nixos/fcgiwrap: refactor for multiple instances

This allows configuring and starting independent instances of the fgciwrap service, each with their own settings and running user, instead of having to share a global one. I could not use `mkRenamedOptionModule` on the previous options because the aliases conflict with `attrsOf submodule` now defined at `services.fcgiwrap`. This makes this change not backward compatible.
2024-06-08 22:34:13 +02:00 · 2024-06-08 22:34:13 +02:00 · 41419ca288
commit 41419ca288
parent e2a6227705
2 changed files with 24 additions and 20 deletions
--- a/nixos/doc/manual/release-notes/rl-2411.section.md
+++ b/nixos/doc/manual/release-notes/rl-2411.section.md
@ -44,6 +44,12 @@
  it is set, instead of the previous hardcoded default of
  `${networking.hostName}.${security.ipa.domain}`.

+- The fcgiwrap module now allows multiple instances running as distinct users.
+  The option `services.fgciwrap` now takes an attribute set of the
+  configuration of each individual instance.
+  This requires migrating any previous configuration keys from
+  `services.fcgiwrap.*` to `services.fcgiwrap.some-instance.*`.
+
 - `nvimpager` was updated to version 0.13.0, which changes the order of user and
  nvimpager settings: user commands in `-c` and `--cmd` now override the
  respective default settings because they are executed later.
--- a/nixos/modules/services/web-servers/fcgiwrap.nix
+++ b/nixos/modules/services/web-servers/fcgiwrap.nix
@ -3,17 +3,15 @@
 with lib;

 let
-  cfg = config.services.fcgiwrap;
+  forEachInstance = f: flip mapAttrs' config.services.fcgiwrap (name: cfg:
+    nameValuePair "fcgiwrap-${name}" (f cfg)
+  );
+
 in {
-
-  options = {
-    services.fcgiwrap = {
-      enable = mkOption {
-        type = types.bool;
-        default = false;
-        description = "Whether to enable fcgiwrap, a server for running CGI applications over FastCGI.";
-      };
-
+  options.services.fcgiwrap = mkOption {
+    description = "Configuration for fcgiwrap instances.";
+    default = { };
+    type = types.attrsOf (types.submodule ({ config, ... }: { options = {
      preforkProcesses = mkOption {
        type = types.int;
        default = 1;
@ -28,7 +26,7 @@ in {

      socketAddress = mkOption {
        type = types.str;
-        default = "/run/fcgiwrap.sock";
+        default = "/run/fcgiwrap-${config._module.args.name}.sock";
        example = "1.2.3.4:5678";
        description = "Socket address. In case of a UNIX socket, this should be its filesystem path.";
      };
@ -44,11 +42,11 @@ in {
        default = null;
        description = "Group permissions for the socket.";
      };
-    };
+    }; }));
  };

-  config = mkIf cfg.enable {
-    systemd.services.fcgiwrap = {
+  config = {
+    systemd.services = forEachInstance (cfg: {
      after = [ "nss-user-lookup.target" ];
      wantedBy = optional (cfg.socketType != "unix") "multi-user.target";

@ -60,13 +58,13 @@ in {
        User = cfg.user;
        Group = cfg.group;
      } else { } );
-    };
+    });

-    systemd.sockets = if (cfg.socketType == "unix") then {
-      fcgiwrap = {
-        wantedBy = [ "sockets.target" ];
-        socketConfig.ListenStream = cfg.socketAddress;
+    systemd.sockets = forEachInstance (cfg: mkIf (cfg.socketType == "unix") {
+      wantedBy = [ "sockets.target" ];
+      socketConfig = {
+        ListenStream = cfg.socketAddress;
      };
-    } else { };
+    });
  };
 }