nixpkgs/nixos/modules/services/web-servers/mighttpd2.nix
2018-01-16 21:04:09 +00:00

133 lines
4.0 KiB
Nix

{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.mighttpd2;
configFile = pkgs.writeText "mighty-config" cfg.config;
routingFile = pkgs.writeText "mighty-routing" cfg.routing;
in {
options.services.mighttpd2 = {
enable = mkEnableOption "Mighttpd2 web server";
config = mkOption {
default = "";
example = ''
# Example configuration for Mighttpd 2
Port: 80
# IP address or "*"
Host: *
Debug_Mode: Yes # Yes or No
# If available, "nobody" is much more secure for User:.
User: root
# If available, "nobody" is much more secure for Group:.
Group: root
Pid_File: /var/run/mighty.pid
Logging: Yes # Yes or No
Log_File: /var/log/mighty # The directory must be writable by User:
Log_File_Size: 16777216 # bytes
Log_Backup_Number: 10
Index_File: index.html
Index_Cgi: index.cgi
Status_File_Dir: /usr/local/share/mighty/status
Connection_Timeout: 30 # seconds
Fd_Cache_Duration: 10 # seconds
# Server_Name: Mighttpd/3.x.y
Tls_Port: 443
Tls_Cert_File: cert.pem # should change this with an absolute path
# should change this with comma-separated absolute paths
Tls_Chain_Files: chain.pem
# Currently, Tls_Key_File must not be encrypted.
Tls_Key_File: privkey.pem # should change this with an absolute path
Service: 0 # 0 is HTTP only, 1 is HTTPS only, 2 is both
'';
type = types.lines;
description = ''
Verbatim config file to use
(see http://www.mew.org/~kazu/proj/mighttpd/en/config.html)
'';
};
routing = mkOption {
default = "";
example = ''
# Example routing for Mighttpd 2
# Domain lists
[localhost www.example.com]
# Entries are looked up in the specified order
# All paths must end with "/"
# A path to CGI scripts should be specified with "=>"
/~alice/cgi-bin/ => /home/alice/public_html/cgi-bin/
# A path to static files should be specified with "->"
/~alice/ -> /home/alice/public_html/
/cgi-bin/ => /export/cgi-bin/
# Reverse proxy rules should be specified with ">>"
# /path >> host:port/path2
# Either "host" or ":port" can be committed, but not both.
/app/cal/ >> example.net/calendar/
# Yesod app in the same server
/app/wiki/ >> 127.0.0.1:3000/
/ -> /export/www/
'';
type = types.lines;
description = ''
Verbatim routing file to use
(see http://www.mew.org/~kazu/proj/mighttpd/en/config.html)
'';
};
cores = mkOption {
default = null;
type = types.nullOr types.int;
description = ''
How many cores to use.
If null it will be determined automatically
'';
};
};
config = mkIf cfg.enable {
assertions =
[ { assertion = cfg.routing != "";
message = "You need at least one rule in mighttpd2.routing";
}
];
systemd.services.mighttpd2 = {
description = "Mighttpd2 web server";
after = [ "network-online.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
ExecStart = ''
${pkgs.haskellPackages.mighttpd2}/bin/mighty \
${configFile} \
${routingFile} \
+RTS -N${optionalString (cfg.cores != null) "${cfg.cores}"}
'';
Type = "simple";
User = "mighttpd2";
Group = "mighttpd2";
Restart = "on-failure";
AmbientCapabilities = "cap_net_bind_service";
CapabilityBoundingSet = "cap_net_bind_service";
};
};
users.extraUsers.mighttpd2 = {
group = "mighttpd2";
uid = config.ids.uids.mighttpd2;
isSystemUser = true;
};
users.extraGroups.mighttpd2.gid = config.ids.gids.mighttpd2;
};
meta.maintainers = with lib.maintainers; [ fgaz ];
}