6a75955c21
This never configured where SNI should log to, as it's up to the user to provide the full sniproxy config (which can be configured to log to a file). This option only produced a ExecStartPre script that created the folder. Let's use LogsDirectory to create it. In case users want to use another directory for logs, they can override LogsDirectory or set their own ExecStartPre script.
88 lines
2 KiB
Nix
88 lines
2 KiB
Nix
{ config, pkgs, lib, ... }:
|
|
|
|
with lib;
|
|
|
|
let
|
|
|
|
cfg = config.services.sniproxy;
|
|
|
|
configFile = pkgs.writeText "sniproxy.conf" ''
|
|
user ${cfg.user}
|
|
pidfile /run/sniproxy.pid
|
|
${cfg.config}
|
|
'';
|
|
|
|
in
|
|
{
|
|
imports = [ (mkRemovedOptionModule [ "services" "sniproxy" "logDir" ] "Now done by LogsDirectory=. Set to a custom path if you log to a different folder in your config.") ];
|
|
|
|
options = {
|
|
services.sniproxy = {
|
|
enable = mkEnableOption "sniproxy server";
|
|
|
|
user = mkOption {
|
|
type = types.str;
|
|
default = "sniproxy";
|
|
description = "User account under which sniproxy runs.";
|
|
};
|
|
|
|
group = mkOption {
|
|
type = types.str;
|
|
default = "sniproxy";
|
|
description = "Group under which sniproxy runs.";
|
|
};
|
|
|
|
config = mkOption {
|
|
type = types.lines;
|
|
default = "";
|
|
description = "sniproxy.conf configuration excluding the daemon username and pid file.";
|
|
example = ''
|
|
error_log {
|
|
filename /var/log/sniproxy/error.log
|
|
}
|
|
access_log {
|
|
filename /var/log/sniproxy/access.log
|
|
}
|
|
listen 443 {
|
|
proto tls
|
|
}
|
|
table {
|
|
example.com 192.0.2.10
|
|
example.net 192.0.2.20
|
|
}
|
|
'';
|
|
};
|
|
};
|
|
|
|
};
|
|
|
|
config = mkIf cfg.enable {
|
|
systemd.services.sniproxy = {
|
|
description = "sniproxy server";
|
|
after = [ "network.target" ];
|
|
wantedBy = [ "multi-user.target" ];
|
|
|
|
serviceConfig = {
|
|
Type = "forking";
|
|
ExecStart = "${pkgs.sniproxy}/bin/sniproxy -c ${configFile}";
|
|
LogsDirectory = "sniproxy";
|
|
LogsDirectoryMode = "0640";
|
|
Restart = "always";
|
|
};
|
|
};
|
|
|
|
users.users = mkIf (cfg.user == "sniproxy") {
|
|
sniproxy = {
|
|
group = cfg.group;
|
|
uid = config.ids.uids.sniproxy;
|
|
};
|
|
};
|
|
|
|
users.groups = mkIf (cfg.group == "sniproxy") {
|
|
sniproxy = {
|
|
gid = config.ids.gids.sniproxy;
|
|
};
|
|
};
|
|
|
|
};
|
|
}
|