# SPDX-FileCopyrightText: V # SPDX-License-Identifier: OSL-3.0 { config, lib, utils, pkgs, ... }: with lib; let cfg = config.services.cgiserver; inherit (utils.systemdUtils.unitOptions) serviceOptions socketOptions; # TODO(V): These descriptions could use a bit of work. instanceOpts = { name, ... }: { options = { description = mkOption { description = "Short description of the application."; type = with types; nullOr str; default = null; }; application = mkOption { description = "Path to the application."; type = types.path; }; environment = mkOption { description = "Environment variables passed to the application."; type = with types; attrsOf str; default = {}; }; serviceConfig = mkOption { description = "Extra options to put in the [Service] section of the application's service unit."; inherit ((serviceOptions { name = null; config = null; }).options.serviceConfig) type; default = {}; }; listenStreams = mkOption { description = "Addresses to listen on, in the format used by the ListenStream option of systemd.socket(5)."; inherit (socketOptions.options.listenStreams) type; default = [ "/run/${name}/${name}.sock" ]; }; }; }; in { options.services.cgiserver = { instances = mkOption { description = "Definition of CGI application instances."; type = with types; attrsOf (submodule instanceOpts); default = {}; }; }; config = { systemd.sockets = mapAttrs (name: config: { inherit (config) listenStreams; wantedBy = [ "sockets.target" ]; }) cfg.instances; systemd.services = mapAttrs (name: config: { inherit (config) description environment; serviceConfig = { ExecStart = "${pkgs.cgiserver}/bin/cgiserver ${config.application}"; DynamicUser = true; # TODO(V): Hardening options } // config.serviceConfig; }) cfg.instances; }; meta.maintainers = with maintainers; [ V ]; }