diff options
author | koral <koral@mailoo.org> | 2015-02-05 00:36:27 +0100 |
---|---|---|
committer | koral <koral@mailoo.org> | 2015-02-05 13:30:39 +0100 |
commit | 1439e72147bf73adb862fd2d153602a5e52103d7 (patch) | |
tree | 81f8da6bd72c497bb98d29697583d67adfb39a07 /nixos/modules/services/networking/sslh.nix | |
parent | b9cc04329b19119ae0b2a410868d014f3f82cf10 (diff) |
New sslh module.
Diffstat (limited to 'nixos/modules/services/networking/sslh.nix')
-rw-r--r-- | nixos/modules/services/networking/sslh.nix | 83 |
1 files changed, 83 insertions, 0 deletions
diff --git a/nixos/modules/services/networking/sslh.nix b/nixos/modules/services/networking/sslh.nix new file mode 100644 index 0000000000000..2bfdfc89c880d --- /dev/null +++ b/nixos/modules/services/networking/sslh.nix @@ -0,0 +1,83 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + cfg = config.services.sslh; + configFile = pkgs.writeText "sslh.conf" '' + verbose: ${if cfg.verbose then "true" else "false"}; + foreground: false; + inetd: false; + numeric: false; + transparent: false; + timeout: "${toString cfg.timeout}"; + user: "nobody"; + pidfile: "/run/sslh.pid"; + + listen: + ( + { host: "${cfg.host}"; port: "${toString cfg.port}"; } + ); + + ${cfg.appendConfig} + ''; + defaultAppendConfig = '' + protocols: + ( + { name: "ssh"; service: "ssh"; host: "localhost"; port: "22"; probe: "builtin"; }, + { name: "openvpn"; host: "localhost"; port: "1194"; probe: "builtin"; }, + { name: "xmpp"; host: "localhost"; port: "5222"; probe: "builtin"; }, + { name: "http"; host: "localhost"; port: "80"; probe: "builtin"; }, + { name: "ssl"; host: "localhost"; port: "443"; probe: "builtin"; }, + { name: "anyprot"; host: "localhost"; port: "443"; probe: "builtin"; } + ); + ''; +in +{ + options = { + services.sslh = { + enable = mkEnableOption "sslh"; + + verbose = mkOption { + type = types.bool; + default = false; + description = "Verbose logs."; + }; + + timeout = mkOption { + type = types.int; + default = 2; + description = "Timeout in seconds."; + }; + + host = mkOption { + type = types.str; + default = config.networking.hostName; + description = "Listening hostname."; + }; + + port = mkOption { + type = types.int; + default = 443; + description = "Listening port."; + }; + + appendConfig = mkOption { + type = types.str; + default = defaultAppendConfig; + description = "Verbatim configuration file."; + }; + }; + }; + + config = mkIf cfg.enable { + systemd.services.sslh = { + description = "Applicative Protocol Multiplexer (e.g. share SSH and HTTPS on the same port)"; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + serviceConfig.ExecStart = "${pkgs.sslh}/bin/sslh -F ${configFile}"; + serviceConfig.KillMode = "process"; + serviceConfig.PIDFile = "/run/sslh.pid"; + }; + }; +} |