diff options
| author | euxane <euxane.trangirard@pacien.net> | 2024-06-08 22:34:13 +0200 |
|---|---|---|
| committer | euxane <euxane.trangirard@pacien.net> | 2024-06-22 19:45:15 +0200 |
| commit | 41419ca2883f7a3294711faf4961d043868e27ef (patch) | |
| tree | 51ea23385e94001e46a5b586b44a9cac7d0097c4 | |
| parent | e2a622770573866e4e07b95bfead56acac37a4b5 (diff) | |
nixos/fcgiwrap: refactor for multiple instances
This allows configuring and starting independent instances of the fgciwrap service, each with their own settings and running user, instead of having to share a global one. I could not use `mkRenamedOptionModule` on the previous options because the aliases conflict with `attrsOf submodule` now defined at `services.fcgiwrap`. This makes this change not backward compatible.
| -rw-r--r-- | nixos/doc/manual/release-notes/rl-2411.section.md | 6 | ||||
| -rw-r--r-- | nixos/modules/services/web-servers/fcgiwrap.nix | 38 |
2 files changed, 24 insertions, 20 deletions
diff --git a/nixos/doc/manual/release-notes/rl-2411.section.md b/nixos/doc/manual/release-notes/rl-2411.section.md index 2de4cf4d08af2..f59c3d88fdb3f 100644 --- a/nixos/doc/manual/release-notes/rl-2411.section.md +++ b/nixos/doc/manual/release-notes/rl-2411.section.md @@ -44,6 +44,12 @@ it is set, instead of the previous hardcoded default of `${networking.hostName}.${security.ipa.domain}`. +- The fcgiwrap module now allows multiple instances running as distinct users. + The option `services.fgciwrap` now takes an attribute set of the + configuration of each individual instance. + This requires migrating any previous configuration keys from + `services.fcgiwrap.*` to `services.fcgiwrap.some-instance.*`. + - `nvimpager` was updated to version 0.13.0, which changes the order of user and nvimpager settings: user commands in `-c` and `--cmd` now override the respective default settings because they are executed later. diff --git a/nixos/modules/services/web-servers/fcgiwrap.nix b/nixos/modules/services/web-servers/fcgiwrap.nix index 3250e9c05ed66..93198622318a7 100644 --- a/nixos/modules/services/web-servers/fcgiwrap.nix +++ b/nixos/modules/services/web-servers/fcgiwrap.nix @@ -3,17 +3,15 @@ with lib; let - cfg = config.services.fcgiwrap; -in { - - options = { - services.fcgiwrap = { - enable = mkOption { - type = types.bool; - default = false; - description = "Whether to enable fcgiwrap, a server for running CGI applications over FastCGI."; - }; + forEachInstance = f: flip mapAttrs' config.services.fcgiwrap (name: cfg: + nameValuePair "fcgiwrap-${name}" (f cfg) + ); +in { + options.services.fcgiwrap = mkOption { + description = "Configuration for fcgiwrap instances."; + default = { }; + type = types.attrsOf (types.submodule ({ config, ... }: { options = { preforkProcesses = mkOption { type = types.int; default = 1; @@ -28,7 +26,7 @@ in { socketAddress = mkOption { type = types.str; - default = "/run/fcgiwrap.sock"; + default = "/run/fcgiwrap-${config._module.args.name}.sock"; example = "1.2.3.4:5678"; description = "Socket address. In case of a UNIX socket, this should be its filesystem path."; }; @@ -44,11 +42,11 @@ in { default = null; description = "Group permissions for the socket."; }; - }; + }; })); }; - config = mkIf cfg.enable { - systemd.services.fcgiwrap = { + config = { + systemd.services = forEachInstance (cfg: { after = [ "nss-user-lookup.target" ]; wantedBy = optional (cfg.socketType != "unix") "multi-user.target"; @@ -60,13 +58,13 @@ in { User = cfg.user; Group = cfg.group; } else { } ); - }; + }); - systemd.sockets = if (cfg.socketType == "unix") then { - fcgiwrap = { - wantedBy = [ "sockets.target" ]; - socketConfig.ListenStream = cfg.socketAddress; + systemd.sockets = forEachInstance (cfg: mkIf (cfg.socketType == "unix") { + wantedBy = [ "sockets.target" ]; + socketConfig = { + ListenStream = cfg.socketAddress; }; - } else { }; + }); }; } |