nhooyr/config.json

## config.json
{
  "cacheDir": "/var/lib/tlsmuxd",
  "email": "anmol@aubble.com",
  "enable": true,
  "hosts": {
    "aubble.com": [
      {
        "_module": {
          "args": {
            "name": "[definition 1-entry 1]"
          },
          "check": true
        },
        "addr": "localhost:906",
        "name": "ssh"
      },
      {
        "_module": {
          "args": {
            "name": "[definition 1-entry 2]"
          },
          "check": true
        },
        "addr": "localhost:8081",
        "name": "h2"
      },
      {
        "_module": {
          "args": {
            "name": "[definition 1-entry 3]"
          },
          "check": true
        },
        "addr": "localhost:8080",
        "name": ""
      }
    ],
    "avondieselemission.com": [
      {
        "_module": {
          "args": {
            "name": "[definition 1-entry 1]"
          },
          "check": true
        },
        "addr": "localhost:8083",
        "name": "h2"
      },
      {
        "_module": {
          "args": {
            "name": "[definition 1-entry 2]"
          },
          "check": true
        },
        "addr": "localhost:8082",
        "name": ""
      }
    ],
    "dropbox.aubble.com": [
      {
        "_module": {
          "args": {
            "name": "[definition 1-entry 1]"
          },
          "check": true
        },
        "addr": "localhost:8087",
        "name": "h2"
      },
      {
        "_module": {
          "args": {
            "name": "[definition 1-entry 2]"
          },
          "check": true
        },
        "addr": "localhost:8086",
        "name": ""
      }
    ],
    "lounge.aubble.com": [
      {
        "_module": {
          "args": {
            "name": "[definition 1-entry 1]"
          },
          "check": true
        },
        "addr": "localhost:8088",
        "name": ""
      }
    ],
    "radiograydon.aubble.com": [
      {
        "_module": {
          "args": {
            "name": "[definition 1-entry 1]"
          },
          "check": true
        },
        "addr": "localhost:8085",
        "name": "h2"
      },
      {
        "_module": {
          "args": {
            "name": "[definition 1-entry 2]"
          },
          "check": true
        },
        "addr": "localhost:8084",
        "name": ""
      }
    ],
    "www.aubble.com": [
      {
        "_module": {
          "args": {
            "name": "[definition 1-entry 1]"
          },
          "check": true
        },
        "addr": "localhost:8081",
        "name": "h2"
      },
      {
        "_module": {
          "args": {
            "name": "[definition 1-entry 2]"
          },
          "check": true
        },
        "addr": "localhost:8080",
        "name": ""
      }
    ],
    "www.avondieselemission.com": [
      {
        "_module": {
          "args": {
            "name": "[definition 1-entry 1]"
          },
          "check": true
        },
        "addr": "localhost:8083",
        "name": "h2"
      },
      {
        "_module": {
          "args": {
            "name": "[definition 1-entry 2]"
          },
          "check": true
        },
        "addr": "localhost:8082",
        "name": ""
      }
    ]
  }
}

## configuration.nix
{
  enable = true;
  email = "anmol@aubble.com";
  cacheDir = "/var/lib/tlsmuxd";
  hosts = {
    "aubble.com" = [
      {name = "ssh"; addr = "localhost:906";}
      {name = "h2"; addr = "localhost:8081";}
      {name = ""; addr = "localhost:8080";}
    ];
    "www.aubble.com" = [
      {name = "h2"; addr = "localhost:8081";}
      {name = ""; addr = "localhost:8080";}
    ];
    "avondieselemission.com" = [
      {name = "h2"; addr = "localhost:8083";}
      {name = ""; addr = "localhost:8082";}
    ];
    "www.avondieselemission.com" = [
      {name = "h2"; addr = "localhost:8083";}
      {name = ""; addr = "localhost:8082";}
    ];
    "radiograydon.aubble.com" = [
      {name = "h2"; addr = "localhost:8085";}
      {name = ""; addr = "localhost:8084";}
    ];
    "dropbox.aubble.com" = [
      {name = "h2"; addr = "localhost:8087";}
      {name = ""; addr = "localhost:8086";}
    ];
    "lounge.aubble.com" = [
      {name = ""; addr = "localhost:8088";}
    ];
  };
}

## tlsmuxd.nix
{ config, lib, pkgs, ... }:

with lib;

let
   configFile = pkgs.writeText "config.json" (builtins.toJSON config.services.tlsmuxd);
in
{
  options.services.tlsmuxd = {
    enable = mkEnableOption "tlsmuxd";
    email = mkOption {
      type = types.str;
      description = "email for lets encrypt registration";
    };
    cacheDir = mkOption {
      type = types.str;
      description = "directory for storing data";
    };
    hosts = mkOption {
      type = types.attrsOf (types.listOf (types.submodule {
        options = {
          name = mkOption {
            type = types.str;
            description = "protocol name";
          };
          addr = mkOption {
            type = types.str;
            description = "backend address";
          };
        };
      }));
      description = "set of hosts";
    };
  };

  config = mkIf config.services.tlsmuxd.enable {
    systemd.services.tlsmuxd = {
      description = "tlsmuxd";
      wantedBy = [ "multi-user.target" ];
      after = [ "network.target" ];

      serviceConfig = {
        Restart = "on-failure";
        PrivateTmp = true;
        PrivateDevices = true;
        NoNewPrivileges = true;
        ExecStart = "${pkgs.tlsmuxd}/bin/tlsmuxd -c ${configFile}";
        ProtectSystem = "full";
        ProtectHome = true;
        RestrictAddressFamilies = "AF_INET AF_INET6";
      };
    };
  };
}
	{
	"cacheDir": "/var/lib/tlsmuxd",
	"email": "anmol@aubble.com",
	"enable": true,
	"hosts": {
	"aubble.com": [
	{
	"_module": {
	"args": {
	"name": "[definition 1-entry 1]"
	},
	"check": true
	},
	"addr": "localhost:906",
	"name": "ssh"
	},
	{
	"_module": {
	"args": {
	"name": "[definition 1-entry 2]"
	},
	"check": true
	},
	"addr": "localhost:8081",
	"name": "h2"
	},
	{
	"_module": {
	"args": {
	"name": "[definition 1-entry 3]"
	},
	"check": true
	},
	"addr": "localhost:8080",
	"name": ""
	}
	],
	"avondieselemission.com": [
	{
	"_module": {
	"args": {
	"name": "[definition 1-entry 1]"
	},
	"check": true
	},
	"addr": "localhost:8083",
	"name": "h2"
	},
	{
	"_module": {
	"args": {
	"name": "[definition 1-entry 2]"
	},
	"check": true
	},
	"addr": "localhost:8082",
	"name": ""
	}
	],
	"dropbox.aubble.com": [
	{
	"_module": {
	"args": {
	"name": "[definition 1-entry 1]"
	},
	"check": true
	},
	"addr": "localhost:8087",
	"name": "h2"
	},
	{
	"_module": {
	"args": {
	"name": "[definition 1-entry 2]"
	},
	"check": true
	},
	"addr": "localhost:8086",
	"name": ""
	}
	],
	"lounge.aubble.com": [
	{
	"_module": {
	"args": {
	"name": "[definition 1-entry 1]"
	},
	"check": true
	},
	"addr": "localhost:8088",
	"name": ""
	}
	],
	"radiograydon.aubble.com": [
	{
	"_module": {
	"args": {
	"name": "[definition 1-entry 1]"
	},
	"check": true
	},
	"addr": "localhost:8085",
	"name": "h2"
	},
	{
	"_module": {
	"args": {
	"name": "[definition 1-entry 2]"
	},
	"check": true
	},
	"addr": "localhost:8084",
	"name": ""
	}
	],
	"www.aubble.com": [
	{
	"_module": {
	"args": {
	"name": "[definition 1-entry 1]"
	},
	"check": true
	},
	"addr": "localhost:8081",
	"name": "h2"
	},
	{
	"_module": {
	"args": {
	"name": "[definition 1-entry 2]"
	},
	"check": true
	},
	"addr": "localhost:8080",
	"name": ""
	}
	],
	"www.avondieselemission.com": [
	{
	"_module": {
	"args": {
	"name": "[definition 1-entry 1]"
	},
	"check": true
	},
	"addr": "localhost:8083",
	"name": "h2"
	},
	{
	"_module": {
	"args": {
	"name": "[definition 1-entry 2]"
	},
	"check": true
	},
	"addr": "localhost:8082",
	"name": ""
	}
	]
	}
	}
	{
	enable = true;
	email = "anmol@aubble.com";
	cacheDir = "/var/lib/tlsmuxd";
	hosts = {
	"aubble.com" = [
	{name = "ssh"; addr = "localhost:906";}
	{name = "h2"; addr = "localhost:8081";}
	{name = ""; addr = "localhost:8080";}
	];
	"www.aubble.com" = [
	{name = "h2"; addr = "localhost:8081";}
	{name = ""; addr = "localhost:8080";}
	];
	"avondieselemission.com" = [
	{name = "h2"; addr = "localhost:8083";}
	{name = ""; addr = "localhost:8082";}
	];
	"www.avondieselemission.com" = [
	{name = "h2"; addr = "localhost:8083";}
	{name = ""; addr = "localhost:8082";}
	];
	"radiograydon.aubble.com" = [
	{name = "h2"; addr = "localhost:8085";}
	{name = ""; addr = "localhost:8084";}
	];
	"dropbox.aubble.com" = [
	{name = "h2"; addr = "localhost:8087";}
	{name = ""; addr = "localhost:8086";}
	];
	"lounge.aubble.com" = [
	{name = ""; addr = "localhost:8088";}
	];
	};
	}
	{ config, lib, pkgs, ... }:

	with lib;

	let
	configFile = pkgs.writeText "config.json" (builtins.toJSON config.services.tlsmuxd);
	in
	{
	options.services.tlsmuxd = {
	enable = mkEnableOption "tlsmuxd";
	email = mkOption {
	type = types.str;
	description = "email for lets encrypt registration";
	};
	cacheDir = mkOption {
	type = types.str;
	description = "directory for storing data";
	};
	hosts = mkOption {
	type = types.attrsOf (types.listOf (types.submodule {
	options = {
	name = mkOption {
	type = types.str;
	description = "protocol name";
	};
	addr = mkOption {
	type = types.str;
	description = "backend address";
	};
	};
	}));
	description = "set of hosts";
	};
	};

	config = mkIf config.services.tlsmuxd.enable {
	systemd.services.tlsmuxd = {
	description = "tlsmuxd";
	wantedBy = [ "multi-user.target" ];
	after = [ "network.target" ];

	serviceConfig = {
	Restart = "on-failure";
	PrivateTmp = true;
	PrivateDevices = true;
	NoNewPrivileges = true;
	ExecStart = "${pkgs.tlsmuxd}/bin/tlsmuxd -c ${configFile}";
	ProtectSystem = "full";
	ProtectHome = true;
	RestrictAddressFamilies = "AF_INET AF_INET6";
	};
	};
	};
	}