nginx: Verify that configuration is syntactically correct (#17208)

1 files changed, 12 insertions, 3 deletions

diff --git a/nixos/modules/services/web-servers/nginx/default.nix b/nixos/modules/services/web-servers/nginx/default.nix
index 27a33f33ff93..bd936c0ce993 100644
--- a/nixos/modules/services/web-servers/nginx/default.nix
+++ b/nixos/modules/services/web-servers/nginx/default.nix
@@ -5,7 +5,7 @@ with lib;
 let
   cfg = config.services.nginx;
   nginx = cfg.package;
-  configFile = pkgs.writeText "nginx.conf" ''
+  configFileText = ''
     user ${cfg.user} ${cfg.group};
     daemon off;
 
@@ -19,6 +19,17 @@ let
     ''}
     ${cfg.appendConfig}
   '';
+  configFile = pkgs.runCommand "nginx.conf" {
+    text = configFileText;
+    passAsFile = ["text"];
+    preferLocalBuild = true;
+    allowSubstitutes = false;
+  } ''
+    mkdir -p "$(dirname "$out")"
+    mv "$textPath" "$out"
+    (${nginx}/bin/nginx -t -c "$out" -p ${cfg.stateDir} || true) 2>&1 | grep -q 'syntax is ok'
+  '';
+
 in
 
 {
@@ -91,8 +102,6 @@ in
   };
 
   config = mkIf cfg.enable {
-    # TODO: test user supplied config file pases syntax test
-
     systemd.services.nginx = {
       description = "Nginx Web Server";
       after = [ "network.target" ];