cntlm service: cleanup non working config options (#26578)

lol

- extraConfig was not working
- add possibility to add cntlm.conf in verbatime form
- create cntlm user as system user
- add no proxy option

authored by

Pascal Bach and committed by

Joachim Schiele 8 years ago c9802321 5172e1af

+83 -71

1 changed file

expand all

unified split

nixos

modules

services

networking

cntlm.nix

+83 -71

nixos/modules/services/networking/cntlm.nix

··· 5 5 let 6 6 7 7 cfg = config.services.cntlm; 8 - uid = config.ids.uids.cntlm; 8 + 9 + configFile = if cfg.configText != "" then 10 + pkgs.writeText "cntlm.conf" '' 11 + ${cfg.configText} 12 + '' 13 + else 14 + pkgs.writeText "lighttpd.conf" '' 15 + # Cntlm Authentication Proxy Configuration 16 + Username ${cfg.username} 17 + Domain ${cfg.domain} 18 + Password ${cfg.password} 19 + ${optionalString (cfg.netbios_hostname != "") "Workstation ${cfg.netbios_hostname}"} 20 + ${concatMapStrings (entry: "Proxy ${entry}\n") cfg.proxy} 21 + ${optionalString (cfg.noproxy != []) "NoProxy ${concatStringsSep ", " cfg.noproxy}"} 22 + 23 + ${concatMapStrings (port: '' 24 + Listen ${toString port} 25 + '') cfg.port} 26 + 27 + ${cfg.extraConfig} 28 + ''; 9 29 10 30 in 11 31 12 32 { 13 33 14 - options = { 34 + options.services.cntlm = { 15 35 16 - services.cntlm = { 36 + enable = mkOption { 37 + default = false; 38 + description = '' 39 + Whether to enable the cntlm, which start a local proxy. 40 + ''; 41 + }; 17 42 18 - enable = mkOption { 19 - default = false; 20 - description = '' 21 - Whether to enable the cntlm, which start a local proxy. 22 - ''; 23 - }; 43 + username = mkOption { 44 + description = '' 45 + Proxy account name, without the possibility to include domain name ('at' sign is interpreted literally). 46 + ''; 47 + }; 24 48 25 - username = mkOption { 26 - description = '' 27 - Proxy account name, without the possibility to include domain name ('at' sign is interpreted literally). 28 - ''; 29 - }; 49 + domain = mkOption { 50 + description = ''Proxy account domain/workgroup name.''; 51 + }; 30 52 31 - domain = mkOption { 32 - description = ''Proxy account domain/workgroup name.''; 33 - }; 53 + password = mkOption { 54 + default = "/etc/cntlm.password"; 55 + type = types.str; 56 + description = ''Proxy account password. Note: use chmod 0600 on /etc/cntlm.password for security.''; 57 + }; 34 58 35 - password = mkOption { 36 - default = "/etc/cntlm.password"; 37 - type = types.str; 38 - description = ''Proxy account password. Note: use chmod 0600 on /etc/cntlm.password for security.''; 39 - }; 59 + netbios_hostname = mkOption { 60 + type = types.str; 61 + default = ""; 62 + description = '' 63 + The hostname of your machine. 64 + ''; 65 + }; 40 66 41 - netbios_hostname = mkOption { 42 - type = types.str; 43 - description = '' 44 - The hostname of your machine. 45 - ''; 46 - }; 67 + proxy = mkOption { 68 + description = '' 69 + A list of NTLM/NTLMv2 authenticating HTTP proxies. 47 70 48 - proxy = mkOption { 49 - description = '' 50 - A list of NTLM/NTLMv2 authenticating HTTP proxies. 71 + Parent proxy, which requires authentication. The same as proxy on the command-line, can be used more than once to specify unlimited 72 + number of proxies. Should one proxy fail, cntlm automatically moves on to the next one. The connect request fails only if the whole 73 + list of proxies is scanned and (for each request) and found to be invalid. Command-line takes precedence over the configuration file. 74 + ''; 75 + example = [ "proxy.example.com:81" ]; 76 + }; 51 77 52 - Parent proxy, which requires authentication. The same as proxy on the command-line, can be used more than once to specify unlimited 53 - number of proxies. Should one proxy fail, cntlm automatically moves on to the next one. The connect request fails only if the whole 54 - list of proxies is scanned and (for each request) and found to be invalid. Command-line takes precedence over the configuration file. 55 - ''; 56 - }; 78 + noproxy = mkOption { 79 + description = '' 80 + A list of domains where the proxy is skipped. 81 + ''; 82 + default = []; 83 + example = [ "*.example.com" "example.com" ]; 84 + }; 57 85 58 - port = mkOption { 59 - default = [3128]; 60 - description = "Specifies on which ports the cntlm daemon listens."; 61 - }; 86 + port = mkOption { 87 + default = [3128]; 88 + description = "Specifies on which ports the cntlm daemon listens."; 89 + }; 62 90 63 - extraConfig = mkOption { 64 - type = types.lines; 65 - default = ""; 66 - description = "Verbatim contents of <filename>cntlm.conf</filename>."; 67 - }; 91 + extraConfig = mkOption { 92 + type = types.lines; 93 + default = ""; 94 + description = "Additional config appended to the end of the generated <filename>cntlm.conf</filename>."; 95 + }; 68 96 97 + configText = mkOption { 98 + type = types.lines; 99 + default = ""; 100 + description = "Verbatim contents of <filename>cntlm.conf</filename>."; 69 101 }; 70 102 71 103 }; 72 104 73 - 74 105 ###### implementation 75 106 76 - config = mkIf config.services.cntlm.enable { 107 + config = mkIf cfg.enable { 77 108 systemd.services.cntlm = { 78 109 description = "CNTLM is an NTLM / NTLM Session Response / NTLMv2 authenticating HTTP proxy"; 79 110 after = [ "network.target" ]; 80 111 wantedBy = [ "multi-user.target" ]; 81 112 serviceConfig = { 82 - Type = "forking"; 83 113 User = "cntlm"; 84 114 ExecStart = '' 85 - ${pkgs.cntlm}/bin/cntlm -U cntlm \ 86 - -c ${pkgs.writeText "cntlm_config" cfg.extraConfig} 115 + ${pkgs.cntlm}/bin/cntlm -U cntlm -c ${configFile} -v -f 87 116 ''; 88 - }; 117 + }; 89 118 }; 90 - 91 - services.cntlm.netbios_hostname = mkDefault config.networking.hostName; 92 - 93 - users.extraUsers.cntlm = { 119 + 120 + users.extraUsers.cntlm = { 94 121 name = "cntlm"; 95 122 description = "cntlm system-wide daemon"; 96 - home = "/var/empty"; 123 + isSystemUser = true; 97 124 }; 98 - 99 - services.cntlm.extraConfig = 100 - '' 101 - # Cntlm Authentication Proxy Configuration 102 - Username ${cfg.username} 103 - Domain ${cfg.domain} 104 - Password ${cfg.password} 105 - Workstation ${cfg.netbios_hostname} 106 - ${concatMapStrings (entry: "Proxy ${entry}\n") cfg.proxy} 107 - 108 - ${concatMapStrings (port: '' 109 - Listen ${toString port} 110 - '') cfg.port} 111 - ''; 112 125 }; 113 - 114 126 }