nixos/modules/services/networking/dante.nix at 17.09-beta · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs

lol

nixpkgs / nixos / modules / services / networking / dante.nix

at 17.09-beta 1.4 kB view raw

 1{ config, lib, pkgs, ... }:
 2with lib;
 3
 4let
 5  cfg = config.services.dante;
 6  confFile = pkgs.writeText "dante-sockd.conf" ''
 7    user.privileged: root
 8    user.unprivileged: dante
 9
10    ${cfg.config}
11  '';
12in
13
14{
15  meta = {
16    maintainers = with maintainers; [ arobyn ];
17  };
18
19  options = {
20    services.dante = {
21      enable = mkEnableOption "Dante SOCKS proxy";
22
23      config = mkOption {
24        default     = null;
25        type        = types.nullOr types.str;
26        description = ''
27          Contents of Dante's configuration file
28          NOTE: user.privileged/user.unprivileged are set by the service
29        '';
30      };
31    };
32  };
33
34  config = mkIf cfg.enable {
35    assertions = [
36      { assertion   = cfg.config != null;
37        message     = "please provide Dante configuration file contents";
38      }
39    ];
40
41    users.users.dante = {
42      description   = "Dante SOCKS proxy daemon user";
43      isSystemUser  = true;
44      group         = "dante";
45    };
46    users.groups.dante = {};
47
48    systemd.services.dante = {
49      description   = "Dante SOCKS v4 and v5 compatible proxy server";
50      after         = [ "network.target" ];
51      wantedBy      = [ "multi-user.target" ];
52
53      serviceConfig = {
54        Type        = "simple";
55        ExecStart   = "${pkgs.dante}/bin/sockd -f ${confFile}";
56        ExecReload  = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
57        Restart     = "always";
58      };
59    };
60  };
61}