nixos/onionbalance: init service

Kloenk · Jun 15, 2020 · 35bfb9c · 35bfb9c
1 parent eff4b6c
commit 35bfb9c
Show file tree

Hide file tree

Showing 2 changed files with 75 additions and 0 deletions.
diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix
@@ -792,6 +792,7 @@
   ./services/security/nginx-sso.nix
   ./services/security/oauth2_proxy.nix
   ./services/security/oauth2_proxy_nginx.nix
+  ./services/security/onionbalance.nix
   ./services/security/privacyidea.nix
   ./services/security/physlock.nix
   ./services/security/shibboleth-sp.nix

diff --git a/nixos/modules/services/security/onionbalace.nix b/nixos/modules/services/security/onionbalace.nix
@@ -0,0 +1,74 @@
+{ config, lib, pkgs, ... }:
+
+let
+  inherit (lib) mkEnableOption mkIf mkOption types;
+
+  cfg = config.services.onionbalance;
+in {
+  options = {
+    services.onionbalance = {
+      enable = mkEnableOption "Onionbalance load balancer";
+
+      settings = {
+        type = types.attrs;
+        default = { };
+        example = {
+          services = [{
+            instances = [{
+              address =
+                "wmilwokvqistssclrjdi5arzrctn6bznkwmosvfyobmyv2fc3idbpwyd.onion";
+              name = "node1";
+            }];
+            key =
+              "/run/secrets/mvfqbrdcl2ldfkcr5q4577z6c6crujtj2bwfcvbfwlxvz3e53gg46sid.key";
+          }];
+        };
+        description = ''
+          Config file for onionbalance <xlink:href="https://onionbalance.readthedocs.io/en/latest">https://onionbalance.readthedocs.io/en/latest</link>.'';
+      };
+
+      verbosity = mkOption {
+        type = types.enum [ "debug" "info" "warning" "error" "critical" ];
+        default = "info";
+        description = "Minimum verbosity level for logging.";
+      };
+
+      tor.controlPort = mkOption {
+        type = types.port;
+        default = config.services.tor.controlPort;
+        description = "Tor controller port";
+      };
+    };
+  };
+
+  # implementation
+  config = mkIf cfg.enable {
+
+    services.tor.enable = true;
+
+    systemd.services.onionbalance = {
+      wantedBy = [ "multi-user.target" ];
+      after = [ "networking.target" "tor.service" ];
+
+      serviceConfig = {
+        User = "onionbalance";
+        Group = "onionbalance";
+      };
+
+      script = let
+        configFile =
+          pkgs.writeText "config.json" (builtins.toJSON cfg.settings);
+      in ''
+        ${pkgs.onionbalance}/bin/onionbalance -v ${cfg.verbosity} -c ${configFile} -p ${
+          toString cfg.tor.controlPort
+        }
+      '';
+    };
+
+    users.users.onionbalance = {
+      description = "onionbalance Daemon User";
+      createHome = false;
+      extraGroups = [ "tor" ];
+    };
+  };
+}