diff --git a/nixos/modules/misc/ids.nix b/nixos/modules/misc/ids.nix index 66f04668a706..9dc9b49b9e3b 100644 --- a/nixos/modules/misc/ids.nix +++ b/nixos/modules/misc/ids.nix @@ -103,6 +103,7 @@ zope2 = 94; firebird = 95; redis = 96; + haproxy = 97; # When adding a uid, make sure it doesn't match an existing gid. @@ -189,6 +190,7 @@ quassel = 89; amule = 90; minidlna = 91; + haproxy = 92; # When adding a gid, make sure it doesn't match an existing uid. diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index cea57c0068a8..b0126b721db5 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -156,6 +156,7 @@ ./services/networking/dnsmasq.nix ./services/networking/ejabberd.nix ./services/networking/firewall.nix + ./services/networking/haproxy.nix ./services/networking/tcpcrypt.nix ./services/networking/flashpolicyd.nix ./services/networking/freenet.nix diff --git a/nixos/modules/services/networking/haproxy.nix b/nixos/modules/services/networking/haproxy.nix new file mode 100644 index 000000000000..c8345a528a72 --- /dev/null +++ b/nixos/modules/services/networking/haproxy.nix @@ -0,0 +1,87 @@ +{ config, pkgs, ...}: +let + cfg = config.services.haproxy; + haproxyCfg = pkgs.writeText "haproxy.conf" cfg.config; +in +with pkgs.lib; +{ + options = { + services.haproxy = { + + enable = mkOption { + default = false; + description = " + Enable the HAProxy. + "; + }; + + config = mkOption { + default = + '' + global + log 127.0.0.1 local6 + maxconn 24000 + daemon + nbproc 1 + + defaults + mode http + option httpclose + + # Remove requests from the queue if people press stop button + option abortonclose + + # Try to connect this many times on failure + retries 3 + + # If a client is bound to a particular backend but it goes down, + # send them to a different one + option redispatch + + monitor-uri /haproxy-ping + + timeout connect 7s + timeout queue 300s + timeout client 300s + timeout server 300s + + # Enable status page at this URL, on the port HAProxy is bound to + stats enable + stats uri /haproxy-status + stats refresh 5s + stats realm Haproxy statistics + ''; + description = " + Default configuration. + "; + }; + + }; + + }; + + config = mkIf cfg.enable { + + systemd.services.haproxy = { + description = "HAProxy"; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + Type = "forking"; + PIDFile = "/var/run/haproxy.pid"; + ExecStartPre = "${pkgs.haproxy}/sbin/haproxy -c -q -f ${haproxyCfg}"; + ExecStart = "${pkgs.haproxy}/sbin/haproxy -D -f ${haproxyCfg} -p /var/run/haproxy.pid"; + ExecReload = "-${pkgs.bash}/bin/bash -c \"exec ${pkgs.haproxy}/sbin/haproxy -D -f ${haproxyCfg} -p /var/run/haproxy.pid -sf $MAINPID\""; + }; + }; + + environment.systemPackages = [ pkgs.haproxy ]; + + users.extraUsers.haproxy = { + group = "haproxy"; + uid = config.ids.uids.haproxy; + }; + + users.extraGroups.haproxy.gid = config.ids.uids.haproxy; + }; +} diff --git a/pkgs/tools/networking/haproxy/default.nix b/pkgs/tools/networking/haproxy/default.nix index 3946f1eef0fa..e4a32e14260c 100644 --- a/pkgs/tools/networking/haproxy/default.nix +++ b/pkgs/tools/networking/haproxy/default.nix @@ -3,7 +3,7 @@ stdenv.mkDerivation rec { version = "1.4.24"; name = "haproxy-${version}"; - + src = fetchurl { url = "http://haproxy.1wt.eu/download/1.4/src/${name}.tar.gz"; sha256 = "1vy7jz7l8qdd6ah3y65zarz9x9pf3bs02icxnrckpgh1s3s2h2b8";