summaryrefslogtreecommitdiffstats
path: root/nixos/modules/services/web-servers/nginx/default.nix
diff options
context:
space:
mode:
Diffstat (limited to 'nixos/modules/services/web-servers/nginx/default.nix')
-rw-r--r--nixos/modules/services/web-servers/nginx/default.nix18
1 files changed, 17 insertions, 1 deletions
diff --git a/nixos/modules/services/web-servers/nginx/default.nix b/nixos/modules/services/web-servers/nginx/default.nix
index 3d1a00ccde7c..40470f535bf6 100644
--- a/nixos/modules/services/web-servers/nginx/default.nix
+++ b/nixos/modules/services/web-servers/nginx/default.nix
@@ -164,7 +164,7 @@ let
${commonHttpConfig}
${optionalString (cfg.resolver.addresses != []) ''
- resolver ${toString cfg.resolver.addresses} ${optionalString (cfg.resolver.valid != "") "valid=${cfg.resolver.valid}"} ${optionalString (!cfg.resolver.ipv6) "ipv6=off"};
+ resolver ${toString cfg.resolver.addresses} ${optionalString (cfg.resolver.valid != "") "valid=${cfg.resolver.valid}"} ${optionalString (!cfg.resolver.ipv4) "ipv4=off"} ${optionalString (!cfg.resolver.ipv6) "ipv6=off"};
''}
${upstreamConfig}
@@ -978,6 +978,15 @@ in
An optional valid parameter allows overriding it
'';
};
+ ipv4 = mkOption {
+ type = types.bool;
+ default = true;
+ description = ''
+ By default, nginx will look up both IPv4 and IPv6 addresses while resolving.
+ If looking up of IPv4 addresses is not desired, the ipv4=off parameter can be
+ specified.
+ '';
+ };
ipv6 = mkOption {
type = types.bool;
default = true;
@@ -1179,6 +1188,13 @@ in
to answer to ACME requests.
'';
}
+
+ {
+ assertion = cfg.resolver.ipv4 || cfg.resolver.ipv6;
+ message = ''
+ At least one of services.nginx.resolver.ipv4 and services.nginx.resolver.ipv6 must be true.
+ '';
+ }
] ++ map (name: mkCertOwnershipAssertion {
inherit (cfg) group user;
cert = config.security.acme.certs.${name};
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-07 13:21:45 +0000