nixos/fcgiwrap: group options logically, fix doc

Since we're already introducing some backward-incompatible change in the previous commit, let's make the options more tidy, also preparing for the introduction of more options. This also fixes the documentation of the user and group options which are applying to the service's running user, not the socket.
2024-11-26 00:43:20 +00:00 · 2024-06-08 22:34:17 +02:00 · 2024-06-08 22:34:17 +02:00 · 022289f2fa
commit 022289f2fa
parent bf2ad6f48c
1 changed files with 27 additions and 24 deletions
--- a/nixos/modules/services/web-servers/fcgiwrap.nix
+++ b/nixos/modules/services/web-servers/fcgiwrap.nix
@ -12,35 +12,38 @@ in {
    description = "Configuration for fcgiwrap instances.";
    default = { };
    type = types.attrsOf (types.submodule ({ config, ... }: { options = {
-      preforkProcesses = mkOption {
+      process.prefork = mkOption {
        type = types.int;
        default = 1;
        description = "Number of processes to prefork.";
      };

-      socketType = mkOption {
+      process.user = mkOption {
+        type = types.nullOr types.str;
+        default = null;
+        description = "User as which this instance of fcgiwrap will be run.";
+      };
+
+      process.group = mkOption {
+        type = types.nullOr types.str;
+        default = null;
+        description = "Group as which this instance of fcgiwrap will be run.";
+      };
+
+      socket.type = mkOption {
        type = types.enum [ "unix" "tcp" "tcp6" ];
        default = "unix";
        description = "Socket type: 'unix', 'tcp' or 'tcp6'.";
      };

-      socketAddress = mkOption {
+      socket.address = mkOption {
        type = types.str;
        default = "/run/fcgiwrap-${config._module.args.name}.sock";
        example = "1.2.3.4:5678";
-        description = "Socket address. In case of a UNIX socket, this should be its filesystem path.";
-      };
-
-      user = mkOption {
-        type = types.nullOr types.str;
-        default = null;
-        description = "User permissions for the socket.";
-      };
-
-      group = mkOption {
-        type = types.nullOr types.str;
-        default = null;
-        description = "Group permissions for the socket.";
+        description = ''
+          Socket address.
+          In case of a UNIX socket, this should be its filesystem path.
+        '';
      };
    }; }));
  };
@ -48,22 +51,22 @@ in {
  config = {
    systemd.services = forEachInstance (cfg: {
      after = [ "nss-user-lookup.target" ];
-      wantedBy = optional (cfg.socketType != "unix") "multi-user.target";
+      wantedBy = optional (cfg.socket.type != "unix") "multi-user.target";

      serviceConfig = {
-        ExecStart = "${pkgs.fcgiwrap}/sbin/fcgiwrap -c ${builtins.toString cfg.preforkProcesses} ${
-          optionalString (cfg.socketType != "unix") "-s ${cfg.socketType}:${cfg.socketAddress}"
+        ExecStart = "${pkgs.fcgiwrap}/sbin/fcgiwrap -c ${builtins.toString cfg.process.prefork} ${
+          optionalString (cfg.socket.type != "unix") "-s ${cfg.socket.type}:${cfg.socket.address}"
        }";
-      } // (if cfg.user != null && cfg.group != null then {
-        User = cfg.user;
-        Group = cfg.group;
+      } // (if cfg.process.user != null && cfg.process.group != null then {
+        User = cfg.process.user;
+        Group = cfg.process.group;
      } else { } );
    });

-    systemd.sockets = forEachInstance (cfg: mkIf (cfg.socketType == "unix") {
+    systemd.sockets = forEachInstance (cfg: mkIf (cfg.socket.type == "unix") {
      wantedBy = [ "sockets.target" ];
      socketConfig = {
-        ListenStream = cfg.socketAddress;
+        ListenStream = cfg.socket.address;
      };
    });
  };