···
cfg = config.services.cntlm;
8
-
uid = config.ids.uids.cntlm;
9
+
configFile = if cfg.configText != "" then
10
+
pkgs.writeText "cntlm.conf" ''
14
+
pkgs.writeText "lighttpd.conf" ''
15
+
# Cntlm Authentication Proxy Configuration
16
+
Username ${cfg.username}
17
+
Domain ${cfg.domain}
18
+
Password ${cfg.password}
19
+
${optionalString (cfg.netbios_hostname != "") "Workstation ${cfg.netbios_hostname}"}
20
+
${concatMapStrings (entry: "Proxy ${entry}\n") cfg.proxy}
21
+
${optionalString (cfg.noproxy != []) "NoProxy ${concatStringsSep ", " cfg.noproxy}"}
23
+
${concatMapStrings (port: ''
24
+
Listen ${toString port}
34
+
options.services.cntlm = {
39
+
Whether to enable the cntlm, which start a local proxy.
21
-
Whether to enable the cntlm, which start a local proxy.
43
+
username = mkOption {
45
+
Proxy account name, without the possibility to include domain name ('at' sign is interpreted literally).
25
-
username = mkOption {
27
-
Proxy account name, without the possibility to include domain name ('at' sign is interpreted literally).
50
+
description = ''Proxy account domain/workgroup name.'';
32
-
description = ''Proxy account domain/workgroup name.'';
53
+
password = mkOption {
54
+
default = "/etc/cntlm.password";
56
+
description = ''Proxy account password. Note: use chmod 0600 on /etc/cntlm.password for security.'';
35
-
password = mkOption {
36
-
default = "/etc/cntlm.password";
38
-
description = ''Proxy account password. Note: use chmod 0600 on /etc/cntlm.password for security.'';
59
+
netbios_hostname = mkOption {
63
+
The hostname of your machine.
41
-
netbios_hostname = mkOption {
44
-
The hostname of your machine.
69
+
A list of NTLM/NTLMv2 authenticating HTTP proxies.
50
-
A list of NTLM/NTLMv2 authenticating HTTP proxies.
71
+
Parent proxy, which requires authentication. The same as proxy on the command-line, can be used more than once to specify unlimited
72
+
number of proxies. Should one proxy fail, cntlm automatically moves on to the next one. The connect request fails only if the whole
73
+
list of proxies is scanned and (for each request) and found to be invalid. Command-line takes precedence over the configuration file.
75
+
example = [ "proxy.example.com:81" ];
52
-
Parent proxy, which requires authentication. The same as proxy on the command-line, can be used more than once to specify unlimited
53
-
number of proxies. Should one proxy fail, cntlm automatically moves on to the next one. The connect request fails only if the whole
54
-
list of proxies is scanned and (for each request) and found to be invalid. Command-line takes precedence over the configuration file.
78
+
noproxy = mkOption {
80
+
A list of domains where the proxy is skipped.
83
+
example = [ "*.example.com" "example.com" ];
60
-
description = "Specifies on which ports the cntlm daemon listens.";
88
+
description = "Specifies on which ports the cntlm daemon listens.";
63
-
extraConfig = mkOption {
66
-
description = "Verbatim contents of <filename>cntlm.conf</filename>.";
91
+
extraConfig = mkOption {
94
+
description = "Additional config appended to the end of the generated <filename>cntlm.conf</filename>.";
97
+
configText = mkOption {
100
+
description = "Verbatim contents of <filename>cntlm.conf</filename>.";
76
-
config = mkIf config.services.cntlm.enable {
107
+
config = mkIf cfg.enable {
systemd.services.cntlm = {
description = "CNTLM is an NTLM / NTLM Session Response / NTLMv2 authenticating HTTP proxy";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
85
-
${pkgs.cntlm}/bin/cntlm -U cntlm \
86
-
-c ${pkgs.writeText "cntlm_config" cfg.extraConfig}
115
+
${pkgs.cntlm}/bin/cntlm -U cntlm -c ${configFile} -v -f
91
-
services.cntlm.netbios_hostname = mkDefault config.networking.hostName;
93
-
users.extraUsers.cntlm = {
120
+
users.extraUsers.cntlm = {
description = "cntlm system-wide daemon";
96
-
home = "/var/empty";
123
+
isSystemUser = true;
99
-
services.cntlm.extraConfig =
101
-
# Cntlm Authentication Proxy Configuration
102
-
Username ${cfg.username}
103
-
Domain ${cfg.domain}
104
-
Password ${cfg.password}
105
-
Workstation ${cfg.netbios_hostname}
106
-
${concatMapStrings (entry: "Proxy ${entry}\n") cfg.proxy}
108
-
${concatMapStrings (port: ''
109
-
Listen ${toString port}
pyrox.dev