Created
January 29, 2017 11:51
-
-
Save nhooyr/4b248fd62b3ff758b2573f1ec0e99289 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ config, lib, pkgs, ... }: | |
with lib; | |
let | |
configFile = pkgs.writeText "config.json" (builtins.toJSON config.services.tlsmuxd); | |
in | |
{ | |
options.services.tlsmuxd = { | |
enable = mkEnableOption "tlsmuxd"; | |
email = mkOption { | |
type = types.str; | |
description = "email for lets encrypt registration"; | |
}; | |
cacheDir = mkOption { | |
type = types.str; | |
description = "directory for storing data"; | |
}; | |
hosts = mkOption { | |
type = types.attrsOf (types.listOf (types.submodule { | |
options = { | |
name = mkOption { | |
type = types.str; | |
description = "protocol name"; | |
}; | |
addr = mkOption { | |
type = types.str; | |
description = "backend address"; | |
}; | |
}; | |
})); | |
description = "set of hosts"; | |
}; | |
}; | |
config = mkIf config.services.tlsmuxd.enable { | |
systemd.services.tlsmuxd = { | |
description = "tlsmuxd"; | |
wantedBy = [ "multi-user.target" ]; | |
after = [ "network.target" ]; | |
serviceConfig = { | |
Restart = "on-failure"; | |
PrivateTmp = true; | |
PrivateDevices = true; | |
NoNewPrivileges = true; | |
ExecStart = "${pkgs.tlsmuxd}/bin/tlsmuxd -c ${configFile}"; | |
ProtectSystem = "full"; | |
ProtectHome = true; | |
RestrictAddressFamilies = "AF_INET AF_INET6"; | |
}; | |
}; | |
}; | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment