nix: add git submodule .lib/nixpkgs-commonsoft

[sourcephile-nix.git] / install / logical / friot / nginx.nix

diff --git a/install/logical/friot/nginx.nix b/install/logical/friot/nginx.nix
index 1fde964554573a8e5c31140ac1b65ef6a3bfb1d7..01aa7a76e96dc6533d8bb3dd3444b80c975d3371 100644 (file)
--- a/install/logical/friot/nginx.nix
+++ b/install/logical/friot/nginx.nix
@@ -1,16 +1,21 @@
 {pkgs, lib, config, system, ...}:
 let inherit (lib) types;
     inherit (config.services) nginx x509;
-    logDir    = "/var/log/nginx";
     domainDir = dom: lib.concatStringsSep "/" (lib.reverseList (lib.splitString "." dom));
 in
 {
 imports = [
   nginx/gitweb.nix
 ];
-options.services.nginx.webDir = lib.mkOption {
-  type    = types.str;
-  default = "/var/www"; # TODO: /var/lib/nginx ?
+options.services.nginx = {
+  webDir = lib.mkOption {
+    type    = types.str;
+    default = "/var/lib/nginx";
+  };
+  logDir = lib.mkOption {
+    type    = types.str;
+    default = "/var/log/nginx";
+  };
 };
 config = {
   security.dhparams = {
@@ -19,6 +24,13 @@ config = {
       nginx = 1024;
     };
   };
+  systemd.services.nginx = {
+    preStart = lib.mkBefore ''
+      install -D -d -o ${nginx.user} -g ${nginx.group} -m 0700 \
+       ${nginx.webDir} \
+       ${nginx.logDir}
+    '';
+  };
   services.nginx = {
     enable = true;
     stateDir = "/dev/shm/nginx";
@@ -51,8 +63,8 @@ config = {
           #ssl_certificate_key ${x509.key};
         '';
         log = ''
-          access_log ${logDir}/access.log main buffer=32k;
-          error_log  ${logDir}/error.log warn;
+          access_log ${nginx.logDir}/access.log main buffer=32k;
+          error_log  ${nginx.logDir}/error.log warn;
           open_log_file_cache max=1000 inactive=20s min_uses=2 valid=1m;
         '';
         proxy = ''