pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / nixos / modules / services / web-servers / mighttpd2.nix
at 25.11-pre 4.1 kB view raw
1{ 2 config, 3 lib, 4 pkgs, 5 ... 6}: 7 8with lib; 9 10let 11 cfg = config.services.mighttpd2; 12 configFile = pkgs.writeText "mighty-config" cfg.config; 13 routingFile = pkgs.writeText "mighty-routing" cfg.routing; 14in 15{ 16 options.services.mighttpd2 = { 17 enable = mkEnableOption "Mighttpd2 web server"; 18 19 config = mkOption { 20 default = ""; 21 example = '' 22 # Example configuration for Mighttpd 2 23 Port: 80 24 # IP address or "*" 25 Host: * 26 Debug_Mode: Yes # Yes or No 27 # If available, "nobody" is much more secure for User:. 28 User: root 29 # If available, "nobody" is much more secure for Group:. 30 Group: root 31 Pid_File: /run/mighty.pid 32 Logging: Yes # Yes or No 33 Log_File: /var/log/mighty # The directory must be writable by User: 34 Log_File_Size: 16777216 # bytes 35 Log_Backup_Number: 10 36 Index_File: index.html 37 Index_Cgi: index.cgi 38 Status_File_Dir: /usr/local/share/mighty/status 39 Connection_Timeout: 30 # seconds 40 Fd_Cache_Duration: 10 # seconds 41 # Server_Name: Mighttpd/3.x.y 42 Tls_Port: 443 43 Tls_Cert_File: cert.pem # should change this with an absolute path 44 # should change this with comma-separated absolute paths 45 Tls_Chain_Files: chain.pem 46 # Currently, Tls_Key_File must not be encrypted. 47 Tls_Key_File: privkey.pem # should change this with an absolute path 48 Service: 0 # 0 is HTTP only, 1 is HTTPS only, 2 is both 49 ''; 50 type = types.lines; 51 description = '' 52 Verbatim config file to use 53 (see https://kazu-yamamoto.github.io/mighttpd2/config.html) 54 ''; 55 }; 56 57 routing = mkOption { 58 default = ""; 59 example = '' 60 # Example routing for Mighttpd 2 61 62 # Domain lists 63 [localhost www.example.com] 64 65 # Entries are looked up in the specified order 66 # All paths must end with "/" 67 68 # A path to CGI scripts should be specified with "=>" 69 /~alice/cgi-bin/ => /home/alice/public_html/cgi-bin/ 70 71 # A path to static files should be specified with "->" 72 /~alice/ -> /home/alice/public_html/ 73 /cgi-bin/ => /export/cgi-bin/ 74 75 # Reverse proxy rules should be specified with ">>" 76 # /path >> host:port/path2 77 # Either "host" or ":port" can be committed, but not both. 78 /app/cal/ >> example.net/calendar/ 79 # Yesod app in the same server 80 /app/wiki/ >> 127.0.0.1:3000/ 81 82 / -> /export/www/ 83 ''; 84 type = types.lines; 85 description = '' 86 Verbatim routing file to use 87 (see https://kazu-yamamoto.github.io/mighttpd2/config.html) 88 ''; 89 }; 90 91 cores = mkOption { 92 default = null; 93 type = types.nullOr types.int; 94 description = '' 95 How many cores to use. 96 If null it will be determined automatically 97 ''; 98 }; 99 100 }; 101 102 config = mkIf cfg.enable { 103 assertions = [ 104 { 105 assertion = cfg.routing != ""; 106 message = "You need at least one rule in mighttpd2.routing"; 107 } 108 ]; 109 systemd.services.mighttpd2 = { 110 description = "Mighttpd2 web server"; 111 wants = [ "network-online.target" ]; 112 after = [ "network-online.target" ]; 113 wantedBy = [ "multi-user.target" ]; 114 serviceConfig = { 115 ExecStart = '' 116 ${pkgs.haskellPackages.mighttpd2}/bin/mighty \ 117 ${configFile} \ 118 ${routingFile} \ 119 +RTS -N${optionalString (cfg.cores != null) "${cfg.cores}"} 120 ''; 121 Type = "simple"; 122 User = "mighttpd2"; 123 Group = "mighttpd2"; 124 Restart = "on-failure"; 125 AmbientCapabilities = "cap_net_bind_service"; 126 CapabilityBoundingSet = "cap_net_bind_service"; 127 }; 128 }; 129 130 users.users.mighttpd2 = { 131 group = "mighttpd2"; 132 uid = config.ids.uids.mighttpd2; 133 isSystemUser = true; 134 }; 135 136 users.groups.mighttpd2.gid = config.ids.gids.mighttpd2; 137 }; 138 139 meta.maintainers = with lib.maintainers; [ fgaz ]; 140}