extraConfig -> settings
This commit is contained in:
parent
c61ebf63a1
commit
07a2e7392d
74
service.nix
74
service.nix
@ -20,23 +20,37 @@ let
|
||||
'';
|
||||
|
||||
dataDir = "/var/lib/privoxy";
|
||||
configFile = pkgs.writeText "config.ini" ''
|
||||
[General]
|
||||
ProxAddr = http://${cfgPrivoxy.listenAddress}
|
||||
FrontPort = ${toString cfg.frontPort}
|
||||
RearPort = ${toString cfg.rearPort}
|
||||
CACert = ${dataDir}/ca.crt
|
||||
Certdir = /tmp
|
||||
LogLevel = ${cfg.logLevel}
|
||||
|
||||
[TLS NoVerify]
|
||||
${concatStringsSep "\n" cfg.noVerify}
|
||||
# make attributes only a default
|
||||
mkDefaultAttrs = mapAttrs (n: v: mkDefault v);
|
||||
|
||||
[TLS Passthru]
|
||||
${concatStringsSep "\n" cfg.passthru}
|
||||
|
||||
${cfg.extraConfig}
|
||||
# INI format with sections that may also contains a list
|
||||
toSpecialINI = with lib; {
|
||||
mkSectionName ? (name: escape [ "[" "]" ] name),
|
||||
mkKeyValue ? generators.mkKeyValueDefault {} "="
|
||||
}: attrsOfAttrs:
|
||||
let
|
||||
# map function to string for each key val
|
||||
mapAttrsToStringsSep = sep: mapFn: attrs:
|
||||
concatStringsSep sep (mapAttrsToList mapFn attrs);
|
||||
stripPriority = val:
|
||||
if val ? priority then val.content else val;
|
||||
mkSectionVal = val:
|
||||
if isList val
|
||||
then concatMapStringsSep "\n" toString val
|
||||
else generators.toKeyValue
|
||||
{ inherit mkKeyValue; } val;
|
||||
# handle both list and attributes
|
||||
mkSection = sectName: sectValues: ''
|
||||
[${mkSectionName sectName}]
|
||||
${mkSectionVal (stripPriority sectValues)}
|
||||
'';
|
||||
in
|
||||
# map input to ini sections
|
||||
mapAttrsToStringsSep "\n" mkSection attrsOfAttrs;
|
||||
|
||||
configFile = pkgs.writeText "config.ini"
|
||||
(toSpecialINI {} cfg.settings);
|
||||
|
||||
python = pkgs.python3.withPackages (p: [ p.urllib3 ]);
|
||||
|
||||
@ -118,15 +132,19 @@ in
|
||||
example = "The level of logging of privoxy-tls";
|
||||
};
|
||||
|
||||
extraConfig = mkOption {
|
||||
type = types.lines;
|
||||
default = "";
|
||||
example = ''
|
||||
[Bypass URL]
|
||||
example.com
|
||||
settings = mkOption {
|
||||
type = types.attrs;
|
||||
default = { };
|
||||
example = literalExample ''
|
||||
{
|
||||
bypassURL = [ "example.com" ];
|
||||
}
|
||||
'';
|
||||
description = ''
|
||||
Additional options that will be appended to the configuration file.
|
||||
Privoxy-TLS settings. Use this option to configure not exposed in
|
||||
a NixOS option or to bypass one. See the documentation at
|
||||
<link xlink:href="https://maxwell.ydns.eu/git/rnhmjoj/privoxy-tls"/>
|
||||
for the available options.
|
||||
'';
|
||||
};
|
||||
};
|
||||
@ -150,6 +168,20 @@ in
|
||||
home = dataDir;
|
||||
};
|
||||
|
||||
# default configuration
|
||||
services.privoxy.tls-wrapper.settings = mkDefaultAttrs {
|
||||
general = {
|
||||
proxAddr = "http://${cfgPrivoxy.listenAddress}";
|
||||
frontPort = cfg.frontPort;
|
||||
rearPort = cfg.rearPort;
|
||||
caCert = "${dataDir}/ca.crt";
|
||||
certdir = "/tmp";
|
||||
logLevel = cfg.logLevel;
|
||||
};
|
||||
noVerify = cfg.noVerify;
|
||||
passthru = cfg.passthru;
|
||||
};
|
||||
|
||||
systemd.services.privoxy-tls = {
|
||||
description = "Privoxy TLS proxy wrapper.";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
|
Loading…
Reference in New Issue
Block a user