Clean up config & add comments.

2025-07-16 18:46:12 +08:00 · 2025-07-16 18:46:12 +08:00 · c2fc35e12d
commit c2fc35e12d
parent b504700e61
18 changed files with 162 additions and 114 deletions
--- a/modules/webone/default.nix
+++ b/modules/webone/default.nix
@ -0,0 +1,66 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+with lib; let
+  cfg = config.services.webone;
+in {
+  options.services.webone.enable = mkEnableOption "Enable WebOne HTTP proxy.";
+
+  config = mkIf cfg.enable {
+    # Create user & group for service.
+    users.groups.webone = {};
+
+    users.users.webone = {
+      createHome = true;
+      isSystemUser = true;
+      home = "/var/lib/webone";
+      group = "webone";
+    };
+
+    # Create config directory and log file, and set ownership to webone user.
+    systemd.tmpfiles.settings = {
+      "10-webone" = {
+        "/var/log/webone.log" = {
+          f = {
+            group = "webone";
+            mode = "0664";
+            user = "webone";
+          };
+        };
+        "/etc/webone.conf.d" = {
+          d = {
+            group = "webone";
+            mode = "0755";
+            user = "webone";
+          };
+        };
+      };
+    };
+
+    # Create a systemd service.
+    systemd.services.webone = {
+      description = "WebOne HTTP Proxy Server";
+      documentation = ["https://github.com/atauenis/webone/wiki/"];
+      requires = ["network-online.target"];
+      after = ["network-online.target"];
+      wantedBy = ["default.target"];
+      startLimitIntervalSec = 5;
+      startLimitBurst = 3;
+      environment = {
+        OPENSSL_CONF = "${pkgs.webone}/lib/webone/openssl_webone.cnf";
+      };
+      serviceConfig = {
+        Type = "simple";
+        User = "webone";
+        Group = "webone";
+        ExecStart = "${pkgs.webone}/bin/webone";
+        TimeoutStopSec = "10";
+        Restart = "on-failure";
+        RestartSec = "5";
+      };
+    };
+  };
+}