tjh.dev / nixpkgs
nixpkgs mirror (for testing) github.com/NixOS/nixpkgs
nix
fork atom
nixpkgs / nixos / modules / services / networking / tinyproxy.nix
at master 120 lines 3.7 kB view raw
1{ 2 config, 3 lib, 4 pkgs, 5 ... 6}: 7 8let 9 cfg = config.services.tinyproxy; 10 mkValueStringTinyproxy = 11 v: 12 if true == v then 13 "yes" 14 else if false == v then 15 "no" 16 else if lib.types.path.check v then 17 ''"${v}"'' 18 else 19 lib.generators.mkValueStringDefault { } v; 20 mkKeyValueTinyproxy = 21 { 22 mkValueString ? lib.mkValueStringDefault { }, 23 }: 24 sep: k: v: 25 if null == v then "" else "${lib.strings.escape [ sep ] k}${sep}${mkValueString v}"; 26 27 settingsFormat = ( 28 pkgs.formats.keyValue { 29 mkKeyValue = mkKeyValueTinyproxy { 30 mkValueString = mkValueStringTinyproxy; 31 } " "; 32 listsAsDuplicateKeys = true; 33 } 34 ); 35 configFile = settingsFormat.generate "tinyproxy.conf" cfg.settings; 36 37in 38{ 39 40 options = { 41 services.tinyproxy = { 42 enable = lib.mkEnableOption "Tinyproxy daemon"; 43 package = lib.mkPackageOption pkgs "tinyproxy" { }; 44 settings = lib.mkOption { 45 description = "Configuration for [tinyproxy](https://tinyproxy.github.io/)."; 46 default = { }; 47 example = lib.literalExpression '' 48 { 49 Port 8888; 50 Listen 127.0.0.1; 51 Timeout 600; 52 Allow 127.0.0.1; 53 Anonymous = ['"Host"' '"Authorization"']; 54 ReversePath = '"/example/" "http://www.example.com/"'; 55 } 56 ''; 57 type = lib.types.submodule ( 58 { name, ... }: 59 { 60 freeformType = settingsFormat.type; 61 options = { 62 Listen = lib.mkOption { 63 type = lib.types.nullOr lib.types.str; 64 default = "127.0.0.1"; 65 description = '' 66 Specify which address to listen to. 67 ''; 68 }; 69 Port = lib.mkOption { 70 type = lib.types.port; 71 default = 8888; 72 description = '' 73 Specify which port to listen to. 74 ''; 75 }; 76 Anonymous = lib.mkOption { 77 type = lib.types.listOf lib.types.str; 78 default = [ ]; 79 description = '' 80 If an `Anonymous` keyword is present, then anonymous proxying is enabled. The headers listed with `Anonymous` are allowed through, while all others are denied. If no Anonymous keyword is present, then all headers are allowed through. You must include quotes around the headers. 81 ''; 82 }; 83 Filter = lib.mkOption { 84 type = lib.types.nullOr lib.types.path; 85 default = null; 86 description = '' 87 Tinyproxy supports filtering of web sites based on URLs or domains. This option specifies the location of the file containing the filter rules, one rule per line. 88 ''; 89 }; 90 }; 91 } 92 ); 93 }; 94 }; 95 }; 96 config = lib.mkIf cfg.enable { 97 systemd.services.tinyproxy = { 98 description = "TinyProxy daemon"; 99 after = [ "network.target" ]; 100 wantedBy = [ "multi-user.target" ]; 101 serviceConfig = { 102 User = "tinyproxy"; 103 Group = "tinyproxy"; 104 Type = "simple"; 105 ExecStart = "${lib.getExe cfg.package} -d -c ${configFile}"; 106 ExecReload = "${pkgs.coreutils}/bin/kill -SIGHUP $MAINPID"; 107 KillSignal = "SIGINT"; 108 TimeoutStopSec = "30s"; 109 Restart = "on-failure"; 110 }; 111 }; 112 113 users.users.tinyproxy = { 114 group = "tinyproxy"; 115 isSystemUser = true; 116 }; 117 users.groups.tinyproxy = { }; 118 }; 119 meta.maintainers = with lib.maintainers; [ tcheronneau ]; 120}