nixos/piwik: Make webServerUser default to nginx
if the nginx option is used. Noted that either webServerUser or nginx option is mandatory. Also introduce an assertion if both are not set, and a warning if both are set. Resolves #27704.
This commit is contained in:
parent
adb03f32a1
commit
0544ac4a1b
@ -24,14 +24,17 @@ in {
|
|||||||
default = false;
|
default = false;
|
||||||
description = ''
|
description = ''
|
||||||
Enable piwik web analytics with php-fpm backend.
|
Enable piwik web analytics with php-fpm backend.
|
||||||
|
Either the nginx option or the webServerUser option is mandatory.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
webServerUser = mkOption {
|
webServerUser = mkOption {
|
||||||
type = types.str;
|
type = types.nullOr types.str;
|
||||||
example = "nginx";
|
default = null;
|
||||||
|
example = "lighttpd";
|
||||||
description = ''
|
description = ''
|
||||||
Name of the owner of the ${phpSocket} fastcgi socket for piwik.
|
Name of the web server user that forwards requests to the ${phpSocket} fastcgi socket for piwik if the nginx
|
||||||
|
option is not used. Either this option or the nginx option is mandatory.
|
||||||
If you want to use another webserver than nginx, you need to set this to that server's user
|
If you want to use another webserver than nginx, you need to set this to that server's user
|
||||||
and pass fastcgi requests to `index.php` and `piwik.php` to this socket.
|
and pass fastcgi requests to `index.php` and `piwik.php` to this socket.
|
||||||
'';
|
'';
|
||||||
@ -67,6 +70,7 @@ in {
|
|||||||
};
|
};
|
||||||
description = ''
|
description = ''
|
||||||
With this option, you can customize an nginx virtualHost which already has sensible defaults for piwik.
|
With this option, you can customize an nginx virtualHost which already has sensible defaults for piwik.
|
||||||
|
Either this option or the webServerUser option is mandatory.
|
||||||
Set this to {} to just enable the virtualHost if you don't need any customization.
|
Set this to {} to just enable the virtualHost if you don't need any customization.
|
||||||
If enabled, then by default, the serverName is piwik.$\{config.networking.hostName\}, SSL is active,
|
If enabled, then by default, the serverName is piwik.$\{config.networking.hostName\}, SSL is active,
|
||||||
and certificates are acquired via ACME.
|
and certificates are acquired via ACME.
|
||||||
@ -77,6 +81,14 @@ in {
|
|||||||
};
|
};
|
||||||
|
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
|
warnings = mkIf (cfg.nginx != null && cfg.webServerUser != null) [
|
||||||
|
"If services.piwik.nginx is set, services.piwik.nginx.webServerUser is ignored and should be removed."
|
||||||
|
];
|
||||||
|
|
||||||
|
assertions = [ {
|
||||||
|
assertion = cfg.nginx != null || cfg.webServerUser != null;
|
||||||
|
message = "Either services.piwik.nginx or services.piwik.nginx.webServerUser is mandatory";
|
||||||
|
}];
|
||||||
|
|
||||||
users.extraUsers.${user} = {
|
users.extraUsers.${user} = {
|
||||||
isSystemUser = true;
|
isSystemUser = true;
|
||||||
@ -132,10 +144,16 @@ in {
|
|||||||
serviceConfig.UMask = "0007";
|
serviceConfig.UMask = "0007";
|
||||||
};
|
};
|
||||||
|
|
||||||
services.phpfpm.poolConfigs = {
|
services.phpfpm.poolConfigs = let
|
||||||
|
# workaround for when both are null and need to generate a string,
|
||||||
|
# which is illegal, but as assertions apparently are being triggered *after* config generation,
|
||||||
|
# we have to avoid already throwing errors at this previous stage.
|
||||||
|
socketOwner = if (cfg.nginx != null) then config.services.nginx.user
|
||||||
|
else if (cfg.webServerUser != null) then cfg.webServerUser else "";
|
||||||
|
in {
|
||||||
${pool} = ''
|
${pool} = ''
|
||||||
listen = "${phpSocket}"
|
listen = "${phpSocket}"
|
||||||
listen.owner = ${cfg.webServerUser}
|
listen.owner = ${socketOwner}
|
||||||
listen.group = root
|
listen.group = root
|
||||||
listen.mode = 0600
|
listen.mode = 0600
|
||||||
user = ${user}
|
user = ${user}
|
||||||
|
Loading…
Reference in New Issue
Block a user