From fca51849ecf12dd46b2c872c73140e3f1f4675db Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B8rn=20Forsman?= Date: Sun, 7 Sep 2014 16:47:49 +0200 Subject: [PATCH] nixos/lighttpd: add services.lighttpd.enableModules option This option makes the coupling between lighttpd and its sub-services more "loose". While the option is a list, its purpose is to provide a "set" of needed modules to load for lighttpd to function correctly with its config. The NixOS lighttpd module ensures that lighttpd modules are loaded no more than once (because lighttpd dislikes that), and in the correct order. Also add an assertion that all modules listed in .enableModules are valid. --- .../services/web-servers/lighttpd/cgit.nix | 3 + .../services/web-servers/lighttpd/default.nix | 95 ++++++++++++++++--- .../services/web-servers/lighttpd/gitweb.nix | 3 + 3 files changed, 88 insertions(+), 13 deletions(-) diff --git a/nixos/modules/services/web-servers/lighttpd/cgit.nix b/nixos/modules/services/web-servers/lighttpd/cgit.nix index d4663781fd8..34b2fa600ad 100644 --- a/nixos/modules/services/web-servers/lighttpd/cgit.nix +++ b/nixos/modules/services/web-servers/lighttpd/cgit.nix @@ -44,6 +44,9 @@ in # make the cgitrc manpage available environment.systemPackages = [ pkgs.cgit ]; + # declare module dependencies + services.lighttpd.enableModules = [ "mod_cgi" "mod_alias" "mod_setenv" ]; + services.lighttpd.extraConfig = '' $HTTP["url"] =~ "^/cgit" { cgi.assign = ( diff --git a/nixos/modules/services/web-servers/lighttpd/default.nix b/nixos/modules/services/web-servers/lighttpd/default.nix index fc9487ab485..06f310eeb93 100644 --- a/nixos/modules/services/web-servers/lighttpd/default.nix +++ b/nixos/modules/services/web-servers/lighttpd/default.nix @@ -8,12 +8,54 @@ let cfg = config.services.lighttpd; - needModRedirect = cfg.gitweb.enable; - needModAlias = cfg.cgit.enable || cfg.gitweb.enable; - needModSetenv = cfg.cgit.enable || cfg.gitweb.enable; - needModCgi = cfg.cgit.enable || cfg.gitweb.enable; - needModStatus = cfg.mod_status; - needModUserdir = cfg.mod_userdir; + # List of known lighttpd modules, ordered by how the lighttpd documentation + # recommends them being imported: + # http://redmine.lighttpd.net/projects/1/wiki/Server_modulesDetails + # + # Some modules are always imported and should not appear in the config: + # disallowedModules = [ "mod_indexfile" "mod_dirlisting" "mod_staticfile" ]; + # + # Get full module list: "ls -1 $lighttpd/lib/*.so" + allKnownModules = [ + "mod_rewrite" + "mod_redirect" + "mod_alias" + "mod_access" + "mod_auth" + "mod_status" + "mod_simple_vhost" + "mod_evhost" + "mod_userdir" + "mod_secdownload" + "mod_fastcgi" + "mod_proxy" + "mod_cgi" + "mod_ssi" + "mod_compress" + "mod_usertrack" + "mod_expire" + "mod_rrdtool" + "mod_accesslog" + # Remaining list of modules, order assumed to be unimportant. + "mod_cml" + "mod_dirlisting" + "mod_evasive" + "mod_extforward" + "mod_flv_streaming" + "mod_magnet" + "mod_mysql_vhost" + "mod_rewrite" + "mod_scgi" + "mod_setenv" + "mod_trigger_b4_dl" + "mod_webdav" + ]; + + maybeModuleString = moduleName: + if elem moduleName cfg.enableModules then ''"${moduleName}"'' else ""; + + modulesIncludeString = concatStringsSep ",\n" + (filter (x: x != "") (map maybeModuleString allKnownModules)); configFile = if cfg.configText != "" then pkgs.writeText "lighttpd.conf" '' @@ -38,13 +80,7 @@ let # been loaded already. So if two services were to put the same module in # server.modules += (), that would break the lighttpd configuration. server.modules = ( - ${optionalString needModRedirect ''"mod_redirect",''} - ${optionalString needModAlias ''"mod_alias",''} - ${optionalString needModSetenv ''"mod_setenv",''} - ${optionalString needModCgi ''"mod_cgi",''} - ${optionalString needModStatus ''"mod_status",''} - ${optionalString needModUserdir ''"mod_userdir",''} - "mod_accesslog" + ${modulesIncludeString} ) # Logging (logs end up in systemd journal) @@ -117,6 +153,19 @@ in ''; }; + enableModules = mkOption { + type = types.listOf types.str; + default = [ ]; + example = [ "mod_cgi" "mod_status" ]; + description = '' + List of lighttpd modules to enable. Sub-services take care of + enabling modules as needed, so this option is mainly for when you + want to add custom stuff to + that depends on a + certain module. + ''; + }; + mod_status = mkOption { default = false; type = types.uniq types.bool; @@ -152,6 +201,26 @@ in config = mkIf cfg.enable { + assertions = [ + { assertion = all (x: elem x allKnownModules) cfg.enableModules; + message = '' + One (or more) modules in services.lighttpd.enableModules are + unrecognized. + + Known modules: ${toString allKnownModules} + + services.lighttpd.enableModules: ${toString cfg.enableModules} + ''; + } + ]; + + services.lighttpd.enableModules = mkMerge + [ (mkIf cfg.mod_status [ "mod_status" ]) + (mkIf cfg.mod_userdir [ "mod_userdir" ]) + # always load mod_accesslog so that we can log to the journal + [ "mod_accesslog" ] + ]; + systemd.services.lighttpd = { description = "Lighttpd Web Server"; after = [ "network.target" ]; diff --git a/nixos/modules/services/web-servers/lighttpd/gitweb.nix b/nixos/modules/services/web-servers/lighttpd/gitweb.nix index c407a1d8977..ef7072ecba3 100644 --- a/nixos/modules/services/web-servers/lighttpd/gitweb.nix +++ b/nixos/modules/services/web-servers/lighttpd/gitweb.nix @@ -44,6 +44,9 @@ in config = mkIf cfg.enable { + # declare module dependencies + services.lighttpd.enableModules = [ "mod_cgi" "mod_redirect" "mod_alias" "mod_setenv" ]; + services.lighttpd.extraConfig = '' $HTTP["url"] =~ "^/gitweb" { cgi.assign = (