diff options
Diffstat (limited to 'nixos/modules/services/web-servers/shellinabox.nix')
-rw-r--r-- | nixos/modules/services/web-servers/shellinabox.nix | 122 |
1 files changed, 0 insertions, 122 deletions
diff --git a/nixos/modules/services/web-servers/shellinabox.nix b/nixos/modules/services/web-servers/shellinabox.nix deleted file mode 100644 index c7c51f873eba8..0000000000000 --- a/nixos/modules/services/web-servers/shellinabox.nix +++ /dev/null @@ -1,122 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; - -let - - cfg = config.services.shellinabox; - - # If a certificate file is specified, shellinaboxd requires - # a file descriptor to retrieve it - fd = "3"; - createFd = optionalString (cfg.certFile != null) "${fd}<${cfg.certFile}"; - - # Command line arguments for the shellinabox daemon - args = [ "--background" ] - ++ optional (! cfg.enableSSL) "--disable-ssl" - ++ optional (cfg.certFile != null) "--cert-fd=${fd}" - ++ optional (cfg.certDirectory != null) "--cert=${cfg.certDirectory}" - ++ cfg.extraOptions; - - # Command to start shellinaboxd - cmd = "${pkgs.shellinabox}/bin/shellinaboxd ${concatStringsSep " " args}"; - - # Command to start shellinaboxd if certFile is specified - wrappedCmd = "${pkgs.bash}/bin/bash -c 'exec ${createFd} && ${cmd}'"; - -in - -{ - - ###### interface - - options = { - services.shellinabox = { - enable = mkEnableOption "shellinabox daemon"; - - user = mkOption { - type = types.str; - default = "root"; - description = '' - User to run shellinaboxd as. If started as root, the server drops - privileges by changing to nobody, unless overridden by the - <literal>--user</literal> option. - ''; - }; - - enableSSL = mkOption { - type = types.bool; - default = false; - description = '' - Whether or not to enable SSL (https) support. - ''; - }; - - certDirectory = mkOption { - type = types.nullOr types.path; - default = null; - example = "/var/certs"; - description = '' - The daemon will look in this directory far any certificates. - If the browser negotiated a Server Name Identification the daemon - will look for a matching certificate-SERVERNAME.pem file. If no SNI - handshake takes place, it will fall back on using the certificate in the - certificate.pem file. - - If no suitable certificate is installed, shellinaboxd will attempt to - create a new self-signed certificate. This will only succeed if, after - dropping privileges, shellinaboxd has write permissions for this - directory. - ''; - }; - - certFile = mkOption { - type = types.nullOr types.path; - default = null; - example = "/var/certificate.pem"; - description = "Path to server SSL certificate."; - }; - - extraOptions = mkOption { - type = types.listOf types.str; - default = [ ]; - example = [ "--port=443" "--service /:LOGIN" ]; - description = '' - A list of strings to be appended to the command line arguments - for shellinaboxd. Please see the manual page - <link xlink:href="https://code.google.com/p/shellinabox/wiki/shellinaboxd_man"/> - for a full list of available arguments. - ''; - }; - - }; - }; - - ###### implementation - - config = mkIf cfg.enable { - - assertions = - [ { assertion = cfg.enableSSL == true - -> cfg.certDirectory != null || cfg.certFile != null; - message = "SSL is enabled for shellinabox, but no certDirectory or certFile has been specefied."; } - { assertion = ! (cfg.certDirectory != null && cfg.certFile != null); - message = "Cannot set both certDirectory and certFile for shellinabox."; } - ]; - - systemd.services.shellinaboxd = { - description = "Shellinabox Web Server Daemon"; - - wantedBy = [ "multi-user.target" ]; - requires = [ "sshd.service" ]; - after = [ "sshd.service" ]; - - serviceConfig = { - Type = "forking"; - User = "${cfg.user}"; - ExecStart = "${if cfg.certFile == null then "${cmd}" else "${wrappedCmd}"}"; - ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID"; - }; - }; - }; -} |