From 1439e72147bf73adb862fd2d153602a5e52103d7 Mon Sep 17 00:00:00 2001
From: koral <koral@mailoo.org>
Date: Thu, 5 Feb 2015 00:36:27 +0100
Subject: New sslh module.

---
 nixos/modules/services/networking/sslh.nix | 83 ++++++++++++++++++++++++++++++
 1 file changed, 83 insertions(+)
 create mode 100644 nixos/modules/services/networking/sslh.nix

(limited to 'nixos/modules/services/networking/sslh.nix')

diff --git a/nixos/modules/services/networking/sslh.nix b/nixos/modules/services/networking/sslh.nix
new file mode 100644
index 000000000000..2bfdfc89c880
--- /dev/null
+++ b/nixos/modules/services/networking/sslh.nix
@@ -0,0 +1,83 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+  cfg = config.services.sslh;
+  configFile = pkgs.writeText "sslh.conf" ''
+    verbose: ${if cfg.verbose then "true" else "false"};
+    foreground: false;
+    inetd: false;
+    numeric: false;
+    transparent: false;
+    timeout: "${toString cfg.timeout}";
+    user: "nobody";
+    pidfile: "/run/sslh.pid";
+
+    listen:
+    (
+      { host: "${cfg.host}"; port: "${toString cfg.port}"; }
+    );
+
+    ${cfg.appendConfig}
+  '';
+  defaultAppendConfig = ''
+    protocols:
+    (
+      { name: "ssh"; service: "ssh"; host: "localhost"; port: "22"; probe: "builtin"; },
+      { name: "openvpn"; host: "localhost"; port: "1194"; probe: "builtin"; },
+      { name: "xmpp"; host: "localhost"; port: "5222"; probe: "builtin"; },
+      { name: "http"; host: "localhost"; port: "80"; probe: "builtin"; },
+      { name: "ssl"; host: "localhost"; port: "443"; probe: "builtin"; },
+      { name: "anyprot"; host: "localhost"; port: "443"; probe: "builtin"; }
+    );
+  '';
+in
+{
+  options = {
+    services.sslh = {
+      enable = mkEnableOption "sslh";
+
+      verbose = mkOption {
+        type = types.bool;
+        default = false;
+        description = "Verbose logs.";
+      };
+
+      timeout = mkOption {
+        type = types.int;
+        default = 2;
+        description = "Timeout in seconds.";
+      };
+
+      host = mkOption {
+        type = types.str;
+        default = config.networking.hostName;
+        description = "Listening hostname.";
+      };
+
+      port = mkOption {
+        type = types.int;
+        default = 443;
+        description = "Listening port.";
+      };
+
+      appendConfig = mkOption {
+        type = types.str;
+        default = defaultAppendConfig;
+        description = "Verbatim configuration file.";
+      };
+    };
+  };
+
+  config = mkIf cfg.enable {
+    systemd.services.sslh = {
+      description = "Applicative Protocol Multiplexer (e.g. share SSH and HTTPS on the same port)";
+      after = [ "network.target" ];
+      wantedBy = [ "multi-user.target" ];
+      serviceConfig.ExecStart = "${pkgs.sslh}/bin/sslh -F ${configFile}";
+      serviceConfig.KillMode = "process";
+      serviceConfig.PIDFile = "/run/sslh.pid";
+    };
+  };
+}
-- 
cgit 1.4.1