···

       
1
       
 
       
{ config, lib, pkgs, ... }:

     

       
2
       
 
       


     

       
3
       
-
       
with lib;

     

       
4
       
-
       


     

       
5
       
 
       
let

     

       
6
       
 
       


     

       
7
       
 
       
  cfg = config.services.ttyd;

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
8
       
 
       


     

       
9
       
 
       
  # Command line arguments for the ttyd daemon

     

       
10
       
 
       
  args = [ "--port" (toString cfg.port) ]

     
···

       
31
       
 
       


     

       
32
       
 
       
  options = {

     

       
33
       
 
       
    services.ttyd = {

     

       
34
       
-
       
      enable = mkEnableOption (lib.mdDoc "ttyd daemon");

     

       
35
       
 
       


     

       
36
       
 
       
      port = mkOption {

     

       
37
       
 
       
        type = types.port;

     

       
38
       
 
       
        default = 7681;

     

       
39
       
-
       
        description = lib.mdDoc "Port to listen on (use 0 for random port)";

     

       
40
       
 
       
      };

     

       
41
       
 
       


     

       
42
       
 
       
      socket = mkOption {

     

       
43
       
 
       
        type = types.nullOr types.path;

     

       
44
       
 
       
        default = null;

     

       
45
       
 
       
        example = "/var/run/ttyd.sock";

     

       
46
       
-
       
        description = lib.mdDoc "UNIX domain socket path to bind.";

     

       
47
       
 
       
      };

     

       
48
       
 
       


     

       
49
       
 
       
      interface = mkOption {

     

       
50
       
 
       
        type = types.nullOr types.str;

     

       
51
       
 
       
        default = null;

     

       
52
       
 
       
        example = "eth0";

     

       
53
       
-
       
        description = lib.mdDoc "Network interface to bind.";

     

       
54
       
 
       
      };

     

       
55
       
 
       


     

       
56
       
 
       
      username = mkOption {

     

       
57
       
 
       
        type = types.nullOr types.str;

     

       
58
       
 
       
        default = null;

     

       
59
       
-
       
        description = lib.mdDoc "Username for basic authentication.";

     

       
60
       
 
       
      };

     

       
61
       
 
       


     

       
62
       
 
       
      passwordFile = mkOption {

     

       
63
       
 
       
        type = types.nullOr types.path;

     

       
64
       
 
       
        default = null;

     

       
65
       
 
       
        apply = value: if value == null then null else toString value;

     

       
66
       
-
       
        description = lib.mdDoc ''

     

       
67
       
 
       
          File containing the password to use for basic authentication.

     

       
68
       
 
       
          For insecurely putting the password in the globally readable store use

     

       
69
       
 
       
          `pkgs.writeText "ttydpw" "MyPassword"`.

     
···

       
73
       
 
       
      signal = mkOption {

     

       
74
       
 
       
        type = types.ints.u8;

     

       
75
       
 
       
        default = 1;

     

       
76
       
-
       
        description = lib.mdDoc "Signal to send to the command on session close.";

     

       
77
       
 
       
      };

     

       
78
       
 
       


     

       
79
       
 
       
      writeable = mkOption {

     

       
80
       
 
       
        type = types.nullOr types.bool;

     

       
81
       
 
       
        default = null; # null causes an eval error, forcing the user to consider attack surface

     

       
82
       
 
       
        example = true;

     

       
83
       
-
       
        description = lib.mdDoc "Allow clients to write to the TTY.";

     

       
84
       
 
       
      };

     

       
85
       
 
       


     

       
86
       
 
       
      clientOptions = mkOption {

     

       
87
       
 
       
        type = types.attrsOf types.str;

     

       
88
       
 
       
        default = {};

     

       
89
       
-
       
        example = literalExpression ''

     

       
90
       
 
       
          {

     

       
91
       
 
       
            fontSize = "16";

     

       
92
       
 
       
            fontFamily = "Fira Code";

     

       
93
       
 
       
          }

     

       
94
       
 
       
        '';

     

       
95
       
-
       
        description = lib.mdDoc ''

     

       
96
       
 
       
          Attribute set of client options for xtermjs.

     

       
97
       
 
       
          <https://xtermjs.org/docs/api/terminal/interfaces/iterminaloptions/>

     

       
98
       
 
       
        '';

     
···

       
101
       
 
       
      terminalType = mkOption {

     

       
102
       
 
       
        type = types.str;

     

       
103
       
 
       
        default = "xterm-256color";

     

       
104
       
-
       
        description = lib.mdDoc "Terminal type to report.";

     

       
105
       
 
       
      };

     

       
106
       
 
       


     

       
107
       
 
       
      checkOrigin = mkOption {

     

       
108
       
 
       
        type = types.bool;

     

       
109
       
 
       
        default = false;

     

       
110
       
-
       
        description = lib.mdDoc "Whether to allow a websocket connection from a different origin.";

     

       
111
       
 
       
      };

     

       
112
       
 
       


     

       
113
       
 
       
      maxClients = mkOption {

     

       
114
       
 
       
        type = types.int;

     

       
115
       
 
       
        default = 0;

     

       
116
       
-
       
        description = lib.mdDoc "Maximum clients to support (0, no limit)";

     

       
117
       
 
       
      };

     

       
118
       
 
       


     

       
119
       
 
       
      indexFile = mkOption {

     

       
120
       
 
       
        type = types.nullOr types.path;

     

       
121
       
 
       
        default = null;

     

       
122
       
-
       
        description = lib.mdDoc "Custom index.html path";

     

       
123
       
 
       
      };

     

       
124
       
 
       


     

       
125
       
 
       
      enableIPv6 = mkOption {

     

       
126
       
 
       
        type = types.bool;

     

       
127
       
 
       
        default = false;

     

       
128
       
-
       
        description = lib.mdDoc "Whether or not to enable IPv6 support.";

     

       
129
       
 
       
      };

     

       
130
       
 
       


     

       
131
       
 
       
      enableSSL = mkOption {

     

       
132
       
 
       
        type = types.bool;

     

       
133
       
 
       
        default = false;

     

       
134
       
-
       
        description = lib.mdDoc "Whether or not to enable SSL (https) support.";

     

       
135
       
 
       
      };

     

       
136
       
 
       


     

       
137
       
 
       
      certFile = mkOption {

     

       
138
       
 
       
        type = types.nullOr types.path;

     

       
139
       
 
       
        default = null;

     

       
140
       
-
       
        description = lib.mdDoc "SSL certificate file path.";

     

       
141
       
 
       
      };

     

       
142
       
 
       


     

       
143
       
 
       
      keyFile = mkOption {

     

       
144
       
 
       
        type = types.nullOr types.path;

     

       
145
       
 
       
        default = null;

     

       
146
       
 
       
        apply = value: if value == null then null else toString value;

     

       
147
       
-
       
        description = lib.mdDoc ''

     

       
148
       
 
       
          SSL key file path.

     

       
149
       
 
       
          For insecurely putting the keyFile in the globally readable store use

     

       
150
       
 
       
          `pkgs.writeText "ttydKeyFile" "SSLKEY"`.

     
···

       
154
       
 
       
      caFile = mkOption {

     

       
155
       
 
       
        type = types.nullOr types.path;

     

       
156
       
 
       
        default = null;

     

       
157
       
-
       
        description = lib.mdDoc "SSL CA file path for client certificate verification.";

     

       
158
       
 
       
      };

     

       
159
       
 
       


     

       
160
       
 
       
      logLevel = mkOption {

     

       
161
       
 
       
        type = types.int;

     

       
162
       
 
       
        default = 7;

     

       
163
       
-
       
        description = lib.mdDoc "Set log level.";

     

       
164
       
 
       
      };

     

       
165
       
 
       
    };

     

       
166
       
 
       
  };

     

       
167
       
 
       


     

       
168
       
 
       
  ###### implementation

     

       
169
       
 
       


     

       
170
       
-
       
  config = mkIf cfg.enable {

     

       
171
       
 
       


     

       
172
       
 
       
    assertions =

     

       
173
       
 
       
      [ { assertion = cfg.enableSSL

     
···

       
196
       
 
       
      script = if cfg.passwordFile != null then ''

     

       
197
       
 
       
        PASSWORD=$(cat "$CREDENTIALS_DIRECTORY/TTYD_PASSWORD_FILE")

     

       
198
       
 
       
        ${pkgs.ttyd}/bin/ttyd ${lib.escapeShellArgs args} \

     

       
199
       
-
       
          --credential ${escapeShellArg cfg.username}:"$PASSWORD" \

     

       
200
       
 
       
          ${pkgs.shadow}/bin/login

     

       
201
       
 
       
      ''

     

       
202
       
 
       
      else ''

     

···

       
1
       
 
       
{ config, lib, pkgs, ... }:

     

       
2
       
 
       


     

       
0
       
 
       

     

       
0
       
 
       

     

       
3
       
 
       
let

     

       
4
       
 
       


     

       
5
       
 
       
  cfg = config.services.ttyd;

     

       
6
       
+
       


     

       
7
       
+
       
  inherit (lib)

     

       
8
       
+
       
    optionals

     

       
9
       
+
       
    types

     

       
10
       
+
       
    concatLists

     

       
11
       
+
       
    mapAttrsToList

     

       
12
       
+
       
    mkOption

     

       
13
       
+
       
    ;

     

       
14
       
 
       


     

       
15
       
 
       
  # Command line arguments for the ttyd daemon

     

       
16
       
 
       
  args = [ "--port" (toString cfg.port) ]

     
···

       
37
       
 
       


     

       
38
       
 
       
  options = {

     

       
39
       
 
       
    services.ttyd = {

     

       
40
       
+
       
      enable = lib.mkEnableOption ("ttyd daemon");

     

       
41
       
 
       


     

       
42
       
 
       
      port = mkOption {

     

       
43
       
 
       
        type = types.port;

     

       
44
       
 
       
        default = 7681;

     

       
45
       
+
       
        description = "Port to listen on (use 0 for random port)";

     

       
46
       
 
       
      };

     

       
47
       
 
       


     

       
48
       
 
       
      socket = mkOption {

     

       
49
       
 
       
        type = types.nullOr types.path;

     

       
50
       
 
       
        default = null;

     

       
51
       
 
       
        example = "/var/run/ttyd.sock";

     

       
52
       
+
       
        description = "UNIX domain socket path to bind.";

     

       
53
       
 
       
      };

     

       
54
       
 
       


     

       
55
       
 
       
      interface = mkOption {

     

       
56
       
 
       
        type = types.nullOr types.str;

     

       
57
       
 
       
        default = null;

     

       
58
       
 
       
        example = "eth0";

     

       
59
       
+
       
        description = "Network interface to bind.";

     

       
60
       
 
       
      };

     

       
61
       
 
       


     

       
62
       
 
       
      username = mkOption {

     

       
63
       
 
       
        type = types.nullOr types.str;

     

       
64
       
 
       
        default = null;

     

       
65
       
+
       
        description = "Username for basic authentication.";

     

       
66
       
 
       
      };

     

       
67
       
 
       


     

       
68
       
 
       
      passwordFile = mkOption {

     

       
69
       
 
       
        type = types.nullOr types.path;

     

       
70
       
 
       
        default = null;

     

       
71
       
 
       
        apply = value: if value == null then null else toString value;

     

       
72
       
+
       
        description = ''

     

       
73
       
 
       
          File containing the password to use for basic authentication.

     

       
74
       
 
       
          For insecurely putting the password in the globally readable store use

     

       
75
       
 
       
          `pkgs.writeText "ttydpw" "MyPassword"`.

     
···

       
79
       
 
       
      signal = mkOption {

     

       
80
       
 
       
        type = types.ints.u8;

     

       
81
       
 
       
        default = 1;

     

       
82
       
+
       
        description = "Signal to send to the command on session close.";

     

       
83
       
 
       
      };

     

       
84
       
 
       


     

       
85
       
 
       
      writeable = mkOption {

     

       
86
       
 
       
        type = types.nullOr types.bool;

     

       
87
       
 
       
        default = null; # null causes an eval error, forcing the user to consider attack surface

     

       
88
       
 
       
        example = true;

     

       
89
       
+
       
        description = "Allow clients to write to the TTY.";

     

       
90
       
 
       
      };

     

       
91
       
 
       


     

       
92
       
 
       
      clientOptions = mkOption {

     

       
93
       
 
       
        type = types.attrsOf types.str;

     

       
94
       
 
       
        default = {};

     

       
95
       
+
       
        example = lib.literalExpression ''

     

       
96
       
 
       
          {

     

       
97
       
 
       
            fontSize = "16";

     

       
98
       
 
       
            fontFamily = "Fira Code";

     

       
99
       
 
       
          }

     

       
100
       
 
       
        '';

     

       
101
       
+
       
        description = ''

     

       
102
       
 
       
          Attribute set of client options for xtermjs.

     

       
103
       
 
       
          <https://xtermjs.org/docs/api/terminal/interfaces/iterminaloptions/>

     

       
104
       
 
       
        '';

     
···

       
107
       
 
       
      terminalType = mkOption {

     

       
108
       
 
       
        type = types.str;

     

       
109
       
 
       
        default = "xterm-256color";

     

       
110
       
+
       
        description = "Terminal type to report.";

     

       
111
       
 
       
      };

     

       
112
       
 
       


     

       
113
       
 
       
      checkOrigin = mkOption {

     

       
114
       
 
       
        type = types.bool;

     

       
115
       
 
       
        default = false;

     

       
116
       
+
       
        description = "Whether to allow a websocket connection from a different origin.";

     

       
117
       
 
       
      };

     

       
118
       
 
       


     

       
119
       
 
       
      maxClients = mkOption {

     

       
120
       
 
       
        type = types.int;

     

       
121
       
 
       
        default = 0;

     

       
122
       
+
       
        description = "Maximum clients to support (0, no limit)";

     

       
123
       
 
       
      };

     

       
124
       
 
       


     

       
125
       
 
       
      indexFile = mkOption {

     

       
126
       
 
       
        type = types.nullOr types.path;

     

       
127
       
 
       
        default = null;

     

       
128
       
+
       
        description = "Custom index.html path";

     

       
129
       
 
       
      };

     

       
130
       
 
       


     

       
131
       
 
       
      enableIPv6 = mkOption {

     

       
132
       
 
       
        type = types.bool;

     

       
133
       
 
       
        default = false;

     

       
134
       
+
       
        description = "Whether or not to enable IPv6 support.";

     

       
135
       
 
       
      };

     

       
136
       
 
       


     

       
137
       
 
       
      enableSSL = mkOption {

     

       
138
       
 
       
        type = types.bool;

     

       
139
       
 
       
        default = false;

     

       
140
       
+
       
        description = "Whether or not to enable SSL (https) support.";

     

       
141
       
 
       
      };

     

       
142
       
 
       


     

       
143
       
 
       
      certFile = mkOption {

     

       
144
       
 
       
        type = types.nullOr types.path;

     

       
145
       
 
       
        default = null;

     

       
146
       
+
       
        description = "SSL certificate file path.";

     

       
147
       
 
       
      };

     

       
148
       
 
       


     

       
149
       
 
       
      keyFile = mkOption {

     

       
150
       
 
       
        type = types.nullOr types.path;

     

       
151
       
 
       
        default = null;

     

       
152
       
 
       
        apply = value: if value == null then null else toString value;

     

       
153
       
+
       
        description = ''

     

       
154
       
 
       
          SSL key file path.

     

       
155
       
 
       
          For insecurely putting the keyFile in the globally readable store use

     

       
156
       
 
       
          `pkgs.writeText "ttydKeyFile" "SSLKEY"`.

     
···

       
160
       
 
       
      caFile = mkOption {

     

       
161
       
 
       
        type = types.nullOr types.path;

     

       
162
       
 
       
        default = null;

     

       
163
       
+
       
        description = "SSL CA file path for client certificate verification.";

     

       
164
       
 
       
      };

     

       
165
       
 
       


     

       
166
       
 
       
      logLevel = mkOption {

     

       
167
       
 
       
        type = types.int;

     

       
168
       
 
       
        default = 7;

     

       
169
       
+
       
        description = "Set log level.";

     

       
170
       
 
       
      };

     

       
171
       
 
       
    };

     

       
172
       
 
       
  };

     

       
173
       
 
       


     

       
174
       
 
       
  ###### implementation

     

       
175
       
 
       


     

       
176
       
+
       
  config = lib.mkIf cfg.enable {

     

       
177
       
 
       


     

       
178
       
 
       
    assertions =

     

       
179
       
 
       
      [ { assertion = cfg.enableSSL

     
···

       
202
       
 
       
      script = if cfg.passwordFile != null then ''

     

       
203
       
 
       
        PASSWORD=$(cat "$CREDENTIALS_DIRECTORY/TTYD_PASSWORD_FILE")

     

       
204
       
 
       
        ${pkgs.ttyd}/bin/ttyd ${lib.escapeShellArgs args} \

     

       
205
       
+
       
          --credential ${lib.escapeShellArg cfg.username}:"$PASSWORD" \

     

       
206
       
 
       
          ${pkgs.shadow}/bin/login

     

       
207
       
 
       
      ''

     

       
208
       
 
       
      else ''