pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / nixos / modules / services / web-servers / mighttpd2.nix
at 23.11-pre 4.1 kB view raw
1{ config, lib, pkgs, ... }: 2 3with lib; 4 5let 6 cfg = config.services.mighttpd2; 7 configFile = pkgs.writeText "mighty-config" cfg.config; 8 routingFile = pkgs.writeText "mighty-routing" cfg.routing; 9in { 10 options.services.mighttpd2 = { 11 enable = mkEnableOption (lib.mdDoc "Mighttpd2 web server"); 12 13 config = mkOption { 14 default = ""; 15 example = '' 16 # Example configuration for Mighttpd 2 17 Port: 80 18 # IP address or "*" 19 Host: * 20 Debug_Mode: Yes # Yes or No 21 # If available, "nobody" is much more secure for User:. 22 User: root 23 # If available, "nobody" is much more secure for Group:. 24 Group: root 25 Pid_File: /run/mighty.pid 26 Logging: Yes # Yes or No 27 Log_File: /var/log/mighty # The directory must be writable by User: 28 Log_File_Size: 16777216 # bytes 29 Log_Backup_Number: 10 30 Index_File: index.html 31 Index_Cgi: index.cgi 32 Status_File_Dir: /usr/local/share/mighty/status 33 Connection_Timeout: 30 # seconds 34 Fd_Cache_Duration: 10 # seconds 35 # Server_Name: Mighttpd/3.x.y 36 Tls_Port: 443 37 Tls_Cert_File: cert.pem # should change this with an absolute path 38 # should change this with comma-separated absolute paths 39 Tls_Chain_Files: chain.pem 40 # Currently, Tls_Key_File must not be encrypted. 41 Tls_Key_File: privkey.pem # should change this with an absolute path 42 Service: 0 # 0 is HTTP only, 1 is HTTPS only, 2 is both 43 ''; 44 type = types.lines; 45 description = lib.mdDoc '' 46 Verbatim config file to use 47 (see http://www.mew.org/~kazu/proj/mighttpd/en/config.html) 48 ''; 49 }; 50 51 routing = mkOption { 52 default = ""; 53 example = '' 54 # Example routing for Mighttpd 2 55 56 # Domain lists 57 [localhost www.example.com] 58 59 # Entries are looked up in the specified order 60 # All paths must end with "/" 61 62 # A path to CGI scripts should be specified with "=>" 63 /~alice/cgi-bin/ => /home/alice/public_html/cgi-bin/ 64 65 # A path to static files should be specified with "->" 66 /~alice/ -> /home/alice/public_html/ 67 /cgi-bin/ => /export/cgi-bin/ 68 69 # Reverse proxy rules should be specified with ">>" 70 # /path >> host:port/path2 71 # Either "host" or ":port" can be committed, but not both. 72 /app/cal/ >> example.net/calendar/ 73 # Yesod app in the same server 74 /app/wiki/ >> 127.0.0.1:3000/ 75 76 / -> /export/www/ 77 ''; 78 type = types.lines; 79 description = lib.mdDoc '' 80 Verbatim routing file to use 81 (see http://www.mew.org/~kazu/proj/mighttpd/en/config.html) 82 ''; 83 }; 84 85 cores = mkOption { 86 default = null; 87 type = types.nullOr types.int; 88 description = lib.mdDoc '' 89 How many cores to use. 90 If null it will be determined automatically 91 ''; 92 }; 93 94 }; 95 96 config = mkIf cfg.enable { 97 assertions = 98 [ { assertion = cfg.routing != ""; 99 message = "You need at least one rule in mighttpd2.routing"; 100 } 101 ]; 102 systemd.services.mighttpd2 = { 103 description = "Mighttpd2 web server"; 104 after = [ "network-online.target" ]; 105 wantedBy = [ "multi-user.target" ]; 106 serviceConfig = { 107 ExecStart = '' 108 ${pkgs.haskellPackages.mighttpd2}/bin/mighty \ 109 ${configFile} \ 110 ${routingFile} \ 111 +RTS -N${optionalString (cfg.cores != null) "${cfg.cores}"} 112 ''; 113 Type = "simple"; 114 User = "mighttpd2"; 115 Group = "mighttpd2"; 116 Restart = "on-failure"; 117 AmbientCapabilities = "cap_net_bind_service"; 118 CapabilityBoundingSet = "cap_net_bind_service"; 119 }; 120 }; 121 122 users.users.mighttpd2 = { 123 group = "mighttpd2"; 124 uid = config.ids.uids.mighttpd2; 125 isSystemUser = true; 126 }; 127 128 users.groups.mighttpd2.gid = config.ids.gids.mighttpd2; 129 }; 130 131 meta.maintainers = with lib.maintainers; [ fgaz ]; 132}