rnhmjoj
/
privoxy-tls
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Compare commits

base: rnhmjoj:984eac6129047b214294555d1149c0c321a91e6c
Branches Tags
rnhmjoj:master
...
compare: rnhmjoj:07a2e7392d1cacfc42c66a09352c333b0bbe0343
Branches Tags
rnhmjoj:master

2 Commits
984eac6129 ... 07a2e7392d

Author SHA1 Message Date
Michele Guerini Rocco 07a2e7392d
extraConfig -> settings 2019-09-18 15:47:15 +02:00
Michele Guerini Rocco c61ebf63a1
use configuration names without spaces 2019-09-18 15:47:02 +02:00
2 changed files with 70 additions and 38 deletions
Show Stats Expand all files Collapse all files

32
main.py
View File

@ -33,17 +33,17 @@ class LoadConfig:
allow_no_value=True, delimiters=('=',),
inline_comment_prefixes=('#',))
self.config.read(configfile)
self.proxy_name = self.config['General'].get('ProxAddr')
self.front_name = self.config['General'].get('FrontAddr', 'localhost')
self.rear_name = self.config['General'].get('RearAddr', 'localhost')
self.front_port = int(self.config['General'].get('FrontPort'))
self.rear_port = int(self.config['General'].get('RearPort'))
self.proxy = self.config['General'].get('DefaultProxy')
self.loglevel = self.config['General'].get('LogLevel')
self.ca = self.config['General'].get('CACert')
self.certdir = self.config['General'].get('CertDir')
self.proxy_name = self.config['general'].get('proxAddr')
self.front_name = self.config['general'].get('frontAddr', 'localhost')
self.rear_name = self.config['general'].get('rearAddr', 'localhost')
self.front_port = int(self.config['general'].get('frontPort'))
self.rear_port = int(self.config['general'].get('rearPort'))
self.proxy = self.config['general'].get('defaultProxy')
self.loglevel = self.config['general'].get('logLevel')
self.ca = self.config['general'].get('caCert')
self.certdir = self.config['general'].get('certDir')
class ConnectionPools:
"""
self.pools is a list of {'proxy': 'http://127.0.0.1:8080',
@ -69,13 +69,13 @@ class ConnectionPools:
self.conf.read(self.file)
self.pools = []
proxy_sections = [section for section in self.conf.sections()
if section.startswith('Proxy')]
if section.startswith('proxy')]
for section in proxy_sections:
proxy = section.split()[1]
self.pools.append(dict(proxy=proxy,
pool=self.setProxyPool(proxy),
patterns=list(self.conf[section].keys())))
default_proxy = self.conf['General'].get('DefaultProxy')
default_proxy = self.conf['general'].get('defaultProxy')
if default_proxy:
default_pool = self.setProxyPool(default_proxy)
@ -93,10 +93,10 @@ class ConnectionPools:
sections = collections.defaultdict(dict)
for name in self.conf.sections():
sections[name] = self.conf[name]
self.noverifylist = list(sections['TLS NoVerify'].keys())
self.sslpasslist = list(sections['TLS Passthru'].keys())
self.blacklist = list(sections['Blacklist'].keys())
self.bypasslist = list(sections['Bypass URL'].keys())
self.noverifylist = list(sections['noVerify'].keys())
self.sslpasslist = list(sections['passthru'].keys())
self.blacklist = list(sections['blacklist'].keys())
self.bypasslist = list(sections['bypassURL'].keys())
def reloadConfig(self):
while True:

76
service.nix
View File

@ -20,23 +20,37 @@ let
'';
dataDir = "/var/lib/privoxy";
configFile = pkgs.writeText "config.ini" ''
[General]
ProxAddr = http://${cfgPrivoxy.listenAddress}
FrontPort = ${toString cfg.frontPort}
RearPort = ${toString cfg.rearPort}
CACert = ${dataDir}/ca.crt
Certdir = /tmp
LogLevel = ${cfg.logLevel}
[TLS NoVerify]
${concatStringsSep "\n" cfg.noVerify}
[TLS Passthru]
${concatStringsSep "\n" cfg.passthru}
# make attributes only a default
mkDefaultAttrs = mapAttrs (n: v: mkDefault v);
${cfg.extraConfig}
'';
# INI format with sections that may also contains a list
toSpecialINI = with lib; {
mkSectionName ? (name: escape [ "[" "]" ] name),
mkKeyValue ? generators.mkKeyValueDefault {} "="
}: attrsOfAttrs:
let
# map function to string for each key val
mapAttrsToStringsSep = sep: mapFn: attrs:
concatStringsSep sep (mapAttrsToList mapFn attrs);
stripPriority = val:
if val ? priority then val.content else val;
mkSectionVal = val:
if isList val
then concatMapStringsSep "\n" toString val
else generators.toKeyValue
{ inherit mkKeyValue; } val;
# handle both list and attributes
mkSection = sectName: sectValues: ''
[${mkSectionName sectName}]
${mkSectionVal (stripPriority sectValues)}
'';
in
# map input to ini sections
mapAttrsToStringsSep "\n" mkSection attrsOfAttrs;
configFile = pkgs.writeText "config.ini"
(toSpecialINI {} cfg.settings);
python = pkgs.python3.withPackages (p: [ p.urllib3 ]);
@ -118,15 +132,19 @@ in
example = "The level of logging of privoxy-tls";
};
extraConfig = mkOption {
type = types.lines;
default = "";
example = ''
[Bypass URL]
example.com
settings = mkOption {
type = types.attrs;
default = { };
example = literalExample ''
{
bypassURL = [ "example.com" ];
}
'';
description = ''
Additional options that will be appended to the configuration file.
Privoxy-TLS settings. Use this option to configure not exposed in
a NixOS option or to bypass one. See the documentation at
<link xlink:href="https://maxwell.ydns.eu/git/rnhmjoj/privoxy-tls"/>
for the available options.
'';
};
};
@ -150,6 +168,20 @@ in
home = dataDir;
};
# default configuration
services.privoxy.tls-wrapper.settings = mkDefaultAttrs {
general = {
proxAddr = "http://${cfgPrivoxy.listenAddress}";
frontPort = cfg.frontPort;
rearPort = cfg.rearPort;
caCert = "${dataDir}/ca.crt";
certdir = "/tmp";
logLevel = cfg.logLevel;
};
noVerify = cfg.noVerify;
passthru = cfg.passthru;
};
systemd.services.privoxy-tls = {
description = "Privoxy TLS proxy wrapper.";
wantedBy = [ "multi-user.target" ];