diff --git a/flake.nix b/flake.nix index 127913e..2228e86 100644 --- a/flake.nix +++ b/flake.nix @@ -13,6 +13,7 @@ overlay = final: prev: { inherit (self.packages.${prev.system}) ts-reverse-proxy; }; + nixosModule = import ./module.nix; packages = forAllSystems (system: let pkgs = nixpkgsFor.${system}; buildGoModule = pkgs.buildGoModule; diff --git a/module.nix b/module.nix new file mode 100644 index 0000000..bc3406b --- /dev/null +++ b/module.nix @@ -0,0 +1,128 @@ +{ lib +, config +, pkgs +, ... +}: +with lib; +let + cfg = config.services.ts-reverse-proxy; + enabledServers = filterAttrs (_: conf: conf.enable) cfg.servers; +in +{ + options = { + services.ts-reverse-proxy = { + package = mkPackageOption pkgs "ts-reverse-proxy" { }; + + servers = mkOption { + description = "Configuration of multiple `ts-reverse-proxy` instalces."; + default = { }; + + type = with types; attrsOf (submodule ({ name, ... }: { + options = { + enable = lib.mkEnableOption "Enable ts-reverse-proxy for ${name}"; + reversePort = mkOption { + type = types.int; + default = 5000; + description = '' + Port to forward connections to. + ''; + }; + + reverseIP = mkOption { + type = types.str; + default = "127.0.0.1"; + description = '' + IP to forward connections to. + ''; + }; + + reverseName = mkOption { + type = types.str; + default = name; + description = '' + Name used in for the front facing http server (will be a tailscale name). + ''; + }; + + hostHeader = mkOption { + type = types.str; + default = ""; + description = '' + Manually set the Host header + ''; + }; + + user = mkOption { + type = with types; oneOf [ str int ]; + default = name; + description = '' + The user the service will use. + ''; + }; + + group = mkOption { + type = with types; oneOf [ str int ]; + default = name; + description = '' + The group the service will use. + ''; + }; + + dataDir = mkOption { + type = types.path; + default = "/var/lib/${name}"; + description = "Path ts-reverse-proxy home directory"; + }; + + envFile = mkOption { + type = types.path; + default = "/run/secrets/ts_proxy_env-${name}"; + description = '' + Path to a file containing the ts-reverse-proxy token information + ''; + }; + }; + })); + }; + }; + }; + + config = mkIf (enabledServers != { }) { + environment.systemPackages = [ cfg.package ]; + + users.groups = mapAttrs' + (name: _: nameValuePair name { }) + enabledServers; + users.users = mapAttrs' + (name: conf: nameValuePair name { + description = "System user for ts-reverse-proxy instance ${name}"; + isSystemUser = true; + group = name; + home = "${conf.dataDir}"; + createHome = true; + }) + enabledServers; + + systemd.services = mapAttrs' + (name: conf: nameValuePair name { + description = "ts-reverse-proxy instance ${name}"; + enable = true; + after = [ "network-online.target" ]; + wants = [ "network-online.target" ]; + wantedBy = [ "multi-user.target" ]; + + environment = { HOME = "${conf.dataDir}"; }; + + serviceConfig = { + User = conf.user; + Group = conf.group; + + ExecStart = "${cfg.package}/bin/ts-reverse-proxy ${lib.optionalString (conf.hostHeader != "") "-host-header '${conf.hostHeader}'"} -name ${conf.reverseName} -port ${ + toString conf.reversePort + } -ip ${conf.reverseIP}"; + #EnvironmentFile = conf.envFile; + }; + }) + enabledServers; + }; +}