66 lines
1.6 KiB
Nix
66 lines
1.6 KiB
Nix
{
|
|
config,
|
|
lib,
|
|
pkgs,
|
|
...
|
|
}:
|
|
with lib; let
|
|
cfg = config.services.webone;
|
|
in {
|
|
options.services.webone.enable = mkEnableOption "Enable WebOne HTTP proxy.";
|
|
|
|
config = mkIf cfg.enable {
|
|
# Create user & group for service.
|
|
users.groups.webone = {};
|
|
|
|
users.users.webone = {
|
|
createHome = true;
|
|
isSystemUser = true;
|
|
home = "/var/lib/webone";
|
|
group = "webone";
|
|
};
|
|
|
|
# Create config directory and log file, and set ownership to webone user.
|
|
systemd.tmpfiles.settings = {
|
|
"10-webone" = {
|
|
"/var/log/webone.log" = {
|
|
f = {
|
|
group = "webone";
|
|
mode = "0664";
|
|
user = "webone";
|
|
};
|
|
};
|
|
"/etc/webone.conf.d" = {
|
|
d = {
|
|
group = "webone";
|
|
mode = "0755";
|
|
user = "webone";
|
|
};
|
|
};
|
|
};
|
|
};
|
|
|
|
# Create a systemd service.
|
|
systemd.services.webone = {
|
|
description = "WebOne HTTP Proxy Server";
|
|
documentation = ["https://github.com/atauenis/webone/wiki/"];
|
|
requires = ["network-online.target"];
|
|
after = ["network-online.target"];
|
|
wantedBy = ["default.target"];
|
|
startLimitIntervalSec = 5;
|
|
startLimitBurst = 3;
|
|
environment = {
|
|
OPENSSL_CONF = "${pkgs.webone}/lib/webone/openssl_webone.cnf";
|
|
};
|
|
serviceConfig = {
|
|
Type = "simple";
|
|
User = "webone";
|
|
Group = "webone";
|
|
ExecStart = "${pkgs.webone}/bin/webone";
|
|
TimeoutStopSec = "10";
|
|
Restart = "on-failure";
|
|
RestartSec = "5";
|
|
};
|
|
};
|
|
};
|
|
}
|