pyrox.dev
1{ config, pkgs, lib, ... }:
2
3with lib;
4
5let
6
7 cfg = config.services.sniproxy;
8
9 configFile = pkgs.writeText "sniproxy.conf" ''
10 user ${cfg.user}
11 pidfile /run/sniproxy.pid
12 ${cfg.config}
13 '';
14
15in
16{
17 options = {
18 services.sniproxy = {
19 enable = mkEnableOption "sniproxy server";
20
21 user = mkOption {
22 type = types.str;
23 default = "sniproxy";
24 description = "User account under which sniproxy runs.";
25 };
26
27 group = mkOption {
28 type = types.str;
29 default = "sniproxy";
30 description = "Group under which sniproxy runs.";
31 };
32
33 config = mkOption {
34 type = types.lines;
35 default = "";
36 description = "sniproxy.conf configuration excluding the daemon username and pid file.";
37 example = literalExample ''
38 error_log {
39 filename /var/log/sniproxy/error.log
40 }
41 access_log {
42 filename /var/log/sniproxy/access.log
43 }
44 listen 443 {
45 proto tls
46 }
47 table {
48 example.com 192.0.2.10
49 example.net 192.0.2.20
50 }
51 '';
52 };
53
54 logDir = mkOption {
55 type = types.str;
56 default = "/var/log/sniproxy/";
57 description = "Location of the log directory for sniproxy.";
58 };
59
60 };
61
62 };
63
64 config = mkIf cfg.enable {
65 systemd.services.sniproxy = {
66 description = "sniproxy server";
67 after = [ "network.target" ];
68 wantedBy = [ "multi-user.target" ];
69 preStart = ''
70 test -d ${cfg.logDir} || {
71 echo "Creating initial log directory for sniproxy in ${cfg.logDir}"
72 mkdir -p ${cfg.logDir}
73 chmod 640 ${cfg.logDir}
74 }
75 chown -R ${cfg.user}:${cfg.group} ${cfg.logDir}
76 '';
77
78 serviceConfig = {
79 Type = "forking";
80 ExecStart = "${pkgs.sniproxy}/bin/sniproxy -c ${configFile}";
81 Restart = "always";
82 };
83 };
84
85 users.extraUsers = mkIf (cfg.user == "sniproxy") {
86 sniproxy = {
87 group = cfg.group;
88 uid = config.ids.uids.sniproxy;
89 };
90 };
91
92 users.extraGroups = mkIf (cfg.group == "sniproxy") {
93 sniproxy = {
94 gid = config.ids.gids.sniproxy;
95 };
96 };
97
98 };
99}