Add work-proxy module

2025-08-01 02:06:04 +02:00 · 2025-08-01 02:06:04 +02:00 · 0f1b1ebbcf
commit 0f1b1ebbcf
parent 774273438f
6 changed files with 67 additions and 2 deletions
--- a/hosts/nixos-desktop/default.nix
+++ b/hosts/nixos-desktop/default.nix
@ -1,4 +1,4 @@
-{ ... }:
+{ pkgs, config, ... }:
 {
  imports = [ ./hardware-configuration.nix ];

@ -14,6 +14,7 @@
      docker.enable = true;
      libvirt.enable = true;
      languagetool.enable = true;
+      work-proxy.enable = true;
    };
    media = {
      mpd.enable = true;
--- a/modules/desktop/wm.nix
+++ b/modules/desktop/wm.nix
@ -182,7 +182,7 @@ in
          bind = [
            "$mod, Return, exec, ${term}"
            "$mod, C, killactive"
-            "$mod SHIFT, Q, exit"
+            # "$mod SHIFT, Q, exit"
            "$mod SHIFT, A, exec, ${term} -e pulsemixer"
            "$mod, W, exec, firefox"
            "$mod, R, exec, ${term} -e yazi"
--- a/modules/services/certs/Foyer-Group-Root-CA.crt
+++ b/modules/services/certs/Foyer-Group-Root-CA.crt
--- a/modules/services/certs/Foyer-Sub-CA.crt
+++ b/modules/services/certs/Foyer-Sub-CA.crt
--- a/modules/services/certs/cacerts
+++ b/modules/services/certs/cacerts
--- a/modules/services/work-proxy.nix
+++ b/modules/services/work-proxy.nix
@ -0,0 +1,64 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+
+let
+  cfg = config.modules.services.work-proxy;
+in
+{
+  options.modules.services.work-proxy = {
+    enable = lib.my.mkBoolOpt false;
+  };
+
+  config = lib.mkIf cfg.enable {
+
+    networking = {
+      proxy = {
+        httpProxy = "http://127.0.0.1:${toString config.services.tinyproxy.settings.Port}";
+        httpsProxy = "http://127.0.0.1:${toString config.services.tinyproxy.settings.Port}";
+      };
+    };
+
+    services.tinyproxy = {
+      enable = true;
+      settings = {
+        Port = 2345;
+        Upstream = [
+          ''upstream socks5 localhost:5080 ".lefoyer.lu"''
+          ''upstream socks5 localhost:5080 ".foyer.lu"''
+          ''upstream socks5 localhost:5080 ".foyer.cloud"''
+          ''upstream http localhost:3128 ".microsoftonline.com"''
+        ];
+      };
+    };
+
+    security.pki.certificateFiles = [
+      "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"
+      ./certs/Foyer-Group-Root-CA.crt
+      ./certs/Foyer-Sub-CA.crt
+    ];
+
+    environment.variables = {
+      JAVAX_NET_SSL_TRUSTSTORE = ./certs/cacerts;
+      JAVA_OPTS = "-Dhttp.proxyHost=localhost -Dhttp.proxyPort=${toString config.services.tinyproxy.settings.Port} -Dhttps.proxyHost=localhost -Dhttps.proxyPort=${toString config.services.tinyproxy.settings.Port} -Djavax.net.ssl.trustStore=${./certs/cacerts} -Djavax.net.ssl.trustStorePassword=changeit";
+    };
+
+    home-manager.users.${config.user.name} = {
+      home.file.".sbt/repositories".text = ''
+        [repositories]
+          local
+          maven-local
+          nexus-maven: https://nexus.foyer.lu/repository/mvn-all/
+          nexus-ivy: https://nexus.foyer.lu/repository/ivy-all/, [organization]/[module]/(scala_[scalaVersion]/)(sbt_[sbtVersion]/)[revision]/[type]s/[artifact](-[classifier]).[ext]
+          nexus-ivy-sbt: https://nexus.foyer.lu/repository/ivy-all/, [organization]/[module]/(scala_[scalaVersion]/)(sbt_[sbtVersion]/)[revision]/[artifact](-[classifier])-[type].[ext]
+      '';
+    };
+
+    # users.users.${config.user.name}.extraGroups = [ "work-proxyd" ];
+    #
+    # environment.systemPackages = with pkgs; [ virt-manager ];
+  };
+}