nixos/sks: Add a webroot option

The module will now, by default, serve a simple webpage via the built-in
web server (instead of displaying an error message).

1 files changed, 16 insertions, 0 deletions

diff --git a/nixos/modules/services/security/sks.nix b/nixos/modules/services/security/sks.nix
index 5e4b1a71fdd9..009b5980813f 100644
--- a/nixos/modules/services/security/sks.nix
+++ b/nixos/modules/services/security/sks.nix
@@ -53,6 +53,21 @@ in {
         type = types.ints.u16;
         description = "HKP port to listen on.";
       };
+
+      webroot = mkOption {
+        type = types.path;
+        default = "${sksPkg.webSamples}/OpenPKG";
+        defaultText = "\${pkgs.sks.webSamples}/OpenPKG";
+        description = ''
+	  Source directory (will be symlinked) for the files the built-in
+	  webserver should serve. SKS (''${pkgs.sks.webSamples}) provides the
+	  following examples: "HTML5", "OpenPKG", and "XHTML+ES". The index
+	  file can be named index.html, index.htm, index.xhtm, or index.xhtml.
+	  Files with the extensions .css, .es, .js, .jpg, .jpeg, .png, or .gif
+	  are supported. Subdirectories and filenames with anything other than
+          alphanumeric characters and the '.' character will be ignored.
+        '';
+      };
     };
   };
 
@@ -78,6 +93,7 @@ in {
         after = [ "network.target" ];
         wantedBy = [ "multi-user.target" ];
         preStart = ''
+          ln -sfT "${cfg.webroot}" web
           mkdir -p ${home}/dump
           ${sksPkg}/bin/sks build ${home}/dump/*.gpg -n 10 -cache 100 || true #*/
           ${sksPkg}/bin/sks cleandb || true