nixos/nginx: add locations."name".uwsgiPass and related options and use it

Author: SuperSandro2000

nixos/modules/services/mail/mailman.nix

@@ -441,7 +441,7 @@ in {
       enable = lib.mkDefault true;
       virtualHosts = lib.genAttrs cfg.webHosts (webHost: {
         locations = {
-          ${cfg.serve.virtualRoot}.extraConfig = "uwsgi_pass unix:/run/mailman-web.socket;";
+          ${cfg.serve.virtualRoot}.uwsgiPass = "unix:/run/mailman-web.socket";
           "${lib.removeSuffix "/" cfg.serve.virtualRoot}/static/".alias = webSettings.STATIC_ROOT + "/";
         };
       });

nixos/modules/services/web-servers/nginx/default.nix

@@ -94,14 +94,22 @@ let
     REDIRECT_STATUS   = "200";
   };
 
-  recommendedProxyConfig = pkgs.writeText "nginx-recommended-proxy-headers.conf" ''
+  recommendedProxyConfig = pkgs.writeText "nginx-recommended-proxy_set_header-headers.conf" ''
     proxy_set_header        Host $host;
     proxy_set_header        X-Real-IP $remote_addr;
     proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
     proxy_set_header        X-Forwarded-Proto $scheme;
     proxy_set_header        X-Forwarded-Host $host;
     proxy_set_header        X-Forwarded-Server $host;
   '';
+  recommendedUwsgiConfig = pkgs.writeText "nginx-recommended-uwsgi_param-headers.conf" ''
+    uwsgi_param             HTTP_HOST $host;
+    uwsgi_param             HTTP_X_REAL_IP $remote_addr;
+    uwsgi_param             HTTP_X_FORWARDED_FOR $proxy_add_x_forwarded_for;
+    uwsgi_param             HTTP_X_FORWARDED_PROTO $scheme;
+    uwsgi_param             HTTP_X_FORWARDED_HOST $host;
+    uwsgi_param             HTTP_X_FORWARDED_SERVER $host;
+  '';
 
   proxyCachePathConfig = concatStringsSep "\n" (mapAttrsToList (name: proxyCachePath: ''
     proxy_cache_path ${concatStringsSep " " [
@@ -238,6 +246,15 @@ let
         include ${recommendedProxyConfig};
       ''}
 
+      ${optionalString cfg.recommendedUwsgiSettings ''
+        uwsgi_connect_timeout   ${cfg.uwsgiTimeout};
+        uwsgi_send_timeout      ${cfg.uwsgiTimeout};
+        uwsgi_read_timeout      ${cfg.uwsgiTimeout};
+        uwsgi_param             HTTP_CONNECTION "";
+        include ${cfg.package}/conf/uwsgi_params;
+        include ${recommendedUwsgiConfig};
+      ''}
+
       ${optionalString (cfg.mapHashBucketSize != null) ''
         map_hash_bucket_size ${toString cfg.mapHashBucketSize};
       ''}
@@ -442,6 +459,13 @@ let
         proxy_set_header Upgrade $http_upgrade;
         proxy_set_header Connection $connection_upgrade;
       ''}
+      ${optionalString (config.uwsgiPass != null && !cfg.uwsgiResolveWhileRunning)
+        "uwsgi_pass ${config.uwsgiPass};"
+      }
+      ${optionalString (config.uwsgiPass != null && cfg.uwsgiResolveWhileRunning) ''
+        set $nix_proxy_target "${config.uwsgiPass}";
+        uwsgi_pass $nix_proxy_target;
+      ''}
       ${concatStringsSep "\n"
         (mapAttrsToList (n: v: ''fastcgi_param ${n} "${v}";'')
           (optionalAttrs (config.fastcgiParams != {})
@@ -453,6 +477,7 @@ let
       ${optionalString (config.return != null) "return ${toString config.return};"}
       ${config.extraConfig}
       ${optionalString (config.proxyPass != null && config.recommendedProxySettings) "include ${recommendedProxyConfig};"}
+      ${optionalString (config.uwsgiPass != null && config.recommendedUwsgiSettings) "include ${cfg.package}/conf/uwsgi_params; include ${recommendedUwsgiConfig};"}
       ${mkBasicAuth "sublocation" config}
     }
   '') (sortProperties (mapAttrsToList (k: v: v // { location = k; }) locations)));
@@ -553,6 +578,23 @@ in
         '';
       };
 
+      recommendedUwsgiSettings = mkOption {
+        default = false;
+        type = types.bool;
+        description = ''
+          Whether to enable recommended uwsgi settings if a vhost does not specify the option manually.
+        '';
+      };
+
+      uwsgiTimeout = mkOption {
+        type = types.str;
+        default = "60s";
+        example = "20s";
+        description = ''
+          Change the uwsgi related timeouts in recommendedUwsgiSettings.
+        '';
+      };
+
       defaultListen = mkOption {
         type = with types; listOf (submodule {
           options = {
@@ -859,6 +901,16 @@ in
         '';
       };
 
+      uwsgiResolveWhileRunning = mkOption {
+        type = types.bool;
+        default = false;
+        description = ''
+          Resolves domains of uwsgi targets at runtime
+          and not only at start, you have to set
+          services.nginx.resolver, too.
+        '';
+      };
+
       mapHashBucketSize = mkOption {
         type = types.nullOr (types.enum [ 32 64 128 ]);
         default = null;
@@ -1163,6 +1215,16 @@ in
         '';
       }
 
+      {
+        assertion = all (host:
+          all (location: !(location.proxyPass != null && location.uwsgiPass != null)) (attrValues host.locations))
+        (attrValues virtualHosts);
+        message = ''
+          Options services.nginx.service.virtualHosts.<name>.proxyPass and
+          services.nginx.virtualHosts.<name>.uwsgiPass are mutually exclusive.
+        '';
+      }
+
       {
         assertion = cfg.package.pname != "nginxQuic" && cfg.package.pname != "angieQuic" -> !(cfg.enableQuicBPF);
         message = ''

nixos/modules/services/web-servers/nginx/location-options.nix

@@ -56,6 +56,16 @@ with lib;
       '';
     };
 
+    uwsgiPass = mkOption {
+      type = types.nullOr types.str;
+      default = null;
+      example = "unix:/run/example/example.sock";
+      description = ''
+        Adds uwsgi_pass directive and sets recommended proxy headers if
+        recommendedUwsgiSettings is enabled.
+      '';
+    };
+
     index = mkOption {
       type = types.nullOr types.str;
       default = null;
@@ -137,5 +147,14 @@ with lib;
         Enable recommended proxy settings.
       '';
     };
+
+    recommendedUwsgiSettings = mkOption {
+      type = types.bool;
+      default = config.services.nginx.recommendedUwsgiSettings;
+      defaultText = literalExpression "config.services.nginx.recommendedUwsgiSettings";
+      description = ''
+        Enable recommended uwsgi settings.
+      '';
+    };
   };
 }