nixos/modules/services/networking/tinyproxy.nix at 23.11-beta

pyrox.dev / nixpkgs
fork atom
lol
fork atom
nixpkgs / nixos / modules / services / networking / tinyproxy.nix
at 23.11-beta 103 lines 3.4 kB view raw
wrap content
Thomas nixos.tinyproxy: init 2y ago
1ed6468c
  1{ config, lib, pkgs, ... }:
  2
  3with lib;
  4
  5let
  6  cfg = config.services.tinyproxy;
  7  mkValueStringTinyproxy = with lib; v:
  8        if true  ==         v then "yes"
  9        else if false ==    v then "no"
 10        else generators.mkValueStringDefault {} v;
 11  mkKeyValueTinyproxy = {
 12    mkValueString ? mkValueStringDefault {}
 13  }: sep: k: v:
 14    if null     ==  v then ""
 15    else "${lib.strings.escape [sep] k}${sep}${mkValueString v}";
 16
 17  settingsFormat = (pkgs.formats.keyValue {
 18      mkKeyValue = mkKeyValueTinyproxy {
 19        mkValueString = mkValueStringTinyproxy;
 20      } " ";
 21      listsAsDuplicateKeys= true;
 22  });
 23  configFile = settingsFormat.generate "tinyproxy.conf" cfg.settings;
 24
 25in
 26{
 27
 28  options = {
 29    services.tinyproxy = {
 30      enable = mkEnableOption (lib.mdDoc "Tinyproxy daemon");
 31      package = mkPackageOptionMD pkgs "tinyproxy" {};
 32      settings = mkOption {
 33        description = lib.mdDoc "Configuration for [tinyproxy](https://tinyproxy.github.io/).";
 34        default = { };
 35        example = literalExpression ''{
 36          Port 8888;
 37          Listen 127.0.0.1;
 38          Timeout 600;
 39          Allow 127.0.0.1;
 40          Anonymous = ['"Host"' '"Authorization"'];
 41          ReversePath = '"/example/" "http://www.example.com/"';
 42        }'';
 43        type = types.submodule ({name, ...}: {
 44          freeformType = settingsFormat.type;
 45          options = {
 46            Listen = mkOption {
 47              type = types.str;
 48              default = "127.0.0.1";
 49              description = lib.mdDoc ''
 50              Specify which address to listen to.
 51              '';
 52            };
 53            Port = mkOption {
 54              type = types.int;
 55              default = 8888;
 56              description = lib.mdDoc ''
 57              Specify which port to listen to.
 58              '';
 59            };
 60            Anonymous = mkOption {
 61              type = types.listOf types.str;
 62              default = [];
 63              description = lib.mdDoc ''
 64              If an `Anonymous` keyword is present, then anonymous proxying is enabled. The headers listed with `Anonymous` are allowed through, while all others are denied. If no Anonymous keyword is present, then all headers are allowed through. You must include quotes around the headers.
 65              '';
 66            };
 67            Filter = mkOption {
 68              type = types.nullOr types.path;
 69              default = null;
 70              description = lib.mdDoc ''
 71              Tinyproxy supports filtering of web sites based on URLs or domains. This option specifies the location of the file containing the filter rules, one rule per line.
 72              '';
 73            };
 74          };
 75        });
 76      };
 77    };
 78  };
 79  config = mkIf cfg.enable {
 80    systemd.services.tinyproxy = {
 81      description = "TinyProxy daemon";
 82      after = [ "network.target" ];
 83      wantedBy = [ "multi-user.target" ];
 84      serviceConfig = {
 85        User = "tinyproxy";
 86        Group = "tinyproxy";
 87        Type = "simple";
 88        ExecStart = "${getExe pkgs.tinyproxy} -d -c ${configFile}";
 89        ExecReload = "${pkgs.coreutils}/bin/kill -SIGHUP $MAINPID";
 90        KillSignal = "SIGINT";
 91        TimeoutStopSec = "30s";
 92        Restart = "on-failure";
 93      };
 94    };
 95
 96    users.users.tinyproxy = {
 97        group = "tinyproxy";
 98        isSystemUser = true;
 99    };
100    users.groups.tinyproxy = {};
101  };
102  meta.maintainers = with maintainers; [ tcheronneau ];
103}