nixos/modules/services/web-servers/varnish/default.nix at 17.09-beta · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / modules / services / web-servers / varnish / default.nix
at 17.09-beta 2.5 kB view raw
 1{ config, lib, pkgs, ...}:
 2let
 3  cfg = config.services.varnish;
 4
 5in
 6with lib;
 7{
 8  options = {
 9    services.varnish = {
10      enable = mkEnableOption "Varnish Server";
11
12      http_address = mkOption {
13        type = types.str;
14        default = "*:6081";
15        description = "
16          HTTP listen address and port.
17        ";
18      };
19
20      config = mkOption {
21        type = types.lines;
22        description = "
23          Verbatim default.vcl configuration.
24        ";
25      };
26
27      stateDir = mkOption {
28        type = types.path;
29        default = "/var/spool/varnish/${config.networking.hostName}";
30        description = "
31          Directory holding all state for Varnish to run.
32        ";
33      };
34
35      extraModules = mkOption {
36        type = types.listOf types.package;
37        default = [];
38        example = literalExample "[ pkgs.varnish-geoip ]";
39        description = "
40          Varnish modules (except 'std').
41        ";
42      };
43
44      extraCommandLine = mkOption {
45        type = types.str;
46        default = "";
47        example = "-s malloc,256M";
48        description = "
49          Command line switches for varnishd (run 'varnishd -?' to get list of options)
50        ";
51      };
52    };
53
54  };
55
56  config = mkIf cfg.enable {
57
58    systemd.services.varnish = {
59      description = "Varnish";
60      wantedBy = [ "multi-user.target" ];
61      after = [ "network.target" ];
62      preStart = ''
63        mkdir -p ${cfg.stateDir}
64        chown -R varnish:varnish ${cfg.stateDir}
65      '';
66      postStop = ''
67        rm -rf ${cfg.stateDir}
68      '';
69      serviceConfig = {
70        Type = "simple";
71        PermissionsStartOnly = true;
72        ExecStart = "${pkgs.varnish}/sbin/varnishd -a ${cfg.http_address} -f ${pkgs.writeText "default.vcl" cfg.config} -n ${cfg.stateDir} -F ${cfg.extraCommandLine}"
73          + optionalString (cfg.extraModules != []) " -p vmod_path='${makeSearchPathOutput "lib" "lib/varnish/vmods" ([pkgs.varnish] ++ cfg.extraModules)}' -r vmod_path";
74        Restart = "always";
75        RestartSec = "5s";
76        User = "varnish";
77        Group = "varnish";
78        AmbientCapabilities = "cap_net_bind_service";
79        NoNewPrivileges = true;
80        LimitNOFILE = 131072;
81      };
82    };
83
84    environment.systemPackages = [ pkgs.varnish ];
85
86    users.extraUsers.varnish = {
87      group = "varnish";
88      uid = config.ids.uids.varnish;
89    };
90
91    users.extraGroups.varnish.gid = config.ids.uids.varnish;
92  };
93}