diff --git a/nixos/modules/services/web-servers/fcgiwrap.nix b/nixos/modules/services/web-servers/fcgiwrap.nix index 7e91e7b60ee..2c5e433003c 100644 --- a/nixos/modules/services/web-servers/fcgiwrap.nix +++ b/nixos/modules/services/web-servers/fcgiwrap.nix @@ -4,7 +4,6 @@ with lib; let cfg = config.services.fcgiwrap; - in { options = { @@ -21,29 +20,53 @@ in { description = "Number of processes to prefork."; }; - bindSocket = mkOption { - type = types.string; - default = "unix:/run/fcgiwrap.sock"; - description = '' - Socket to bind to. Valid socket URLs are: - unix:/path/to/socket for Unix sockets - tcp:dot.ted.qu.ad:port for IPv4 sockets - tcp6:[ipv6_addr]:port for IPv6 sockets - ''; + socketType = mkOption { + type = types.addCheck types.str (t: t == "unix" || t == "tcp" || t == "tcp6"); + default = "unix"; + description = "Socket type: 'unix', 'tcp' or 'tcp6'."; + }; + + socketAddress = mkOption { + type = types.str; + default = "/run/fcgiwrap.sock"; + example = "1.2.3.4:5678"; + description = "Socket address. In case of a UNIX socket, this should be its filesystem path."; + }; + + user = mkOption { + type = types.nullOr types.str; + default = null; + description = "User permissions for the socket."; + }; + + group = mkOption { + type = types.nullOr types.str; + default = null; + description = "Group permissions for the socket."; }; }; }; config = mkIf cfg.enable { - systemd.services.fcgiwrap = { after = [ "nss-user-lookup.target" ]; - wantedBy = [ "multi-user.target" ]; + wantedBy = optional (cfg.socketType != "unix") "multi-user.target"; serviceConfig = { - ExecStart = "${pkgs.fcgiwrap}/sbin/fcgiwrap -c ${builtins.toString cfg.preforkProcesses} -s ${cfg.bindSocket}"; - }; + ExecStart = "${pkgs.fcgiwrap}/sbin/fcgiwrap -c ${builtins.toString cfg.preforkProcesses} ${ + if (cfg.socketType != "unix") then "-s ${cfg.socketType}:${cfg.socketAddress}" else "" + }"; + } // (if cfg.user != null && cfg.group != null then { + User = cfg.user; + Group = cfg.group; + } else { } ); }; + systemd.sockets = if (cfg.socketType == "unix") then { + fcgiwrap = { + wantedBy = [ "sockets.target" ]; + socketConfig.ListenStream = cfg.socketAddress; + }; + } else { }; }; }