diff --git a/nixos/modules/misc/ids.nix b/nixos/modules/misc/ids.nix index 31de680514e..a71f5152bd1 100644 --- a/nixos/modules/misc/ids.nix +++ b/nixos/modules/misc/ids.nix @@ -136,6 +136,7 @@ nsd = 126; gitolite = 127; znc = 128; + polipo = 129; # When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399! @@ -246,6 +247,7 @@ nsd = 126; firebird = 127; znc = 128; + polipo = 129; # When adding a gid, make sure it doesn't match an existing uid. And don't use gids above 399! diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index a9039eea71d..a5a2d691d7a 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -215,6 +215,7 @@ ./services/networking/openfire.nix ./services/networking/openvpn.nix ./services/networking/prayer.nix + ./services/networking/polipo.nix ./services/networking/privoxy.nix ./services/networking/quassel.nix ./services/networking/radicale.nix diff --git a/nixos/modules/services/networking/polipo.nix b/nixos/modules/services/networking/polipo.nix new file mode 100644 index 00000000000..05ded84625d --- /dev/null +++ b/nixos/modules/services/networking/polipo.nix @@ -0,0 +1,118 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + + cfg = config.services.polipo; + + polipoConfig = pkgs.writeText "polipo.conf" '' + proxyAddress = ${cfg.proxyAddress} + proxyPort = ${toString cfg.proxyPort} + allowedClients = ${concatStringsSep ", " cfg.allowedClients} + ${optionalString (cfg.parentProxy != "") "parentProxy = ${cfg.parentProxy}" } + ${optionalString (cfg.socksParentProxy != "") "socksParentProxy = ${cfg.socksParentProxy}" } + ${config.services.polipo.extraConfig} + ''; + +in + +{ + + options = { + + services.polipo = { + + enable = mkOption { + type = types.bool; + default = false; + description = "Whether to run the polipo caching web proxy."; + }; + + proxyAddress = mkOption { + type = types.string; + default = "127.0.0.1"; + description = "IP address on which Polipo will listen."; + }; + + proxyPort = mkOption { + type = types.int; + default = 8123; + description = "TCP port on which Polipo will listen."; + }; + + allowedClients = mkOption { + type = types.listOf types.string; + default = [ "127.0.0.1" "::1" ]; + example = [ "127.0.0.1" "::1" "134.157.168.0/24" "2001:660:116::/48" ]; + description = '' + List of IP addresses or network addresses that may connect to Polipo. + ''; + }; + + parentProxy = mkOption { + type = types.string; + default = ""; + example = "localhost:8124"; + description = '' + Hostname and port number of an HTTP parent proxy; + it should have the form ‘host:port’. + ''; + }; + + socksParentProxy = mkOption { + type = types.string; + default = ""; + example = "localhost:9050"; + description = '' + Hostname and port number of an SOCKS parent proxy; + it should have the form ‘host:port’. + ''; + }; + + extraConfig = mkOption { + type = types.lines; + default = ""; + description = '' + Polio configuration. Contents will be added + verbatim to the configuration file. + ''; + }; + + }; + + }; + + config = mkIf cfg.enable { + + users.extraUsers = singleton + { name = "polipo"; + uid = config.ids.uids.polipo; + description = "Polipo caching proxy user"; + home = "/var/cache/polipo"; + createHome = true; + }; + + users.extraGroups = singleton + { name = "polipo"; + gid = config.ids.gids.polipo; + members = [ "polipo" ]; + }; + + systemd.services.polipo = { + description = "caching web proxy"; + after = [ "network.target" "nss-lookup.target" ]; + wantedBy = [ "multi-user.target"]; + preStart = '' + ${pkgs.coreutils}/bin/chown polipo:polipo /var/cache/polipo -R + ''; + serviceConfig = { + ExecStart = "${pkgs.polipo}/bin/polipo -c ${polipoConfig}"; + ExecReload = "${pkgs.coreutils}/bin/kill -USR1 $MAINPID"; + User = "polipo"; + }; + }; + + }; + +} \ No newline at end of file