mirrors/nix-darwin
mirrors/nix-darwin
1
0
Fork 0
mirror of https://github.com/LnL7/nix-darwin.git synced 2025-03-06 08:47:00 +00:00
Code Activity

services/dnscrypt-proxy: init

Browse source
This commit is contained in:
r17x 2025-02-17 23:25:40 +07:00
parent 665cc04a60
commit 7386d8878e
No known key found for this signature in database
GPG key ID: 5CA1E57AFBF76F90
5 changed files with 108 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
modules/misc/ids.nix
View file

@ -39,11 +39,13 @@ in
ids.uids = {
nixbld = lib.mkDefault 350;
_prometheus-node-exporter = 534;
_dnscrypt-proxy = 535;
};
ids.gids = {
nixbld = lib.mkDefault (if config.system.stateVersion < 5 then 30000 else 350);
_prometheus-node-exporter = 534;
_dnscrypt-proxy = 535;
};
};

1
modules/module-list.nix
View file

@ -62,6 +62,7 @@
./services/chunkwm.nix
./services/cachix-agent.nix
./services/dnsmasq.nix
./services/dnscrypt-proxy.nix
./services/emacs.nix
./services/eternal-terminal.nix
./services/github-runner

81
modules/services/dnscrypt-proxy.nix Normal file
View file

@ -0,0 +1,81 @@
{
config,
lib,
pkgs,
...
}:
let
cfg = config.services.dnscrypt-proxy;
format = pkgs.formats.toml { };
configFile = format.generate "dnscrypt-proxy.toml" cfg.settings;
in
{
options.services.dnscrypt-proxy = {
enable = lib.mkEnableOption "the dnscrypt-proxy service.";
package = lib.mkPackageOption pkgs "dnscrypt-proxy2" { };
settings = lib.mkOption {
description = ''
Attrset that is converted and passed as TOML config file.
For available params, see: <https://github.com/DNSCrypt/dnscrypt-proxy/blob/${pkgs.dnscrypt-proxy2.version}/dnscrypt-proxy/example-dnscrypt-proxy.toml>
'';
example = lib.literalExpression ''
{
sources.public-resolvers = {
urls = [ "https://download.dnscrypt.info/resolvers-list/v2/public-resolvers.md" ];
cache_file = "public-resolvers.md";
minisign_key = "RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3";
refresh_delay = 72;
};
}
'';
type = format.type;
default = { };
};
};
config = lib.mkIf cfg.enable {
users.users._dnscrypt-proxy = {
uid = config.ids.uids._dnscrypt-proxy;
gid = config.ids.gids._dnscrypt-proxy;
home = "/var/lib/dnscrypt-proxy";
createHome = true;
shell = "/usr/bin/false";
description = "System user for dnscrypt-proxy";
};
users.groups._dnscrypt-proxy = {
gid = config.ids.gids._dnscrypt-proxy;
description = "System group for dnscrypt-proxy";
};
users.knownUsers = [ "_dnscrypt-proxy" ];
users.knownGroups = [ "_dnscrypt-proxy" ];
launchd.daemons.dnscrypt-proxy = {
script = ''
${lib.getExe' cfg.package "dnscrypt-proxy"} -config ${configFile}
'';
serviceConfig =
let
logPath = config.users.users._dnscrypt-proxy.home + "/dnscrypt-proxy.log";
in
{
RunAtLoad = true;
KeepAlive = true;
StandardOutPath = logPath;
StandardErrorPath = logPath;
GroupName = "_dnscrypt-proxy";
UserName = "_dnscrypt-proxy";
};
};
};
}

1
release.nix
View file

@ -103,6 +103,7 @@ in {
tests.sockets-nix-daemon = makeTest ./tests/sockets-nix-daemon.nix;
tests.services-aerospace = makeTest ./tests/services-aerospace.nix;
tests.services-dnsmasq = makeTest ./tests/services-dnsmasq.nix;
tests.services-dnscrypt-proxy = makeTest ./tests/services-dnscrypt-proxy.nix;
tests.services-eternal-terminal = makeTest ./tests/services-eternal-terminal.nix;
tests.services-nix-gc = makeTest ./tests/services-nix-gc.nix;
tests.services-nix-optimise = makeTest ./tests/services-nix-optimise.nix;

23
tests/services-dnscrypt-proxy.nix Normal file
View file

@ -0,0 +1,23 @@
{
config,
pkgs,
...
}:
let
dnscrypt-proxy = pkgs.runCommand "dnscrypt-proxy-0.0.0" { } "mkdir $out";
in
{
services.dnscrypt-proxy.enable = true;
services.dnscrypt-proxy.package = dnscrypt-proxy;
test = ''
echo >&2 "checking dnscrypt-proxy service in /Library/LaunchDaemons"
grep -q "org.nixos.dnscrypt-proxy" -- ${config.out}/Library/LaunchDaemons/org.nixos.dnscrypt-proxy.plist
grep -q "dnscrypt-proxy-start" -- ${config.out}/Library/LaunchDaemons/org.nixos.dnscrypt-proxy.plist
echo >&2 "checking dnscrypt-proxy system user in /Library/LaunchDaemons"
grep -q "_dnscrypt-proxy" -- ${config.out}/Library/LaunchDaemons/org.nixos.dnscrypt-proxy.plist
'';
}