| blob | c3ed718fe8d84053194e49f006e4cb7886da94b6 |
1 { config, lib, pkgs, ... }:
3 with lib;
5 let
7 cfg = config.services.morty;
9 in
11 {
13 ###### interface
15 options = {
17 services.morty = {
19 enable = mkEnableOption "Morty proxy server. See https://github.com/asciimoo/morty";
21 ipv6 = mkOption {
22 type = types.bool;
23 default = true;
24 description = "Allow IPv6 HTTP requests?";
25 };
27 key = mkOption {
28 type = types.str;
29 default = "";
30 description = ''
31 HMAC url validation key (hexadecimal encoded).
32 Leave blank to disable. Without validation key, anyone can
33 submit proxy requests. Leave blank to disable.
34 Generate with `printf %s somevalue | openssl dgst -sha1 -hmac somekey`
35 '';
36 };
38 timeout = mkOption {
39 type = types.int;
40 default = 2;
41 description = "Request timeout in seconds.";
42 };
44 package = mkPackageOption pkgs "morty" { };
46 port = mkOption {
47 type = types.port;
48 default = 3000;
49 description = "Listing port";
50 };
52 listenAddress = mkOption {
53 type = types.str;
54 default = "127.0.0.1";
55 description = "The address on which the service listens";
56 };
58 };
60 };
62 ###### Service definition
64 config = mkIf config.services.morty.enable {
66 users.users.morty =
67 { description = "Morty user";
68 createHome = true;
69 home = "/var/lib/morty";
70 isSystemUser = true;
71 group = "morty";
72 };
73 users.groups.morty = {};
75 systemd.services.morty =
76 {
77 description = "Morty sanitizing proxy server.";
78 after = [ "network.target" ];
79 wantedBy = [ "multi-user.target" ];
80 serviceConfig = {
81 User = "morty";
82 ExecStart = ''${cfg.package}/bin/morty \
83 -listen ${cfg.listenAddress}:${toString cfg.port} \
84 ${optionalString cfg.ipv6 "-ipv6"} \
85 ${optionalString (cfg.key != "") "-key " + cfg.key} \
86 '';
87 };
88 };
89 environment.systemPackages = [ cfg.package ];
91 };
92 }