pyrox.dev / nixpkgs
lol
fork atom

Merge pull request #6170 from k0ral/sslh

New sslh module

lethalman 93ebaafa 7614b2f9

+113
unified split
+1
nixos/modules/module-list.nix
··· 288 288 ./services/networking/searx.nix 289 289 ./services/networking/seeks.nix 290 290 ./services/networking/spiped.nix 291 + ./services/networking/sslh.nix 291 292 ./services/networking/ssh/lshd.nix 292 293 ./services/networking/ssh/sshd.nix 293 294 ./services/networking/strongswan.nix
+83
nixos/modules/services/networking/sslh.nix
··· 1 + { config, lib, pkgs, ... }: 2 + 3 + with lib; 4 + 5 + let 6 + cfg = config.services.sslh; 7 + configFile = pkgs.writeText "sslh.conf" '' 8 + verbose: ${if cfg.verbose then "true" else "false"}; 9 + foreground: false; 10 + inetd: false; 11 + numeric: false; 12 + transparent: false; 13 + timeout: "${toString cfg.timeout}"; 14 + user: "nobody"; 15 + pidfile: "/run/sslh.pid"; 16 + 17 + listen: 18 + ( 19 + { host: "${cfg.host}"; port: "${toString cfg.port}"; } 20 + ); 21 + 22 + ${cfg.appendConfig} 23 + ''; 24 + defaultAppendConfig = '' 25 + protocols: 26 + ( 27 + { name: "ssh"; service: "ssh"; host: "localhost"; port: "22"; probe: "builtin"; }, 28 + { name: "openvpn"; host: "localhost"; port: "1194"; probe: "builtin"; }, 29 + { name: "xmpp"; host: "localhost"; port: "5222"; probe: "builtin"; }, 30 + { name: "http"; host: "localhost"; port: "80"; probe: "builtin"; }, 31 + { name: "ssl"; host: "localhost"; port: "443"; probe: "builtin"; }, 32 + { name: "anyprot"; host: "localhost"; port: "443"; probe: "builtin"; } 33 + ); 34 + ''; 35 + in 36 + { 37 + options = { 38 + services.sslh = { 39 + enable = mkEnableOption "sslh"; 40 + 41 + verbose = mkOption { 42 + type = types.bool; 43 + default = false; 44 + description = "Verbose logs."; 45 + }; 46 + 47 + timeout = mkOption { 48 + type = types.int; 49 + default = 2; 50 + description = "Timeout in seconds."; 51 + }; 52 + 53 + host = mkOption { 54 + type = types.str; 55 + default = config.networking.hostName; 56 + description = "Listening hostname."; 57 + }; 58 + 59 + port = mkOption { 60 + type = types.int; 61 + default = 443; 62 + description = "Listening port."; 63 + }; 64 + 65 + appendConfig = mkOption { 66 + type = types.str; 67 + default = defaultAppendConfig; 68 + description = "Verbatim configuration file."; 69 + }; 70 + }; 71 + }; 72 + 73 + config = mkIf cfg.enable { 74 + systemd.services.sslh = { 75 + description = "Applicative Protocol Multiplexer (e.g. share SSH and HTTPS on the same port)"; 76 + after = [ "network.target" ]; 77 + wantedBy = [ "multi-user.target" ]; 78 + serviceConfig.ExecStart = "${pkgs.sslh}/bin/sslh -F ${configFile}"; 79 + serviceConfig.KillMode = "process"; 80 + serviceConfig.PIDFile = "/run/sslh.pid"; 81 + }; 82 + }; 83 + }
+27
pkgs/servers/sslh/default.nix
··· 1 + { stdenv, fetchurl, libcap, libconfig, perl }: 2 + 3 + stdenv.mkDerivation rec { 4 + name = "sslh-${version}"; 5 + version = "1.16"; 6 + 7 + src = fetchurl { 8 + url = "https://github.com/yrutschle/sslh/archive/v${version}.tar.gz"; 9 + sha256 = "0xwi2bflvq4phrqjic84xch20jkg3wdys219mw2cy23sjkzk63mb"; 10 + }; 11 + 12 + postPatch = "patchShebangs *.sh"; 13 + 14 + buildInputs = [ libcap libconfig perl ]; 15 + 16 + makeFlags = "USELIBCAP=1"; 17 + 18 + installFlags = "PREFIX=$(out)"; 19 + 20 + meta = with stdenv.lib; { 21 + description = "Applicative Protocol Multiplexer (e.g. share SSH and HTTPS on the same port)"; 22 + license = licenses.gpl2Plus; 23 + homepage = http://www.rutschle.net/tech/sslh.shtml; 24 + maintainers = [ maintainers.koral ]; 25 + platforms = platforms.all; 26 + }; 27 + }
+2
pkgs/top-level/all-packages.nix
··· 8231 8231 }); 8232 8232 squid = squids.squid31; # has ipv6 support 8233 8233 8234 + sslh = callPackage ../servers/sslh { }; 8235 + 8234 8236 thttpd = callPackage ../servers/http/thttpd { }; 8235 8237 8236 8238 storm = callPackage ../servers/computing/storm { };