diff options
Diffstat (limited to 'fleet/modules/cgiserver.nix')
-rw-r--r-- | fleet/modules/cgiserver.nix | 73 |
1 files changed, 73 insertions, 0 deletions
diff --git a/fleet/modules/cgiserver.nix b/fleet/modules/cgiserver.nix new file mode 100644 index 0000000..6cafbe0 --- /dev/null +++ b/fleet/modules/cgiserver.nix @@ -0,0 +1,73 @@ +# SPDX-FileCopyrightText: V <v@unfathomable.blue> +# SPDX-License-Identifier: OSL-3.0 + +{ config, lib, pkgs, modulesPath, ... }: + +with lib; + +let + cfg = config.services.cgiserver; + + inherit (import "${modulesPath}/system/boot/systemd-unit-options.nix" { inherit config lib; }) + serviceOptions socketOptions; + + # TODO(V): These descriptions could use a bit of work. + instanceOpts = { name, ... }: { + options = { + description = mkOption { + description = "Short description of the application."; + type = with types; nullOr str; + default = null; + }; + + application = mkOption { + description = "Path to the application."; + type = types.path; + }; + + environment = mkOption { + description = "Environment variables passed to the application."; + type = with types; attrsOf str; + default = {}; + }; + + serviceConfig = mkOption { + description = "Extra options to put in the [Service] section of the application's service unit."; + inherit (serviceOptions.serviceConfig) type; + default = {}; + }; + + listenStreams = mkOption { + description = "Addresses to listen on, in the format used by the ListenStream option of systemd.socket(5)."; + inherit (socketOptions.listenStreams) type; + default = [ "/run/${name}/${name}.sock" ]; + }; + }; + }; +in { + options.services.cgiserver = { + instances = mkOption { + description = "Definition of CGI application instances."; + type = with types; attrsOf (submodule instanceOpts); + default = {}; + }; + }; + + config = { + systemd.sockets = mapAttrs (name: config: { + inherit (config) listenStreams; + wantedBy = [ "sockets.target" ]; + }) cfg.instances; + + systemd.services = mapAttrs (name: config: { + inherit (config) description environment; + serviceConfig = { + ExecStart = "${pkgs.cgiserver}/bin/cgiserver ${config.application}"; + DynamicUser = true; + # TODO(V): Hardening options + } // config.serviceConfig; + }) cfg.instances; + }; + + meta.maintainers = with maintainers; [ V ]; +} |