nginx: expose generated config and allow nginx reloads

Fixes: NixOS#15906 Another try was done, but not yet merged in NixOS#24476 This add 2 new features: ability to review generated Nginx config (and NixOS has sophisticated generation!) and reloading of nginx on config changes. This preserves nginx restart on package updates. I've modified nginx test to use this new feature and check reload/restart behavior.
danbst · Mar 11, 2019 · 8b036d5 · 8b036d5
1 parent 777e94d
commit 8b036d5
Show file tree

Hide file tree

Showing 2 changed files with 59 additions and 5 deletions.
diff --git a/nixos/modules/services/web-servers/nginx/default.nix b/nixos/modules/services/web-servers/nginx/default.nix
@@ -174,6 +174,10 @@ let
     ${cfg.appendConfig}
   '';
 
+  configPath = if cfg.exposeConfig
+    then "/etc/nginx/nginx.conf"
+    else configFile;
+
   vhosts = concatStringsSep "\n" (mapAttrsToList (vhostName: vhost:
     let
         onlySSL = vhost.onlySSL || vhost.enableSSL;
@@ -373,7 +377,7 @@ in
       preStart =  mkOption {
         type = types.lines;
         default = ''
-          test -d ${cfg.stateDir}/logs || mkdir -m 750 -p ${cfg.stateDir}/logs  
+          test -d ${cfg.stateDir}/logs || mkdir -m 750 -p ${cfg.stateDir}/logs
           test `stat -c %a ${cfg.stateDir}` = "750" || chmod 750 ${cfg.stateDir}
           test `stat -c %a ${cfg.stateDir}/logs` = "750" || chmod 750 ${cfg.stateDir}/logs
           chown -R ${cfg.user}:${cfg.group} ${cfg.stateDir}
@@ -453,6 +457,15 @@ in
         ";
       };
 
+      exposeConfig = mkOption {
+        default = false;
+        type = types.bool;
+        description = ''
+          Whether to expose generated config file as /etc/nginx/nginx.conf.
+          This also allows nginx reload config on changes instead of restart.
+        '';
+      };
+
       stateDir = mkOption {
         default = "/var/spool/nginx";
         description = "
@@ -651,17 +664,34 @@ in
       preStart =
         ''
         ${cfg.preStart}
-        ${cfg.package}/bin/nginx -c ${configFile} -p ${cfg.stateDir} -t
+        ${cfg.package}/bin/nginx -c ${configPath} -p ${cfg.stateDir} -t
         '';
       serviceConfig = {
-        ExecStart = "${cfg.package}/bin/nginx -c ${configFile} -p ${cfg.stateDir}";
+        ExecStart = "${cfg.package}/bin/nginx -c ${configPath} -p ${cfg.stateDir}";
         ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
         Restart = "always";
         RestartSec = "10s";
         StartLimitInterval = "1min";
       };
     };
 
+    environment.etc."nginx/nginx.conf" = mkIf cfg.exposeConfig {
+      source = configFile;
+    };
+
+    systemd.services.nginx-config-reload = mkIf cfg.exposeConfig {
+      wantedBy = [ "nginx.service" ];
+      restartTriggers = [ configFile ];
+      script = ''
+        if ${pkgs.systemd}/bin/systemctl -q is-active nginx.service ; then
+          ${pkgs.systemd}/bin/systemctl reload nginx.service
+        else
+          true
+        fi
+      '';
+      serviceConfig.RemainAfterExit = true;
+    };
+
     security.acme.certs = filterAttrs (n: v: v != {}) (
       let
         vhostsConfigs = mapAttrsToList (vhostName: vhostConfig: vhostConfig) virtualHosts;

diff --git a/nixos/tests/nginx.nix b/nixos/tests/nginx.nix
@@ -10,7 +10,7 @@ import ./make-test.nix ({ pkgs, ...} : {
 
   nodes = {
     webserver =
-      { ... }:
+      { nodes, ... }:
       { services.nginx.enable = true;
         services.nginx.commonHttpConfig = ''
         log_format ceeformat '@cee: {"status":"$status",'
@@ -30,13 +30,37 @@ import ./make-test.nix ({ pkgs, ...} : {
             access_log syslog:server=unix:/dev/log,facility=user,tag=mytag,severity=info ceeformat;
           '';
         };
+        services.nginx.exposeConfig = true;
+
+        nesting.clone = [
+          ({ ... }: {
+            _module.args.nodes = nodes;
+            services.nginx.virtualHosts."1.my.test".listen = [ { addr = "127.0.0.1"; port = 8080; }];
+          })
+          ({ pkgs, ... }: {
+            _module.args.nodes = nodes;
+            services.nginx.package = pkgs.nginxUnstable;
+          })
+        ];
       };
   };
 
-  testScript = ''
+  testScript = { nodes, ...}: let
+    c1System = "${nodes.webserver.config.system.build.toplevel}/fine-tune/child-1";
+    c2System = "${nodes.webserver.config.system.build.toplevel}/fine-tune/child-2";
+  in ''
     startAll;
 
     $webserver->waitForUnit("nginx");
     $webserver->waitForOpenPort("80");
+
+    $webserver->succeed("${c1System}/bin/switch-to-configuration test >&2");
+    $webserver->waitForOpenPort("8080");
+    $webserver->fail("journalctl -u nginx | grep -q -i stopped");
+    $webserver->succeed("journalctl -u nginx | grep -q -i reloaded");
+
+    $webserver->succeed("${c2System}/bin/switch-to-configuration test >&2");
+    $webserver->waitForUnit("nginx");
+    $webserver->succeed("journalctl -u nginx | grep -q -i stopped");
   '';
 })