diff options
author | Joachim Fasting <joachifm@users.noreply.github.com> | 2016-05-11 15:14:33 +0200 |
---|---|---|
committer | Joachim Fasting <joachifm@users.noreply.github.com> | 2016-05-11 15:14:33 +0200 |
commit | a0e8d542c7a1a6e9143ad1213dc8687f0e422780 (patch) | |
tree | db5ee4bbc7a8d5831a3594e217c1e1de3e30a055 /nixos/modules/services | |
parent | 67d430096f2527689c9abc8a48af21a5ecfe67de (diff) | |
parent | 356f1bdac85f4cc018b320141d3227a4c1f6dccf (diff) | |
download | nixlib-a0e8d542c7a1a6e9143ad1213dc8687f0e422780.tar nixlib-a0e8d542c7a1a6e9143ad1213dc8687f0e422780.tar.gz nixlib-a0e8d542c7a1a6e9143ad1213dc8687f0e422780.tar.bz2 nixlib-a0e8d542c7a1a6e9143ad1213dc8687f0e422780.tar.lz nixlib-a0e8d542c7a1a6e9143ad1213dc8687f0e422780.tar.xz nixlib-a0e8d542c7a1a6e9143ad1213dc8687f0e422780.tar.zst nixlib-a0e8d542c7a1a6e9143ad1213dc8687f0e422780.zip |
Merge pull request #15377 from womfoo/sniproxy
sniproxy: init at 0.4.0 with dependency udns: init at 0.4
Diffstat (limited to 'nixos/modules/services')
-rw-r--r-- | nixos/modules/services/networking/sniproxy.nix | 99 |
1 files changed, 99 insertions, 0 deletions
diff --git a/nixos/modules/services/networking/sniproxy.nix b/nixos/modules/services/networking/sniproxy.nix new file mode 100644 index 000000000000..4d0f36923293 --- /dev/null +++ b/nixos/modules/services/networking/sniproxy.nix @@ -0,0 +1,99 @@ +{ config, pkgs, lib, ... }: + +with lib; + +let + + cfg = config.services.sniproxy; + + configFile = pkgs.writeText "sniproxy.conf" '' + user ${cfg.user} + pidfile /run/sniproxy.pid + ${cfg.config} + ''; + +in +{ + options = { + services.sniproxy = { + enable = mkEnableOption "sniproxy server"; + + user = mkOption { + type = types.str; + default = "sniproxy"; + description = "User account under which sniproxy runs."; + }; + + group = mkOption { + type = types.str; + default = "sniproxy"; + description = "Group under which sniproxy runs."; + }; + + config = mkOption { + type = types.lines; + default = ""; + description = "sniproxy.conf configuration excluding the daemon username and pid file."; + example = literalExample '' + error_log { + filename /var/log/sniproxy/error.log + } + access_log { + filename /var/log/sniproxy/access.log + } + listen 443 { + proto tls + } + table { + example.com 192.0.2.10 + example.net 192.0.2.20 + } + ''; + }; + + logDir = mkOption { + type = types.str; + default = "/var/log/sniproxy/"; + description = "Location of the log directory for sniproxy."; + }; + + }; + + }; + + config = mkIf cfg.enable { + systemd.services.sniproxy = { + description = "sniproxy server"; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + preStart = '' + test -d ${cfg.logDir} || { + echo "Creating initial log directory for sniproxy in ${cfg.logDir}" + mkdir -p ${cfg.logDir} + chmod 640 ${cfg.logDir} + } + chown -R ${cfg.user}:${cfg.group} ${cfg.logDir} + ''; + + serviceConfig = { + Type = "forking"; + ExecStart = "${pkgs.sniproxy}/bin/sniproxy -c ${configFile}"; + Restart = "always"; + }; + }; + + users.extraUsers = mkIf (cfg.user == "sniproxy") { + sniproxy = { + group = cfg.group; + uid = config.ids.uids.sniproxy; + }; + }; + + users.extraGroups = mkIf (cfg.group == "sniproxy") { + sniproxy = { + gid = config.ids.gids.sniproxy; + }; + }; + + }; +} |