nixos/lighttpd: add services.lighttpd.enableModules option

This option makes the coupling between lighttpd and its sub-services
more "loose".

While the option is a list, its purpose is to provide a "set" of needed
modules to load for lighttpd to function correctly with its config. The
NixOS lighttpd module ensures that lighttpd modules are loaded no more
than once (because lighttpd dislikes that), and in the correct order.

Also add an assertion that all modules listed in .enableModules are
valid.
This commit is contained in:
Bjørn Forsman 2014-09-07 16:47:49 +02:00
parent 5c6170a848
commit fca51849ec
3 changed files with 88 additions and 13 deletions

View File

@ -44,6 +44,9 @@ in
# make the cgitrc manpage available # make the cgitrc manpage available
environment.systemPackages = [ pkgs.cgit ]; environment.systemPackages = [ pkgs.cgit ];
# declare module dependencies
services.lighttpd.enableModules = [ "mod_cgi" "mod_alias" "mod_setenv" ];
services.lighttpd.extraConfig = '' services.lighttpd.extraConfig = ''
$HTTP["url"] =~ "^/cgit" { $HTTP["url"] =~ "^/cgit" {
cgi.assign = ( cgi.assign = (

View File

@ -8,12 +8,54 @@ let
cfg = config.services.lighttpd; cfg = config.services.lighttpd;
needModRedirect = cfg.gitweb.enable; # List of known lighttpd modules, ordered by how the lighttpd documentation
needModAlias = cfg.cgit.enable || cfg.gitweb.enable; # recommends them being imported:
needModSetenv = cfg.cgit.enable || cfg.gitweb.enable; # http://redmine.lighttpd.net/projects/1/wiki/Server_modulesDetails
needModCgi = cfg.cgit.enable || cfg.gitweb.enable; #
needModStatus = cfg.mod_status; # Some modules are always imported and should not appear in the config:
needModUserdir = cfg.mod_userdir; # disallowedModules = [ "mod_indexfile" "mod_dirlisting" "mod_staticfile" ];
#
# Get full module list: "ls -1 $lighttpd/lib/*.so"
allKnownModules = [
"mod_rewrite"
"mod_redirect"
"mod_alias"
"mod_access"
"mod_auth"
"mod_status"
"mod_simple_vhost"
"mod_evhost"
"mod_userdir"
"mod_secdownload"
"mod_fastcgi"
"mod_proxy"
"mod_cgi"
"mod_ssi"
"mod_compress"
"mod_usertrack"
"mod_expire"
"mod_rrdtool"
"mod_accesslog"
# Remaining list of modules, order assumed to be unimportant.
"mod_cml"
"mod_dirlisting"
"mod_evasive"
"mod_extforward"
"mod_flv_streaming"
"mod_magnet"
"mod_mysql_vhost"
"mod_rewrite"
"mod_scgi"
"mod_setenv"
"mod_trigger_b4_dl"
"mod_webdav"
];
maybeModuleString = moduleName:
if elem moduleName cfg.enableModules then ''"${moduleName}"'' else "";
modulesIncludeString = concatStringsSep ",\n"
(filter (x: x != "") (map maybeModuleString allKnownModules));
configFile = if cfg.configText != "" then configFile = if cfg.configText != "" then
pkgs.writeText "lighttpd.conf" '' pkgs.writeText "lighttpd.conf" ''
@ -38,13 +80,7 @@ let
# been loaded already. So if two services were to put the same module in # been loaded already. So if two services were to put the same module in
# server.modules += (), that would break the lighttpd configuration. # server.modules += (), that would break the lighttpd configuration.
server.modules = ( server.modules = (
${optionalString needModRedirect ''"mod_redirect",''} ${modulesIncludeString}
${optionalString needModAlias ''"mod_alias",''}
${optionalString needModSetenv ''"mod_setenv",''}
${optionalString needModCgi ''"mod_cgi",''}
${optionalString needModStatus ''"mod_status",''}
${optionalString needModUserdir ''"mod_userdir",''}
"mod_accesslog"
) )
# Logging (logs end up in systemd journal) # Logging (logs end up in systemd journal)
@ -117,6 +153,19 @@ in
''; '';
}; };
enableModules = mkOption {
type = types.listOf types.str;
default = [ ];
example = [ "mod_cgi" "mod_status" ];
description = ''
List of lighttpd modules to enable. Sub-services take care of
enabling modules as needed, so this option is mainly for when you
want to add custom stuff to
<option>services.lighttpd.extraConfig</option> that depends on a
certain module.
'';
};
mod_status = mkOption { mod_status = mkOption {
default = false; default = false;
type = types.uniq types.bool; type = types.uniq types.bool;
@ -152,6 +201,26 @@ in
config = mkIf cfg.enable { config = mkIf cfg.enable {
assertions = [
{ assertion = all (x: elem x allKnownModules) cfg.enableModules;
message = ''
One (or more) modules in services.lighttpd.enableModules are
unrecognized.
Known modules: ${toString allKnownModules}
services.lighttpd.enableModules: ${toString cfg.enableModules}
'';
}
];
services.lighttpd.enableModules = mkMerge
[ (mkIf cfg.mod_status [ "mod_status" ])
(mkIf cfg.mod_userdir [ "mod_userdir" ])
# always load mod_accesslog so that we can log to the journal
[ "mod_accesslog" ]
];
systemd.services.lighttpd = { systemd.services.lighttpd = {
description = "Lighttpd Web Server"; description = "Lighttpd Web Server";
after = [ "network.target" ]; after = [ "network.target" ];

View File

@ -44,6 +44,9 @@ in
config = mkIf cfg.enable { config = mkIf cfg.enable {
# declare module dependencies
services.lighttpd.enableModules = [ "mod_cgi" "mod_redirect" "mod_alias" "mod_setenv" ];
services.lighttpd.extraConfig = '' services.lighttpd.extraConfig = ''
$HTTP["url"] =~ "^/gitweb" { $HTTP["url"] =~ "^/gitweb" {
cgi.assign = ( cgi.assign = (