nixos/modules/services/misc/libreddit.nix at 22.05-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / modules / services / misc / libreddit.nix
at 22.05-pre 1.6 kB view raw
 1{ config, lib, pkgs, ... }:
 2
 3with lib;
 4
 5  let
 6    cfg = config.services.libreddit;
 7
 8    args = concatStringsSep " " ([
 9      "--port ${toString cfg.port}"
10      "--address ${cfg.address}"
11    ] ++ optional cfg.redirect "--redirect-https");
12
13in
14{
15  options = {
16    services.libreddit = {
17      enable = mkEnableOption "Private front-end for Reddit";
18
19      address = mkOption {
20        default = "0.0.0.0";
21        example = "127.0.0.1";
22        type =  types.str;
23        description = "The address to listen on";
24      };
25
26      port = mkOption {
27        default = 8080;
28        example = 8000;
29        type = types.port;
30        description = "The port to listen on";
31      };
32
33      redirect = mkOption {
34        type = types.bool;
35        default = false;
36        description = "Enable the redirecting to HTTPS";
37      };
38
39      openFirewall = mkOption {
40        type = types.bool;
41        default = false;
42        description = "Open ports in the firewall for the libreddit web interface";
43      };
44
45    };
46  };
47
48  config = mkIf cfg.enable {
49    systemd.services.libreddit = {
50        description = "Private front-end for Reddit";
51        wantedBy = [ "multi-user.target" ];
52        after = [ "network.target" ];
53        serviceConfig = {
54          DynamicUser = true;
55          ExecStart = "${pkgs.libreddit}/bin/libreddit ${args}";
56          AmbientCapabilities = lib.mkIf (cfg.port < 1024) [ "CAP_NET_BIND_SERVICE" ];
57          Restart = "on-failure";
58          RestartSec = "2s";
59        };
60    };
61
62    networking.firewall = mkIf cfg.openFirewall {
63      allowedTCPPorts = [ cfg.port ];
64    };
65  };
66}