mirror of
https://github.com/NixOS/nixpkgs.git
synced 2025-02-12 08:01:50 +00:00
cntlm service: cleanup non working config options (#26578)
- extraConfig was not working - add possibility to add cntlm.conf in verbatime form - create cntlm user as system user - add no proxy option
This commit is contained in:
parent
5172e1afee
commit
c9802321c1
|
@ -5,110 +5,122 @@ with lib;
|
||||||
let
|
let
|
||||||
|
|
||||||
cfg = config.services.cntlm;
|
cfg = config.services.cntlm;
|
||||||
uid = config.ids.uids.cntlm;
|
|
||||||
|
configFile = if cfg.configText != "" then
|
||||||
|
pkgs.writeText "cntlm.conf" ''
|
||||||
|
${cfg.configText}
|
||||||
|
''
|
||||||
|
else
|
||||||
|
pkgs.writeText "lighttpd.conf" ''
|
||||||
|
# Cntlm Authentication Proxy Configuration
|
||||||
|
Username ${cfg.username}
|
||||||
|
Domain ${cfg.domain}
|
||||||
|
Password ${cfg.password}
|
||||||
|
${optionalString (cfg.netbios_hostname != "") "Workstation ${cfg.netbios_hostname}"}
|
||||||
|
${concatMapStrings (entry: "Proxy ${entry}\n") cfg.proxy}
|
||||||
|
${optionalString (cfg.noproxy != []) "NoProxy ${concatStringsSep ", " cfg.noproxy}"}
|
||||||
|
|
||||||
|
${concatMapStrings (port: ''
|
||||||
|
Listen ${toString port}
|
||||||
|
'') cfg.port}
|
||||||
|
|
||||||
|
${cfg.extraConfig}
|
||||||
|
'';
|
||||||
|
|
||||||
in
|
in
|
||||||
|
|
||||||
{
|
{
|
||||||
|
|
||||||
options = {
|
options.services.cntlm = {
|
||||||
|
|
||||||
services.cntlm = {
|
enable = mkOption {
|
||||||
|
default = false;
|
||||||
|
description = ''
|
||||||
|
Whether to enable the cntlm, which start a local proxy.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
enable = mkOption {
|
username = mkOption {
|
||||||
default = false;
|
description = ''
|
||||||
description = ''
|
Proxy account name, without the possibility to include domain name ('at' sign is interpreted literally).
|
||||||
Whether to enable the cntlm, which start a local proxy.
|
'';
|
||||||
'';
|
};
|
||||||
};
|
|
||||||
|
|
||||||
username = mkOption {
|
domain = mkOption {
|
||||||
description = ''
|
description = ''Proxy account domain/workgroup name.'';
|
||||||
Proxy account name, without the possibility to include domain name ('at' sign is interpreted literally).
|
};
|
||||||
'';
|
|
||||||
};
|
|
||||||
|
|
||||||
domain = mkOption {
|
password = mkOption {
|
||||||
description = ''Proxy account domain/workgroup name.'';
|
default = "/etc/cntlm.password";
|
||||||
};
|
type = types.str;
|
||||||
|
description = ''Proxy account password. Note: use chmod 0600 on /etc/cntlm.password for security.'';
|
||||||
|
};
|
||||||
|
|
||||||
password = mkOption {
|
netbios_hostname = mkOption {
|
||||||
default = "/etc/cntlm.password";
|
type = types.str;
|
||||||
type = types.str;
|
default = "";
|
||||||
description = ''Proxy account password. Note: use chmod 0600 on /etc/cntlm.password for security.'';
|
description = ''
|
||||||
};
|
The hostname of your machine.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
netbios_hostname = mkOption {
|
proxy = mkOption {
|
||||||
type = types.str;
|
description = ''
|
||||||
description = ''
|
A list of NTLM/NTLMv2 authenticating HTTP proxies.
|
||||||
The hostname of your machine.
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
|
|
||||||
proxy = mkOption {
|
Parent proxy, which requires authentication. The same as proxy on the command-line, can be used more than once to specify unlimited
|
||||||
description = ''
|
number of proxies. Should one proxy fail, cntlm automatically moves on to the next one. The connect request fails only if the whole
|
||||||
A list of NTLM/NTLMv2 authenticating HTTP proxies.
|
list of proxies is scanned and (for each request) and found to be invalid. Command-line takes precedence over the configuration file.
|
||||||
|
'';
|
||||||
|
example = [ "proxy.example.com:81" ];
|
||||||
|
};
|
||||||
|
|
||||||
Parent proxy, which requires authentication. The same as proxy on the command-line, can be used more than once to specify unlimited
|
noproxy = mkOption {
|
||||||
number of proxies. Should one proxy fail, cntlm automatically moves on to the next one. The connect request fails only if the whole
|
description = ''
|
||||||
list of proxies is scanned and (for each request) and found to be invalid. Command-line takes precedence over the configuration file.
|
A list of domains where the proxy is skipped.
|
||||||
'';
|
'';
|
||||||
};
|
default = [];
|
||||||
|
example = [ "*.example.com" "example.com" ];
|
||||||
|
};
|
||||||
|
|
||||||
port = mkOption {
|
port = mkOption {
|
||||||
default = [3128];
|
default = [3128];
|
||||||
description = "Specifies on which ports the cntlm daemon listens.";
|
description = "Specifies on which ports the cntlm daemon listens.";
|
||||||
};
|
};
|
||||||
|
|
||||||
extraConfig = mkOption {
|
extraConfig = mkOption {
|
||||||
type = types.lines;
|
type = types.lines;
|
||||||
default = "";
|
default = "";
|
||||||
description = "Verbatim contents of <filename>cntlm.conf</filename>.";
|
description = "Additional config appended to the end of the generated <filename>cntlm.conf</filename>.";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
configText = mkOption {
|
||||||
|
type = types.lines;
|
||||||
|
default = "";
|
||||||
|
description = "Verbatim contents of <filename>cntlm.conf</filename>.";
|
||||||
};
|
};
|
||||||
|
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
||||||
###### implementation
|
###### implementation
|
||||||
|
|
||||||
config = mkIf config.services.cntlm.enable {
|
config = mkIf cfg.enable {
|
||||||
systemd.services.cntlm = {
|
systemd.services.cntlm = {
|
||||||
description = "CNTLM is an NTLM / NTLM Session Response / NTLMv2 authenticating HTTP proxy";
|
description = "CNTLM is an NTLM / NTLM Session Response / NTLMv2 authenticating HTTP proxy";
|
||||||
after = [ "network.target" ];
|
after = [ "network.target" ];
|
||||||
wantedBy = [ "multi-user.target" ];
|
wantedBy = [ "multi-user.target" ];
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
Type = "forking";
|
|
||||||
User = "cntlm";
|
User = "cntlm";
|
||||||
ExecStart = ''
|
ExecStart = ''
|
||||||
${pkgs.cntlm}/bin/cntlm -U cntlm \
|
${pkgs.cntlm}/bin/cntlm -U cntlm -c ${configFile} -v -f
|
||||||
-c ${pkgs.writeText "cntlm_config" cfg.extraConfig}
|
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
};
|
|
||||||
|
|
||||||
services.cntlm.netbios_hostname = mkDefault config.networking.hostName;
|
|
||||||
|
|
||||||
users.extraUsers.cntlm = {
|
|
||||||
name = "cntlm";
|
|
||||||
description = "cntlm system-wide daemon";
|
|
||||||
home = "/var/empty";
|
|
||||||
};
|
};
|
||||||
|
|
||||||
services.cntlm.extraConfig =
|
users.extraUsers.cntlm = {
|
||||||
''
|
name = "cntlm";
|
||||||
# Cntlm Authentication Proxy Configuration
|
description = "cntlm system-wide daemon";
|
||||||
Username ${cfg.username}
|
isSystemUser = true;
|
||||||
Domain ${cfg.domain}
|
};
|
||||||
Password ${cfg.password}
|
|
||||||
Workstation ${cfg.netbios_hostname}
|
|
||||||
${concatMapStrings (entry: "Proxy ${entry}\n") cfg.proxy}
|
|
||||||
|
|
||||||
${concatMapStrings (port: ''
|
|
||||||
Listen ${toString port}
|
|
||||||
'') cfg.port}
|
|
||||||
'';
|
|
||||||
};
|
};
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue