diff options
Diffstat (limited to 'nixos/modules/services/web-servers')
| -rw-r--r-- | nixos/modules/services/web-servers/apache-httpd/default.nix | 2 | ||||
| -rw-r--r-- | nixos/modules/services/web-servers/fcgiwrap.nix | 130 |
2 files changed, 95 insertions, 37 deletions
diff --git a/nixos/modules/services/web-servers/apache-httpd/default.nix b/nixos/modules/services/web-servers/apache-httpd/default.nix index 4d49b29efff69..5dd28a1db00ef 100644 --- a/nixos/modules/services/web-servers/apache-httpd/default.nix +++ b/nixos/modules/services/web-servers/apache-httpd/default.nix @@ -435,7 +435,7 @@ in example = literalExpression '' [ "proxy_connect" - { name = "jk"; path = "''${pkgs.tomcat_connectors}/modules/mod_jk.so"; } + { name = "jk"; path = "''${pkgs.apacheHttpdPackages.mod_jk}/modules/mod_jk.so"; } ] ''; description = '' diff --git a/nixos/modules/services/web-servers/fcgiwrap.nix b/nixos/modules/services/web-servers/fcgiwrap.nix index 3250e9c05ed66..29ddd39942c60 100644 --- a/nixos/modules/services/web-servers/fcgiwrap.nix +++ b/nixos/modules/services/web-servers/fcgiwrap.nix @@ -3,70 +3,128 @@ with lib; let - cfg = config.services.fcgiwrap; + forEachInstance = f: flip mapAttrs' config.services.fcgiwrap (name: cfg: + nameValuePair "fcgiwrap-${name}" (f cfg) + ); + in { + options.services.fcgiwrap = mkOption { + description = "Configuration for fcgiwrap instances."; + default = { }; + type = types.attrsOf (types.submodule ({ config, ... }: { options = { + process.prefork = mkOption { + type = types.ints.positive; + default = 1; + description = "Number of processes to prefork."; + }; - options = { - services.fcgiwrap = { - enable = mkOption { - type = types.bool; - default = false; - description = "Whether to enable fcgiwrap, a server for running CGI applications over FastCGI."; + process.user = mkOption { + type = types.nullOr types.str; + default = null; + description = '' + User as which this instance of fcgiwrap will be run. + Set to `null` (the default) to use a dynamically allocated user. + ''; }; - preforkProcesses = mkOption { - type = types.int; - default = 1; - description = "Number of processes to prefork."; + process.group = mkOption { + type = types.nullOr types.str; + default = null; + description = "Group as which this instance of fcgiwrap will be run."; }; - socketType = mkOption { + socket.type = mkOption { type = types.enum [ "unix" "tcp" "tcp6" ]; default = "unix"; description = "Socket type: 'unix', 'tcp' or 'tcp6'."; }; - socketAddress = mkOption { + socket.address = mkOption { type = types.str; - default = "/run/fcgiwrap.sock"; + default = "/run/fcgiwrap-${config._module.args.name}.sock"; example = "1.2.3.4:5678"; - description = "Socket address. In case of a UNIX socket, this should be its filesystem path."; + description = '' + Socket address. + In case of a UNIX socket, this should be its filesystem path. + ''; }; - user = mkOption { + socket.user = mkOption { type = types.nullOr types.str; default = null; - description = "User permissions for the socket."; + description = '' + User to be set as owner of the UNIX socket. + Defaults to the process running user. + ''; }; - group = mkOption { + socket.group = mkOption { type = types.nullOr types.str; default = null; - description = "Group permissions for the socket."; + description = '' + Group to be set as owner of the UNIX socket. + Defaults to the process running group. + ''; }; - }; + + socket.mode = mkOption { + type = types.nullOr types.str; + default = if config.socket.type == "unix" then "0600" else null; + defaultText = literalExpression '' + if config.socket.type == "unix" then "0600" else null + ''; + description = '' + Mode to be set on the UNIX socket. + Defaults to private to the socket's owner. + ''; + }; + }; })); }; - config = mkIf cfg.enable { - systemd.services.fcgiwrap = { + config = { + assertions = concatLists (mapAttrsToList (name: cfg: [ + { + assertion = cfg.socket.user != null -> cfg.socket.type == "unix"; + message = "Socket owner can only be set for the UNIX socket type."; + } + { + assertion = cfg.socket.group != null -> cfg.socket.type == "unix"; + message = "Socket owner can only be set for the UNIX socket type."; + } + { + assertion = cfg.socket.mode != null -> cfg.socket.type == "unix"; + message = "Socket mode can only be set for the UNIX socket type."; + } + ]) config.services.fcgiwrap); + + systemd.services = forEachInstance (cfg: { after = [ "nss-user-lookup.target" ]; - wantedBy = optional (cfg.socketType != "unix") "multi-user.target"; + wantedBy = optional (cfg.socket.type != "unix") "multi-user.target"; serviceConfig = { - ExecStart = "${pkgs.fcgiwrap}/sbin/fcgiwrap -c ${builtins.toString cfg.preforkProcesses} ${ - optionalString (cfg.socketType != "unix") "-s ${cfg.socketType}:${cfg.socketAddress}" - }"; - } // (if cfg.user != null && cfg.group != null then { - User = cfg.user; - Group = cfg.group; - } else { } ); - }; + ExecStart = '' + ${pkgs.fcgiwrap}/sbin/fcgiwrap ${cli.toGNUCommandLineShell {} ({ + c = cfg.process.prefork; + } // (optionalAttrs (cfg.socket.type != "unix") { + s = "${cfg.socket.type}:${cfg.socket.address}"; + }))} + ''; + } // (if cfg.process.user != null then { + User = cfg.process.user; + Group = cfg.process.group; + } else { + DynamicUser = true; + }); + }); - systemd.sockets = if (cfg.socketType == "unix") then { - fcgiwrap = { - wantedBy = [ "sockets.target" ]; - socketConfig.ListenStream = cfg.socketAddress; + systemd.sockets = forEachInstance (cfg: mkIf (cfg.socket.type == "unix") { + wantedBy = [ "sockets.target" ]; + socketConfig = { + ListenStream = cfg.socket.address; + SocketUser = cfg.socket.user; + SocketGroup = cfg.socket.group; + SocketMode = cfg.socket.mode; }; - } else { }; + }); }; } |