push sheeet

2025-10-09 14:15:47 +02:00
commit 646b892680
49168 changed files with 5897842 additions and 0 deletions
--- a/pkgs/by-name/ca/caddy/package.nix
+++ b/pkgs/by-name/ca/caddy/package.nix
@@ -0,0 +1,99 @@
+{
+  lib,
+  buildGo125Module,
+  callPackage,
+  fetchFromGitHub,
+  nixosTests,
+  caddy,
+  testers,
+  installShellFiles,
+  stdenv,
+  writableTmpDirAsHomeHook,
+}:
+let
+  version = "2.10.2";
+  dist = fetchFromGitHub {
+    owner = "caddyserver";
+    repo = "dist";
+    tag = "v${version}";
+    hash = "sha256-D1qI7TDJpSvtgpo1FsPZk6mpqRvRharFZ8soI7Mn3RE=";
+  };
+in
+buildGo125Module {
+  pname = "caddy";
+  inherit version;
+
+  src = fetchFromGitHub {
+    owner = "caddyserver";
+    repo = "caddy";
+    tag = "v${version}";
+    hash = "sha256-KvikafRYPFZ0xCXqDdji1rxlkThEDEOHycK8GP5e8vk=";
+  };
+
+  vendorHash = "sha256-wjcmWKVmLBAybILUi8tKEDnFbhtybf042ODH7jEq6r8=";
+
+  ldflags = [
+    "-s"
+    "-w"
+    "-X github.com/caddyserver/caddy/v2.CustomVersion=${version}"
+  ];
+
+  # matches upstream since v2.8.0
+  tags = [
+    "nobadger"
+    "nomysql"
+    "nopgx"
+  ];
+
+  nativeBuildInputs = [ installShellFiles ];
+
+  nativeCheckInputs = [ writableTmpDirAsHomeHook ];
+
+  __darwinAllowLocalNetworking = true;
+
+  postInstall = ''
+    install -Dm644 ${dist}/init/caddy.service ${dist}/init/caddy-api.service -t $out/lib/systemd/system
+
+    substituteInPlace $out/lib/systemd/system/caddy.service \
+      --replace-fail "/usr/bin/caddy" "$out/bin/caddy"
+    substituteInPlace $out/lib/systemd/system/caddy-api.service \
+      --replace-fail "/usr/bin/caddy" "$out/bin/caddy"
+  ''
+  + lib.optionalString (stdenv.buildPlatform.canExecute stdenv.hostPlatform) ''
+    # Generating man pages and completions fail on cross-compilation
+    # https://github.com/NixOS/nixpkgs/issues/308283
+
+    $out/bin/caddy manpage --directory manpages
+    installManPage manpages/*
+
+    installShellCompletion --cmd caddy \
+      --bash <($out/bin/caddy completion bash) \
+      --fish <($out/bin/caddy completion fish) \
+      --zsh <($out/bin/caddy completion zsh)
+  '';
+
+  passthru = {
+    tests = {
+      inherit (nixosTests) caddy;
+      version = testers.testVersion {
+        command = "${caddy}/bin/caddy version";
+        package = caddy;
+      };
+      acme-integration = nixosTests.acme.caddy;
+    };
+    withPlugins = callPackage ./plugins.nix { inherit caddy; };
+  };
+
+  meta = {
+    homepage = "https://caddyserver.com";
+    description = "Fast and extensible multi-platform HTTP/1-2-3 web server with automatic HTTPS";
+    license = lib.licenses.asl20;
+    mainProgram = "caddy";
+    maintainers = with lib.maintainers; [
+      Br1ght0ne
+      stepbrobd
+      techknowlogick
+      ryan4yin
+    ];
+  };
+}
--- a/pkgs/by-name/ca/caddy/plugins.nix
+++ b/pkgs/by-name/ca/caddy/plugins.nix
@@ -0,0 +1,157 @@
+# callPackage args
+{
+  lib,
+  stdenv,
+  go,
+  xcaddy,
+  cacert,
+  git,
+  caddy,
+}:
+
+let
+  inherit (builtins) hashString;
+  inherit (lib)
+    assertMsg
+    concatMapStrings
+    elemAt
+    fakeHash
+    filter
+    hasInfix
+    length
+    lessThan
+    sort
+    toShellVar
+    ;
+in
+
+# pkgs.caddy.withPlugins args
+{
+  plugins,
+  hash ? fakeHash,
+  doInstallCheck ? true,
+}:
+
+let
+  pluginsSorted = sort lessThan plugins;
+  pluginsList = concatMapStrings (plugin: "${plugin}-") pluginsSorted;
+  pluginsHash = hashString "md5" pluginsList;
+  pluginsWithoutVersion = filter (p: !hasInfix "@" p) pluginsSorted;
+in
+
+# eval barrier: user provided plugins must have tags
+# the go module must either be tagged in upstream repo
+# or user must provide commit sha or a pseudo-version number
+# https://go.dev/doc/modules/version-numbers#pseudo-version-number
+assert assertMsg (
+  length pluginsWithoutVersion == 0
+) "Plugins must have tags present (e.g. ${elemAt pluginsWithoutVersion 0}@x.y.z)!";
+
+caddy.overrideAttrs (
+  finalAttrs: prevAttrs: {
+    vendorHash = null;
+    subPackages = [ "." ];
+
+    src = stdenv.mkDerivation {
+      pname = "caddy-src-with-plugins-${pluginsHash}";
+      version = finalAttrs.version;
+
+      nativeBuildInputs = [
+        go
+        xcaddy
+        cacert
+        git
+      ];
+      dontUnpack = true;
+      buildPhase =
+        let
+          withArgs = concatMapStrings (plugin: "--with ${plugin} ") pluginsSorted;
+        in
+        ''
+          export GOCACHE=$TMPDIR/go-cache
+          export GOPATH="$TMPDIR/go"
+          XCADDY_SKIP_BUILD=1 TMPDIR="$PWD" xcaddy build v${finalAttrs.version} ${withArgs}
+          (cd buildenv* && go mod vendor)
+        '';
+      installPhase = ''
+        mv buildenv* $out
+      '';
+
+      outputHashMode = "recursive";
+      outputHash = hash;
+      outputHashAlgo = "sha256";
+    };
+
+    # xcaddy built output always uses pseudo-version number
+    # we enforce user provided plugins are present and have matching tags here
+    inherit doInstallCheck;
+    installCheckPhase = ''
+      runHook preInstallCheck
+
+      declare -A modules errors
+      ${toShellVar "notfound" pluginsSorted}
+
+      # put build info that we care about into `modules` list
+      while read -r kind module version _; do
+        case "$kind" in
+          'dep'|'=>')
+            modules[$module]=$version
+            ;;
+          *)
+            # we only care about 'dep' and '=>' directives for now
+            ;;
+        esac
+      done < <($out/bin/caddy build-info)
+
+      # compare build-time (Nix side) against runtime (Caddy side)
+      for spec in "''${notfound[@]}"; do
+        if [[ $spec == *=* ]]; then
+            # orig=repl_mod@repl_ver
+            orig=''${spec%%=*}
+            repl=''${spec#*=}
+            repl_mod=''${repl%@*}
+            repl_ver=''${repl#*@}
+
+            if [[ -z ''${modules[$orig]} ]]; then
+                errors[$spec]="plugin \"$spec\" with replacement not found in build info:\n  reason: \"$orig\" missing"
+            elif [[ -z ''${modules[$repl_mod]} ]]; then
+                errors[$spec]="plugin \"$spec\" with replacement not found in build info:\n  reason: \"$repl_mod\" missing"
+            elif [[ "''${modules[$repl_mod]}" != "$repl_ver" ]]; then
+                errors[$spec]="plugin \"$spec\" have incorrect tag:\n  specified: \"$spec\"\n  got: \"$orig=$repl_mod@''${modules[$repl_mod]}\""
+            fi
+        else
+          # mod@ver
+          mod=''${spec%@*}
+          ver=''${spec#*@}
+
+          if [[ -z ''${modules[$mod]} ]]; then
+              errors[$spec]="plugin \"$spec\" not found in build info"
+          elif [[ "''${modules[$mod]}" != "$ver" ]]; then
+              errors[$spec]="plugin \"$spec\" have incorrect tag:\n  specified: \"$spec\"\n  got: \"$mod@''${modules[$mod]}\""
+          fi
+        fi
+      done
+
+      # print errors if any
+      if [[ ''${#errors[@]} -gt 0 ]]; then
+        for spec in "''${!errors[@]}"; do
+          printf "Error: ''${errors[$spec]}\n" >&2
+        done
+
+        echo "Tips:"
+        echo "If:"
+        echo "  - you are using module replacement (e.g. \`plugin1=plugin2@version\`)"
+        echo "  - the provided Caddy plugin is under a repository's subdirectory, and \`go.{mod,sum}\` files are not in that subdirectory"
+        echo "  - you have custom build logic or other advanced use cases"
+        echo "Please consider:"
+        echo "  - set \`doInstallCheck = false\`"
+        echo "  - write your own \`installCheckPhase\` and override the default script"
+        echo "If you are sure this error is caused by packaging, or by caddy/xcaddy, raise an issue with upstream or nixpkgs"
+
+        exit 1
+      fi
+
+      runHook postInstallCheck
+    '';
+  }
+)