diff options
author | Joachim F <joachifm@users.noreply.github.com> | 2018-06-02 10:26:09 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-06-02 10:26:09 +0000 |
commit | ae512f2d8e2907f2624d0d36f7c40dadea87d424 (patch) | |
tree | 671dd324d6e06a6c37d90a108d6b9e48a8e96827 /nixos/modules/services/networking | |
parent | 04f0e08c9102bed3cbdc1d9eb900b377e6375632 (diff) | |
parent | e9ff80d24a14d786e68141cf18e40edcc8e58fa8 (diff) | |
download | nixlib-ae512f2d8e2907f2624d0d36f7c40dadea87d424.tar nixlib-ae512f2d8e2907f2624d0d36f7c40dadea87d424.tar.gz nixlib-ae512f2d8e2907f2624d0d36f7c40dadea87d424.tar.bz2 nixlib-ae512f2d8e2907f2624d0d36f7c40dadea87d424.tar.lz nixlib-ae512f2d8e2907f2624d0d36f7c40dadea87d424.tar.xz nixlib-ae512f2d8e2907f2624d0d36f7c40dadea87d424.tar.zst nixlib-ae512f2d8e2907f2624d0d36f7c40dadea87d424.zip |
Merge pull request #34886 from leenaars/mortyproxy
morty: init -> 0.2.0
Diffstat (limited to 'nixos/modules/services/networking')
-rw-r--r-- | nixos/modules/services/networking/morty.nix | 98 |
1 files changed, 98 insertions, 0 deletions
diff --git a/nixos/modules/services/networking/morty.nix b/nixos/modules/services/networking/morty.nix new file mode 100644 index 000000000000..b31bec9a8627 --- /dev/null +++ b/nixos/modules/services/networking/morty.nix @@ -0,0 +1,98 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + + cfg = config.services.morty; + + configFile = cfg.configFile; + +in + +{ + + ###### interface + + options = { + + services.morty = { + + enable = mkEnableOption + "Morty proxy server. See https://github.com/asciimoo/morty"; + + ipv6 = mkOption { + type = types.bool; + default = true; + description = "Allow IPv6 HTTP requests?"; + defaultText = "Allow IPv6 HTTP requests."; + }; + + key = mkOption { + type = types.string; + default = ""; + description = "HMAC url validation key (hexadecimal encoded). + Leave blank to disable. Without validation key, anyone can + submit proxy requests. Leave blank to disable."; + defaultText = "No HMAC url validation. Generate with echo -n somevalue | openssl dgst -sha1 -hmac somekey"; + }; + + timeout = mkOption { + type = types.int; + default = 2; + description = "Request timeout in seconds."; + defaultText = "A resource now gets 2 seconds to respond."; + }; + + package = mkOption { + type = types.package; + default = pkgs.morty; + defaultText = "pkgs.morty"; + description = "morty package to use."; + }; + + port = mkOption { + type = types.int; + default = 3000; + description = "Listing port"; + }; + + listenAddress = mkOption { + type = types.string; + default = "127.0.0.1"; + description = "The address on which the service listens"; + defaultText = "127.0.0.1 (localhost)"; + }; + + }; + + }; + + ###### Service definition + + config = mkIf config.services.morty.enable { + + users.extraUsers.morty = + { description = "Morty user"; + createHome = true; + home = "/var/lib/morty"; + }; + + systemd.services.morty = + { + description = "Morty sanitizing proxy server."; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + User = "morty"; + ExecStart = ''${cfg.package}/bin/morty \ + -listen ${cfg.listenAddress}:${toString cfg.port} \ + ${optionalString cfg.ipv6 "-ipv6"} \ + ${optionalString (cfg.key != "") "-key " + cfg.key} \ + ''; + }; + }; + environment.systemPackages = [ cfg.package ]; + + }; +} |