summary refs log tree commit diff
path: root/fleet/modules/cgiserver.nix
blob: 6cafbe0e5bd6c5fc83c6fe61131bf65fe009a847 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73

# SPDX-FileCopyrightText: V <v@unfathomable.blue>
# SPDX-License-Identifier: OSL-3.0

{ config, lib, pkgs, modulesPath, ... }:

with lib;

let
  cfg = config.services.cgiserver;

  inherit (import "${modulesPath}/system/boot/systemd-unit-options.nix" { inherit config lib; })
    serviceOptions socketOptions;

  # TODO(V): These descriptions could use a bit of work.
  instanceOpts = { name, ... }: {
    options = {
      description = mkOption {
        description = "Short description of the application.";
        type = with types; nullOr str;
        default = null;
      };

      application = mkOption {
        description = "Path to the application.";
        type = types.path;
      };

      environment = mkOption {
        description = "Environment variables passed to the application.";
        type = with types; attrsOf str;
        default = {};
      };

      serviceConfig = mkOption {
        description = "Extra options to put in the [Service] section of the application's service unit.";
        inherit (serviceOptions.serviceConfig) type;
        default = {};
      };

      listenStreams = mkOption {
        description = "Addresses to listen on, in the format used by the ListenStream option of systemd.socket(5).";
        inherit (socketOptions.listenStreams) type;
        default = [ "/run/${name}/${name}.sock" ];
      };
    };
  };
in {
  options.services.cgiserver = {
    instances = mkOption {
      description = "Definition of CGI application instances.";
      type = with types; attrsOf (submodule instanceOpts);
      default = {};
    };
  };

  config = {
    systemd.sockets = mapAttrs (name: config: {
      inherit (config) listenStreams;
      wantedBy = [ "sockets.target" ];
    }) cfg.instances;

    systemd.services = mapAttrs (name: config: {
      inherit (config) description environment;
      serviceConfig = {
        ExecStart = "${pkgs.cgiserver}/bin/cgiserver ${config.application}";
        DynamicUser = true;
        # TODO(V): Hardening options
      } // config.serviceConfig;
    }) cfg.instances;
  };

  meta.maintainers = with maintainers; [ V ];
}
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-04-28 22:01:15 +0000