movefasta/nixpkgs
1
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-06-12 12:45:27 +03:00
Code Issues Projects Releases Packages Wiki Activity

g3proxy: init at 1.10.4 (#378059)

Browse source
This commit is contained in:
nikstur 2025-02-01 22:45:13 +01:00 committed by GitHub
commit 9015a21afc
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
4 changed files with 158 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

2
nixos/doc/manual/release-notes/rl-2505.section.md
View file

@ -137,6 +137,8 @@
- [PowerStation](https://github.com/ShadowBlip/PowerStation/), an open source TDP control and performance daemon with DBus interface for Linux. Available as [services.powerstation](#opt-services.powerstation.enable). - [PowerStation](https://github.com/ShadowBlip/PowerStation/), an open source TDP control and performance daemon with DBus interface for Linux. Available as [services.powerstation](#opt-services.powerstation.enable).
- [`g3proxy`](https://github.com/bytedance/g3), an open source enterprise forward proxy from ByteDance, similar to Squid or tinyproxy. Available as [services.g3proxy](#opt-services.g3proxy.enable).
- [echoip](https://github.com/mpolden/echoip), a simple service for looking up your IP address. Available as [services.echoip](#opt-services.echoip.enable). - [echoip](https://github.com/mpolden/echoip), a simple service for looking up your IP address. Available as [services.echoip](#opt-services.echoip.enable).
- [Buffyboard](https://gitlab.postmarketos.org/postmarketOS/buffybox/-/tree/master/buffyboard), a framebuffer on-screen keyboard. Available as [services.buffyboard](option.html#opt-services.buffyboard). - [Buffyboard](https://gitlab.postmarketos.org/postmarketOS/buffybox/-/tree/master/buffyboard), a framebuffer on-screen keyboard. Available as [services.buffyboard](option.html#opt-services.buffyboard).

1
nixos/modules/module-list.nix
View file

@ -1267,6 +1267,7 @@
./services/networking/spacecookie.nix ./services/networking/spacecookie.nix
./services/networking/spiped.nix ./services/networking/spiped.nix
./services/networking/squid.nix ./services/networking/squid.nix
./services/networking/g3proxy.nix
./services/networking/ssh/sshd.nix ./services/networking/ssh/sshd.nix
./services/networking/sslh.nix ./services/networking/sslh.nix
./services/networking/strongswan-swanctl/module.nix ./services/networking/strongswan-swanctl/module.nix

92
nixos/modules/services/networking/g3proxy.nix Normal file
View file

@ -0,0 +1,92 @@
{
config,
lib,
pkgs,
...
}:
let
cfg = config.services.g3proxy;
inherit (lib)
mkPackageOption
mkEnableOption
mkOption
mkIf
literalExpression
;
settingsFormat = pkgs.formats.yaml { };
in
{
options.services.g3proxy = {
enable = mkEnableOption "g3proxy, a generic purpose forward proxy";
package = mkPackageOption pkgs "g3proxy" { };
settings = mkOption {
type = settingsFormat.type;
default = { };
example = literalExpression ''
{
server = [{
name = "test";
escaper = "default";
type = "socks_proxy";
listen = {
address = "[::]:10086";
};
}];
}
'';
description = ''
Settings of g3proxy.
'';
};
};
config = mkIf cfg.enable {
systemd.services.g3proxy = {
description = "g3proxy server";
wantedBy = [ "multi-user.target" ];
serviceConfig = {
ExecStart =
let
g3proxy-yaml = settingsFormat.generate "g3proxy.yaml" cfg.settings;
in
"${lib.getExe cfg.package} --config-file ${g3proxy-yaml}";
WorkingDirectory = "/var/lib/g3proxy";
StateDirectory = "g3proxy";
RuntimeDirectory = "g3proxy";
DynamicUser = true;
RuntimeDirectoryMode = "0755";
PrivateTmp = true;
DevicePolicy = "closed";
LockPersonality = true;
MemoryDenyWriteExecute = true;
PrivateUsers = true;
ProtectHome = true;
ProtectHostname = true;
ProtectKernelLogs = true;
ProtectKernelModules = true;
ProtectKernelTunables = true;
ProtectControlGroups = true;
ProtectSystem = "strict";
ProcSubset = "pid";
RestrictNamespaces = true;
RestrictRealtime = true;
RemoveIPC = true;
SystemCallArchitectures = "native";
UMask = "0077";
RestrictAddressFamilies = [
"AF_UNIX"
"AF_INET"
"AF_INET6"
];
RestrictSUIDSGID = true;
};
};
};
}

63
pkgs/by-name/g3/g3proxy/package.nix Normal file
View file

@ -0,0 +1,63 @@
{
lib,
rustPlatform,
fetchFromGitHub,
pkg-config,
stdenv,
darwin,
c-ares,
python3,
lua5_4,
capnproto,
cmake,
}:
rustPlatform.buildRustPackage rec {
pname = "g3";
version = "v1.10.4";
src = fetchFromGitHub {
owner = "bytedance";
repo = "g3";
tag = "g3proxy-${version}";
hash = "sha256-uafKYyzjGdtC+oMJG1wWOvgkSht/wTOzyODcPoTfOnU=";
};
cargoHash = "sha256-NbrJGGnpZkF7ZX3MqrMsZ03tWkN/nqWahh00O3IJGOw=";
useFetchCargoVendor = true;
# TODO: can we unvendor AWS LC somehow?
buildFeatures = [
"vendored-aws-lc"
"rustls-aws-lc"
];
# aws-lc/crypto compilation will trigger `strictoverflow` errors.
hardeningDisable = [ "strictoverflow" ];
nativeBuildInputs = [
pkg-config
rustPlatform.bindgenHook
python3
capnproto
cmake
];
buildInputs =
[
c-ares
lua5_4
]
++ lib.optionals stdenv.isDarwin [
darwin.apple_sdk.frameworks.Security
];
meta = {
description = "Enterprise-oriented Generic Proxy Solutions";
homepage = "https://github.com/bytedance/g3";
changelog = "https://github.com/bytedance/g3/blob/${src.rev}/CHANGELOG.md";
license = lib.licenses.asl20;
maintainers = with lib.maintainers; [ raitobezarius ];
mainProgram = "g3proxy";
};
}