nixos/modules/services/networking/dante.nix at 23.11-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / modules / services / networking / dante.nix
at 23.11-pre 1.6 kB view raw
 1{ config, lib, pkgs, ... }:
 2with lib;
 3
 4let
 5  cfg = config.services.dante;
 6  confFile = pkgs.writeText "dante-sockd.conf" ''
 7    user.privileged: root
 8    user.unprivileged: dante
 9    logoutput: syslog
10
11    ${cfg.config}
12  '';
13in
14
15{
16  meta = {
17    maintainers = with maintainers; [ arobyn ];
18  };
19
20  options = {
21    services.dante = {
22      enable = mkEnableOption (lib.mdDoc "Dante SOCKS proxy");
23
24      config = mkOption {
25        type        = types.lines;
26        description = lib.mdDoc ''
27          Contents of Dante's configuration file.
28          NOTE: user.privileged, user.unprivileged and logoutput are set by the service.
29        '';
30      };
31    };
32  };
33
34  config = mkIf cfg.enable {
35    assertions = [
36      { assertion   = cfg.config != "";
37        message     = "please provide Dante configuration file contents";
38      }
39    ];
40
41    users.users.dante = {
42      description   = "Dante SOCKS proxy daemon user";
43      isSystemUser  = true;
44      group         = "dante";
45    };
46    users.groups.dante = {};
47
48    systemd.services.dante = {
49      description   = "Dante SOCKS v4 and v5 compatible proxy server";
50      after         = [ "network-online.target" ];
51      wantedBy      = [ "multi-user.target" ];
52
53      serviceConfig = {
54        Type        = "simple";
55        ExecStart   = "${pkgs.dante}/bin/sockd -f ${confFile}";
56        ExecReload  = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
57        # Can crash sometimes; see https://github.com/NixOS/nixpkgs/pull/39005#issuecomment-381828708
58        Restart     = "on-failure";
59      };
60    };
61  };
62}