diff options
author | Franz Pletz <fpletz@fnordicwalking.de> | 2016-11-22 15:10:46 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2016-11-22 15:10:46 +0100 |
commit | d94e93ccdf1671f6c50f48ac37d4b5d1210cb481 (patch) | |
tree | 8e87703269620330d5d84f36e6b392734e46d61f /nixos | |
parent | 2f1be760da992568fe0e8be21200eea99ea9897e (diff) | |
parent | 49d679d7a8f5875be21f36cf64d16531e3dd81ee (diff) | |
download | nixlib-d94e93ccdf1671f6c50f48ac37d4b5d1210cb481.tar nixlib-d94e93ccdf1671f6c50f48ac37d4b5d1210cb481.tar.gz nixlib-d94e93ccdf1671f6c50f48ac37d4b5d1210cb481.tar.bz2 nixlib-d94e93ccdf1671f6c50f48ac37d4b5d1210cb481.tar.lz nixlib-d94e93ccdf1671f6c50f48ac37d4b5d1210cb481.tar.xz nixlib-d94e93ccdf1671f6c50f48ac37d4b5d1210cb481.tar.zst nixlib-d94e93ccdf1671f6c50f48ac37d4b5d1210cb481.zip |
Merge pull request #19588 from Shados/add-dante
Add dante package & accompanying service module
Diffstat (limited to 'nixos')
-rw-r--r-- | nixos/modules/module-list.nix | 1 | ||||
-rw-r--r-- | nixos/modules/services/networking/dante.nix | 61 |
2 files changed, 62 insertions, 0 deletions
diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index d82f1fbc54fd..4589f47e7c19 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -348,6 +348,7 @@ ./services/networking/connman.nix ./services/networking/consul.nix ./services/networking/coturn.nix + ./services/networking/dante.nix ./services/networking/ddclient.nix ./services/networking/dhcpcd.nix ./services/networking/dhcpd.nix diff --git a/nixos/modules/services/networking/dante.nix b/nixos/modules/services/networking/dante.nix new file mode 100644 index 000000000000..8f4e15223ab0 --- /dev/null +++ b/nixos/modules/services/networking/dante.nix @@ -0,0 +1,61 @@ +{ config, lib, pkgs, ... }: +with lib; + +let + cfg = config.services.dante; + confFile = pkgs.writeText "dante-sockd.conf" '' + user.privileged: root + user.unprivileged: dante + + ${cfg.config} + ''; +in + +{ + meta = { + maintainers = with maintainers; [ arobyn ]; + }; + + options = { + services.dante = { + enable = mkEnableOption "Dante SOCKS proxy"; + + config = mkOption { + default = null; + type = types.str; + description = '' + Contents of Dante's configuration file + NOTE: user.privileged/user.unprivileged are set by the service + ''; + }; + }; + }; + + config = mkIf cfg.enable { + assertions = [ + { assertion = cfg.config != null; + message = "please provide Dante configuration file contents"; + } + ]; + + users.users.dante = { + description = "Dante SOCKS proxy daemon user"; + isSystemUser = true; + group = "dante"; + }; + users.groups.dante = {}; + + systemd.services.dante = { + description = "Dante SOCKS v4 and v5 compatible proxy server"; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + + serviceConfig = { + Type = "simple"; + ExecStart = "${pkgs.dante}/bin/sockd -f ${confFile}"; + ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID"; + Restart = "always"; + }; + }; + }; +} |