pyrox.dev
1{
2 config,
3 lib,
4 pkgs,
5 ...
6}:
7
8with lib;
9
10let
11
12 cfg = config.services.morty;
13
14in
15
16{
17
18 ###### interface
19
20 options = {
21
22 services.morty = {
23
24 enable = mkEnableOption "Morty proxy server. See https://github.com/asciimoo/morty";
25
26 ipv6 = mkOption {
27 type = types.bool;
28 default = true;
29 description = "Allow IPv6 HTTP requests?";
30 };
31
32 key = mkOption {
33 type = types.str;
34 default = "";
35 description = ''
36 HMAC url validation key (hexadecimal encoded).
37 Leave blank to disable. Without validation key, anyone can
38 submit proxy requests. Leave blank to disable.
39 Generate with `printf %s somevalue | openssl dgst -sha1 -hmac somekey`
40 '';
41 };
42
43 timeout = mkOption {
44 type = types.int;
45 default = 2;
46 description = "Request timeout in seconds.";
47 };
48
49 package = mkPackageOption pkgs "morty" { };
50
51 port = mkOption {
52 type = types.port;
53 default = 3000;
54 description = "Listing port";
55 };
56
57 listenAddress = mkOption {
58 type = types.str;
59 default = "127.0.0.1";
60 description = "The address on which the service listens";
61 };
62
63 };
64
65 };
66
67 ###### Service definition
68
69 config = mkIf config.services.morty.enable {
70
71 users.users.morty = {
72 description = "Morty user";
73 createHome = true;
74 home = "/var/lib/morty";
75 isSystemUser = true;
76 group = "morty";
77 };
78 users.groups.morty = { };
79
80 systemd.services.morty = {
81 description = "Morty sanitizing proxy server.";
82 after = [ "network.target" ];
83 wantedBy = [ "multi-user.target" ];
84 serviceConfig = {
85 User = "morty";
86 ExecStart = ''
87 ${cfg.package}/bin/morty \
88 -listen ${cfg.listenAddress}:${toString cfg.port} \
89 ${optionalString cfg.ipv6 "-ipv6"} \
90 ${optionalString (cfg.key != "") "-key " + cfg.key} \
91 '';
92 };
93 };
94 environment.systemPackages = [ cfg.package ];
95
96 };
97}