nixos-systems/modules/system/frps.nix

{ config, configFiles, inputs, lib, pkgs, ... }:
with lib;
let
	group = "frps";
	user = "frps";
in {
	options.myModules.frps = {
		enable = mkEnableOption "custom frps configuration";
	};
	config = mkIf config.myModules.frps.enable {
		environment = {
			etc."frps.toml".source = "${configFiles}/frps/frps.toml";
			systemPackages = [
				pkgs.frp
			];

		};
		sops.secrets.frps-env = {
			format = "dotenv";
			group = "${group}";
			mode = "0440";
			owner = "${user}";
			restartUnits = [];
			sopsFile = ../../secrets/frps.env;
		};
		systemd.services.frps = {
			after=["network.target" "network-online.target"];
			description="FRP server process";
			environment = {
				FRPS_BIND_PORT="7000";
				FRPS_VHOST_HTTP_PORT="8000";
			};
			requires=["network-online.target"];
			restartIfChanged = true;
			stopIfChanged = true;
			serviceConfig = {
				EnvironmentFile = "/var/run/secrets/frps-env";
				Type = "simple";
				User = "${user}";
				Group = "${group}";
				ExecStart = "${pkgs.frp}/bin/frps -c /etc/frps.toml";
				TimeoutStopSec = "5s";
				PrivateTmp = true;
				WorkingDirectory = "/tmp";
			};
			wantedBy = ["multi-user.target"];
		};
		users.groups.${group} = {};
		users.users.${user} = {
			group = "${group}";
			isNormalUser = false;
			isSystemUser = true;
		};
	};
}
Add the sovr role and initial frps deployment 2025-10-13 17:06:15 +00:00			`{ config, configFiles, inputs, lib, pkgs, ... }:`
			`with lib;`
Add frps systemd unit for running frps all the time 2025-10-13 22:03:15 +00:00			`let`
			`group = "frps";`
			`user = "frps";`
			`in {`
Specify the bind port directly It's not a secret, and this will make it possible to use the address/interface configured in the host configuration. 2025-10-14 03:16:15 +00:00			`options.myModules.frps = {`
			`enable = mkEnableOption "custom frps configuration";`
			`};`
Add the sovr role and initial frps deployment 2025-10-13 17:06:15 +00:00			`config = mkIf config.myModules.frps.enable {`
Add frpc/frps to the system packages 2025-10-13 17:10:22 +00:00			`environment = {`
			`etc."frps.toml".source = "${configFiles}/frps/frps.toml";`
			`systemPackages = [`
			`pkgs.frp`
			`];`
Add frps systemd unit for running frps all the time 2025-10-13 22:03:15 +00:00
			`};`
			`sops.secrets.frps-env = {`
			`format = "dotenv";`
			`group = "${group}";`
			`mode = "0440";`
			`owner = "${user}";`
			`restartUnits = [];`
			`sopsFile = ../../secrets/frps.env;`
			`};`
			`systemd.services.frps = {`
			`after=["network.target" "network-online.target"];`
			`description="FRP server process";`
Specify the bind port directly It's not a secret, and this will make it possible to use the address/interface configured in the host configuration. 2025-10-14 03:16:15 +00:00			`environment = {`
			`FRPS_BIND_PORT="7000";`
			`FRPS_VHOST_HTTP_PORT="8000";`
			`};`
Add frps systemd unit for running frps all the time 2025-10-13 22:03:15 +00:00			`requires=["network-online.target"];`
			`restartIfChanged = true;`
			`stopIfChanged = true;`
			`serviceConfig = {`
Specify the bind port directly It's not a secret, and this will make it possible to use the address/interface configured in the host configuration. 2025-10-14 03:16:15 +00:00			`EnvironmentFile = "/var/run/secrets/frps-env";`
Add frps systemd unit for running frps all the time 2025-10-13 22:03:15 +00:00			`Type = "simple";`
			`User = "${user}";`
			`Group = "${group}";`
			`ExecStart = "${pkgs.frp}/bin/frps -c /etc/frps.toml";`
			`TimeoutStopSec = "5s";`
			`PrivateTmp = true;`
			`WorkingDirectory = "/tmp";`
			`};`
			`wantedBy = ["multi-user.target"];`
			`};`
			`users.groups.${group} = {};`
			`users.users.${user} = {`
			`group = "${group}";`
			`isNormalUser = false;`
			`isSystemUser = true;`
Add frpc/frps to the system packages 2025-10-13 17:10:22 +00:00			`};`
Add the sovr role and initial frps deployment 2025-10-13 17:06:15 +00:00			`};`
			`}`