Unverified Commit 9015a21a authored by nikstur's avatar nikstur Committed by GitHub
Browse files

g3proxy: init at 1.10.4 (#378059)

parents 9eb68262 f0652b5d

nixos/doc/manual/release-notes/rl-2505.section.md

+2 −0
Original line number Diff line number Diff line
@@ -137,6 +137,8 @@ 


- [PowerStation](https://github.com/ShadowBlip/PowerStation/), an open source TDP control and performance daemon with DBus interface for Linux. Available as [services.powerstation](#opt-services.powerstation.enable).



- [`g3proxy`](https://github.com/bytedance/g3), an open source enterprise forward proxy from ByteDance, similar to Squid or tinyproxy. Available as [services.g3proxy](#opt-services.g3proxy.enable).



- [echoip](https://github.com/mpolden/echoip), a simple service for looking up your IP address. Available as [services.echoip](#opt-services.echoip.enable).



- [Buffyboard](https://gitlab.postmarketos.org/postmarketOS/buffybox/-/tree/master/buffyboard), a framebuffer on-screen keyboard. Available as [services.buffyboard](option.html#opt-services.buffyboard).

nixos/modules/module-list.nix

+1 −0
Original line number Diff line number Diff line
@@ -1267,6 +1267,7 @@ 
  ./services/networking/spacecookie.nix

  ./services/networking/spiped.nix

  ./services/networking/squid.nix

  ./services/networking/g3proxy.nix

  ./services/networking/ssh/sshd.nix

  ./services/networking/sslh.nix

  ./services/networking/strongswan-swanctl/module.nix

nixos/modules/services/networking/g3proxy.nix

0 → 100644
+92 −0
Original line number Diff line number Diff line 
{

  config,

  lib,

  pkgs,

  ...

}:

let

  cfg = config.services.g3proxy;



  inherit (lib)

    mkPackageOption

    mkEnableOption

    mkOption

    mkIf

    literalExpression

    ;



  settingsFormat = pkgs.formats.yaml { };

in

{

  options.services.g3proxy = {

    enable = mkEnableOption "g3proxy, a generic purpose forward proxy";



    package = mkPackageOption pkgs "g3proxy" { };



    settings = mkOption {

      type = settingsFormat.type;

      default = { };

      example = literalExpression ''

        {

          server = [{

            name = "test";

            escaper = "default";

            type = "socks_proxy";

            listen = {

              address = "[::]:10086";

            };

          }];

        }

      '';

      description = ''

        Settings of g3proxy.

      '';

    };

  };



  config = mkIf cfg.enable {

    systemd.services.g3proxy = {

      description = "g3proxy server";

      wantedBy = [ "multi-user.target" ];



      serviceConfig = {

        ExecStart =

          let

            g3proxy-yaml = settingsFormat.generate "g3proxy.yaml" cfg.settings;

          in

          "${lib.getExe cfg.package} --config-file ${g3proxy-yaml}";



        WorkingDirectory = "/var/lib/g3proxy";

        StateDirectory = "g3proxy";

        RuntimeDirectory = "g3proxy";

        DynamicUser = true;



        RuntimeDirectoryMode = "0755";

        PrivateTmp = true;

        DevicePolicy = "closed";

        LockPersonality = true;

        MemoryDenyWriteExecute = true;

        PrivateUsers = true;

        ProtectHome = true;

        ProtectHostname = true;

        ProtectKernelLogs = true;

        ProtectKernelModules = true;

        ProtectKernelTunables = true;

        ProtectControlGroups = true;

        ProtectSystem = "strict";

        ProcSubset = "pid";

        RestrictNamespaces = true;

        RestrictRealtime = true;

        RemoveIPC = true;

        SystemCallArchitectures = "native";

        UMask = "0077";

        RestrictAddressFamilies = [

          "AF_UNIX"

          "AF_INET"

          "AF_INET6"

        ];

        RestrictSUIDSGID = true;

      };

    };

  };

}

pkgs/by-name/g3/g3proxy/package.nix

0 → 100644
+63 −0
Original line number Diff line number Diff line 
{

  lib,

  rustPlatform,

  fetchFromGitHub,

  pkg-config,

  stdenv,

  darwin,

  c-ares,

  python3,

  lua5_4,

  capnproto,

  cmake,

}:



rustPlatform.buildRustPackage rec {

  pname = "g3";

  version = "v1.10.4";



  src = fetchFromGitHub {

    owner = "bytedance";

    repo = "g3";

    tag = "g3proxy-${version}";

    hash = "sha256-uafKYyzjGdtC+oMJG1wWOvgkSht/wTOzyODcPoTfOnU=";

  };



  cargoHash = "sha256-NbrJGGnpZkF7ZX3MqrMsZ03tWkN/nqWahh00O3IJGOw=";

  useFetchCargoVendor = true;



  # TODO: can we unvendor AWS LC somehow?

  buildFeatures = [

    "vendored-aws-lc"

    "rustls-aws-lc"

  ];



  # aws-lc/crypto compilation will trigger `strictoverflow` errors.

  hardeningDisable = [ "strictoverflow" ];



  nativeBuildInputs = [

    pkg-config

    rustPlatform.bindgenHook

    python3

    capnproto

    cmake

  ];



  buildInputs =

    [

      c-ares

      lua5_4

    ]

    ++ lib.optionals stdenv.isDarwin [

      darwin.apple_sdk.frameworks.Security

    ];



  meta = {

    description = "Enterprise-oriented Generic Proxy Solutions";

    homepage = "https://github.com/bytedance/g3";

    changelog = "https://github.com/bytedance/g3/blob/${src.rev}/CHANGELOG.md";

    license = lib.licenses.asl20;

    maintainers = with lib.maintainers; [ raitobezarius ];

    mainProgram = "g3proxy";

  };

}