nixos/modules/services/networking/tinyproxy.nix at 24.11-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / modules / services / networking / tinyproxy.nix
at 24.11-pre 3.4 kB view raw
  1{ config, lib, pkgs, ... }:
  2
  3with lib;
  4
  5let
  6  cfg = config.services.tinyproxy;
  7  mkValueStringTinyproxy = with lib; v:
  8        if true  ==         v then "yes"
  9        else if false ==    v then "no"
 10        else if types.path.check v then ''"${v}"''
 11        else generators.mkValueStringDefault {} v;
 12  mkKeyValueTinyproxy = {
 13    mkValueString ? mkValueStringDefault {}
 14  }: sep: k: v:
 15    if null     ==  v then ""
 16    else "${lib.strings.escape [sep] k}${sep}${mkValueString v}";
 17
 18  settingsFormat = (pkgs.formats.keyValue {
 19      mkKeyValue = mkKeyValueTinyproxy {
 20        mkValueString = mkValueStringTinyproxy;
 21      } " ";
 22      listsAsDuplicateKeys= true;
 23  });
 24  configFile = settingsFormat.generate "tinyproxy.conf" cfg.settings;
 25
 26in
 27{
 28
 29  options = {
 30    services.tinyproxy = {
 31      enable = mkEnableOption "Tinyproxy daemon";
 32      package = mkPackageOption pkgs "tinyproxy" {};
 33      settings = mkOption {
 34        description = "Configuration for [tinyproxy](https://tinyproxy.github.io/).";
 35        default = { };
 36        example = literalExpression ''{
 37          Port 8888;
 38          Listen 127.0.0.1;
 39          Timeout 600;
 40          Allow 127.0.0.1;
 41          Anonymous = ['"Host"' '"Authorization"'];
 42          ReversePath = '"/example/" "http://www.example.com/"';
 43        }'';
 44        type = types.submodule ({name, ...}: {
 45          freeformType = settingsFormat.type;
 46          options = {
 47            Listen = mkOption {
 48              type = types.str;
 49              default = "127.0.0.1";
 50              description = ''
 51              Specify which address to listen to.
 52              '';
 53            };
 54            Port = mkOption {
 55              type = types.int;
 56              default = 8888;
 57              description = ''
 58              Specify which port to listen to.
 59              '';
 60            };
 61            Anonymous = mkOption {
 62              type = types.listOf types.str;
 63              default = [];
 64              description = ''
 65              If an `Anonymous` keyword is present, then anonymous proxying is enabled. The headers listed with `Anonymous` are allowed through, while all others are denied. If no Anonymous keyword is present, then all headers are allowed through. You must include quotes around the headers.
 66              '';
 67            };
 68            Filter = mkOption {
 69              type = types.nullOr types.path;
 70              default = null;
 71              description = ''
 72              Tinyproxy supports filtering of web sites based on URLs or domains. This option specifies the location of the file containing the filter rules, one rule per line.
 73              '';
 74            };
 75          };
 76        });
 77      };
 78    };
 79  };
 80  config = mkIf cfg.enable {
 81    systemd.services.tinyproxy = {
 82      description = "TinyProxy daemon";
 83      after = [ "network.target" ];
 84      wantedBy = [ "multi-user.target" ];
 85      serviceConfig = {
 86        User = "tinyproxy";
 87        Group = "tinyproxy";
 88        Type = "simple";
 89        ExecStart = "${getExe cfg.package} -d -c ${configFile}";
 90        ExecReload = "${pkgs.coreutils}/bin/kill -SIGHUP $MAINPID";
 91        KillSignal = "SIGINT";
 92        TimeoutStopSec = "30s";
 93        Restart = "on-failure";
 94      };
 95    };
 96
 97    users.users.tinyproxy = {
 98        group = "tinyproxy";
 99        isSystemUser = true;
100    };
101    users.groups.tinyproxy = {};
102  };
103  meta.maintainers = with maintainers; [ tcheronneau ];
104}