flake/nixos/modules/services/rathole.nix

{
  pkgs,
  config,
  lib,
  ...
}: let
  cfg = config.services.rathole;
in {
  options.services.rathole = {
    enable = lib.mkEnableOption "Rathole, a lightweight and high-performance reverse proxy for NAT traversal";

    package = lib.mkPackageOption pkgs "rathole" {};

    configFile = lib.mkOption {
      default = null;
      type = lib.types.nullOr lib.types.path;
      description = "Configuration file to use.";
    };

    credentials = lib.mkOption {
      type = lib.types.listOf lib.types.str;
      default = [];
      example = lib.literalExpression ''
        [
          "cert:/tmp/certificate.crt"
          "key:/tmp/private-key.key"
        ];
      '';
      description = ''
        Extra credentials loaded by systemd, you can access them by `/run/credentials/rathole.service/foobar`.

        See `systemd.exec(5)` for more information.
      '';
    };
  };

  config = lib.mkIf cfg.enable {
    systemd.services.rathole = {
      description = "Rathole daemon, a lightweight and high-performance reverse proxy for NAT traversal.";
      wantedBy = ["multi-user.target"];
      after = ["network-online.target"];
      wants = ["network-online.target"];
      serviceConfig = {
        ExecStart = "${lib.getExe cfg.package} $\{CREDENTIALS_DIRECTORY}/rathole.toml";
        LoadCredential = ["rathole.toml:${cfg.configFile}"] ++ cfg.credentials;
        DynamicUser = true;
      };
    };
  };
}
treewide: update I honestly have no idea how to commit this pile of stuff one by one... 2024-05-23 16:15:10 +00:00			`{`
			`pkgs,`
			`config,`
			`lib,`
			`...`
			`}: let`
			`cfg = config.services.rathole;`
			`in {`
			`options.services.rathole = {`
			`enable = lib.mkEnableOption "Rathole, a lightweight and high-performance reverse proxy for NAT traversal";`

			`package = lib.mkPackageOption pkgs "rathole" {};`

			`configFile = lib.mkOption {`
			`default = null;`
			`type = lib.types.nullOr lib.types.path;`
			`description = "Configuration file to use.";`
			`};`

			`credentials = lib.mkOption {`
			`type = lib.types.listOf lib.types.str;`
			`default = [];`
			`example = lib.literalExpression ''`
			`[`
			`"cert:/tmp/certificate.crt"`
			`"key:/tmp/private-key.key"`
			`];`
			`'';`
			`description = ''`
			Extra credentials loaded by systemd, you can access them by `/run/credentials/rathole.service/foobar`.

			See `systemd.exec(5)` for more information.
			`'';`
			`};`
			`};`

			`config = lib.mkIf cfg.enable {`
			`systemd.services.rathole = {`
			`description = "Rathole daemon, a lightweight and high-performance reverse proxy for NAT traversal.";`
			`wantedBy = ["multi-user.target"];`
			`after = ["network-online.target"];`
			`wants = ["network-online.target"];`
			`serviceConfig = {`
			`ExecStart = "${lib.getExe cfg.package} $\{CREDENTIALS_DIRECTORY}/rathole.toml";`
			`LoadCredential = ["rathole.toml:${cfg.configFile}"] ++ cfg.credentials;`
			`DynamicUser = true;`
			`};`
			`};`
			`};`
			`}`