added privoxy nixos module

svn path=/nixos/trunk/; revision=17646
15 years ago · 0e2c160e2e
parent 8ab6828f31
commit 0e2c160e2e
3 changed files with 108 additions and 0 deletions
--- a/modules/misc/ids.nix
+++ b/modules/misc/ids.nix
@ -50,6 +50,8 @@ in
    polkituser = 28;
    uptimed = 29;
    ddclient = 30;
+    davfs2 = 31;
+    privoxy = 32;
    # When adding a uid, make sure it doesn't match an existing gid.

    nixbld = 30000; # start of range of uids
@ -85,6 +87,8 @@ in
    video = 26;
    dialout = 27;
    polkituser = 28;
+    davfs2 = 31;
+    privoxy = 32;
    # When adding a gid, make sure it doesn't match an existing uid.

    users = 100;
--- a/modules/module-list.nix
+++ b/modules/module-list.nix
@ -73,6 +73,7 @@
  ./services/networking/openfire.nix
  ./services/networking/openvpn.nix
  ./services/networking/portmap.nix
+  ./services/networking/privoxy.nix
  ./services/networking/ssh/lshd.nix
  ./services/networking/ssh/sshd.nix
  ./services/networking/tftpd.nix
--- a/modules/services/networking/privoxy.nix
+++ b/modules/services/networking/privoxy.nix
@ -0,0 +1,103 @@
+{pkgs, config, ...}:
+
+let
+
+  inherit (pkgs.lib) mkOption mkIf singleton;
+
+  inherit (pkgs) privoxy;
+
+  stateDir = "/var/spool/privoxy";
+
+  privoxyUser = "privoxy";
+
+  modprobe = config.system.sbin.modprobe;
+
+  privoxyFlags = "--no-daemon ${privoxyCfg}";
+
+  privoxyCfg = pkgs.writeText "privoxy.conf" ''
+    listen-address  ${config.services.privoxy.listenAddress}
+    logdir          ${config.services.privoxy.logDir}
+    confdir         ${privoxy}/etc
+    filterfile      default.filter
+
+    ${config.services.privoxy.extraConfig}
+  '';
+
+in
+
+{
+
+  ###### interface
+  
+  options = {
+  
+    services.privoxy = {
+
+      enable = mkOption {
+        default = false;
+        description = ''
+          Whether to run the machine as a HTTP proxy server.
+        '';
+      };
+
+      listenAddress = mkOption {
+        default = "127.0.0.1:8118";
+        description = ''
+          Address the proxy server is listening to.
+        '';
+      };
+
+      logDir = mkOption {
+        default = "/var/log/privoxy" ;
+        description = ''
+          Location for privoxy log files.
+        '';
+      };
+
+      extraConfig = mkOption {
+        default = "" ;
+        description = ''
+          Extra configuration. Contents will be added verbatim to the configuration file.
+        '';
+      };
+    };
+
+  };
+
+
+  ###### implementation
+
+  config = mkIf config.services.privoxy.enable {
+    environment.systemPackages = [ privoxy ];
+  
+    users.extraUsers = singleton
+      { name = privoxyUser;
+        uid = config.ids.uids.privoxy;
+        description = "privoxy daemon user";
+        home = stateDir;
+      };
+
+    jobs = singleton {
+
+      name = "privoxy";
+
+      startOn = "startup";
+      stopOn = "shutdown"; 
+
+      preStart = ''
+         mkdir -m 0755 -p ${stateDir}
+         chown ${privoxyUser} ${stateDir}
+
+         # Needed to run privoxy as an unprivileged user.
+         ${modprobe}/sbin/modprobe capability || true
+      '';
+
+      script = ''
+        ${privoxy}/sbin/privoxy ${privoxyFlags}
+      '';
+
+    };
+    
+  };
+  
+}