pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / nixos / modules / services / web-apps / rss-bridge.nix
at 23.11-pre 3.6 kB view raw
1{ config, lib, pkgs, ... }: 2with lib; 3let 4 cfg = config.services.rss-bridge; 5 6 poolName = "rss-bridge"; 7 8 whitelist = pkgs.writeText "rss-bridge_whitelist.txt" 9 (concatStringsSep "\n" cfg.whitelist); 10in 11{ 12 options = { 13 services.rss-bridge = { 14 enable = mkEnableOption (lib.mdDoc "rss-bridge"); 15 16 user = mkOption { 17 type = types.str; 18 default = "nginx"; 19 description = lib.mdDoc '' 20 User account under which both the service and the web-application run. 21 ''; 22 }; 23 24 group = mkOption { 25 type = types.str; 26 default = "nginx"; 27 description = lib.mdDoc '' 28 Group under which the web-application run. 29 ''; 30 }; 31 32 pool = mkOption { 33 type = types.str; 34 default = poolName; 35 description = lib.mdDoc '' 36 Name of existing phpfpm pool that is used to run web-application. 37 If not specified a pool will be created automatically with 38 default values. 39 ''; 40 }; 41 42 dataDir = mkOption { 43 type = types.str; 44 default = "/var/lib/rss-bridge"; 45 description = lib.mdDoc '' 46 Location in which cache directory will be created. 47 You can put `config.ini.php` in here. 48 ''; 49 }; 50 51 virtualHost = mkOption { 52 type = types.nullOr types.str; 53 default = "rss-bridge"; 54 description = lib.mdDoc '' 55 Name of the nginx virtualhost to use and setup. If null, do not setup any virtualhost. 56 ''; 57 }; 58 59 whitelist = mkOption { 60 type = types.listOf types.str; 61 default = []; 62 example = options.literalExpression '' 63 [ 64 "Facebook" 65 "Instagram" 66 "Twitter" 67 ] 68 ''; 69 description = lib.mdDoc '' 70 List of bridges to be whitelisted. 71 If the list is empty, rss-bridge will use whitelist.default.txt. 72 Use `[ "*" ]` to whitelist all. 73 ''; 74 }; 75 }; 76 }; 77 78 config = mkIf cfg.enable { 79 services.phpfpm.pools = mkIf (cfg.pool == poolName) { 80 ${poolName} = { 81 user = cfg.user; 82 settings = mapAttrs (name: mkDefault) { 83 "listen.owner" = cfg.user; 84 "listen.group" = cfg.user; 85 "listen.mode" = "0600"; 86 "pm" = "dynamic"; 87 "pm.max_children" = 75; 88 "pm.start_servers" = 10; 89 "pm.min_spare_servers" = 5; 90 "pm.max_spare_servers" = 20; 91 "pm.max_requests" = 500; 92 "catch_workers_output" = 1; 93 }; 94 }; 95 }; 96 systemd.tmpfiles.rules = [ 97 "d '${cfg.dataDir}/cache' 0750 ${cfg.user} ${cfg.group} - -" 98 (mkIf (cfg.whitelist != []) "L+ ${cfg.dataDir}/whitelist.txt - - - - ${whitelist}") 99 "z '${cfg.dataDir}/config.ini.php' 0750 ${cfg.user} ${cfg.group} - -" 100 ]; 101 102 services.nginx = mkIf (cfg.virtualHost != null) { 103 enable = true; 104 virtualHosts = { 105 ${cfg.virtualHost} = { 106 root = "${pkgs.rss-bridge}"; 107 108 locations."/" = { 109 tryFiles = "$uri /index.php$is_args$args"; 110 }; 111 112 locations."~ ^/index.php(/|$)" = { 113 extraConfig = '' 114 include ${config.services.nginx.package}/conf/fastcgi_params; 115 fastcgi_split_path_info ^(.+\.php)(/.+)$; 116 fastcgi_pass unix:${config.services.phpfpm.pools.${cfg.pool}.socket}; 117 fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; 118 fastcgi_param RSSBRIDGE_DATA ${cfg.dataDir}; 119 ''; 120 }; 121 }; 122 }; 123 }; 124 }; 125}