extraConfig -> settings

2019-09-18 15:47:15 +02:00 · 2019-09-18 15:47:15 +02:00 · 07a2e7392d
parent c61ebf63a1
commit 07a2e7392d
1 changed files with 54 additions and 22 deletions
--- a/service.nix
+++ b/service.nix
@ -20,23 +20,37 @@ let
  '';

  dataDir = "/var/lib/privoxy";
-  configFile = pkgs.writeText "config.ini" ''
-    [General]
-    ProxAddr  = http://${cfgPrivoxy.listenAddress}
-    FrontPort = ${toString cfg.frontPort}
-    RearPort  = ${toString cfg.rearPort}
-    CACert    = ${dataDir}/ca.crt
-    Certdir   = /tmp
-    LogLevel  = ${cfg.logLevel}
- 
-    [TLS NoVerify]
-    ${concatStringsSep "\n" cfg.noVerify}

-    [TLS Passthru]
-    ${concatStringsSep "\n" cfg.passthru}
+  # make attributes only a default
+  mkDefaultAttrs = mapAttrs (n: v: mkDefault v);

-    ${cfg.extraConfig}
-  '';
+  # INI format with sections that may also contains a list
+  toSpecialINI = with lib; {
+    mkSectionName ? (name: escape [ "[" "]" ] name),
+    mkKeyValue    ? generators.mkKeyValueDefault {} "="
+  }: attrsOfAttrs:
+    let
+        # map function to string for each key val
+        mapAttrsToStringsSep = sep: mapFn: attrs:
+          concatStringsSep sep (mapAttrsToList mapFn attrs);
+        stripPriority = val:
+          if val ? priority then val.content else val;
+        mkSectionVal = val:
+          if isList val
+          then concatMapStringsSep "\n" toString val
+          else generators.toKeyValue
+               { inherit mkKeyValue; } val;
+        # handle both list and attributes
+        mkSection = sectName: sectValues: ''
+          [${mkSectionName sectName}]
+          ${mkSectionVal (stripPriority sectValues)}
+        '';
+    in
+      # map input to ini sections
+      mapAttrsToStringsSep "\n" mkSection attrsOfAttrs;
+
+  configFile = pkgs.writeText "config.ini"
+    (toSpecialINI {} cfg.settings);
  
  python = pkgs.python3.withPackages (p: [ p.urllib3 ]);

@ -118,15 +132,19 @@ in
        example = "The level of logging of privoxy-tls";
      };

-      extraConfig = mkOption {
-        type = types.lines;
-        default = "";
-        example = ''
-          [Bypass URL]
-          example.com
+      settings = mkOption {
+        type = types.attrs;
+        default = { };
+        example = literalExample ''
+          {
+            bypassURL = [ "example.com" ];
+          }
        '';
        description = ''
-          Additional options that will be appended to the configuration file.
+          Privoxy-TLS settings. Use this option to configure not exposed in
+          a NixOS option or to bypass one. See the documentation at
+          <link xlink:href="https://maxwell.ydns.eu/git/rnhmjoj/privoxy-tls"/>
+          for the available options.
        '';
      };
    };
@ -150,6 +168,20 @@ in
      home  = dataDir;
    };

+    # default configuration
+    services.privoxy.tls-wrapper.settings = mkDefaultAttrs {
+      general = {
+        proxAddr  = "http://${cfgPrivoxy.listenAddress}";
+        frontPort = cfg.frontPort;
+        rearPort  = cfg.rearPort;
+        caCert    = "${dataDir}/ca.crt";
+        certdir   = "/tmp";
+        logLevel  = cfg.logLevel;
+      };
+      noVerify = cfg.noVerify;
+      passthru = cfg.passthru;
+    };
+
    systemd.services.privoxy-tls = {
      description = "Privoxy TLS proxy wrapper.";
      wantedBy    = [ "multi-user.target" ];