nixos/modules/services/networking/privoxy.nix at 17.09-beta · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / modules / services / networking / privoxy.nix
at 17.09-beta 2.9 kB view raw
  1{ config, lib, pkgs, ... }:
  2
  3with lib;
  4
  5let
  6
  7  inherit (pkgs) privoxy;
  8
  9  cfg = config.services.privoxy;
 10
 11  confFile = pkgs.writeText "privoxy.conf" ''
 12    user-manual ${privoxy}/share/doc/privoxy/user-manual
 13    confdir ${privoxy}/etc/
 14    listen-address  ${cfg.listenAddress}
 15    enable-edit-actions ${if (cfg.enableEditActions == true) then "1" else "0"}
 16    ${concatMapStrings (f: "actionsfile ${f}\n") cfg.actionsFiles}
 17    ${concatMapStrings (f: "filterfile ${f}\n") cfg.filterFiles}
 18    ${cfg.extraConfig}
 19  '';
 20
 21in
 22
 23{
 24
 25  ###### interface
 26
 27  options = {
 28
 29    services.privoxy = {
 30
 31      enable = mkOption {
 32        type = types.bool;
 33        default = false;
 34        description = ''
 35          Whether to enable the Privoxy non-caching filtering proxy.
 36        '';
 37      };
 38
 39      listenAddress = mkOption {
 40        type = types.str;
 41        default = "127.0.0.1:8118";
 42        description = ''
 43          Address the proxy server is listening to.
 44        '';
 45      };
 46
 47      actionsFiles = mkOption {
 48        type = types.listOf types.str;
 49        example = [ "match-all.action" "default.action" "/etc/privoxy/user.action" ];
 50        default = [ "match-all.action" "default.action" ];
 51        description = ''
 52          List of paths to Privoxy action files.
 53          These paths may either be absolute or relative to the privoxy configuration directory.
 54        '';
 55      };
 56
 57      filterFiles = mkOption {
 58        type = types.listOf types.str;
 59        example = [ "default.filter" "/etc/privoxy/user.filter" ];
 60        default = [ "default.filter" ];
 61        description = ''
 62          List of paths to Privoxy filter files.
 63          These paths may either be absolute or relative to the privoxy configuration directory.
 64        '';
 65      };
 66
 67      enableEditActions = mkOption {
 68        type = types.bool;
 69        default = false;
 70        description = ''
 71          Whether or not the web-based actions file editor may be used.
 72        '';
 73      };
 74
 75      extraConfig = mkOption {
 76        type = types.lines;
 77        default = "" ;
 78        description = ''
 79          Extra configuration. Contents will be added verbatim to the configuration file.
 80        '';
 81      };
 82    };
 83
 84  };
 85
 86  ###### implementation
 87
 88  config = mkIf cfg.enable {
 89
 90    users.users.privoxy = {
 91      isSystemUser = true;
 92      home = "/var/empty";
 93      group = "privoxy";
 94    };
 95
 96    users.groups.privoxy = {};
 97
 98    systemd.services.privoxy = {
 99      description = "Filtering web proxy";
100      after = [ "network.target" "nss-lookup.target" ];
101      wantedBy = [ "multi-user.target" ];
102      serviceConfig.ExecStart = "${privoxy}/bin/privoxy --no-daemon --user privoxy ${confFile}";
103
104      serviceConfig.PrivateDevices = true;
105      serviceConfig.PrivateTmp = true;
106      serviceConfig.ProtectHome = true;
107      serviceConfig.ProtectSystem = "full";
108    };
109
110  };
111
112}