nixpkgs/nixos/modules/services/web-servers/molly-brown.nix

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

102 lines
2.7 KiB
Nix
Raw Normal View History

2020-07-21 22:20:27 +01:00
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.molly-brown;
settingsFormat = pkgs.formats.toml { };
configFile = settingsFormat.generate "molly-brown.toml" cfg.settings;
2020-07-21 22:20:27 +01:00
in {
options.services.molly-brown = {
enable = mkEnableOption (lib.mdDoc "Molly-Brown Gemini server");
port = mkOption {
default = 1965;
type = types.port;
description = lib.mdDoc ''
TCP port for molly-brown to bind to.
'';
};
hostName = mkOption {
type = types.str;
default = config.networking.hostName;
defaultText = literalExpression "config.networking.hostName";
2020-07-21 22:20:27 +01:00
description = lib.mdDoc ''
The hostname to respond to requests for. Requests for URLs with
other hosts will result in a status 53 (PROXY REQUEST REFUSED)
response.
'';
};
certPath = mkOption {
type = types.path;
example = "/var/lib/acme/example.com/cert.pem";
description = lib.mdDoc ''
Path to TLS certificate. An ACME certificate and key may be
shared with an HTTP server, but only if molly-brown has
permissions allowing it to read such keys.
As an example:
```
2020-07-21 22:20:27 +01:00
systemd.services.molly-brown.serviceConfig.SupplementaryGroups =
[ config.security.acme.certs."example.com".group ];
```
2020-07-21 22:20:27 +01:00
'';
};
keyPath = mkOption {
type = types.path;
example = "/var/lib/acme/example.com/key.pem";
description = lib.mdDoc "Path to TLS key. See {option}`CertPath`.";
};
docBase = mkOption {
type = types.path;
example = "/var/lib/molly-brown";
description = lib.mdDoc "Base directory for Gemini content.";
};
settings = mkOption {
inherit (settingsFormat) type;
2020-07-21 22:20:27 +01:00
default = { };
description = lib.mdDoc ''
molly-brown configuration. Refer to
<https://tildegit.org/solderpunk/molly-brown/src/branch/master/example.conf>
for details on supported values.
'';
};
};
config = mkIf cfg.enable {
services.molly-brown.settings = let logDir = "/var/log/molly-brown";
in {
Port = cfg.port;
Hostname = cfg.hostName;
CertPath = cfg.certPath;
KeyPath = cfg.keyPath;
DocBase = cfg.docBase;
AccessLog = "${logDir}/access.log";
ErrorLog = "${logDir}/error.log";
};
systemd.services.molly-brown = {
description = "Molly Brown gemini server";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
DynamicUser = true;
LogsDirectory = "molly-brown";
ExecStart = "${pkgs.molly-brown}/bin/molly-brown -c ${configFile}";
Restart = "always";
};
};
};
}