1 { config, lib, pkgs, ... }:
7 inherit (pkgs) nntp-proxy;
9 cfg = config.services.nntp-proxy;
11 configBool = b: if b then "TRUE" else "FALSE";
13 confFile = pkgs.writeText "nntp-proxy.conf" ''
16 # NNTP Server host and port address
17 server = "${cfg.upstreamServer}";
18 port = ${toString cfg.upstreamPort};
20 username = "${cfg.upstreamUser}";
21 # NNTP password in clear text
22 password = "${cfg.upstreamPassword}";
23 # Maximum number of connections allowed by the NNTP
24 max_connections = ${toString cfg.upstreamMaxConnections};
29 # Local address and port to bind to
30 bind_ip = "${cfg.listenAddress}";
31 bind_port = ${toString cfg.port};
33 # SSL key and cert file
34 ssl_key = "${cfg.sslKey}";
35 ssl_cert = "${cfg.sslCert}";
37 # prohibit users from posting
38 prohibit_posting = ${configBool cfg.prohibitPosting};
39 # Verbose levels: ERROR, WARNING, NOTICE, INFO, DEBUG
40 verbose = "${toUpper cfg.verbosity}";
41 # Password is made with: 'mkpasswd -m sha-512 <password>'
42 users = (${concatStringsSep ",\n" (mapAttrsToList (username: userConfig:
45 username = "${username}";
46 password = "${userConfig.passwordHash}";
47 max_connections = ${toString userConfig.maxConnections};
61 services.nntp-proxy = {
62 enable = mkEnableOption "NNTP-Proxy";
64 upstreamServer = mkOption {
67 example = "ssl-eu.astraweb.com";
69 Upstream server address
73 upstreamPort = mkOption {
81 upstreamMaxConnections = mkOption {
85 Upstream server maximum allowed concurrent connections
89 upstreamUser = mkOption {
93 Upstream server username
97 upstreamPassword = mkOption {
101 Upstream server password
105 listenAddress = mkOption {
107 default = "127.0.0.1";
110 Proxy listen address (IPv6 literal addresses need to be enclosed in "[" and "]" characters)
125 example = "/path/to/your/key.file";
133 default = "cert.pem";
134 example = "/path/to/your/cert.file";
136 Proxy ssl certificate path
140 prohibitPosting = mkOption {
144 Whether to prohibit posting to the upstream server
148 verbosity = mkOption {
149 type = types.enum [ "error" "warning" "notice" "info" "debug" ];
158 type = types.attrsOf (types.submodule {
160 username = mkOption {
167 passwordHash = mkOption {
169 example = "$6$GtzE7FrpE$wwuVgFYU.TZH4Rz.Snjxk9XGua89IeVwPQ/fEUD8eujr40q5Y021yhn0aNcsQ2Ifw.BLclyzvzgegopgKcneL0";
171 SHA-512 password hash (can be generated by
172 `mkpasswd -m sha-512 <password>`)
176 maxConnections = mkOption {
180 Maximum number of concurrent connections to the proxy for this user
186 NNTP-Proxy user configuration
190 example = literalExpression ''
193 passwordHash = "$6$1l0t5Kn2Dk$appzivc./9l/kjq57eg5UCsBKlcfyCr0zNWYNerKoPsI1d7eAwiT0SVsOVx/CTgaBNT/u4fi2vN.iGlPfv1ek0";
197 passwordHash = "$6$6lwEsWB.TmsS$W7m1riUx4QrA8pKJz8hvff0dnF1NwtZXgdjmGqA1Dx2MDPj07tI9GNcb0SWlMglE.2/hBgynDdAd/XqqtRqVQ0";
207 ###### implementation
209 config = mkIf cfg.enable {
211 users.users.nntp-proxy = {
213 group = "nntp-proxy";
214 description = "NNTP-Proxy daemon user";
216 users.groups.nntp-proxy = {};
218 systemd.services.nntp-proxy = {
219 description = "NNTP proxy";
220 after = [ "network.target" "nss-lookup.target" ];
221 wantedBy = [ "multi-user.target" ];
222 serviceConfig = { User="nntp-proxy"; };
223 serviceConfig.ExecStart = "${nntp-proxy}/bin/nntp-proxy ${confFile}";
225 if [ ! \( -f ${cfg.sslCert} -a -f ${cfg.sslKey} \) ]; then
226 ${pkgs.openssl.bin}/bin/openssl req -subj '/CN=AutoGeneratedCert/O=NixOS Service/C=US' \
227 -new -newkey rsa:2048 -days 365 -nodes -x509 -keyout ${cfg.sslKey} -out ${cfg.sslCert};