nixos/modules/services/networking/dante.nix at 25.11-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / modules / services / networking / dante.nix
at 25.11-pre 1.6 kB view raw
 1{
 2  config,
 3  lib,
 4  pkgs,
 5  ...
 6}:
 7let
 8  cfg = config.services.dante;
 9  confFile = pkgs.writeText "dante-sockd.conf" ''
10    user.privileged: root
11    user.unprivileged: dante
12    logoutput: syslog
13
14    ${cfg.config}
15  '';
16in
17
18{
19  meta = {
20    maintainers = with lib.maintainers; [ arobyn ];
21  };
22
23  options = {
24    services.dante = {
25      enable = lib.mkEnableOption "Dante SOCKS proxy";
26
27      config = lib.mkOption {
28        type = lib.types.lines;
29        description = ''
30          Contents of Dante's configuration file.
31          NOTE: user.privileged, user.unprivileged and logoutput are set by the service.
32        '';
33      };
34    };
35  };
36
37  config = lib.mkIf cfg.enable {
38    assertions = [
39      {
40        assertion = cfg.config != "";
41        message = "please provide Dante configuration file contents";
42      }
43    ];
44
45    users.users.dante = {
46      description = "Dante SOCKS proxy daemon user";
47      isSystemUser = true;
48      group = "dante";
49    };
50    users.groups.dante = { };
51
52    systemd.services.dante = {
53      description = "Dante SOCKS v4 and v5 compatible proxy server";
54      wants = [ "network-online.target" ];
55      after = [ "network-online.target" ];
56      wantedBy = [ "multi-user.target" ];
57
58      serviceConfig = {
59        Type = "simple";
60        ExecStart = "${pkgs.dante}/bin/sockd -f ${confFile}";
61        ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
62        # Can crash sometimes; see https://github.com/NixOS/nixpkgs/pull/39005#issuecomment-381828708
63        Restart = "on-failure";
64      };
65    };
66  };
67}