pyrox.dev
1{ config, pkgs, lib, ... }:
2
3with lib;
4
5let
6
7 cfg = config.services.sniproxy;
8
9 configFile = pkgs.writeText "sniproxy.conf" ''
10 user ${cfg.user}
11 pidfile /run/sniproxy.pid
12 ${cfg.config}
13 '';
14
15in
16{
17 imports = [ (mkRemovedOptionModule [ "services" "sniproxy" "logDir" ] "Now done by LogsDirectory=. Set to a custom path if you log to a different folder in your config.") ];
18
19 options = {
20 services.sniproxy = {
21 enable = mkEnableOption (lib.mdDoc "sniproxy server");
22
23 user = mkOption {
24 type = types.str;
25 default = "sniproxy";
26 description = lib.mdDoc "User account under which sniproxy runs.";
27 };
28
29 group = mkOption {
30 type = types.str;
31 default = "sniproxy";
32 description = lib.mdDoc "Group under which sniproxy runs.";
33 };
34
35 config = mkOption {
36 type = types.lines;
37 default = "";
38 description = lib.mdDoc "sniproxy.conf configuration excluding the daemon username and pid file.";
39 example = ''
40 error_log {
41 filename /var/log/sniproxy/error.log
42 }
43 access_log {
44 filename /var/log/sniproxy/access.log
45 }
46 listen 443 {
47 proto tls
48 }
49 table {
50 example.com 192.0.2.10
51 example.net 192.0.2.20
52 }
53 '';
54 };
55 };
56
57 };
58
59 config = mkIf cfg.enable {
60 systemd.services.sniproxy = {
61 description = "sniproxy server";
62 after = [ "network.target" ];
63 wantedBy = [ "multi-user.target" ];
64
65 serviceConfig = {
66 Type = "forking";
67 ExecStart = "${pkgs.sniproxy}/bin/sniproxy -c ${configFile}";
68 LogsDirectory = "sniproxy";
69 LogsDirectoryMode = "0640";
70 Restart = "always";
71 };
72 };
73
74 users.users = mkIf (cfg.user == "sniproxy") {
75 sniproxy = {
76 group = cfg.group;
77 uid = config.ids.uids.sniproxy;
78 };
79 };
80
81 users.groups = mkIf (cfg.group == "sniproxy") {
82 sniproxy = {
83 gid = config.ids.gids.sniproxy;
84 };
85 };
86
87 };
88}