From efec7d9787f2642030c1a46acbab8a4d50c6493e Mon Sep 17 00:00:00 2001
From: Alexei Robyn <shados@shados.net>
Date: Fri, 14 Oct 2016 16:05:46 +1100
Subject: [PATCH 1/2] dante: init at 1.4.1

---
 pkgs/servers/dante/default.nix  | 23 +++++++++++++++++++++++
 pkgs/top-level/all-packages.nix |  2 ++
 2 files changed, 25 insertions(+)
 create mode 100644 pkgs/servers/dante/default.nix

diff --git a/pkgs/servers/dante/default.nix b/pkgs/servers/dante/default.nix
new file mode 100644
index 000000000000..044d4fa50ab2
--- /dev/null
+++ b/pkgs/servers/dante/default.nix
@@ -0,0 +1,23 @@
+{ stdenv, fetchurl }:
+
+stdenv.mkDerivation (rec {
+  name = "dante-${version}";
+  version = "1.4.1";
+
+  src = fetchurl {
+    url = "https://www.inet.no/dante/files/${name}.tar.gz";
+    sha256 = "0lsg3hk8zd2h9f08s13bn4l4pvyyzkj4gr4ppwa7vj7gdyyk5lmn";
+  };
+
+  configureFlags = [
+    "--with-libc=libc.so.6"
+  ];
+
+  meta = {
+    description = "A circuit-level SOCKS client/server that can be used to provide convenient and secure network connectivity.";
+    homepage    = "https://www.inet.no/dante/";
+    maintainers = [ stdenv.lib.maintainers.arobyn ];
+    license     = stdenv.lib.licenses.bsdOriginal;
+    platforms   = stdenv.lib.platforms.linux;
+  };
+})
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index 90ce4488c77d..55b7ab737d7d 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -787,6 +787,8 @@ in
 
   daemontools = callPackage ../tools/admin/daemontools { };
 
+  dante = callPackage ../servers/dante { };
+
   datamash = callPackage ../tools/misc/datamash { };
 
   datefudge = callPackage ../tools/system/datefudge { };

From 49d679d7a8f5875be21f36cf64d16531e3dd81ee Mon Sep 17 00:00:00 2001
From: Alexei Robyn <shados@shados.net>
Date: Fri, 14 Oct 2016 16:07:59 +1100
Subject: [PATCH 2/2] dante service: init

---
 nixos/modules/module-list.nix               |  1 +
 nixos/modules/services/networking/dante.nix | 61 +++++++++++++++++++++
 2 files changed, 62 insertions(+)
 create mode 100644 nixos/modules/services/networking/dante.nix

diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix
index 0c930eb2eb0c..7c3930afa52a 100644
--- a/nixos/modules/module-list.nix
+++ b/nixos/modules/module-list.nix
@@ -346,6 +346,7 @@
   ./services/networking/connman.nix
   ./services/networking/consul.nix
   ./services/networking/coturn.nix
+  ./services/networking/dante.nix
   ./services/networking/ddclient.nix
   ./services/networking/dhcpcd.nix
   ./services/networking/dhcpd.nix
diff --git a/nixos/modules/services/networking/dante.nix b/nixos/modules/services/networking/dante.nix
new file mode 100644
index 000000000000..8f4e15223ab0
--- /dev/null
+++ b/nixos/modules/services/networking/dante.nix
@@ -0,0 +1,61 @@
+{ config, lib, pkgs, ... }:
+with lib;
+
+let
+  cfg = config.services.dante;
+  confFile = pkgs.writeText "dante-sockd.conf" ''
+    user.privileged: root
+    user.unprivileged: dante
+
+    ${cfg.config}
+  '';
+in
+
+{
+  meta = {
+    maintainers = with maintainers; [ arobyn ];
+  };
+
+  options = {
+    services.dante = {
+      enable = mkEnableOption "Dante SOCKS proxy";
+
+      config = mkOption {
+        default     = null;
+        type        = types.str;
+        description = ''
+          Contents of Dante's configuration file
+          NOTE: user.privileged/user.unprivileged are set by the service
+        '';
+      };
+    };
+  };
+
+  config = mkIf cfg.enable {
+    assertions = [
+      { assertion   = cfg.config != null;
+        message     = "please provide Dante configuration file contents";
+      }
+    ];
+
+    users.users.dante = {
+      description   = "Dante SOCKS proxy daemon user";
+      isSystemUser  = true;
+      group         = "dante";
+    };
+    users.groups.dante = {};
+
+    systemd.services.dante = {
+      description   = "Dante SOCKS v4 and v5 compatible proxy server";
+      after         = [ "network.target" ];
+      wantedBy      = [ "multi-user.target" ];
+
+      serviceConfig = {
+        Type        = "simple";
+        ExecStart   = "${pkgs.dante}/bin/sockd -f ${confFile}";
+        ExecReload  = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
+        Restart     = "always";
+      };
+    };
+  };
+}