nixos/modules/services/web-servers/molly-brown.nix at 23.11-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / modules / services / web-servers / molly-brown.nix
at 23.11-pre 2.8 kB view raw
  1{ config, lib, pkgs, ... }:
  2
  3with lib;
  4
  5let
  6  cfg = config.services.molly-brown;
  7  settingsFormat = pkgs.formats.toml { };
  8 configFile = settingsFormat.generate "molly-brown.toml" cfg.settings;
  9in {
 10
 11  options.services.molly-brown = {
 12
 13    enable = mkEnableOption (lib.mdDoc "Molly-Brown Gemini server");
 14
 15    port = mkOption {
 16      default = 1965;
 17      type = types.port;
 18      description = lib.mdDoc ''
 19        TCP port for molly-brown to bind to.
 20      '';
 21    };
 22
 23    hostName = mkOption {
 24      type = types.str;
 25      default = config.networking.hostName;
 26      defaultText = literalExpression "config.networking.hostName";
 27      description = lib.mdDoc ''
 28        The hostname to respond to requests for. Requests for URLs with
 29        other hosts will result in a status 53 (PROXY REQUEST REFUSED)
 30        response.
 31      '';
 32    };
 33
 34    certPath = mkOption {
 35      type = types.path;
 36      example = "/var/lib/acme/example.com/cert.pem";
 37      description = lib.mdDoc ''
 38        Path to TLS certificate. An ACME certificate and key may be
 39        shared with an HTTP server, but only if molly-brown has
 40        permissions allowing it to read such keys.
 41
 42        As an example:
 43        ```
 44        systemd.services.molly-brown.serviceConfig.SupplementaryGroups =
 45          [ config.security.acme.certs."example.com".group ];
 46        ```
 47      '';
 48    };
 49
 50    keyPath = mkOption {
 51      type = types.path;
 52      example = "/var/lib/acme/example.com/key.pem";
 53      description = lib.mdDoc "Path to TLS key. See {option}`CertPath`.";
 54    };
 55
 56    docBase = mkOption {
 57      type = types.path;
 58      example = "/var/lib/molly-brown";
 59      description = lib.mdDoc "Base directory for Gemini content.";
 60    };
 61
 62    settings = mkOption {
 63      inherit (settingsFormat) type;
 64      default = { };
 65      description = lib.mdDoc ''
 66        molly-brown configuration. Refer to
 67        <https://tildegit.org/solderpunk/molly-brown/src/branch/master/example.conf>
 68        for details on supported values.
 69      '';
 70    };
 71
 72  };
 73
 74  config = mkIf cfg.enable {
 75
 76    services.molly-brown.settings = let logDir = "/var/log/molly-brown";
 77    in {
 78      Port = cfg.port;
 79      Hostname = cfg.hostName;
 80      CertPath = cfg.certPath;
 81      KeyPath = cfg.keyPath;
 82      DocBase = cfg.docBase;
 83      AccessLog = "${logDir}/access.log";
 84      ErrorLog = "${logDir}/error.log";
 85    };
 86
 87    systemd.services.molly-brown = {
 88      description = "Molly Brown gemini server";
 89      after = [ "network.target" ];
 90      wantedBy = [ "multi-user.target" ];
 91      serviceConfig = {
 92        DynamicUser = true;
 93        LogsDirectory = "molly-brown";
 94        ExecStart = "${pkgs.molly-brown}/bin/molly-brown -c ${configFile}";
 95        Restart = "always";
 96      };
 97    };
 98
 99  };
100
101}