c7862afab965a4cd95293a3/net/nginx/patches/101-feature_test_fix.patch";
151      sha256 = "0v6890a85aqmw60pgj3mm7g8nkaphgq65dj4v9c6h58wdsrc6f0y";
152    })
153    (fetchpatch {
154      url = "https://raw.githubusercontent.com/openwrt/packages/c057dfb09c7027287c7862afab965a4cd95293a3/net/nginx/patches/103-sys_nerr.patch";
155      sha256 = "0s497x6mkz947aw29wdy073k8dyjq8j99lax1a1mzpikzr4rxlmd";
156    })
157  ] ++ mapModules "patches")
158    ++ extraPatches;
159
160  inherit postPatch;
161
162  hardeningEnable = lib.optional (!stdenv.isDarwin) "pie";
163
164  enableParallelBuilding = true;
165
166  preInstall = ''
167    mkdir -p $doc
168    cp -r ${nginx-doc}/* $doc
169  '';
170
171  disallowedReferences = map (m: m.src) modules;
172
173  postInstall =
174    let
175      noSourceRefs = lib.concatMapStrings (m: "remove-references-to -t ${m.src} $out/sbin/nginx\n") modules;
176    in noSourceRefs + postInstall;
177
178  passthru = {
179    inherit modules;
180    tests = {
181      inherit (nixosTests) nginx nginx-auth nginx-etag nginx-globalredirect nginx-http3 nginx-pubhtml nginx-sandbox nginx-sso nginx-proxyprotocol;
182      variants = lib.recurseIntoAttrs nixosTests.nginx-variants;
183      acme-integration = nixosTests.acme;
184    } // passthru.tests;
185  };
186
187  meta = if meta != null then meta else with lib; {
188    description = "A reverse proxy and lightweight webserver";
189    homepage    = "http://nginx.org";
190    license     = [ licenses.bsd2 ]
191      ++ concatMap (m: m.meta.license) modules;
192    platforms   = platforms.all;
193    maintainers = with maintainers; [ thoughtpolice raskin fpletz globin ajs124 ];
194  };
195}