diff options
Diffstat (limited to 'nixpkgs/nixos/modules/services/networking/privoxy.nix')
-rw-r--r-- | nixpkgs/nixos/modules/services/networking/privoxy.nix | 112 |
1 files changed, 112 insertions, 0 deletions
diff --git a/nixpkgs/nixos/modules/services/networking/privoxy.nix b/nixpkgs/nixos/modules/services/networking/privoxy.nix new file mode 100644 index 000000000000..49ca839a2c37 --- /dev/null +++ b/nixpkgs/nixos/modules/services/networking/privoxy.nix @@ -0,0 +1,112 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + + inherit (pkgs) privoxy; + + cfg = config.services.privoxy; + + confFile = pkgs.writeText "privoxy.conf" '' + user-manual ${privoxy}/share/doc/privoxy/user-manual + confdir ${privoxy}/etc/ + listen-address ${cfg.listenAddress} + enable-edit-actions ${if (cfg.enableEditActions == true) then "1" else "0"} + ${concatMapStrings (f: "actionsfile ${f}\n") cfg.actionsFiles} + ${concatMapStrings (f: "filterfile ${f}\n") cfg.filterFiles} + ${cfg.extraConfig} + ''; + +in + +{ + + ###### interface + + options = { + + services.privoxy = { + + enable = mkOption { + type = types.bool; + default = false; + description = '' + Whether to enable the Privoxy non-caching filtering proxy. + ''; + }; + + listenAddress = mkOption { + type = types.str; + default = "127.0.0.1:8118"; + description = '' + Address the proxy server is listening to. + ''; + }; + + actionsFiles = mkOption { + type = types.listOf types.str; + example = [ "match-all.action" "default.action" "/etc/privoxy/user.action" ]; + default = [ "match-all.action" "default.action" ]; + description = '' + List of paths to Privoxy action files. + These paths may either be absolute or relative to the privoxy configuration directory. + ''; + }; + + filterFiles = mkOption { + type = types.listOf types.str; + example = [ "default.filter" "/etc/privoxy/user.filter" ]; + default = [ "default.filter" ]; + description = '' + List of paths to Privoxy filter files. + These paths may either be absolute or relative to the privoxy configuration directory. + ''; + }; + + enableEditActions = mkOption { + type = types.bool; + default = false; + description = '' + Whether or not the web-based actions file editor may be used. + ''; + }; + + extraConfig = mkOption { + type = types.lines; + default = "" ; + description = '' + Extra configuration. Contents will be added verbatim to the configuration file. + ''; + }; + }; + + }; + + ###### implementation + + config = mkIf cfg.enable { + + users.users.privoxy = { + isSystemUser = true; + home = "/var/empty"; + group = "privoxy"; + }; + + users.groups.privoxy = {}; + + systemd.services.privoxy = { + description = "Filtering web proxy"; + after = [ "network.target" "nss-lookup.target" ]; + wantedBy = [ "multi-user.target" ]; + serviceConfig.ExecStart = "${privoxy}/bin/privoxy --no-daemon --user privoxy ${confFile}"; + + serviceConfig.PrivateDevices = true; + serviceConfig.PrivateTmp = true; + serviceConfig.ProtectHome = true; + serviceConfig.ProtectSystem = "full"; + }; + + }; + +} |