pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / nixos / modules / services / web-apps / rss-bridge.nix
at 21.11-pre 3.6 kB view raw
1{ config, lib, pkgs, ... }: 2with lib; 3let 4 cfg = config.services.rss-bridge; 5 6 poolName = "rss-bridge"; 7 8 whitelist = pkgs.writeText "rss-bridge_whitelist.txt" 9 (concatStringsSep "\n" cfg.whitelist); 10in 11{ 12 options = { 13 services.rss-bridge = { 14 enable = mkEnableOption "rss-bridge"; 15 16 user = mkOption { 17 type = types.str; 18 default = "nginx"; 19 example = "nginx"; 20 description = '' 21 User account under which both the service and the web-application run. 22 ''; 23 }; 24 25 group = mkOption { 26 type = types.str; 27 default = "nginx"; 28 example = "nginx"; 29 description = '' 30 Group under which the web-application run. 31 ''; 32 }; 33 34 pool = mkOption { 35 type = types.str; 36 default = poolName; 37 description = '' 38 Name of existing phpfpm pool that is used to run web-application. 39 If not specified a pool will be created automatically with 40 default values. 41 ''; 42 }; 43 44 dataDir = mkOption { 45 type = types.str; 46 default = "/var/lib/rss-bridge"; 47 description = '' 48 Location in which cache directory will be created. 49 You can put <literal>config.ini.php</literal> in here. 50 ''; 51 }; 52 53 virtualHost = mkOption { 54 type = types.nullOr types.str; 55 default = "rss-bridge"; 56 description = '' 57 Name of the nginx virtualhost to use and setup. If null, do not setup any virtualhost. 58 ''; 59 }; 60 61 whitelist = mkOption { 62 type = types.listOf types.str; 63 default = []; 64 example = options.literalExample '' 65 [ 66 "Facebook" 67 "Instagram" 68 "Twitter" 69 ] 70 ''; 71 description = '' 72 List of bridges to be whitelisted. 73 If the list is empty, rss-bridge will use whitelist.default.txt. 74 Use <literal>[ "*" ]</literal> to whitelist all. 75 ''; 76 }; 77 }; 78 }; 79 80 config = mkIf cfg.enable { 81 services.phpfpm.pools = mkIf (cfg.pool == poolName) { 82 ${poolName} = { 83 user = cfg.user; 84 settings = mapAttrs (name: mkDefault) { 85 "listen.owner" = cfg.user; 86 "listen.group" = cfg.user; 87 "listen.mode" = "0600"; 88 "pm" = "dynamic"; 89 "pm.max_children" = 75; 90 "pm.start_servers" = 10; 91 "pm.min_spare_servers" = 5; 92 "pm.max_spare_servers" = 20; 93 "pm.max_requests" = 500; 94 "catch_workers_output" = 1; 95 }; 96 }; 97 }; 98 systemd.tmpfiles.rules = [ 99 "d '${cfg.dataDir}/cache' 0750 ${cfg.user} ${cfg.group} - -" 100 (mkIf (cfg.whitelist != []) "L+ ${cfg.dataDir}/whitelist.txt - - - - ${whitelist}") 101 "z '${cfg.dataDir}/config.ini.php' 0750 ${cfg.user} ${cfg.group} - -" 102 ]; 103 104 services.nginx = mkIf (cfg.virtualHost != null) { 105 enable = true; 106 virtualHosts = { 107 ${cfg.virtualHost} = { 108 root = "${pkgs.rss-bridge}"; 109 110 locations."/" = { 111 tryFiles = "$uri /index.php$is_args$args"; 112 }; 113 114 locations."~ ^/index.php(/|$)" = { 115 extraConfig = '' 116 include ${pkgs.nginx}/conf/fastcgi_params; 117 fastcgi_split_path_info ^(.+\.php)(/.+)$; 118 fastcgi_pass unix:${config.services.phpfpm.pools.${cfg.pool}.socket}; 119 fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; 120 fastcgi_param RSSBRIDGE_DATA ${cfg.dataDir}; 121 ''; 122 }; 123 }; 124 }; 125 }; 126 }; 127}