nixos/shellinabox: drop
This commit is contained in:
parent
64e026af23
commit
3ecddf791d
3 changed files with 2 additions and 123 deletions
|
@ -1075,7 +1075,6 @@
|
|||
./services/web-servers/phpfpm/default.nix
|
||||
./services/web-servers/pomerium.nix
|
||||
./services/web-servers/unit/default.nix
|
||||
./services/web-servers/shellinabox.nix
|
||||
./services/web-servers/tomcat.nix
|
||||
./services/web-servers/traefik.nix
|
||||
./services/web-servers/trafficserver/default.nix
|
||||
|
|
|
@ -88,6 +88,8 @@ with lib;
|
|||
The racoon module has been removed, because the software project was abandoned upstream.
|
||||
'')
|
||||
|
||||
(mkRemovedOptionModule [ "services" "shellinabox" ] "The corresponding package was removed from nixpkgs.")
|
||||
|
||||
# Do NOT add any option renames here, see top of the file
|
||||
];
|
||||
}
|
||||
|
|
|
@ -1,122 +0,0 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with lib;
|
||||
|
||||
let
|
||||
|
||||
cfg = config.services.shellinabox;
|
||||
|
||||
# If a certificate file is specified, shellinaboxd requires
|
||||
# a file descriptor to retrieve it
|
||||
fd = "3";
|
||||
createFd = optionalString (cfg.certFile != null) "${fd}<${cfg.certFile}";
|
||||
|
||||
# Command line arguments for the shellinabox daemon
|
||||
args = [ "--background" ]
|
||||
++ optional (! cfg.enableSSL) "--disable-ssl"
|
||||
++ optional (cfg.certFile != null) "--cert-fd=${fd}"
|
||||
++ optional (cfg.certDirectory != null) "--cert=${cfg.certDirectory}"
|
||||
++ cfg.extraOptions;
|
||||
|
||||
# Command to start shellinaboxd
|
||||
cmd = "${pkgs.shellinabox}/bin/shellinaboxd ${concatStringsSep " " args}";
|
||||
|
||||
# Command to start shellinaboxd if certFile is specified
|
||||
wrappedCmd = "${pkgs.bash}/bin/bash -c 'exec ${createFd} && ${cmd}'";
|
||||
|
||||
in
|
||||
|
||||
{
|
||||
|
||||
###### interface
|
||||
|
||||
options = {
|
||||
services.shellinabox = {
|
||||
enable = mkEnableOption "shellinabox daemon";
|
||||
|
||||
user = mkOption {
|
||||
type = types.str;
|
||||
default = "root";
|
||||
description = ''
|
||||
User to run shellinaboxd as. If started as root, the server drops
|
||||
privileges by changing to nobody, unless overridden by the
|
||||
<literal>--user</literal> option.
|
||||
'';
|
||||
};
|
||||
|
||||
enableSSL = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
Whether or not to enable SSL (https) support.
|
||||
'';
|
||||
};
|
||||
|
||||
certDirectory = mkOption {
|
||||
type = types.nullOr types.path;
|
||||
default = null;
|
||||
example = "/var/certs";
|
||||
description = ''
|
||||
The daemon will look in this directory far any certificates.
|
||||
If the browser negotiated a Server Name Identification the daemon
|
||||
will look for a matching certificate-SERVERNAME.pem file. If no SNI
|
||||
handshake takes place, it will fall back on using the certificate in the
|
||||
certificate.pem file.
|
||||
|
||||
If no suitable certificate is installed, shellinaboxd will attempt to
|
||||
create a new self-signed certificate. This will only succeed if, after
|
||||
dropping privileges, shellinaboxd has write permissions for this
|
||||
directory.
|
||||
'';
|
||||
};
|
||||
|
||||
certFile = mkOption {
|
||||
type = types.nullOr types.path;
|
||||
default = null;
|
||||
example = "/var/certificate.pem";
|
||||
description = "Path to server SSL certificate.";
|
||||
};
|
||||
|
||||
extraOptions = mkOption {
|
||||
type = types.listOf types.str;
|
||||
default = [ ];
|
||||
example = [ "--port=443" "--service /:LOGIN" ];
|
||||
description = ''
|
||||
A list of strings to be appended to the command line arguments
|
||||
for shellinaboxd. Please see the manual page
|
||||
<link xlink:href="https://code.google.com/p/shellinabox/wiki/shellinaboxd_man"/>
|
||||
for a full list of available arguments.
|
||||
'';
|
||||
};
|
||||
|
||||
};
|
||||
};
|
||||
|
||||
###### implementation
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
|
||||
assertions =
|
||||
[ { assertion = cfg.enableSSL == true
|
||||
-> cfg.certDirectory != null || cfg.certFile != null;
|
||||
message = "SSL is enabled for shellinabox, but no certDirectory or certFile has been specefied."; }
|
||||
{ assertion = ! (cfg.certDirectory != null && cfg.certFile != null);
|
||||
message = "Cannot set both certDirectory and certFile for shellinabox."; }
|
||||
];
|
||||
|
||||
systemd.services.shellinaboxd = {
|
||||
description = "Shellinabox Web Server Daemon";
|
||||
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
requires = [ "sshd.service" ];
|
||||
after = [ "sshd.service" ];
|
||||
|
||||
serviceConfig = {
|
||||
Type = "forking";
|
||||
User = "${cfg.user}";
|
||||
ExecStart = "${if cfg.certFile == null then "${cmd}" else "${wrappedCmd}"}";
|
||||
ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
Loading…
Reference in a new issue