1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172

diff --git a/nix/module.nix b/nix/module.nix
index adac61afca46731122a75d9e3b53480f68657ca4..1734e9fc5e8d0ee80bbd11946acd403a3de70b9c 100644
--- a/nix/module.nix
+++ b/nix/module.nix
@@ -7,15 +7,14 @@ }:
 let
   cfg = config.services.tailproxy;
   pkg = pkgs.callPackage ./pkg.nix { inherit pkgs; };
-in
-{
-  options =
+  instanceOptions =
+    { name, config, ... }:
     let
       inherit (lib) mkEnableOption mkOption types;
     in
     {
-      services.tailproxy = {
-        enable = mkEnableOption "Enable tailproxy";
+      options = {
+        enable = mkEnableOption "Enable tailproxy for ${name}";
 
         package = mkOption {
           type = types.package;
@@ -23,29 +22,32 @@           description = "tailproxy package to use";
           default = pkg;
         };
 
-		hostname = mkOption {
-		  type = types.str;
-		  description = "Tailscale hostname";
-		};
-		auth-key = mkOption {
-		  type = types.str;
-		  description = "Tailscale auth key";
-		};
-		funnel = mkOption {
-		  type = types.bool;
-		  description = "Expose on Tailscale funnel";
-		};
-		data-dir = mkOption {
-		  type = types.str;
-		  description = "tsnet data directory";
-		  default = ".tailproxy";
-		  
-		};
-		port = mkOption {
-		  type = types.int;
-		  description = "Port to proxy";
-		};
-		
+        hostname = mkOption {
+          type = types.str;
+          description = "Tailscale hostname";
+        };
+
+        auth-key = mkOption {
+          type = types.nullOr types.str;
+          default = null;
+          description = "Tailscale auth key";
+        };
+
+        funnel = mkOption {
+          type = types.bool;
+          description = "Expose on Tailscale funnel";
+        };
+
+        data-dir = mkOption {
+          type = types.str;
+          description = "tsnet data directory";
+          default = "/var/lib/tailproxy-${name}";
+        };
+
+        port = mkOption {
+          type = types.int;
+          description = "Port to proxy";
+        };
 
         user = mkOption {
           type = types.str;
@@ -60,46 +62,55 @@           description = "Group account under which tailproxy runs";
         };
       };
     };
-  config = lib.mkIf cfg.enable {
-    users.users."${cfg.user}" = {
-      home = "/var/lib/tailproxy";
-      createHome = true;
-      group = "${cfg.group}";
-      isSystemUser = true;
-      isNormalUser = false;
-      description = "user for tailproxy service";
+in
+{
+  options = {
+    services.tailproxy = lib.mkOption {
+      type = lib.types.attrsOf (lib.types.submodule instanceOptions);
+      default = { };
+      description = "Attribute set of tailproxy instances";
     };
-    users.groups."${cfg.group}" = { };
-
-    systemd.services = {
-      tailproxy = {
-        enable = true;
-        script =
-          let
-            args = [
-              "--hostname=${cfg.hostname}"
-              "--auth-key=${cfg.auth-key}"
-              "--funnel=${cfg.funnel}"
-              "--data-dir=${cfg.data-dir}"
-              "--port=${cfg.port}"
-              
-            ];
-          in
-          "${cfg.package}/bin/tailproxyd ${builtins.concatStringsSep " " args}";
+  };
+  config = lib.mkIf (cfg.instances != { }) {
+    systemd.services = lib.mapAttrs' (
+      name: instanceCfg:
+      lib.nameValuePair "tailproxy-${name}" {
+        description = "tailproxy-${name}";
         wantedBy = [ "multi-user.target" ];
         after = [ "network.target" ];
-        path = [
-          cfg.package
-        ];
         serviceConfig = {
-          User = cfg.user;
-          Group = cfg.group;
-          Restart = "always";
-          RestartSec = "15";
-          WorkingDirectory = "/var/lib/tailproxy";
+          ExecStart =
+            let
+              args =
+                lib.optionals (instanceCfg.auth-key != null) [
+                  "--auth-key=${instanceCfg.auth-key}"
+                ]
+                ++ [
+                  (lib.optionalString instanceCfg.funnel "--funnel")
+                  "--hostname=${instanceCfg.hostname}"
+                  "--port=${builtins.toString instanceCfg.port}"
+                  "--data-dir=${instanceCfg.data-dir}"
+                ];
+            in
+            "${instanceCfg.package}/bin/tailproxy ${lib.concatStringsSep " " args}";
+          User = instanceCfg.user;
+          Restart = "on-failure";
         };
-      };
-    };
+      }
+    ) (lib.filterAttrs (name: instanceCfg: instanceCfg.enable) cfg.instances);
+
+    users.users = lib.mapAttrs' (
+      name: instanceCfg:
+      lib.nameValuePair instanceCfg.user {
+        isSystemUser = true;
+        group = instanceCfg.user;
+        home = instanceCfg.data-dir;
+        createHome = true;
+      }
+    ) (lib.filterAttrs (name: instanceCfg: instanceCfg.enable) cfg.instances);
+
+    users.groups = lib.mapAttrs' (name: instanceCfg: lib.nameValuePair instanceCfg.user { }) (
+      lib.filterAttrs (name: instanceCfg: instanceCfg.enable) cfg.instances
+    );
   };
 }
-