1
0
Fork 1
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-02-12 08:01:50 +00:00

cntlm service: cleanup non working config options (#26578)

- extraConfig was not working
- add possibility to add cntlm.conf in verbatime form
- create cntlm user as system user
- add no proxy option
This commit is contained in:
Pascal Bach 2017-06-15 12:11:48 +02:00 committed by Joachim Schiele
parent 5172e1afee
commit c9802321c1

View file

@ -5,110 +5,122 @@ with lib;
let let
cfg = config.services.cntlm; cfg = config.services.cntlm;
uid = config.ids.uids.cntlm;
configFile = if cfg.configText != "" then
pkgs.writeText "cntlm.conf" ''
${cfg.configText}
''
else
pkgs.writeText "lighttpd.conf" ''
# Cntlm Authentication Proxy Configuration
Username ${cfg.username}
Domain ${cfg.domain}
Password ${cfg.password}
${optionalString (cfg.netbios_hostname != "") "Workstation ${cfg.netbios_hostname}"}
${concatMapStrings (entry: "Proxy ${entry}\n") cfg.proxy}
${optionalString (cfg.noproxy != []) "NoProxy ${concatStringsSep ", " cfg.noproxy}"}
${concatMapStrings (port: ''
Listen ${toString port}
'') cfg.port}
${cfg.extraConfig}
'';
in in
{ {
options = { options.services.cntlm = {
services.cntlm = { enable = mkOption {
default = false;
description = ''
Whether to enable the cntlm, which start a local proxy.
'';
};
enable = mkOption { username = mkOption {
default = false; description = ''
description = '' Proxy account name, without the possibility to include domain name ('at' sign is interpreted literally).
Whether to enable the cntlm, which start a local proxy. '';
''; };
};
username = mkOption { domain = mkOption {
description = '' description = ''Proxy account domain/workgroup name.'';
Proxy account name, without the possibility to include domain name ('at' sign is interpreted literally). };
'';
};
domain = mkOption { password = mkOption {
description = ''Proxy account domain/workgroup name.''; default = "/etc/cntlm.password";
}; type = types.str;
description = ''Proxy account password. Note: use chmod 0600 on /etc/cntlm.password for security.'';
};
password = mkOption { netbios_hostname = mkOption {
default = "/etc/cntlm.password"; type = types.str;
type = types.str; default = "";
description = ''Proxy account password. Note: use chmod 0600 on /etc/cntlm.password for security.''; description = ''
}; The hostname of your machine.
'';
};
netbios_hostname = mkOption { proxy = mkOption {
type = types.str; description = ''
description = '' A list of NTLM/NTLMv2 authenticating HTTP proxies.
The hostname of your machine.
'';
};
proxy = mkOption { Parent proxy, which requires authentication. The same as proxy on the command-line, can be used more than once to specify unlimited
description = '' number of proxies. Should one proxy fail, cntlm automatically moves on to the next one. The connect request fails only if the whole
A list of NTLM/NTLMv2 authenticating HTTP proxies. list of proxies is scanned and (for each request) and found to be invalid. Command-line takes precedence over the configuration file.
'';
example = [ "proxy.example.com:81" ];
};
Parent proxy, which requires authentication. The same as proxy on the command-line, can be used more than once to specify unlimited noproxy = mkOption {
number of proxies. Should one proxy fail, cntlm automatically moves on to the next one. The connect request fails only if the whole description = ''
list of proxies is scanned and (for each request) and found to be invalid. Command-line takes precedence over the configuration file. A list of domains where the proxy is skipped.
''; '';
}; default = [];
example = [ "*.example.com" "example.com" ];
};
port = mkOption { port = mkOption {
default = [3128]; default = [3128];
description = "Specifies on which ports the cntlm daemon listens."; description = "Specifies on which ports the cntlm daemon listens.";
}; };
extraConfig = mkOption { extraConfig = mkOption {
type = types.lines; type = types.lines;
default = ""; default = "";
description = "Verbatim contents of <filename>cntlm.conf</filename>."; description = "Additional config appended to the end of the generated <filename>cntlm.conf</filename>.";
}; };
configText = mkOption {
type = types.lines;
default = "";
description = "Verbatim contents of <filename>cntlm.conf</filename>.";
}; };
}; };
###### implementation ###### implementation
config = mkIf config.services.cntlm.enable { config = mkIf cfg.enable {
systemd.services.cntlm = { systemd.services.cntlm = {
description = "CNTLM is an NTLM / NTLM Session Response / NTLMv2 authenticating HTTP proxy"; description = "CNTLM is an NTLM / NTLM Session Response / NTLMv2 authenticating HTTP proxy";
after = [ "network.target" ]; after = [ "network.target" ];
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
serviceConfig = { serviceConfig = {
Type = "forking";
User = "cntlm"; User = "cntlm";
ExecStart = '' ExecStart = ''
${pkgs.cntlm}/bin/cntlm -U cntlm \ ${pkgs.cntlm}/bin/cntlm -U cntlm -c ${configFile} -v -f
-c ${pkgs.writeText "cntlm_config" cfg.extraConfig}
''; '';
}; };
};
services.cntlm.netbios_hostname = mkDefault config.networking.hostName;
users.extraUsers.cntlm = {
name = "cntlm";
description = "cntlm system-wide daemon";
home = "/var/empty";
}; };
services.cntlm.extraConfig = users.extraUsers.cntlm = {
'' name = "cntlm";
# Cntlm Authentication Proxy Configuration description = "cntlm system-wide daemon";
Username ${cfg.username} isSystemUser = true;
Domain ${cfg.domain} };
Password ${cfg.password}
Workstation ${cfg.netbios_hostname}
${concatMapStrings (entry: "Proxy ${entry}\n") cfg.proxy}
${concatMapStrings (port: ''
Listen ${toString port}
'') cfg.port}
'';
}; };
} }