diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index b949fef6bab7..6c6aab14ee72 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -285,6 +285,7 @@ ./services/networking/searx.nix ./services/networking/seeks.nix ./services/networking/spiped.nix + ./services/networking/sslh.nix ./services/networking/ssh/lshd.nix ./services/networking/ssh/sshd.nix ./services/networking/strongswan.nix diff --git a/nixos/modules/services/networking/sslh.nix b/nixos/modules/services/networking/sslh.nix new file mode 100644 index 000000000000..2bfdfc89c880 --- /dev/null +++ b/nixos/modules/services/networking/sslh.nix @@ -0,0 +1,83 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + cfg = config.services.sslh; + configFile = pkgs.writeText "sslh.conf" '' + verbose: ${if cfg.verbose then "true" else "false"}; + foreground: false; + inetd: false; + numeric: false; + transparent: false; + timeout: "${toString cfg.timeout}"; + user: "nobody"; + pidfile: "/run/sslh.pid"; + + listen: + ( + { host: "${cfg.host}"; port: "${toString cfg.port}"; } + ); + + ${cfg.appendConfig} + ''; + defaultAppendConfig = '' + protocols: + ( + { name: "ssh"; service: "ssh"; host: "localhost"; port: "22"; probe: "builtin"; }, + { name: "openvpn"; host: "localhost"; port: "1194"; probe: "builtin"; }, + { name: "xmpp"; host: "localhost"; port: "5222"; probe: "builtin"; }, + { name: "http"; host: "localhost"; port: "80"; probe: "builtin"; }, + { name: "ssl"; host: "localhost"; port: "443"; probe: "builtin"; }, + { name: "anyprot"; host: "localhost"; port: "443"; probe: "builtin"; } + ); + ''; +in +{ + options = { + services.sslh = { + enable = mkEnableOption "sslh"; + + verbose = mkOption { + type = types.bool; + default = false; + description = "Verbose logs."; + }; + + timeout = mkOption { + type = types.int; + default = 2; + description = "Timeout in seconds."; + }; + + host = mkOption { + type = types.str; + default = config.networking.hostName; + description = "Listening hostname."; + }; + + port = mkOption { + type = types.int; + default = 443; + description = "Listening port."; + }; + + appendConfig = mkOption { + type = types.str; + default = defaultAppendConfig; + description = "Verbatim configuration file."; + }; + }; + }; + + config = mkIf cfg.enable { + systemd.services.sslh = { + description = "Applicative Protocol Multiplexer (e.g. share SSH and HTTPS on the same port)"; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + serviceConfig.ExecStart = "${pkgs.sslh}/bin/sslh -F ${configFile}"; + serviceConfig.KillMode = "process"; + serviceConfig.PIDFile = "/run/sslh.pid"; + }; + }; +} diff --git a/pkgs/servers/sslh/default.nix b/pkgs/servers/sslh/default.nix new file mode 100644 index 000000000000..d646e28fb0f4 --- /dev/null +++ b/pkgs/servers/sslh/default.nix @@ -0,0 +1,27 @@ +{ stdenv, fetchurl, libcap, libconfig, perl }: + +stdenv.mkDerivation rec { + name = "sslh-${version}"; + version = "1.16"; + + src = fetchurl { + url = "https://github.com/yrutschle/sslh/archive/v${version}.tar.gz"; + sha256 = "0xwi2bflvq4phrqjic84xch20jkg3wdys219mw2cy23sjkzk63mb"; + }; + + postPatch = "patchShebangs *.sh"; + + buildInputs = [ libcap libconfig perl ]; + + makeFlags = "USELIBCAP=1"; + + installFlags = "PREFIX=$(out)"; + + meta = with stdenv.lib; { + description = "Applicative Protocol Multiplexer (e.g. share SSH and HTTPS on the same port)"; + license = licenses.gpl2Plus; + homepage = http://www.rutschle.net/tech/sslh.shtml; + maintainers = [ maintainers.koral ]; + platforms = platforms.all; + }; +} diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 04a592a7e566..1664ac4261b5 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -8196,6 +8196,8 @@ let }); squid = squids.squid31; # has ipv6 support + sslh = callPackage ../servers/sslh { }; + thttpd = callPackage ../servers/http/thttpd { }; storm = callPackage ../servers/computing/storm { };