| blob | 116269675144437f84592478f7892e482d93efa0 |
1 { config, lib, pkgs, ... }:
3 with lib;
5 let
6 cfg = config.services.mighttpd2;
7 configFile = pkgs.writeText "mighty-config" cfg.config;
8 routingFile = pkgs.writeText "mighty-routing" cfg.routing;
9 in {
10 options.services.mighttpd2 = {
11 enable = mkEnableOption "Mighttpd2 web server";
13 config = mkOption {
14 default = "";
15 example = ''
16 # Example configuration for Mighttpd 2
17 Port: 80
18 # IP address or "*"
19 Host: *
20 Debug_Mode: Yes # Yes or No
21 # If available, "nobody" is much more secure for User:.
22 User: root
23 # If available, "nobody" is much more secure for Group:.
24 Group: root
25 Pid_File: /run/mighty.pid
26 Logging: Yes # Yes or No
27 Log_File: /var/log/mighty # The directory must be writable by User:
28 Log_File_Size: 16777216 # bytes
29 Log_Backup_Number: 10
30 Index_File: index.html
31 Index_Cgi: index.cgi
32 Status_File_Dir: /usr/local/share/mighty/status
33 Connection_Timeout: 30 # seconds
34 Fd_Cache_Duration: 10 # seconds
35 # Server_Name: Mighttpd/3.x.y
36 Tls_Port: 443
37 Tls_Cert_File: cert.pem # should change this with an absolute path
38 # should change this with comma-separated absolute paths
39 Tls_Chain_Files: chain.pem
40 # Currently, Tls_Key_File must not be encrypted.
41 Tls_Key_File: privkey.pem # should change this with an absolute path
42 Service: 0 # 0 is HTTP only, 1 is HTTPS only, 2 is both
43 '';
44 type = types.lines;
45 description = ''
46 Verbatim config file to use
47 (see https://kazu-yamamoto.github.io/mighttpd2/config.html)
48 '';
49 };
51 routing = mkOption {
52 default = "";
53 example = ''
54 # Example routing for Mighttpd 2
56 # Domain lists
57 [localhost www.example.com]
59 # Entries are looked up in the specified order
60 # All paths must end with "/"
62 # A path to CGI scripts should be specified with "=>"
63 /~alice/cgi-bin/ => /home/alice/public_html/cgi-bin/
65 # A path to static files should be specified with "->"
66 /~alice/ -> /home/alice/public_html/
67 /cgi-bin/ => /export/cgi-bin/
69 # Reverse proxy rules should be specified with ">>"
70 # /path >> host:port/path2
71 # Either "host" or ":port" can be committed, but not both.
72 /app/cal/ >> example.net/calendar/
73 # Yesod app in the same server
74 /app/wiki/ >> 127.0.0.1:3000/
76 / -> /export/www/
77 '';
78 type = types.lines;
79 description = ''
80 Verbatim routing file to use
81 (see https://kazu-yamamoto.github.io/mighttpd2/config.html)
82 '';
83 };
85 cores = mkOption {
86 default = null;
87 type = types.nullOr types.int;
88 description = ''
89 How many cores to use.
90 If null it will be determined automatically
91 '';
92 };
94 };
96 config = mkIf cfg.enable {
97 assertions =
98 [ { assertion = cfg.routing != "";
99 message = "You need at least one rule in mighttpd2.routing";
100 }
101 ];
102 systemd.services.mighttpd2 = {
103 description = "Mighttpd2 web server";
104 wants = [ "network-online.target" ];
105 after = [ "network-online.target" ];
106 wantedBy = [ "multi-user.target" ];
107 serviceConfig = {
108 ExecStart = ''
109 ${pkgs.haskellPackages.mighttpd2}/bin/mighty \
110 ${configFile} \
111 ${routingFile} \
112 +RTS -N${optionalString (cfg.cores != null) "${cfg.cores}"}
113 '';
114 Type = "simple";
115 User = "mighttpd2";
116 Group = "mighttpd2";
117 Restart = "on-failure";
118 AmbientCapabilities = "cap_net_bind_service";
119 CapabilityBoundingSet = "cap_net_bind_service";
120 };
121 };
123 users.users.mighttpd2 = {
124 group = "mighttpd2";
125 uid = config.ids.uids.mighttpd2;
126 isSystemUser = true;
127 };
129 users.groups.mighttpd2.gid = config.ids.gids.mighttpd2;
130 };
132 meta.maintainers = with lib.maintainers; [ fgaz ];
133 }