nixos/modules/services/networking/sslh.nix at 17.09-beta · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / modules / services / networking / sslh.nix
at 17.09-beta 2.4 kB view raw
 1{ config, lib, pkgs, ... }:
 2
 3with lib;
 4
 5let
 6  cfg = config.services.sslh;
 7  configFile = pkgs.writeText "sslh.conf" ''
 8    verbose: ${boolToString cfg.verbose};
 9    foreground: true;
10    inetd: false;
11    numeric: false;
12    transparent: false;
13    timeout: "${toString cfg.timeout}";
14    user: "nobody";
15    pidfile: "${cfg.pidfile}";
16
17    listen:
18    (
19      { host: "${cfg.listenAddress}"; port: "${toString cfg.port}"; }
20    );
21
22    ${cfg.appendConfig}
23  '';
24  defaultAppendConfig = ''
25    protocols:
26    (
27      { name: "ssh"; service: "ssh"; host: "localhost"; port: "22"; probe: "builtin"; },
28      { name: "openvpn"; host: "localhost"; port: "1194"; probe: "builtin"; },
29      { name: "xmpp"; host: "localhost"; port: "5222"; probe: "builtin"; },
30      { name: "http"; host: "localhost"; port: "80"; probe: "builtin"; },
31      { name: "ssl"; host: "localhost"; port: "443"; probe: "builtin"; },
32      { name: "anyprot"; host: "localhost"; port: "443"; probe: "builtin"; }
33    );
34  '';
35in
36{
37  options = {
38    services.sslh = {
39      enable = mkEnableOption "sslh";
40
41      verbose = mkOption {
42        type = types.bool;
43        default = false;
44        description = "Verbose logs.";
45      };
46
47      timeout = mkOption {
48        type = types.int;
49        default = 2;
50        description = "Timeout in seconds.";
51      };
52
53      pidfile = mkOption {
54        type = types.path;
55        default = "/run/sslh.pid";
56        description = "PID file path for sslh daemon.";
57      };
58
59      listenAddress = mkOption {
60        type = types.str;
61        default = config.networking.hostName;
62        description = "Listening hostname.";
63      };
64
65      port = mkOption {
66        type = types.int;
67        default = 443;
68        description = "Listening port.";
69      };
70
71      appendConfig = mkOption {
72        type = types.str;
73        default = defaultAppendConfig;
74        description = "Verbatim configuration file.";
75      };
76    };
77  };
78
79  config = mkIf cfg.enable {
80    systemd.services.sslh = {
81      description = "Applicative Protocol Multiplexer (e.g. share SSH and HTTPS on the same port)";
82      after = [ "network.target" ];
83      wantedBy = [ "multi-user.target" ];
84      serviceConfig.ExecStart = "${pkgs.sslh}/bin/sslh -F${configFile}";
85      serviceConfig.KillMode = "process";
86      serviceConfig.PIDFile = "${cfg.pidfile}";
87    };
88  };
89}