133 lines
4.0 KiB
Nix
133 lines
4.0 KiB
Nix
{ config, lib, pkgs, ... }:
|
|
|
|
with lib;
|
|
|
|
let
|
|
cfg = config.services.mighttpd2;
|
|
configFile = pkgs.writeText "mighty-config" cfg.config;
|
|
routingFile = pkgs.writeText "mighty-routing" cfg.routing;
|
|
in {
|
|
options.services.mighttpd2 = {
|
|
enable = mkEnableOption "Mighttpd2 web server";
|
|
|
|
config = mkOption {
|
|
default = "";
|
|
example = ''
|
|
# Example configuration for Mighttpd 2
|
|
Port: 80
|
|
# IP address or "*"
|
|
Host: *
|
|
Debug_Mode: Yes # Yes or No
|
|
# If available, "nobody" is much more secure for User:.
|
|
User: root
|
|
# If available, "nobody" is much more secure for Group:.
|
|
Group: root
|
|
Pid_File: /var/run/mighty.pid
|
|
Logging: Yes # Yes or No
|
|
Log_File: /var/log/mighty # The directory must be writable by User:
|
|
Log_File_Size: 16777216 # bytes
|
|
Log_Backup_Number: 10
|
|
Index_File: index.html
|
|
Index_Cgi: index.cgi
|
|
Status_File_Dir: /usr/local/share/mighty/status
|
|
Connection_Timeout: 30 # seconds
|
|
Fd_Cache_Duration: 10 # seconds
|
|
# Server_Name: Mighttpd/3.x.y
|
|
Tls_Port: 443
|
|
Tls_Cert_File: cert.pem # should change this with an absolute path
|
|
# should change this with comma-separated absolute paths
|
|
Tls_Chain_Files: chain.pem
|
|
# Currently, Tls_Key_File must not be encrypted.
|
|
Tls_Key_File: privkey.pem # should change this with an absolute path
|
|
Service: 0 # 0 is HTTP only, 1 is HTTPS only, 2 is both
|
|
'';
|
|
type = types.lines;
|
|
description = ''
|
|
Verbatim config file to use
|
|
(see http://www.mew.org/~kazu/proj/mighttpd/en/config.html)
|
|
'';
|
|
};
|
|
|
|
routing = mkOption {
|
|
default = "";
|
|
example = ''
|
|
# Example routing for Mighttpd 2
|
|
|
|
# Domain lists
|
|
[localhost www.example.com]
|
|
|
|
# Entries are looked up in the specified order
|
|
# All paths must end with "/"
|
|
|
|
# A path to CGI scripts should be specified with "=>"
|
|
/~alice/cgi-bin/ => /home/alice/public_html/cgi-bin/
|
|
|
|
# A path to static files should be specified with "->"
|
|
/~alice/ -> /home/alice/public_html/
|
|
/cgi-bin/ => /export/cgi-bin/
|
|
|
|
# Reverse proxy rules should be specified with ">>"
|
|
# /path >> host:port/path2
|
|
# Either "host" or ":port" can be committed, but not both.
|
|
/app/cal/ >> example.net/calendar/
|
|
# Yesod app in the same server
|
|
/app/wiki/ >> 127.0.0.1:3000/
|
|
|
|
/ -> /export/www/
|
|
'';
|
|
type = types.lines;
|
|
description = ''
|
|
Verbatim routing file to use
|
|
(see http://www.mew.org/~kazu/proj/mighttpd/en/config.html)
|
|
'';
|
|
};
|
|
|
|
cores = mkOption {
|
|
default = null;
|
|
type = types.nullOr types.int;
|
|
description = ''
|
|
How many cores to use.
|
|
If null it will be determined automatically
|
|
'';
|
|
};
|
|
|
|
};
|
|
|
|
config = mkIf cfg.enable {
|
|
assertions =
|
|
[ { assertion = cfg.routing != "";
|
|
message = "You need at least one rule in mighttpd2.routing";
|
|
}
|
|
];
|
|
systemd.services.mighttpd2 = {
|
|
description = "Mighttpd2 web server";
|
|
after = [ "network-online.target" ];
|
|
wantedBy = [ "multi-user.target" ];
|
|
serviceConfig = {
|
|
ExecStart = ''
|
|
${pkgs.haskellPackages.mighttpd2}/bin/mighty \
|
|
${configFile} \
|
|
${routingFile} \
|
|
+RTS -N${optionalString (cfg.cores != null) "${cfg.cores}"}
|
|
'';
|
|
Type = "simple";
|
|
User = "mighttpd2";
|
|
Group = "mighttpd2";
|
|
Restart = "on-failure";
|
|
AmbientCapabilities = "cap_net_bind_service";
|
|
CapabilityBoundingSet = "cap_net_bind_service";
|
|
};
|
|
};
|
|
|
|
users.extraUsers.mighttpd2 = {
|
|
group = "mighttpd2";
|
|
uid = config.ids.uids.mighttpd2;
|
|
isSystemUser = true;
|
|
};
|
|
|
|
users.extraGroups.mighttpd2.gid = config.ids.gids.mighttpd2;
|
|
};
|
|
|
|
meta.maintainers = with lib.maintainers; [ fgaz ];
|
|
}
|