blob: b8a0a24e3aad1a85b62f51a34c13375bca6232ce (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
|
{config, pkgs, lib, ...}:
let
cfg = config.services.nghttpx;
# renderHost :: Either ServerOptions Path -> String
renderHost = server:
if builtins.isString server
then "unix://${server}"
else "${server.host},${builtins.toString server.port}";
# Filter out submodule parameters whose value is null or false or is
# the key _module.
#
# filterParams :: ParamsSubmodule -> ParamsSubmodule
filterParams = p:
lib.filterAttrs
(n: v: ("_module" != n) && (null != v) && (false != v))
(lib.optionalAttrs (null != p) p);
# renderBackend :: BackendSubmodule -> String
renderBackend = backend:
let
host = renderHost backend.server;
patterns = lib.concatStringsSep ":" backend.patterns;
# Render a set of backend parameters, this is somewhat
# complicated because nghttpx backend patterns can be entirely
# omitted and the params may be given as a mixed collection of
# 'key=val' pairs or atoms (e.g: 'proto=h2;tls')
params =
lib.mapAttrsToList
(n: v:
if builtins.isBool v
then n
else if builtins.isString v
then "${n}=${v}"
else "${n}=${builtins.toString v}")
(filterParams backend.params);
# NB: params are delimited by a ";" which is the same delimiter
# to separate the host;[pattern];[params] sections of a backend
sections =
builtins.filter (e: "" != e) ([
host
patterns
]++params);
formattedSections = lib.concatStringsSep ";" sections;
in
"backend=${formattedSections}";
# renderFrontend :: FrontendSubmodule -> String
renderFrontend = frontend:
let
host = renderHost frontend.server;
params0 =
lib.mapAttrsToList
(n: v: if builtins.isBool v then n else v)
(filterParams frontend.params);
# NB: nghttpx doesn't accept "tls", you must omit "no-tls" for
# the default behavior of turning on TLS.
params1 = lib.remove "tls" params0;
sections = [ host] ++ params1;
formattedSections = lib.concatStringsSep ";" sections;
in
"frontend=${formattedSections}";
configurationFile = pkgs.writeText "nghttpx.conf" ''
${lib.optionalString (null != cfg.tls) ("private-key-file="+cfg.tls.key)}
${lib.optionalString (null != cfg.tls) ("certificate-file="+cfg.tls.crt)}
user=nghttpx
${lib.concatMapStringsSep "\n" renderFrontend cfg.frontends}
${lib.concatMapStringsSep "\n" renderBackend cfg.backends}
backlog=${builtins.toString cfg.backlog}
backend-address-family=${cfg.backend-address-family}
workers=${builtins.toString cfg.workers}
rlimit-nofile=${builtins.toString cfg.rlimit-nofile}
${lib.optionalString cfg.single-thread "single-thread=yes"}
${lib.optionalString cfg.single-process "single-process=yes"}
${cfg.extraConfig}
'';
in
{ imports = [
./nghttpx-options.nix
];
config = lib.mkIf cfg.enable {
users.groups.nghttpx = { };
users.users.nghttpx = {
group = config.users.groups.nghttpx.name;
isSystemUser = true;
};
systemd.services = {
nghttpx = {
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
script = ''
${pkgs.nghttp2}/bin/nghttpx --conf=${configurationFile}
'';
serviceConfig = {
Restart = "on-failure";
RestartSec = 60;
};
};
};
};
}
|