fleet: init

Co-authored-by: edef <edef@unfathomable.blue>
Change-Id: I36d2c4cca542ed91630b1b832f3c7a7b97b33c65

1 files changed, 73 insertions, 0 deletions

diff --git a/fleet/modules/cgiserver.nix b/fleet/modules/cgiserver.nix
new file mode 100644
index 0000000..6cafbe0
--- /dev/null
+++ b/fleet/modules/cgiserver.nix
@@ -0,0 +1,73 @@
+# SPDX-FileCopyrightText: V <v@unfathomable.blue>
+# SPDX-License-Identifier: OSL-3.0
+
+{ config, lib, pkgs, modulesPath, ... }:
+
+with lib;
+
+let
+  cfg = config.services.cgiserver;
+
+  inherit (import "${modulesPath}/system/boot/systemd-unit-options.nix" { inherit config lib; })
+    serviceOptions socketOptions;
+
+  # TODO(V): These descriptions could use a bit of work.
+  instanceOpts = { name, ... }: {
+    options = {
+      description = mkOption {
+        description = "Short description of the application.";
+        type = with types; nullOr str;
+        default = null;
+      };
+
+      application = mkOption {
+        description = "Path to the application.";
+        type = types.path;
+      };
+
+      environment = mkOption {
+        description = "Environment variables passed to the application.";
+        type = with types; attrsOf str;
+        default = {};
+      };
+
+      serviceConfig = mkOption {
+        description = "Extra options to put in the [Service] section of the application's service unit.";
+        inherit (serviceOptions.serviceConfig) type;
+        default = {};
+      };
+
+      listenStreams = mkOption {
+        description = "Addresses to listen on, in the format used by the ListenStream option of systemd.socket(5).";
+        inherit (socketOptions.listenStreams) type;
+        default = [ "/run/${name}/${name}.sock" ];
+      };
+    };
+  };
+in {
+  options.services.cgiserver = {
+    instances = mkOption {
+      description = "Definition of CGI application instances.";
+      type = with types; attrsOf (submodule instanceOpts);
+      default = {};
+    };
+  };
+
+  config = {
+    systemd.sockets = mapAttrs (name: config: {
+      inherit (config) listenStreams;
+      wantedBy = [ "sockets.target" ];
+    }) cfg.instances;
+
+    systemd.services = mapAttrs (name: config: {
+      inherit (config) description environment;
+      serviceConfig = {
+        ExecStart = "${pkgs.cgiserver}/bin/cgiserver ${config.application}";
+        DynamicUser = true;
+        # TODO(V): Hardening options
+      } // config.serviceConfig;
+    }) cfg.instances;
+  };
+
+  meta.maintainers = with maintainers; [ V ];
+}