···

       
38
       
38
       
 
       


     

       
39
       
39
       
 
       
- [Chhoto URL](https://github.com/SinTan1729/chhoto-url), a simple, blazingly fast, selfhosted URL shortener with no unnecessary features, written in Rust. Available as [services.chhoto-url](#opt-services.chhoto-url.enable).

     

       
40
       
40
       
 
       


     

       
41
       
41
       
+
       
- [go-httpbin](https://github.com/mccutchen/go-httpbin), a reasonably complete and well-tested golang port of httpbin, with zero dependencies outside the go stdlib. Available as [services.go-httpbin](#opt-services.go-httpbin.enable).

     

       
42
       
42
       
+
       


     

       
41
       
43
       
 
       
- [tuwunel](https://matrix-construct.github.io/tuwunel/), a federated chat server implementing the Matrix protocol, forked from Conduwuit. Available as [services.matrix-tuwunel](#opt-services.matrix-tuwunel.enable).

     

       
42
       
44
       
 
       


     

       
43
       
45
       
 
       
- [Broadcast Box](https://github.com/Glimesh/broadcast-box), a WebRTC broadcast server. Available as [services.broadcast-box](options.html#opt-services.broadcast-box.enable).

     

···

       
1575
       
1575
       
 
       
  ./services/web-apps/gerrit.nix

     

       
1576
       
1576
       
 
       
  ./services/web-apps/glance.nix

     

       
1577
       
1577
       
 
       
  ./services/web-apps/glitchtip.nix

     

       
1578
       
1578
       
+
       
  ./services/web-apps/go-httpbin.nix

     

       
1578
       
1579
       
 
       
  ./services/web-apps/goatcounter.nix

     

       
1579
       
1580
       
 
       
  ./services/web-apps/gotify-server.nix

     

       
1580
       
1581
       
 
       
  ./services/web-apps/gotosocial.nix

     

···

       
1
       
1
       
+
       
{

     

       
2
       
2
       
+
       
  config,

     

       
3
       
3
       
+
       
  lib,

     

       
4
       
4
       
+
       
  pkgs,

     

       
5
       
5
       
+
       
  ...

     

       
6
       
6
       
+
       
}:

     

       
7
       
7
       
+
       


     

       
8
       
8
       
+
       
let

     

       
9
       
9
       
+
       
  cfg = config.services.go-httpbin;

     

       
10
       
10
       
+
       


     

       
11
       
11
       
+
       
  environment = lib.mapAttrs (

     

       
12
       
12
       
+
       
    _: value: if lib.isBool value then lib.boolToString value else toString value

     

       
13
       
13
       
+
       
  ) cfg.settings;

     

       
14
       
14
       
+
       
in

     

       
15
       
15
       
+
       


     

       
16
       
16
       
+
       
{

     

       
17
       
17
       
+
       
  meta.maintainers = with lib.maintainers; [ defelo ];

     

       
18
       
18
       
+
       


     

       
19
       
19
       
+
       
  options.services.go-httpbin = {

     

       
20
       
20
       
+
       
    enable = lib.mkEnableOption "go-httpbin";

     

       
21
       
21
       
+
       


     

       
22
       
22
       
+
       
    package = lib.mkPackageOption pkgs "go-httpbin" { };

     

       
23
       
23
       
+
       


     

       
24
       
24
       
+
       
    settings = lib.mkOption {

     

       
25
       
25
       
+
       
      description = ''

     

       
26
       
26
       
+
       
        Configuration of go-httpbin.

     

       
27
       
27
       
+
       
        See <https://github.com/mccutchen/go-httpbin#configuration> for a list of options.

     

       
28
       
28
       
+
       
      '';

     

       
29
       
29
       
+
       
      example = {

     

       
30
       
30
       
+
       
        HOST = "0.0.0.0";

     

       
31
       
31
       
+
       
        PORT = 8080;

     

       
32
       
32
       
+
       
      };

     

       
33
       
33
       
+
       


     

       
34
       
34
       
+
       
      type = lib.types.submodule {

     

       
35
       
35
       
+
       
        freeformType =

     

       
36
       
36
       
+
       
          with lib.types;

     

       
37
       
37
       
+
       
          attrsOf (oneOf [

     

       
38
       
38
       
+
       
            str

     

       
39
       
39
       
+
       
            int

     

       
40
       
40
       
+
       
            bool

     

       
41
       
41
       
+
       
          ]);

     

       
42
       
42
       
+
       


     

       
43
       
43
       
+
       
        options = {

     

       
44
       
44
       
+
       
          HOST = lib.mkOption {

     

       
45
       
45
       
+
       
            type = lib.types.str;

     

       
46
       
46
       
+
       
            description = "The host to listen on.";

     

       
47
       
47
       
+
       
            default = "127.0.0.1";

     

       
48
       
48
       
+
       
            example = "0.0.0.0";

     

       
49
       
49
       
+
       
          };

     

       
50
       
50
       
+
       


     

       
51
       
51
       
+
       
          PORT = lib.mkOption {

     

       
52
       
52
       
+
       
            type = lib.types.port;

     

       
53
       
53
       
+
       
            description = "The port to listen on.";

     

       
54
       
54
       
+
       
            example = 8080;

     

       
55
       
55
       
+
       
          };

     

       
56
       
56
       
+
       
        };

     

       
57
       
57
       
+
       
      };

     

       
58
       
58
       
+
       
    };

     

       
59
       
59
       
+
       
  };

     

       
60
       
60
       
+
       


     

       
61
       
61
       
+
       
  config = lib.mkIf cfg.enable {

     

       
62
       
62
       
+
       
    systemd.services.go-httpbin = {

     

       
63
       
63
       
+
       
      wantedBy = [ "multi-user.target" ];

     

       
64
       
64
       
+
       


     

       
65
       
65
       
+
       
      inherit environment;

     

       
66
       
66
       
+
       


     

       
67
       
67
       
+
       
      serviceConfig = {

     

       
68
       
68
       
+
       
        User = "go-httpbin";

     

       
69
       
69
       
+
       
        Group = "go-httpbin";

     

       
70
       
70
       
+
       
        DynamicUser = true;

     

       
71
       
71
       
+
       


     

       
72
       
72
       
+
       
        ExecStart = lib.getExe cfg.package;

     

       
73
       
73
       
+
       


     

       
74
       
74
       
+
       
        # hardening

     

       
75
       
75
       
+
       
        AmbientCapabilities = "";

     

       
76
       
76
       
+
       
        CapabilityBoundingSet = [ "" ];

     

       
77
       
77
       
+
       
        DevicePolicy = "closed";

     

       
78
       
78
       
+
       
        LockPersonality = true;

     

       
79
       
79
       
+
       
        MemoryDenyWriteExecute = true;

     

       
80
       
80
       
+
       
        NoNewPrivileges = true;

     

       
81
       
81
       
+
       
        PrivateDevices = true;

     

       
82
       
82
       
+
       
        PrivateTmp = true;

     

       
83
       
83
       
+
       
        PrivateUsers = true;

     

       
84
       
84
       
+
       
        ProcSubset = "pid";

     

       
85
       
85
       
+
       
        ProtectClock = true;

     

       
86
       
86
       
+
       
        ProtectControlGroups = true;

     

       
87
       
87
       
+
       
        ProtectHome = true;

     

       
88
       
88
       
+
       
        ProtectHostname = true;

     

       
89
       
89
       
+
       
        ProtectKernelLogs = true;

     

       
90
       
90
       
+
       
        ProtectKernelModules = true;

     

       
91
       
91
       
+
       
        ProtectKernelTunables = true;

     

       
92
       
92
       
+
       
        ProtectProc = "invisible";

     

       
93
       
93
       
+
       
        ProtectSystem = "strict";

     

       
94
       
94
       
+
       
        RemoveIPC = true;

     

       
95
       
95
       
+
       
        RestrictAddressFamilies = [ "AF_INET AF_INET6" ];

     

       
96
       
96
       
+
       
        RestrictNamespaces = true;

     

       
97
       
97
       
+
       
        RestrictRealtime = true;

     

       
98
       
98
       
+
       
        RestrictSUIDSGID = true;

     

       
99
       
99
       
+
       
        SocketBindAllow = "tcp:${toString cfg.settings.PORT}";

     

       
100
       
100
       
+
       
        SocketBindDeny = "any";

     

       
101
       
101
       
+
       
        SystemCallArchitectures = "native";

     

       
102
       
102
       
+
       
        SystemCallFilter = [

     

       
103
       
103
       
+
       
          "@system-service"

     

       
104
       
104
       
+
       
          "~@privileged"

     

       
105
       
105
       
+
       
          "~@resources"

     

       
106
       
106
       
+
       
        ];

     

       
107
       
107
       
+
       
        UMask = "0077";

     

       
108
       
108
       
+
       
      };

     

       
109
       
109
       
+
       
    };

     

       
110
       
110
       
+
       
  };

     

       
111
       
111
       
+
       
}