pyrox.dev
1{
2 config,
3 pkgs,
4 lib,
5 ...
6}:
7
8with lib;
9
10let
11
12 cfg = config.services.sniproxy;
13
14 configFile = pkgs.writeText "sniproxy.conf" ''
15 user ${cfg.user}
16 pidfile /run/sniproxy.pid
17 ${cfg.config}
18 '';
19
20in
21{
22 imports = [
23 (mkRemovedOptionModule [ "services" "sniproxy" "logDir" ]
24 "Now done by LogsDirectory=. Set to a custom path if you log to a different folder in your config."
25 )
26 ];
27
28 options = {
29 services.sniproxy = {
30 enable = mkEnableOption "sniproxy server";
31
32 user = mkOption {
33 type = types.str;
34 default = "sniproxy";
35 description = "User account under which sniproxy runs.";
36 };
37
38 group = mkOption {
39 type = types.str;
40 default = "sniproxy";
41 description = "Group under which sniproxy runs.";
42 };
43
44 config = mkOption {
45 type = types.lines;
46 default = "";
47 description = "sniproxy.conf configuration excluding the daemon username and pid file.";
48 example = ''
49 error_log {
50 filename /var/log/sniproxy/error.log
51 }
52 access_log {
53 filename /var/log/sniproxy/access.log
54 }
55 listen 443 {
56 proto tls
57 }
58 table {
59 example.com 192.0.2.10
60 example.net 192.0.2.20
61 }
62 '';
63 };
64 };
65
66 };
67
68 config = mkIf cfg.enable {
69 systemd.services.sniproxy = {
70 description = "sniproxy server";
71 after = [ "network.target" ];
72 wantedBy = [ "multi-user.target" ];
73
74 serviceConfig = {
75 Type = "forking";
76 ExecStart = "${pkgs.sniproxy}/bin/sniproxy -c ${configFile}";
77 LogsDirectory = "sniproxy";
78 LogsDirectoryMode = "0640";
79 Restart = "always";
80 };
81 };
82
83 users.users = mkIf (cfg.user == "sniproxy") {
84 sniproxy = {
85 group = cfg.group;
86 uid = config.ids.uids.sniproxy;
87 };
88 };
89
90 users.groups = mkIf (cfg.group == "sniproxy") {
91 sniproxy = {
92 gid = config.ids.gids.sniproxy;
93 };
94 };
95
96 };
97}