nixos/modules/services/networking/morty.nix at 23.11-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / modules / services / networking / morty.nix
at 23.11-pre 2.3 kB view raw
 1{ config, lib, pkgs, ... }:
 2
 3with lib;
 4
 5let
 6
 7  cfg = config.services.morty;
 8
 9in
10
11{
12
13  ###### interface
14
15  options = {
16
17    services.morty = {
18
19      enable = mkEnableOption
20        (lib.mdDoc "Morty proxy server. See https://github.com/asciimoo/morty");
21
22      ipv6 = mkOption {
23        type = types.bool;
24        default = true;
25        description = lib.mdDoc "Allow IPv6 HTTP requests?";
26      };
27
28      key = mkOption {
29        type = types.str;
30        default = "";
31        description = lib.mdDoc ''
32          HMAC url validation key (hexadecimal encoded).
33          Leave blank to disable. Without validation key, anyone can
34          submit proxy requests. Leave blank to disable.
35          Generate with `printf %s somevalue | openssl dgst -sha1 -hmac somekey`
36        '';
37      };
38
39      timeout = mkOption {
40        type = types.int;
41        default = 2;
42        description = lib.mdDoc "Request timeout in seconds.";
43      };
44
45      package = mkOption {
46        type = types.package;
47        default = pkgs.morty;
48        defaultText = literalExpression "pkgs.morty";
49        description = lib.mdDoc "morty package to use.";
50      };
51
52      port = mkOption {
53        type = types.port;
54        default = 3000;
55        description = lib.mdDoc "Listing port";
56      };
57
58      listenAddress = mkOption {
59        type = types.str;
60        default = "127.0.0.1";
61        description = lib.mdDoc "The address on which the service listens";
62      };
63
64    };
65
66  };
67
68  ###### Service definition
69
70  config = mkIf config.services.morty.enable {
71
72    users.users.morty =
73      { description = "Morty user";
74        createHome = true;
75        home = "/var/lib/morty";
76        isSystemUser = true;
77        group = "morty";
78      };
79    users.groups.morty = {};
80
81    systemd.services.morty =
82      {
83        description = "Morty sanitizing proxy server.";
84        after = [ "network.target" ];
85        wantedBy = [ "multi-user.target" ];
86        serviceConfig = {
87          User = "morty";
88          ExecStart = ''${cfg.package}/bin/morty              \
89            -listen ${cfg.listenAddress}:${toString cfg.port} \
90            ${optionalString cfg.ipv6 "-ipv6"}                \
91            ${optionalString (cfg.key != "") "-key " + cfg.key} \
92          '';
93        };
94      };
95    environment.systemPackages = [ cfg.package ];
96
97  };
98}