* Statically check whether the generated httpd.conf is correct.

* Option `noUserDir' -> `enableUserDir', negatives are bad :-) svn path=/nixos/trunk/; revision=9927
2007-12-12 15:30:17 +00:00 · 2007-12-12 15:30:17 +00:00 · 4ef15fc095
parent 6f5da72337
commit 4ef15fc095
3 changed files with 64 additions and 12 deletions
--- a/system/options.nix
+++ b/system/options.nix
@ -929,10 +929,32 @@
        ";
      };

-      noUserDir = mkOption {
-        default = true;
+      enableUserDir = mkOption {
+        default = false;
        description = "
-          Set to false to let users to publish ~/public_html as /~user.
+          Whether to enable serving <filename>~/public_html</filename> as
+          <literal>/~<replaceable>username</replaceable></literal>.
+        ";
+      };
+
+      documentRoot = mkOption {
+        default = null;
+        example = "/data/webserver/docs";
+        description = "
+          The path of Apache's document root directory.  If left undefined,
+          an empty directory in the Nix store will be used as root.
+        ";
+      };
+
+      servedDirs = mkOption {
+        default = [];
+        example = [
+          { urlPath = "/nix";
+            dir = "/home/eelco/Dev/nix-homepage";
+          }
+        ];
+        description = "
+          This option provides a simple way to serve static directories.
        ";
      };

--- a/upstart-jobs/apache-httpd/default.nix
+++ b/upstart-jobs/apache-httpd/default.nix
@ -9,7 +9,8 @@ let
  httpd = pkgs.apacheHttpd;


-  documentRoot = "/etc";
+  documentRoot = if cfg.documentRoot != null then cfg.documentRoot else
+    pkgs.runCommand "empty" {} "ensureDir $out";


  # Names of modules from ${httpd}/modules that we want to load.
@ -138,12 +139,24 @@ let
      in pkgs.lib.concatStrings (map f apacheModules)
    }

-    # !!! is this a good idea?
-    UseCanonicalName Off
+    ${if cfg.enableUserDir then ''
    
-    ServerSignature On
+      UserDir public_html
      
-    ${if cfg.noUserDir then "" else "UserDir public_html"}
+      <Directory "/home/*/public_html">
+          AllowOverride FileInfo AuthConfig Limit Indexes
+          Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
+          <Limit GET POST OPTIONS>
+              Order allow,deny
+              Allow from all
+          </Limit>
+          <LimitExcept GET POST OPTIONS>
+              Order deny,allow
+              Deny from all
+          </LimitExcept>
+      </Directory>
+      
+    '' else ""}

    AddHandler type-map var

@ -156,6 +169,7 @@ let
    ${loggingConf}
    ${browserHacks}

+    Include ${httpd}/conf/extra/httpd-default.conf
    Include ${httpd}/conf/extra/httpd-autoindex.conf
    Include ${httpd}/conf/extra/httpd-multilang-errordoc.conf
    Include ${httpd}/conf/extra/httpd-languages.conf
@ -168,6 +182,18 @@ let
    </Directory>

    ${documentRootConf}
+
+    ${
+      let makeDirConf = elem: ''
+            Alias ${elem.urlPath} ${elem.dir}/
+            <Directory ${elem.dir}>
+                Order allow,deny
+                Allow from all
+                AllowOverride None
+            </Directory>
+          '';
+      in pkgs.lib.concatStrings (map makeDirConf cfg.servedDirs)
+    }
  '';

    
@ -188,6 +214,10 @@ in
    }
  ];

+  # Statically verify the syntactic correctness of the generated
+  # httpd.conf.
+  buildHook = "${httpd}/bin/httpd -f ${httpdConf} -t";
+
  job = ''
    description "Apache HTTPD"

--- a/upstart-jobs/httpd.nix
+++ b/upstart-jobs/httpd.nix
@ -17,7 +17,6 @@ let
  logDir = cfg.logDir;
  stateDir = cfg.stateDir;
  enableSSL = false;
-  noUserDir = cfg.noUserDir;
  extraDirectories = cfg.extraDirectories + extraConfig;

  startingDependency = if config.services.gw6c.enable then "gw6c" else "network-interfaces";
@ -29,7 +28,8 @@ let

    inherit hostName httpPort httpsPort
      user group adminAddr logDir stateDir
-      noUserDir extraDirectories;
+      extraDirectories;
+    noUserDir = !cfg.enableUserDir;
    
    subServices =