| blob | 8f672162a3c425f17ac1587472b67a09ffaad3b7 |
1 {
2 config,
3 lib,
4 pkgs,
5 ...
6 }:
8 with lib;
10 let
12 cfg = config.services.morty;
14 in
16 {
18 ###### interface
20 options = {
22 services.morty = {
24 enable = mkEnableOption "Morty proxy server. See https://github.com/asciimoo/morty";
26 ipv6 = mkOption {
27 type = types.bool;
28 default = true;
29 description = "Allow IPv6 HTTP requests?";
30 };
32 key = mkOption {
33 type = types.str;
34 default = "";
35 description = ''
36 HMAC url validation key (hexadecimal encoded).
37 Leave blank to disable. Without validation key, anyone can
38 submit proxy requests. Leave blank to disable.
39 Generate with `printf %s somevalue | openssl dgst -sha1 -hmac somekey`
40 '';
41 };
43 timeout = mkOption {
44 type = types.int;
45 default = 2;
46 description = "Request timeout in seconds.";
47 };
49 package = mkPackageOption pkgs "morty" { };
51 port = mkOption {
52 type = types.port;
53 default = 3000;
54 description = "Listing port";
55 };
57 listenAddress = mkOption {
58 type = types.str;
59 default = "127.0.0.1";
60 description = "The address on which the service listens";
61 };
63 };
65 };
67 ###### Service definition
69 config = mkIf config.services.morty.enable {
71 users.users.morty = {
72 description = "Morty user";
73 createHome = true;
74 home = "/var/lib/morty";
75 isSystemUser = true;
76 group = "morty";
77 };
78 users.groups.morty = { };
80 systemd.services.morty = {
81 description = "Morty sanitizing proxy server.";
82 after = [ "network.target" ];
83 wantedBy = [ "multi-user.target" ];
84 serviceConfig = {
85 User = "morty";
86 ExecStart = ''
87 ${cfg.package}/bin/morty \
88 -listen ${cfg.listenAddress}:${toString cfg.port} \
89 ${optionalString cfg.ipv6 "-ipv6"} \
90 ${optionalString (cfg.key != "") "-key " + cfg.key} \
91 '';
92 };
93 };
94 environment.systemPackages = [ cfg.package ];
96 };
97 }