nixpkgs/nixos/modules/programs/proxychains.nix

{
  config,
  lib,
  pkgs,
  ...
}:
let

  cfg = config.programs.proxychains;

  configFile = ''
    ${cfg.chain.type}_chain
    ${lib.optionalString (
      cfg.chain.type == "random"
    ) "chain_len = ${builtins.toString cfg.chain.length}"}
    ${lib.optionalString cfg.proxyDNS "proxy_dns"}
    ${lib.optionalString cfg.quietMode "quiet_mode"}
    remote_dns_subnet ${builtins.toString cfg.remoteDNSSubnet}
    tcp_read_time_out ${builtins.toString cfg.tcpReadTimeOut}
    tcp_connect_time_out ${builtins.toString cfg.tcpConnectTimeOut}
    localnet ${cfg.localnet}
    [ProxyList]
    ${builtins.concatStringsSep "\n" (
      lib.mapAttrsToList (k: v: "${v.type} ${v.host} ${builtins.toString v.port}") (
        lib.filterAttrs (k: v: v.enable) cfg.proxies
      )
    )}
  '';

  proxyOptions = {
    options = {
      enable = lib.mkEnableOption "this proxy";

      type = lib.mkOption {
        type = lib.types.enum [
          "http"
          "socks4"
          "socks5"
        ];
        description = "Proxy type.";
      };

      host = lib.mkOption {
        type = lib.types.str;
        description = "Proxy host or IP address.";
      };

      port = lib.mkOption {
        type = lib.types.port;
        description = "Proxy port";
      };
    };
  };

in
{

  ###### interface

  options = {

    programs.proxychains = {

      enable = lib.mkEnableOption "proxychains configuration";

      package = lib.mkPackageOption pkgs "proxychains" {
        example = "proxychains-ng";
      };

      chain = {
        type = lib.mkOption {
          type = lib.types.enum [
            "dynamic"
            "strict"
            "random"
          ];
          default = "strict";
          description = ''
            `dynamic` - Each connection will be done via chained proxies
            all proxies chained in the order as they appear in the list
            at least one proxy must be online to play in chain
            (dead proxies are skipped)
            otherwise `EINTR` is returned to the app.

            `strict` - Each connection will be done via chained proxies
            all proxies chained in the order as they appear in the list
            all proxies must be online to play in chain
            otherwise `EINTR` is returned to the app.

            `random` - Each connection will be done via random proxy
            (or proxy chain, see {option}`programs.proxychains.chain.length`) from the list.
          '';
        };
        length = lib.mkOption {
          type = lib.types.nullOr lib.types.int;
          default = null;
          description = ''
            Chain length for random chain.
          '';
        };
      };

      proxyDNS = lib.mkOption {
        type = lib.types.bool;
        default = true;
        description = "Proxy DNS requests - no leak for DNS data.";
      };

      quietMode = lib.mkEnableOption "Quiet mode (no output from the library)";

      remoteDNSSubnet = lib.mkOption {
        type = lib.types.enum [
          10
          127
          224
        ];
        default = 224;
        description = ''
          Set the class A subnet number to use for the internal remote DNS mapping, uses the reserved 224.x.x.x range by default.
        '';
      };

      tcpReadTimeOut = lib.mkOption {
        type = lib.types.int;
        default = 15000;
        description = "Connection read time-out in milliseconds.";
      };

      tcpConnectTimeOut = lib.mkOption {
        type = lib.types.int;
        default = 8000;
        description = "Connection time-out in milliseconds.";
      };

      localnet = lib.mkOption {
        type = lib.types.str;
        default = "127.0.0.0/255.0.0.0";
        description = "By default enable localnet for loopback address ranges.";
      };

      proxies = lib.mkOption {
        type = lib.types.attrsOf (lib.types.submodule proxyOptions);
        description = ''
          Proxies to be used by proxychains.
        '';

        example = lib.literalExpression ''
          { myproxy =
            { type = "socks4";
              host = "127.0.0.1";
              port = 1337;
            };
          }
        '';
      };

    };

  };

  ###### implementation

  meta.maintainers = with lib.maintainers; [ sorki ];

  config = lib.mkIf cfg.enable {

    assertions = lib.singleton {
      assertion = cfg.chain.type != "random" && cfg.chain.length == null;
      message = ''
        Option `programs.proxychains.chain.length`
        only makes sense with `programs.proxychains.chain.type` = "random".
      '';
    };

    programs.proxychains.proxies = lib.mkIf config.services.tor.client.enable {
      torproxy = lib.mkDefault {
        enable = true;
        type = "socks4";
        host = "127.0.0.1";
        port = 9050;
      };
    };

    environment.etc."proxychains.conf".text = configFile;
    environment.systemPackages = [ cfg.package ];
  };

}
nixos/proxychains: init 2020-04-28 18:32:22 +02:00			`{`
			`config,`
			`lib,`
			`pkgs,`
			`...`
			`}:`
			`let`

			`cfg = config.programs.proxychains;`

			`configFile = ''`
			`${cfg.chain.type}_chain`
treewide: remove file-wide `with lib;` in nixos/modules/programs 2024-04-17 14:37:58 +03:00			`${lib.optionalString (`
			`cfg.chain.type == "random"`
nixos/proxychains: init 2020-04-28 18:32:22 +02:00			`) "chain_len = ${builtins.toString cfg.chain.length}"}`
treewide: remove file-wide `with lib;` in nixos/modules/programs 2024-04-17 14:37:58 +03:00			`${lib.optionalString cfg.proxyDNS "proxy_dns"}`
			`${lib.optionalString cfg.quietMode "quiet_mode"}`
nixos/proxychains: init 2020-04-28 18:32:22 +02:00			`remote_dns_subnet ${builtins.toString cfg.remoteDNSSubnet}`
			`tcp_read_time_out ${builtins.toString cfg.tcpReadTimeOut}`
			`tcp_connect_time_out ${builtins.toString cfg.tcpConnectTimeOut}`
			`localnet ${cfg.localnet}`
			`[ProxyList]`
			`${builtins.concatStringsSep "\n" (`
			`lib.mapAttrsToList (k: v: "${v.type} ${v.host} ${builtins.toString v.port}") (`
			`lib.filterAttrs (k: v: v.enable) cfg.proxies`
treewide: format all inactive Nix files After final improvements to the official formatter implementation, this commit now performs the first treewide reformat of Nix files using it. This is part of the implementation of RFC 166. Only "inactive" files are reformatted, meaning only files that aren't being touched by any PR with activity in the past 2 months. This is to avoid conflicts for PRs that might soon be merged. Later we can do a full treewide reformat to get the rest, which should not cause as many conflicts. A CI check has already been running for some time to ensure that new and already-formatted files are formatted, so the files being reformatted here should also stay formatted. This commit was automatically created and can be verified using nix-build https://github.com/infinisil/treewide-nixpkgs-reformat-script/archive/a08b3a4d199c6124ac5b36a889d9099b4383463f.tar.gz \ --argstr baseRev b32a0943687d2a5094a6d92f25a4b6e16a76b5b7 result/bin/apply-formatting $NIXPKGS_PATH 2024-12-10 20:26:33 +01:00			`)`
nixos/proxychains: init 2020-04-28 18:32:22 +02:00			`)}`
			`'';`

			`proxyOptions = {`
			`options = {`
treewide: remove file-wide `with lib;` in nixos/modules/programs 2024-04-17 14:37:58 +03:00			`enable = lib.mkEnableOption "this proxy";`
nixos/proxychains: init 2020-04-28 18:32:22 +02:00
treewide: remove file-wide `with lib;` in nixos/modules/programs 2024-04-17 14:37:58 +03:00			`type = lib.mkOption {`
			`type = lib.types.enum [`
			`"http"`
			`"socks4"`
			`"socks5"`
			`];`
nixos/programs: invariant option docs MD conversions 2022-07-20 12:32:04 +02:00			`description = "Proxy type.";`
nixos/proxychains: init 2020-04-28 18:32:22 +02:00			`};`

treewide: remove file-wide `with lib;` in nixos/modules/programs 2024-04-17 14:37:58 +03:00			`host = lib.mkOption {`
			`type = lib.types.str;`
nixos/programs: invariant option docs MD conversions 2022-07-20 12:32:04 +02:00			`description = "Proxy host or IP address.";`
nixos/proxychains: init 2020-04-28 18:32:22 +02:00			`};`

treewide: remove file-wide `with lib;` in nixos/modules/programs 2024-04-17 14:37:58 +03:00			`port = lib.mkOption {`
			`type = lib.types.port;`
nixos/programs: invariant option docs MD conversions 2022-07-20 12:32:04 +02:00			`description = "Proxy port";`
nixos/proxychains: init 2020-04-28 18:32:22 +02:00			`};`
			`};`
			`};`

			`in`
			`{`

			`###### interface`

			`options = {`

			`programs.proxychains = {`

treewide: remove file-wide `with lib;` in nixos/modules/programs 2024-04-17 14:37:58 +03:00			`enable = lib.mkEnableOption "proxychains configuration";`
nixos/proxychains: init 2020-04-28 18:32:22 +02:00
treewide: remove file-wide `with lib;` in nixos/modules/programs 2024-04-17 14:37:58 +03:00			`package = lib.mkPackageOption pkgs "proxychains" {`
treewide: use `mkPackageOption` This commit replaces a lot of usages of `mkOption` with the package type, to be `mkPackageOption`, in order to reduce the amount of code. 2023-11-27 01:19:27 +01:00			`example = "proxychains-ng";`
nixos/proxychains: add package option 2023-03-24 02:55:11 +08:00			`};`

nixos/proxychains: init 2020-04-28 18:32:22 +02:00			`chain = {`
treewide: remove file-wide `with lib;` in nixos/modules/programs 2024-04-17 14:37:58 +03:00			`type = lib.mkOption {`
			`type = lib.types.enum [`
			`"dynamic"`
			`"strict"`
			`"random"`
			`];`
nixos/proxychains: init 2020-04-28 18:32:22 +02:00			`default = "strict";`
nixos/programs: invariant option docs MD conversions 2022-07-20 12:32:04 +02:00			`description = ''`
			`dynamic` - Each connection will be done via chained proxies
nixos/proxychains: init 2020-04-28 18:32:22 +02:00			`all proxies chained in the order as they appear in the list`
			`at least one proxy must be online to play in chain`
			`(dead proxies are skipped)`
nixos/programs: invariant option docs MD conversions 2022-07-20 12:32:04 +02:00			otherwise `EINTR` is returned to the app.
nixos/proxychains: init 2020-04-28 18:32:22 +02:00
nixos/programs: invariant option docs MD conversions 2022-07-20 12:32:04 +02:00			`strict` - Each connection will be done via chained proxies
nixos/proxychains: init 2020-04-28 18:32:22 +02:00			`all proxies chained in the order as they appear in the list`
			`all proxies must be online to play in chain`
nixos/programs: invariant option docs MD conversions 2022-07-20 12:32:04 +02:00			otherwise `EINTR` is returned to the app.
nixos/proxychains: init 2020-04-28 18:32:22 +02:00
nixos/programs: invariant option docs MD conversions 2022-07-20 12:32:04 +02:00			`random` - Each connection will be done via random proxy
			(or proxy chain, see {option}`programs.proxychains.chain.length`) from the list.
nixos/proxychains: init 2020-04-28 18:32:22 +02:00			`'';`
			`};`
treewide: remove file-wide `with lib;` in nixos/modules/programs 2024-04-17 14:37:58 +03:00			`length = lib.mkOption {`
			`type = lib.types.nullOr lib.types.int;`
nixos/proxychains: init 2020-04-28 18:32:22 +02:00			`default = null;`
nixos/programs: invariant option docs MD conversions 2022-07-20 12:32:04 +02:00			`description = ''`
nixos/proxychains: init 2020-04-28 18:32:22 +02:00			`Chain length for random chain.`
			`'';`
			`};`
			`};`

treewide: remove file-wide `with lib;` in nixos/modules/programs 2024-04-17 14:37:58 +03:00			`proxyDNS = lib.mkOption {`
			`type = lib.types.bool;`
nixos/proxychains: init 2020-04-28 18:32:22 +02:00			`default = true;`
nixos/programs: invariant option docs MD conversions 2022-07-20 12:32:04 +02:00			`description = "Proxy DNS requests - no leak for DNS data.";`
nixos/proxychains: init 2020-04-28 18:32:22 +02:00			`};`

treewide: remove file-wide `with lib;` in nixos/modules/programs 2024-04-17 14:37:58 +03:00			`quietMode = lib.mkEnableOption "Quiet mode (no output from the library)";`
nixos/proxychains: init 2020-04-28 18:32:22 +02:00
treewide: remove file-wide `with lib;` in nixos/modules/programs 2024-04-17 14:37:58 +03:00			`remoteDNSSubnet = lib.mkOption {`
			`type = lib.types.enum [`
			`10`
			`127`
			`224`
			`];`
nixos/proxychains: init 2020-04-28 18:32:22 +02:00			`default = 224;`
nixos/programs: invariant option docs MD conversions 2022-07-20 12:32:04 +02:00			`description = ''`
nixos/proxychains: init 2020-04-28 18:32:22 +02:00			`Set the class A subnet number to use for the internal remote DNS mapping, uses the reserved 224.x.x.x range by default.`
			`'';`
			`};`

treewide: remove file-wide `with lib;` in nixos/modules/programs 2024-04-17 14:37:58 +03:00			`tcpReadTimeOut = lib.mkOption {`
			`type = lib.types.int;`
nixos/proxychains: init 2020-04-28 18:32:22 +02:00			`default = 15000;`
nixos/programs: invariant option docs MD conversions 2022-07-20 12:32:04 +02:00			`description = "Connection read time-out in milliseconds.";`
nixos/proxychains: init 2020-04-28 18:32:22 +02:00			`};`

treewide: remove file-wide `with lib;` in nixos/modules/programs 2024-04-17 14:37:58 +03:00			`tcpConnectTimeOut = lib.mkOption {`
			`type = lib.types.int;`
nixos/proxychains: init 2020-04-28 18:32:22 +02:00			`default = 8000;`
nixos/programs: invariant option docs MD conversions 2022-07-20 12:32:04 +02:00			`description = "Connection time-out in milliseconds.";`
nixos/proxychains: init 2020-04-28 18:32:22 +02:00			`};`

treewide: remove file-wide `with lib;` in nixos/modules/programs 2024-04-17 14:37:58 +03:00			`localnet = lib.mkOption {`
			`type = lib.types.str;`
nixos/proxychains: init 2020-04-28 18:32:22 +02:00			`default = "127.0.0.0/255.0.0.0";`
nixos/programs: invariant option docs MD conversions 2022-07-20 12:32:04 +02:00			`description = "By default enable localnet for loopback address ranges.";`
nixos/proxychains: init 2020-04-28 18:32:22 +02:00			`};`

treewide: remove file-wide `with lib;` in nixos/modules/programs 2024-04-17 14:37:58 +03:00			`proxies = lib.mkOption {`
			`type = lib.types.attrsOf (lib.types.submodule proxyOptions);`
nixos/programs: invariant option docs MD conversions 2022-07-20 12:32:04 +02:00			`description = ''`
nixos/proxychains: init 2020-04-28 18:32:22 +02:00			`Proxies to be used by proxychains.`
			`'';`

treewide: remove file-wide `with lib;` in nixos/modules/programs 2024-04-17 14:37:58 +03:00			`example = lib.literalExpression ''`
nixos/proxychains: init 2020-04-28 18:32:22 +02:00			`{ myproxy =`
			`{ type = "socks4";`
			`host = "127.0.0.1";`
			`port = 1337;`
			`};`
			`}`
			`'';`
			`};`

			`};`

			`};`

			`###### implementation`

treewide: remove file-wide `with lib;` in nixos/modules/programs 2024-04-17 14:37:58 +03:00			`meta.maintainers = with lib.maintainers; [ sorki ];`
nixos/proxychains: init 2020-04-28 18:32:22 +02:00
treewide: remove file-wide `with lib;` in nixos/modules/programs 2024-04-17 14:37:58 +03:00			`config = lib.mkIf cfg.enable {`
nixos/proxychains: init 2020-04-28 18:32:22 +02:00
treewide: remove file-wide `with lib;` in nixos/modules/programs 2024-04-17 14:37:58 +03:00			`assertions = lib.singleton {`
nixos/proxychains: init 2020-04-28 18:32:22 +02:00			`assertion = cfg.chain.type != "random" && cfg.chain.length == null;`
			`message = ''`
			Option `programs.proxychains.chain.length`
			only makes sense with `programs.proxychains.chain.type` = "random".
			`'';`
			`};`

treewide: remove file-wide `with lib;` in nixos/modules/programs 2024-04-17 14:37:58 +03:00			`programs.proxychains.proxies = lib.mkIf config.services.tor.client.enable {`
			`torproxy = lib.mkDefault {`
nixos/proxychains: init 2020-04-28 18:32:22 +02:00			`enable = true;`
			`type = "socks4";`
			`host = "127.0.0.1";`
			`port = 9050;`
			`};`
treewide: format all inactive Nix files After final improvements to the official formatter implementation, this commit now performs the first treewide reformat of Nix files using it. This is part of the implementation of RFC 166. Only "inactive" files are reformatted, meaning only files that aren't being touched by any PR with activity in the past 2 months. This is to avoid conflicts for PRs that might soon be merged. Later we can do a full treewide reformat to get the rest, which should not cause as many conflicts. A CI check has already been running for some time to ensure that new and already-formatted files are formatted, so the files being reformatted here should also stay formatted. This commit was automatically created and can be verified using nix-build https://github.com/infinisil/treewide-nixpkgs-reformat-script/archive/a08b3a4d199c6124ac5b36a889d9099b4383463f.tar.gz \ --argstr baseRev b32a0943687d2a5094a6d92f25a4b6e16a76b5b7 result/bin/apply-formatting $NIXPKGS_PATH 2024-12-10 20:26:33 +01:00			`};`
nixos/proxychains: init 2020-04-28 18:32:22 +02:00
			`environment.etc."proxychains.conf".text = configFile;`
nixos/proxychains: add package option 2023-03-24 02:55:11 +08:00			`environment.systemPackages = [ cfg.package ];`
nixos/proxychains: init 2020-04-28 18:32:22 +02:00			`};`

			`}`