mirror of
https://github.com/NixOS/nixpkgs.git
synced 2024-11-25 07:00:43 +00:00
113 lines
2.7 KiB
Nix
113 lines
2.7 KiB
Nix
{ config, lib, pkgs, ... }:
|
|
|
|
with lib;
|
|
|
|
let
|
|
cfg = config.services.shadowsocks;
|
|
|
|
opts = {
|
|
server = cfg.localAddress;
|
|
server_port = cfg.port;
|
|
method = cfg.encryptionMethod;
|
|
mode = cfg.mode;
|
|
user = "nobody";
|
|
fast_open = true;
|
|
} // optionalAttrs (cfg.password != null) { password = cfg.password; };
|
|
|
|
configFile = pkgs.writeText "shadowsocks.json" (builtins.toJSON opts);
|
|
|
|
in
|
|
|
|
{
|
|
|
|
###### interface
|
|
|
|
options = {
|
|
|
|
services.shadowsocks = {
|
|
|
|
enable = mkOption {
|
|
type = types.bool;
|
|
default = false;
|
|
description = ''
|
|
Whether to run shadowsocks-libev shadowsocks server.
|
|
'';
|
|
};
|
|
|
|
localAddress = mkOption {
|
|
type = types.str;
|
|
default = "0.0.0.0";
|
|
description = ''
|
|
Local address to which the server binds.
|
|
'';
|
|
};
|
|
|
|
port = mkOption {
|
|
type = types.int;
|
|
default = 8388;
|
|
description = ''
|
|
Port which the server uses.
|
|
'';
|
|
};
|
|
|
|
password = mkOption {
|
|
type = types.nullOr types.str;
|
|
default = null;
|
|
description = ''
|
|
Password for connecting clients.
|
|
'';
|
|
};
|
|
|
|
passwordFile = mkOption {
|
|
type = types.nullOr types.path;
|
|
default = null;
|
|
description = ''
|
|
Password file with a password for connecting clients.
|
|
'';
|
|
};
|
|
|
|
mode = mkOption {
|
|
type = types.enum [ "tcp_only" "tcp_and_udp" "udp_only" ];
|
|
default = "tcp_and_udp";
|
|
description = ''
|
|
Relay protocols.
|
|
'';
|
|
};
|
|
|
|
encryptionMethod = mkOption {
|
|
type = types.str;
|
|
default = "chacha20-ietf-poly1305";
|
|
description = ''
|
|
Encryption method. See <link xlink:href="https://github.com/shadowsocks/shadowsocks-org/wiki/AEAD-Ciphers"/>.
|
|
'';
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
###### implementation
|
|
|
|
config = mkIf cfg.enable {
|
|
assertions = singleton
|
|
{ assertion = cfg.password == null || cfg.passwordFile == null;
|
|
message = "Cannot use both password and passwordFile for shadowsocks-libev";
|
|
};
|
|
|
|
systemd.services.shadowsocks-libev = {
|
|
description = "shadowsocks-libev Daemon";
|
|
after = [ "network.target" ];
|
|
wantedBy = [ "multi-user.target" ];
|
|
path = [ pkgs.shadowsocks-libev ] ++ optional (cfg.passwordFile != null) pkgs.jq;
|
|
serviceConfig.PrivateTmp = true;
|
|
script = ''
|
|
${optionalString (cfg.passwordFile != null) ''
|
|
cat ${configFile} | jq --arg password "$(cat "${cfg.passwordFile}")" '. + { password: $password }' > /tmp/shadowsocks.json
|
|
''}
|
|
exec ss-server -c ${if cfg.passwordFile != null then "/tmp/shadowsocks.json" else configFile}
|
|
'';
|
|
};
|
|
};
|
|
}
|