add NixOS instructions

2019-06-19 19:28:12 +02:00 · 2019-06-19 19:28:12 +02:00 · 05a6db87dd
parent 1c2e3d2d55
commit 05a6db87dd
1 changed files with 41 additions and 0 deletions
--- a/README.md
+++ b/README.md
@ -24,6 +24,47 @@

     * Tagged for forwarding

+## Setup in NixOS
+
+1. Import to the file ./service.nix in your configuration by adding:
+```nix
+  imports = [
+    (fetchGit https://maxwell.ydns.eu/git/rnhmjoj/privoxy-tls + "/service.nix")
+  ];
+```
+  or, better, copy it locally.
+
+2. Create a CA. For example with GnuTLS:
+```
+certtool --generate-privkey --outfile ca.key
+certtool --generate-self-signed --load-privkey ca.key --outfile ca.crt
+```
+  or use the tool ./cert.py provided
+```
+python cert.py -f output
+```
+  In latter the "output" file will contain both private key and certificate;
+  split the file and store the separately.
+
+3. Configure the proxy with the option set `services.privoxy.tls-wrapper`, for example
+```nix
+  services.privoxy.tls-wrapper = {
+      enable = true;
+      caCert = /path/to/ca.crt; # these won't be included in the store
+      caKey  = /path/to/ca.key;
+      noVerify = [ "self-signed.example" ];
+      passthru = [ "localhost" "*.local" ];
+    };
+  };
+```
+  More options are available and documented in ./service.nix
+
+### Notes
+
+- The CA will be automatically installed in the system trust store but
+applications may use their own store and won't trust it.
+You will need to add the CA manually in that case.
+

 ## License