From 05eef8051b2c129e05973073b6772b2d36db76c1 Mon Sep 17 00:00:00 2001 From: Dominique Martinet Date: Mon, 28 Sep 2020 14:34:01 +0200 Subject: [PATCH 1/2] stunnel service: fix servers example examples incorrectly had 'enable' set, the option is not defined and reproducing would error out --- nixos/modules/services/networking/stunnel.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/nixos/modules/services/networking/stunnel.nix b/nixos/modules/services/networking/stunnel.nix index ab51bba2f6ac..2720bcf10934 100644 --- a/nixos/modules/services/networking/stunnel.nix +++ b/nixos/modules/services/networking/stunnel.nix @@ -129,7 +129,6 @@ in type = with types; attrsOf (submodule serverConfig); example = { fancyWebserver = { - enable = true; accept = 443; connect = 8080; cert = "/path/to/pem/file"; From 1fb299064b98f7867ef0c54939063ac71186379d Mon Sep 17 00:00:00 2001 From: Dominique Martinet Date: Mon, 28 Sep 2020 15:37:44 +0200 Subject: [PATCH 2/2] stunnel: make servers accept more lenient stunnel config's accept syntax is [host:]port -- this is required to e.g. listen on ipv6 where one would set :::port --- nixos/modules/services/networking/stunnel.nix | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/nixos/modules/services/networking/stunnel.nix b/nixos/modules/services/networking/stunnel.nix index 2720bcf10934..fe1616f411f0 100644 --- a/nixos/modules/services/networking/stunnel.nix +++ b/nixos/modules/services/networking/stunnel.nix @@ -16,8 +16,12 @@ let serverConfig = { options = { accept = mkOption { - type = types.int; - description = "On which port stunnel should listen for incoming TLS connections."; + type = types.either types.str types.int; + description = '' + On which [host:]port stunnel should listen for incoming TLS connections. + Note that unlike other softwares stunnel ipv6 address need no brackets, + so to listen on all IPv6 addresses on port 1234 one would use ':::1234'. + ''; }; connect = mkOption {