caddy: include and utilize systemd service from upstream (#147305)

3 years ago · a4977db2e8
parent bcc975b98e
commit a4977db2e8
2 changed files with 29 additions and 21 deletions
--- a/nixos/modules/services/web-servers/caddy/default.nix
+++ b/nixos/modules/services/web-servers/caddy/default.nix
@ -171,34 +171,27 @@ in
  };

  config = mkIf cfg.enable {
+    systemd.packages = [ cfg.package ];
    systemd.services.caddy = {
-      description = "Caddy web server";
-      # upstream unit: https://github.com/caddyserver/dist/blob/master/init/caddy.service
-      after = [ "network-online.target" ];
-      wants = [ "network-online.target" ]; # systemd-networkd-wait-online.service
      wantedBy = [ "multi-user.target" ];
      startLimitIntervalSec = 14400;
      startLimitBurst = 10;
+
      serviceConfig = {
-        ExecStart = "${cfg.package}/bin/caddy run ${optionalString cfg.resume "--resume"} --config ${configJSON}";
-        ExecReload = "${cfg.package}/bin/caddy reload --config ${configJSON}";
-        Type = "simple";
+        # https://www.freedesktop.org/software/systemd/man/systemd.service.html#ExecStart=
+        # If the empty string is assigned to this option, the list of commands to start is reset, prior assignments of this option will have no effect.
+        ExecStart = [ "" "${cfg.package}/bin/caddy run ${optionalString cfg.resume "--resume"} --config ${configJSON}" ];
+        ExecReload = [ "" "${cfg.package}/bin/caddy reload --config ${configJSON}" ];
+
        User = cfg.user;
        Group = cfg.group;
+        ReadWriteDirectories = cfg.dataDir;
        Restart = "on-abnormal";
-        AmbientCapabilities = "cap_net_bind_service";
-        CapabilityBoundingSet = "cap_net_bind_service";
+
+        # TODO: attempt to upstream these options
        NoNewPrivileges = true;
-        LimitNPROC = 512;
-        LimitNOFILE = 1048576;
-        PrivateTmp = true;
        PrivateDevices = true;
        ProtectHome = true;
-        ProtectSystem = "full";
-        ReadWriteDirectories = cfg.dataDir;
-        KillMode = "mixed";
-        KillSignal = "SIGQUIT";
-        TimeoutStopSec = "5s";
      };
    };

--- a/pkgs/servers/caddy/default.nix
+++ b/pkgs/servers/caddy/default.nix
@ -1,20 +1,35 @@
 { lib, buildGoModule, fetchFromGitHub, nixosTests }:
-
-buildGoModule rec {
-  pname = "caddy";
+let
  version = "2.4.6";
+  dist = fetchFromGitHub {
+    owner = "caddyserver";
+    repo = "dist";
+    rev = "v${version}";
+    sha256 = "sha256-EXs+LNb87RWkmSWvs8nZIVqRJMutn+ntR241gqI7CUg=";
+  };
+in
+buildGoModule {
+  pname = "caddy";
+  inherit version;

  subPackages = [ "cmd/caddy" ];

  src = fetchFromGitHub {
    owner = "caddyserver";
-    repo = pname;
+    repo = "caddy";
    rev = "v${version}";
    sha256 = "sha256-xNCxzoNpXkj8WF9+kYJfO18ux8/OhxygkGjA49+Q4vY=";
  };

  vendorSha256 = "sha256-NomgHqIiugSISbEtvIbJDn5GRn6Dn72adLPkAvLbUQU=";

+  postInstall = ''
+    install -Dm644 ${dist}/init/caddy.service ${dist}/init/caddy-api.service -t $out/lib/systemd/system
+
+    substituteInPlace $out/lib/systemd/system/caddy.service --replace "/usr/bin/caddy" "$out/bin/caddy"
+    substituteInPlace $out/lib/systemd/system/caddy-api.service --replace "/usr/bin/caddy" "$out/bin/caddy"
+  '';
+
  passthru.tests = { inherit (nixosTests) caddy; };

  meta = with lib; {