1 { config, lib, pkgs, ... }:
6 cfg = config.services.molly-brown;
7 settingsFormat = pkgs.formats.toml { };
8 configFile = settingsFormat.generate "molly-brown.toml" cfg.settings;
11 options.services.molly-brown = {
13 enable = mkEnableOption (lib.mdDoc "Molly-Brown Gemini server");
18 description = lib.mdDoc ''
19 TCP port for molly-brown to bind to.
25 default = config.networking.hostName;
26 defaultText = literalExpression "config.networking.hostName";
27 description = lib.mdDoc ''
28 The hostname to respond to requests for. Requests for URLs with
29 other hosts will result in a status 53 (PROXY REQUEST REFUSED)
36 example = "/var/lib/acme/example.com/cert.pem";
37 description = lib.mdDoc ''
38 Path to TLS certificate. An ACME certificate and key may be
39 shared with an HTTP server, but only if molly-brown has
40 permissions allowing it to read such keys.
44 systemd.services.molly-brown.serviceConfig.SupplementaryGroups =
45 [ config.security.acme.certs."example.com".group ];
52 example = "/var/lib/acme/example.com/key.pem";
53 description = lib.mdDoc "Path to TLS key. See {option}`CertPath`.";
58 example = "/var/lib/molly-brown";
59 description = lib.mdDoc "Base directory for Gemini content.";
63 inherit (settingsFormat) type;
65 description = lib.mdDoc ''
66 molly-brown configuration. Refer to
67 <https://tildegit.org/solderpunk/molly-brown/src/branch/master/example.conf>
68 for details on supported values.
74 config = mkIf cfg.enable {
76 services.molly-brown.settings = let logDir = "/var/log/molly-brown";
79 Hostname = cfg.hostName;
80 CertPath = cfg.certPath;
81 KeyPath = cfg.keyPath;
82 DocBase = cfg.docBase;
83 AccessLog = "${logDir}/access.log";
84 ErrorLog = "${logDir}/error.log";
87 systemd.services.molly-brown = {
88 description = "Molly Brown gemini server";
89 after = [ "network.target" ];
90 wantedBy = [ "multi-user.target" ];
93 LogsDirectory = "molly-brown";
94 ExecStart = "${pkgs.molly-brown}/bin/molly-brown -c ${configFile}";