From 464d738655590cb3df4ac6843dc2fd08dd3771f6 Mon Sep 17 00:00:00 2001
From: Arun Isaac <arunisaac@systemreboot.net>
Date: Fri, 19 Sep 2025 16:11:04 +0100
Subject: [PATCH] services: nginx: Add stream configuration.

* gnu/services/web.scm (<nginx-stream-configuration>): New record type.
(<nginx-configuration>)[stream]: New field.
(emit-nginx-server-config): Add context argument.
(default-nginx-config): Serialize stream.
* doc/guix.texi (Web Services): Document it.
---
 doc/guix.texi        | 27 ++++++++++++++++++++++++++
 gnu/services/web.scm | 46 ++++++++++++++++++++++++++++++++++++++++----
 2 files changed, 69 insertions(+), 4 deletions(-)

diff --git a/doc/guix.texi b/doc/guix.texi
index ef9922c423b2f5bff77b09eb98a53fc8e429f0c3..f531243c5c0d80cac0c7e6b801b5801eec16fc63 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -34622,6 +34622,10 @@ use the size of the processors cache line.
 @item @code{server-names-hash-bucket-max-size} (default: @code{#f})
 Maximum bucket size for the server names hash tables.
 
+@item @code{stream} (default: @code{#f})
+@code{<nginx-stream-configuration>} object describing stream server
+directives.
+
 @item @code{modules} (default: @code{'()})
 List of nginx dynamic modules to load.  This should be a list of file
 names of loadable modules, as in this example:
@@ -34834,6 +34838,29 @@ body of a named location block cannot contain location blocks.
 @end table
 @end deftp
 
+@deftp {Data Type} nginx-stream-configuration
+Data type representing the configuration file context in which stream
+directives are specified.  This type has the following parameters:
+
+@table @asis
+@item @code{upstream-blocks} (default: @code{'()})
+A list of upstream blocks to create in the generated configuration file,
+the elements should be of type @code{<nginx-upstream-configuration>}.
+
+@item @code{server-blocks} (default: @code{'()})
+A list of server blocks to create in the generated configuration file,
+the elements should be of type @code{<nginx-server-configuration>}.
+
+@item @code{extra-content} (default: @code{'()})
+Additional content to be appended to the @code{stream} block.  Can either
+be a value that can be lowered into a string or a list of such values.
+In the former case, it is inserted directly.  In the latter, it is
+prefixed with indentation and suffixed with a newline.  Nested lists are
+flattened into one line.
+
+@end table
+@end deftp
+
 @subsubheading Varnish Cache
 @cindex Varnish
 Varnish is a fast cache server that sits in between web applications
diff --git a/gnu/services/web.scm b/gnu/services/web.scm
index d12257690ce66f1cec44c40e75fcf8c7e08ecdb2..e3a5387ab723d2312eb2d8666205e29dacb6d0ab 100644
--- a/gnu/services/web.scm
+++ b/gnu/services/web.scm
@@ -68,6 +68,7 @@
   #:use-module ((guix packages) #:select (package-version))
   #:use-module (srfi srfi-1)
   #:use-module (srfi srfi-9)
+  #:use-module (srfi srfi-26)
   #:use-module (srfi srfi-34)
   #:use-module (ice-9 match)
   #:use-module (ice-9 format)
@@ -112,6 +113,7 @@
             nginx-configuration-upstream-blocks
             nginx-configuration-server-names-hash-bucket-size
             nginx-configuration-server-names-hash-bucket-max-size
+            nginx-configuration-stream
             nginx-configuration-modules
             nginx-configuration-global-directives
             nginx-configuration-extra-content
@@ -151,6 +153,11 @@
             nginx-named-location-configuration-name
             nginx-named-location-configuration-body
 
+            nginx-stream-configuration
+            nginx-stream-configuration-server-blocks
+            nginx-stream-configuraiton-upstream-blocks
+            nginx-stream-configuration-extra-content
+
             nginx-service
             nginx-service-type
 
@@ -587,6 +594,16 @@
                        (default #f))
   (body                nginx-named-location-configuration-body))
 
+(define-record-type* <nginx-stream-configuration>
+  nginx-stream-configuration make-nginx-stream-configuration
+  nginx-stream-configuration?
+  (upstream-blocks nginx-stream-configuration-upstream-blocks
+                   (default '()))  ;list of <nginx-upstream-configuration>
+  (server-blocks nginx-stream-configuration-server-blocks
+                 (default '()))  ;list of <nginx-server-configuration>
+  (extra-content nginx-stream-configuration-extra-content
+                 (default '())))
+
 (define-record-type* <nginx-configuration>
   nginx-configuration make-nginx-configuration
   nginx-configuration?
@@ -613,6 +630,8 @@
                                  (default #f))
   (server-names-hash-bucket-max-size nginx-configuration-server-names-hash-bucket-max-size
                                      (default #f))
+  (stream nginx-configuration-stream
+          (default #f))  ;#f | <nginx-stream-configuration>
   (modules nginx-configuration-modules (default '()))
   (global-directives nginx-configuration-global-directives
                      (default '((events . ()))))
@@ -677,7 +696,7 @@ of index files."
       (map (lambda (x) (list "        " x "\n")) body)
       "      }\n"))))
 
-(define (emit-nginx-server-config server)
+(define* (emit-nginx-server-config server #:optional (context 'http))
   (let ((listen (nginx-server-configuration-listen server))
         (server-name (nginx-server-configuration-server-name server))
         (ssl-certificate (nginx-server-configuration-ssl-certificate server))
@@ -702,16 +721,20 @@ of index files."
      "      server_name " (config-domain-strings server-name) ";\n"
      (and/l ssl-certificate     "      ssl_certificate " <> ";\n")
      (and/l ssl-certificate-key "      ssl_certificate_key " <> ";\n")
-     (if (not (equal? "" root))
+     (if (and (eq? context 'http)
+              (not (equal? "" root)))
          (list "      root " root ";\n")
          "")
-     (if (not (null? index))
+     (if (and (eq? context 'http)
+              (not (null? index)))
          (list "      index " (config-index-strings index) ";\n")
          "")
      (if (not (nil? try-files))
          (and/l (config-index-strings try-files) "      try_files " <> ";\n")
          "")
-     "      server_tokens " (if server-tokens? "on" "off") ";\n"
+     (if (eq? context 'http)
+         (list "      server_tokens " (if server-tokens? "on" "off") ";\n")
+         "")
      "\n"
      (map emit-nginx-location-config locations)
      "\n"
@@ -761,6 +784,7 @@ of index files."
                  server-blocks upstream-blocks
                  server-names-hash-bucket-size
                  server-names-hash-bucket-max-size
+                 stream
                  modules
                  global-directives
                  lua-package-path
@@ -773,6 +797,20 @@ of index files."
            "error_log " (nginx-error-log-file config) " " (symbol->string log-level) ";\n"
            (map emit-load-module modules)
            (map emit-global-directive global-directives)
+           (match stream
+             (#f "")
+             (_
+              (list "stream {\n"
+                    (map emit-nginx-upstream-config
+                         (nginx-stream-configuration-upstream-blocks stream))
+                    (map (cut emit-nginx-server-config <> 'stream)
+                         (nginx-stream-configuration-server-blocks stream))
+                    (let ((extra-content (nginx-stream-configuration-extra-content stream)))
+                      (if (list? extra-content)
+                          (map (cut list "    " <> "\n")
+                               extra-content)
+                          extra-content))
+                    "}\n")))
            "http {\n"
            "    client_body_temp_path " run-directory "/client_body_temp;\n"
            "    proxy_temp_path " run-directory "/proxy_temp;\n"