mirror of
https://github.com/NixOS/nixpkgs.git
synced 2025-06-12 12:45:27 +03:00
374e6bcc40
Format all Nix files using the officially approved formatter,
making the CI check introduced in the previous commit succeed:
nix-build ci -A fmt.check
This is the next step of the of the [implementation](https://github.com/NixOS/nixfmt/issues/153)
of the accepted [RFC 166](https://github.com/NixOS/rfcs/pull/166).
This commit will lead to merge conflicts for a number of PRs,
up to an estimated ~1100 (~33%) among the PRs with activity in the past 2
months, but that should be lower than what it would be without the previous
[partial treewide format](https://github.com/NixOS/nixpkgs/pull/322537).
Merge conflicts caused by this commit can now automatically be resolved while rebasing using the
[auto-rebase script](8616af08d9/maintainers/scripts/auto-rebase).
If you run into any problems regarding any of this, please reach out to the
[formatting team](https://nixos.org/community/teams/formatting/) by
pinging @NixOS/nix-formatting.
186 lines
4.7 KiB
Nix
186 lines
4.7 KiB
Nix
{
|
|
config,
|
|
lib,
|
|
pkgs,
|
|
...
|
|
}:
|
|
|
|
with lib;
|
|
|
|
let
|
|
cfg = config.services.shadowsocks;
|
|
|
|
opts =
|
|
{
|
|
server = cfg.localAddress;
|
|
server_port = cfg.port;
|
|
method = cfg.encryptionMethod;
|
|
mode = cfg.mode;
|
|
user = "nobody";
|
|
fast_open = cfg.fastOpen;
|
|
}
|
|
// optionalAttrs (cfg.plugin != null) {
|
|
plugin = cfg.plugin;
|
|
plugin_opts = cfg.pluginOpts;
|
|
}
|
|
// optionalAttrs (cfg.password != null) {
|
|
password = cfg.password;
|
|
}
|
|
// cfg.extraConfig;
|
|
|
|
configFile = pkgs.writeText "shadowsocks.json" (builtins.toJSON opts);
|
|
|
|
in
|
|
|
|
{
|
|
|
|
###### interface
|
|
|
|
options = {
|
|
|
|
services.shadowsocks = {
|
|
|
|
enable = mkOption {
|
|
type = types.bool;
|
|
default = false;
|
|
description = ''
|
|
Whether to run shadowsocks-libev shadowsocks server.
|
|
'';
|
|
};
|
|
|
|
localAddress = mkOption {
|
|
type = types.coercedTo types.str singleton (types.listOf types.str);
|
|
default = [
|
|
"[::0]"
|
|
"0.0.0.0"
|
|
];
|
|
description = ''
|
|
Local addresses to which the server binds.
|
|
'';
|
|
};
|
|
|
|
port = mkOption {
|
|
type = types.port;
|
|
default = 8388;
|
|
description = ''
|
|
Port which the server uses.
|
|
'';
|
|
};
|
|
|
|
password = mkOption {
|
|
type = types.nullOr types.str;
|
|
default = null;
|
|
description = ''
|
|
Password for connecting clients.
|
|
'';
|
|
};
|
|
|
|
passwordFile = mkOption {
|
|
type = types.nullOr types.path;
|
|
default = null;
|
|
description = ''
|
|
Password file with a password for connecting clients.
|
|
'';
|
|
};
|
|
|
|
mode = mkOption {
|
|
type = types.enum [
|
|
"tcp_only"
|
|
"tcp_and_udp"
|
|
"udp_only"
|
|
];
|
|
default = "tcp_and_udp";
|
|
description = ''
|
|
Relay protocols.
|
|
'';
|
|
};
|
|
|
|
fastOpen = mkOption {
|
|
type = types.bool;
|
|
default = true;
|
|
description = ''
|
|
use TCP fast-open
|
|
'';
|
|
};
|
|
|
|
encryptionMethod = mkOption {
|
|
type = types.str;
|
|
default = "chacha20-ietf-poly1305";
|
|
description = ''
|
|
Encryption method. See <https://github.com/shadowsocks/shadowsocks-org/wiki/AEAD-Ciphers>.
|
|
'';
|
|
};
|
|
|
|
plugin = mkOption {
|
|
type = types.nullOr types.str;
|
|
default = null;
|
|
example = literalExpression ''"''${pkgs.shadowsocks-v2ray-plugin}/bin/v2ray-plugin"'';
|
|
description = ''
|
|
SIP003 plugin for shadowsocks
|
|
'';
|
|
};
|
|
|
|
pluginOpts = mkOption {
|
|
type = types.str;
|
|
default = "";
|
|
example = "server;host=example.com";
|
|
description = ''
|
|
Options to pass to the plugin if one was specified
|
|
'';
|
|
};
|
|
|
|
extraConfig = mkOption {
|
|
type = types.attrs;
|
|
default = { };
|
|
example = {
|
|
nameserver = "8.8.8.8";
|
|
};
|
|
description = ''
|
|
Additional configuration for shadowsocks that is not covered by the
|
|
provided options. The provided attrset will be serialized to JSON and
|
|
has to contain valid shadowsocks options. Unfortunately most
|
|
additional options are undocumented but it's easy to find out what is
|
|
available by looking into the source code of
|
|
<https://github.com/shadowsocks/shadowsocks-libev/blob/master/src/jconf.c>
|
|
'';
|
|
};
|
|
};
|
|
|
|
};
|
|
|
|
###### implementation
|
|
|
|
config = mkIf cfg.enable {
|
|
assertions = [
|
|
{
|
|
# xor, make sure either password or passwordFile be set.
|
|
# shadowsocks-libev not support plain/none encryption method
|
|
# which indicated that password must set.
|
|
assertion =
|
|
let
|
|
noPasswd = cfg.password == null;
|
|
noPasswdFile = cfg.passwordFile == null;
|
|
in
|
|
(noPasswd && !noPasswdFile) || (!noPasswd && noPasswdFile);
|
|
message = "Option `password` or `passwordFile` must be set and cannot be set simultaneously";
|
|
}
|
|
];
|
|
|
|
systemd.services.shadowsocks-libev = {
|
|
description = "shadowsocks-libev Daemon";
|
|
after = [ "network.target" ];
|
|
wantedBy = [ "multi-user.target" ];
|
|
path =
|
|
[ pkgs.shadowsocks-libev ]
|
|
++ optional (cfg.plugin != null) cfg.plugin
|
|
++ optional (cfg.passwordFile != null) pkgs.jq;
|
|
serviceConfig.PrivateTmp = true;
|
|
script = ''
|
|
${optionalString (cfg.passwordFile != null) ''
|
|
cat ${configFile} | jq --arg password "$(cat "${cfg.passwordFile}")" '. + { password: $password }' > /tmp/shadowsocks.json
|
|
''}
|
|
exec ss-server -c ${if cfg.passwordFile != null then "/tmp/shadowsocks.json" else configFile}
|
|
'';
|
|
};
|
|
};
|
|
}
|