# NixOS module for lighttpd web server { config, pkgs, ... }: with pkgs.lib; let cfg = config.services.lighttpd; configFile = if cfg.configText != "" then pkgs.writeText "lighttpd.conf" '' ${cfg.configText} '' else pkgs.writeText "lighttpd.conf" '' server.document-root = "${cfg.document-root}" server.port = ${toString cfg.port} server.username = "lighttpd" server.groupname = "lighttpd" # Logging (logs end up in systemd journal) server.modules += ("mod_accesslog") accesslog.use-syslog = "enable" server.errorlog-use-syslog = "enable" mimetype.assign = ( ".html" => "text/html", ".htm" => "text/html", ".txt" => "text/plain", ".jpg" => "image/jpeg", ".png" => "image/png", ".css" => "text/css" ) static-file.exclude-extensions = ( ".fcgi", ".php", ".rb", "~", ".inc" ) index-file.names = ( "index.html" ) ${if cfg.mod_userdir then '' server.modules += ("mod_userdir") userdir.path = "public_html" '' else ""} ${cfg.extraConfig} ''; in { options = { services.lighttpd = { enable = mkOption { default = false; type = types.uniq types.bool; description = '' Enable the lighttpd web server. ''; }; port = mkOption { default = 80; type = types.uniq types.int; description = '' TCP port number for lighttpd to bind to. ''; }; document-root = mkOption { default = "/srv/www"; type = types.uniq types.string; description = '' Document-root of the web server. Must be readable by the "lighttpd" user. ''; }; mod_userdir = mkOption { default = false; type = types.uniq types.bool; description = '' If true, requests in the form /~user/page.html are rewritten to take the file public_html/page.html from the home directory of the user. ''; }; configText = mkOption { default = ""; type = types.string; example = ''...verbatim config file contents...''; description = '' Overridable config file contents to use for lighttpd. By default, use the contents automatically generated by NixOS. ''; }; extraConfig = mkOption { default = ""; type = types.string; description = '' These configuration lines will be appended to the generated lighttpd config file. Note that this mechanism does not work when the manual option is used. ''; }; }; }; config = mkIf cfg.enable { systemd.services.lighttpd = { description = "Lighttpd Web Server"; after = [ "network.target" ]; wantedBy = [ "multi-user.target" ]; serviceConfig.ExecStart = "${pkgs.lighttpd}/sbin/lighttpd -D -f ${configFile}"; # SIGINT => graceful shutdown serviceConfig.KillSignal = "SIGINT"; }; users.extraUsers.lighttpd = { group = "lighttpd"; description = "lighttpd web server privilege separation user"; }; users.extraGroups.lighttpd = {}; }; }