colin
/
nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #304642 from erictapen/nginx-resolver-ipv4 

nixos/nginx: allow for resolving IPv6 addresses only
This commit is contained in:
Sandro 2024-04-18 00:03:16 +02:00 committed by GitHub
parent d8b7917df2 d6e8934f38
commit 7e02555456
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 17 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
nixos/modules/services/web-servers/nginx/default.nix
View File

@ -164,7 +164,7 @@ let
${commonHttpConfig}
${optionalString (cfg.resolver.addresses != []) ''
resolver ${toString cfg.resolver.addresses} ${optionalString (cfg.resolver.valid != "") "valid=${cfg.resolver.valid}"} ${optionalString (!cfg.resolver.ipv6) "ipv6=off"};
resolver ${toString cfg.resolver.addresses} ${optionalString (cfg.resolver.valid != "") "valid=${cfg.resolver.valid}"} ${optionalString (!cfg.resolver.ipv4) "ipv4=off"} ${optionalString (!cfg.resolver.ipv6) "ipv6=off"};
''}
${upstreamConfig}
@ -978,6 +978,15 @@ in
An optional valid parameter allows overriding it
'';
};
ipv4 = mkOption {
type = types.bool;
default = true;
description = ''
By default, nginx will look up both IPv4 and IPv6 addresses while resolving.
If looking up of IPv4 addresses is not desired, the ipv4=off parameter can be
specified.
'';
};
ipv6 = mkOption {
type = types.bool;
default = true;
@ -1179,6 +1188,13 @@ in
to answer to ACME requests.
'';
}
{
assertion = cfg.resolver.ipv4 || cfg.resolver.ipv6;
message = ''
At least one of services.nginx.resolver.ipv4 and services.nginx.resolver.ipv6 must be true.
'';
}
] ++ map (name: mkCertOwnershipAssertion {
inherit (cfg) group user;
cert = config.security.acme.certs.${name};