-
Notifications
You must be signed in to change notification settings - Fork 26
/
webserver.nix
146 lines (129 loc) · 4.65 KB
/
webserver.nix
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
# This submodule contains all of the option declarations and definitions that
# are common among all web server modules.
#
{ toplevel, name, config, pkgs, lib, ... }:
let
needsWebServerInit = config.webserver.init != ""
|| config.webserver.startupScript != "";
in {
options = {
proxyOptions = lib.mkOption {
default = {};
type = lib.types.submodule (import ../../services/reverse-proxy/options.nix);
description = "";
example = {
port = 3333;
path = "/tour";
domain = "nixcloud.io";
ip = "127.0.0.1";
};
};
webserver.systemPackages = lib.mkOption {
type = lib.types.listOf lib.types.path;
default = [];
description = ''
Used to add useful scripts for webservice management into the system
profile by using <option>environment.systemPackages</option>
'';
};
webserver.startupScript = lib.mkOption {
type = lib.types.lines;
default = "";
description = ''
Commands that are run prior to starting the actual web server using the
privileges of the user defined in <option>webserver.user</option>.
<note><para>These commands are run directly after
<option>serverInit</option> but before the actual
web server.</para></note>
'';
};
webserver.init = lib.mkOption {
type = lib.types.lines;
default = "";
description = ''
Commands that are run prior to starting the actual web server.
<note><para>These commands are run as the <systemitem
class="username">root</systemitem> user.</para></note>
'';
};
webserver.user = lib.mkOption {
default = "webserver";
type = lib.types.str;
description = "The main user name which executes this webservice.";
};
webserver.userOptions = lib.mkOption {
default = {};
type = lib.types.submodule toplevel.options.users.users.type.functor.wrapped.getSubModules;
description = ''
Additional options for the user, see <option>users.users</option> for
possible values.
'';
};
webserver.group = lib.mkOption {
default = "webserver";
type = lib.types.str;
description = "The main group name which executes this webservice.";
};
webserver.groupOptions = lib.mkOption {
default = {};
type = lib.types.submodule toplevel.options.users.groups.type.functor.wrapped.getSubModules;
description = ''
Additional options for the group, see <option>users.groups</option> for
possible values.
'';
};
webserver.privateTmp = lib.mkOption {
default = true;
example = false;
description = ''
Weather to force the webservice to use a private
<filename>/tmp</filename> instance.
<warning><para>
If postgresql stores the socket context in <filename>/tmp</filename>
you have to say <literal>false</literal> here or it can't be used at
all.
</para></warning>
'';
};
};
config = lib.mkMerge [
(lib.mkIf config.enable {
toplevel.assertions = [
{ assertion = config.proxyOptions.path != "";
message = "proxyOptions.path must not be an empty string";
}
{ assertion = config.proxyOptions.domain != "";
message = "proxyOptions.domain must not be an empty string";
}
];
users.${config.webserver.user} = lib.mkMerge [
(lib.mkForce { inherit (config.webserver) name group; })
(lib.modules.mkAliasAndWrapDefsWithPriority lib.id config.webserver.userOptions)
];
groups.${config.webserver.group} = lib.mkMerge [
(lib.mkForce { inherit (config.webserver) name; })
(lib.modules.mkAliasAndWrapDefsWithPriority lib.id config.webserver.groupOptions)
];
})
(lib.mkIf (config.enable && needsWebServerInit) {
systemd.services.webserver-init = {
description = "Web Server Initialization";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" "fs.target" "keys.target" ];
instance.after = [ "database.target" ];
serviceConfig.Type = "oneshot";
serviceConfig.RemainAfterExit = true;
} // (if config.webserver.startupScript == "" then {
script = config.webserver.init;
} else {
preStart = config.webserver.init;
script = config.webserver.startupScript;
serviceConfig.Type = "oneshot";
serviceConfig.User = config.webserver.user;
serviceConfig.Group = config.webserver.group;
serviceConfig.PermissionsStartOnly = true;
serviceConfig.RemainAfterExit = true;
});
})
];
}