pyrox.dev
1{
2 config,
3 lib,
4 options,
5 pkgs,
6 ...
7}:
8
9with lib;
10
11let
12
13 cfg = config.services.pgpkeyserver-lite;
14 sksCfg = config.services.sks;
15 sksOpt = options.services.sks;
16
17 webPkg = cfg.package;
18
19in
20
21{
22
23 options = {
24
25 services.pgpkeyserver-lite = {
26
27 enable = mkEnableOption "pgpkeyserver-lite on a nginx vHost proxying to a gpg keyserver";
28
29 package = mkPackageOption pkgs "pgpkeyserver-lite" { };
30
31 hostname = mkOption {
32 type = types.str;
33 description = ''
34 Which hostname to set the vHost to that is proxying to sks.
35 '';
36 };
37
38 hkpAddress = mkOption {
39 default = builtins.head sksCfg.hkpAddress;
40 defaultText = literalExpression "head config.${sksOpt.hkpAddress}";
41 type = types.str;
42 description = ''
43 Which IP address the sks-keyserver is listening on.
44 '';
45 };
46
47 hkpPort = mkOption {
48 default = sksCfg.hkpPort;
49 defaultText = literalExpression "config.${sksOpt.hkpPort}";
50 type = types.int;
51 description = ''
52 Which port the sks-keyserver is listening on.
53 '';
54 };
55 };
56 };
57
58 config = mkIf cfg.enable {
59
60 services.nginx.enable = true;
61
62 services.nginx.virtualHosts =
63 let
64 hkpPort = builtins.toString cfg.hkpPort;
65 in
66 {
67 ${cfg.hostname} = {
68 root = webPkg;
69 locations = {
70 "/pks".extraConfig = ''
71 proxy_pass http://${cfg.hkpAddress}:${hkpPort};
72 proxy_pass_header Server;
73 add_header Via "1.1 ${cfg.hostname}";
74 '';
75 };
76 };
77 };
78 };
79}