nixos/roles/server/urouter.nix
Ivan Bushchik 562c8c8e9f
Bump urouter to 0.5.0
Signed-off-by: Ivan Bushchik <ivabus@ivabus.dev>
2023-12-21 19:32:54 +03:00

77 lines
1.9 KiB
Nix

{ config, lib, pkgs, ... }:
let
cfg = config.my.roles.server.urouter;
aliasFormat = pkgs.formats.json { };
in {
options.my.roles.server.urouter = {
enable = lib.mkEnableOption "Enable urouter";
settings = lib.mkOption rec {
type = aliasFormat.type;
apply = lib.recursiveUpdate default;
default = { alias = [ ]; };
example = {
alias = [
{
uri = "/";
alias = { url = "https://someurl"; };
}
{
uri = "/";
alias = { file = "some_file"; };
curl_only = true;
}
];
};
description = lib.mdDoc ''
alias.json configuration in Nix format.
'';
};
dir = lib.mkOption {
type = lib.types.str;
default = "/var/urouter";
example = "/home/user/urouter";
};
address = lib.mkOption {
type = lib.types.str;
default = "0.0.0.0";
example = "0200::1";
};
port = lib.mkOption {
type = lib.types.ints.u16;
default = 8080;
example = 80;
};
openFirewall = lib.mkOption {
type = lib.types.bool;
default = false;
description = lib.mdDoc "Whether to open the TCP port in the firewall";
};
};
config = lib.mkIf (cfg.enable) {
networking.firewall.allowedTCPPorts =
lib.mkIf cfg.openFirewall [ cfg.port ];
systemd.services.urouter = {
description = "urouter HTTP Service";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
ExecStart = ''
${
pkgs.callPackage ../../pkgs/urouter.nix { }
}/bin/urouter --alias-file-is-set-not-a-list --alias-file ${
aliasFormat.generate "alias.json" cfg.settings
} --dir ${cfg.dir} --address ${cfg.address} --port ${
builtins.toString cfg.port
}
'';
BindReadOnlyPaths = [ cfg.dir ];
};
};
};
}