forked from nixcloud/nixcloud-webservices
-
Notifications
You must be signed in to change notification settings - Fork 0
/
webserver.nix
158 lines (139 loc) · 4.81 KB
/
webserver.nix
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
# This submodule contains all of the option declarations and definitions that
# are common among all web server modules.
#
{ toplevel, name, config, pkgs, lib, ... }:
let
needsWebServerInit = config.webserver.init != ""
|| config.webserver.startupScript != "";
in {
options = {
documentRoot = lib.mkOption {
type = lib.types.path;
description = "A directory which this webserver will serve.";
};
extraPath = lib.mkOption {
type = lib.types.listOf lib.types.path;
default = [];
description = ''
Used to add useful scripts for webservice management into the system
profile.
'';
};
proxyOptions = lib.mkOption {
default = {};
type = lib.types.submodule (import ../../services/reverse-proxy/options.nix);
description = "";
example = {
port = 3333;
path = "/tour";
domain = "nixcloud.io";
ip = "127.0.0.1";
};
};
webserver.startupScript = lib.mkOption {
type = lib.types.lines;
default = "";
description = ''
Commands that are run prior to starting the actual web server using the
privileges of the user defined in <option>webserver.user</option>.
<note><para>These commands are run directly after
<option>serverInit</option> but before the actual
web server.</para></note>
'';
};
webserver.init = lib.mkOption {
type = lib.types.lines;
default = "";
description = ''
Commands that are run prior to starting the actual web server.
<note><para>These commands are run as the <systemitem
class="username">root</systemitem> user.</para></note>
'';
};
webserver.user = lib.mkOption {
default = "webserver";
type = lib.types.str;
description = "The main user name which executes this webservice.";
};
webserver.userOptions = lib.mkOption {
default = {};
type = let
submodules = toplevel.options.users.users.type.getSubModules;
in lib.types.submodule (map (m: m.submodule) submodules);
description = ''
Additional options for the user, see <option>users.users</option> for
possible values.
'';
};
webserver.group = lib.mkOption {
default = "webserver";
type = lib.types.str;
description = "The main group name which executes this webservice.";
};
webserver.groupOptions = lib.mkOption {
default = {};
type = let
submodules = toplevel.options.users.groups.type.getSubModules;
in lib.types.submodule (map (m: m.submodule) submodules);
description = ''
Additional options for the group, see <option>users.groups</option> for
possible values.
'';
};
webserver.enablePHP = lib.mkOption {
type = lib.types.bool;
default = false;
description = "Whether to enable the PHP module.";
};
webserver.privateTmp = lib.mkOption {
default = true;
example = false;
description = ''
Weather to force the webservice to use a private
<filename>/tmp</filename> instance.
<warning><para>
If postgresql stores the socket context in <filename>/tmp</filename>
you have to say <literal>false</literal> here or it can't be used at
all.
</para></warning>
'';
};
};
config = lib.mkMerge [
(lib.mkIf config.enable {
toplevel.assertions = [
{ assertion = config.proxyOptions.path != "";
message = "proxyOptions.path must not be an empty string";
}
{ assertion = config.proxyOptions.domain != "";
message = "proxyOptions.domain must not be an empty string";
}
];
users.${config.webserver.user} = {
inherit (config.webserver) group;
} // removeAttrs config.webserver.userOptions [ "name" "group" ];
groups.${config.webserver.group} =
removeAttrs config.webserver.groupOptions [ "name" ];
})
(lib.mkIf (config.enable && needsWebServerInit) {
systemd.services.webserver-init = {
description = "Web Server Initialization";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" "fs.target" "keys.target" ];
instance.after = [ "database.target" ];
serviceConfig.Type = "oneshot";
serviceConfig.RemainAfterExit = true;
} // (if config.webserver.startupScript == "" then {
script = config.webserver.init;
} else {
preStart = config.webserver.init;
script = config.webserver.startupScript;
serviceConfig.Type = "oneshot";
serviceConfig.User = config.webserver.user;
serviceConfig.Group = config.webserver.group;
serviceConfig.PermissionsStartOnly = true;
serviceConfig.RemainAfterExit = true;
});
})
];
}