add NixOS instructions

This commit is contained in:
Michele Guerini Rocco 2019-06-19 19:28:12 +02:00
parent 1c2e3d2d55
commit 05a6db87dd
Signed by: rnhmjoj
GPG Key ID: 91BE884FBA4B591A

View File

@ -24,6 +24,47 @@
* Tagged for forwarding * Tagged for forwarding
## Setup in NixOS
1. Import to the file ./service.nix in your configuration by adding:
```nix
imports = [
(fetchGit https://maxwell.ydns.eu/git/rnhmjoj/privoxy-tls + "/service.nix")
];
```
or, better, copy it locally.
2. Create a CA. For example with GnuTLS:
```
certtool --generate-privkey --outfile ca.key
certtool --generate-self-signed --load-privkey ca.key --outfile ca.crt
```
or use the tool ./cert.py provided
```
python cert.py -f output
```
In latter the "output" file will contain both private key and certificate;
split the file and store the separately.
3. Configure the proxy with the option set `services.privoxy.tls-wrapper`, for example
```nix
services.privoxy.tls-wrapper = {
enable = true;
caCert = /path/to/ca.crt; # these won't be included in the store
caKey = /path/to/ca.key;
noVerify = [ "self-signed.example" ];
passthru = [ "localhost" "*.local" ];
};
};
```
More options are available and documented in ./service.nix
### Notes
- The CA will be automatically installed in the system trust store but
applications may use their own store and won't trust it.
You will need to add the CA manually in that case.
## License ## License