mirror of
https://github.com/itme-brain/nixos.git
synced 2026-05-08 06:50:11 -04:00
37 lines
1 KiB
Nix
37 lines
1 KiB
Nix
{ pkgs, lib, config, ... }:
|
|
|
|
with lib;
|
|
let
|
|
cfg = config.modules.system.wstunnel;
|
|
in
|
|
{
|
|
options.modules.system.wstunnel = {
|
|
enable = mkEnableOption "wstunnel WebSocket transport for WireGuard";
|
|
|
|
listenPort = mkOption {
|
|
type = types.port;
|
|
default = 8080;
|
|
description = "Local port wstunnel server listens on (nginx proxies to this)";
|
|
};
|
|
|
|
wireguardPort = mkOption {
|
|
type = types.port;
|
|
default = 51820;
|
|
description = "Local WireGuard port to forward traffic to";
|
|
};
|
|
};
|
|
|
|
config = mkIf cfg.enable {
|
|
systemd.services.wstunnel = {
|
|
description = "wstunnel WebSocket server for WireGuard transport";
|
|
after = [ "network.target" "wireguard-wg0.service" ];
|
|
wantedBy = [ "multi-user.target" ];
|
|
serviceConfig = {
|
|
ExecStart = "${pkgs.wstunnel}/bin/wstunnel server ws://127.0.0.1:${toString cfg.listenPort} --restrict-to 127.0.0.1:${toString cfg.wireguardPort}";
|
|
Restart = "on-failure";
|
|
RestartSec = 5;
|
|
DynamicUser = true;
|
|
};
|
|
};
|
|
};
|
|
}
|