diff --git a/hosts/nixos-desktop/default.nix b/hosts/nixos-desktop/default.nix index 654c238..1888a36 100644 --- a/hosts/nixos-desktop/default.nix +++ b/hosts/nixos-desktop/default.nix @@ -1,4 +1,4 @@ -{ ... }: +{ pkgs, config, ... }: { imports = [ ./hardware-configuration.nix ]; @@ -14,6 +14,7 @@ docker.enable = true; libvirt.enable = true; languagetool.enable = true; + work-proxy.enable = true; }; media = { mpd.enable = true; diff --git a/modules/desktop/wm.nix b/modules/desktop/wm.nix index 848b932..e339563 100644 --- a/modules/desktop/wm.nix +++ b/modules/desktop/wm.nix @@ -182,7 +182,7 @@ in bind = [ "$mod, Return, exec, ${term}" "$mod, C, killactive" - "$mod SHIFT, Q, exit" + # "$mod SHIFT, Q, exit" "$mod SHIFT, A, exec, ${term} -e pulsemixer" "$mod, W, exec, firefox" "$mod, R, exec, ${term} -e yazi" diff --git a/certs/Foyer-Group-Root-CA.crt b/modules/services/certs/Foyer-Group-Root-CA.crt similarity index 100% rename from certs/Foyer-Group-Root-CA.crt rename to modules/services/certs/Foyer-Group-Root-CA.crt diff --git a/certs/Foyer-Sub-CA.crt b/modules/services/certs/Foyer-Sub-CA.crt similarity index 100% rename from certs/Foyer-Sub-CA.crt rename to modules/services/certs/Foyer-Sub-CA.crt diff --git a/modules/services/certs/cacerts b/modules/services/certs/cacerts new file mode 100644 index 0000000..76e31eb Binary files /dev/null and b/modules/services/certs/cacerts differ diff --git a/modules/services/work-proxy.nix b/modules/services/work-proxy.nix new file mode 100644 index 0000000..8c499e1 --- /dev/null +++ b/modules/services/work-proxy.nix @@ -0,0 +1,64 @@ +{ + config, + lib, + pkgs, + ... +}: + +let + cfg = config.modules.services.work-proxy; +in +{ + options.modules.services.work-proxy = { + enable = lib.my.mkBoolOpt false; + }; + + config = lib.mkIf cfg.enable { + + networking = { + proxy = { + httpProxy = "http://127.0.0.1:${toString config.services.tinyproxy.settings.Port}"; + httpsProxy = "http://127.0.0.1:${toString config.services.tinyproxy.settings.Port}"; + }; + }; + + services.tinyproxy = { + enable = true; + settings = { + Port = 2345; + Upstream = [ + ''upstream socks5 localhost:5080 ".lefoyer.lu"'' + ''upstream socks5 localhost:5080 ".foyer.lu"'' + ''upstream socks5 localhost:5080 ".foyer.cloud"'' + ''upstream http localhost:3128 ".microsoftonline.com"'' + ]; + }; + }; + + security.pki.certificateFiles = [ + "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt" + ./certs/Foyer-Group-Root-CA.crt + ./certs/Foyer-Sub-CA.crt + ]; + + environment.variables = { + JAVAX_NET_SSL_TRUSTSTORE = ./certs/cacerts; + JAVA_OPTS = "-Dhttp.proxyHost=localhost -Dhttp.proxyPort=${toString config.services.tinyproxy.settings.Port} -Dhttps.proxyHost=localhost -Dhttps.proxyPort=${toString config.services.tinyproxy.settings.Port} -Djavax.net.ssl.trustStore=${./certs/cacerts} -Djavax.net.ssl.trustStorePassword=changeit"; + }; + + home-manager.users.${config.user.name} = { + home.file.".sbt/repositories".text = '' + [repositories] + local + maven-local + nexus-maven: https://nexus.foyer.lu/repository/mvn-all/ + nexus-ivy: https://nexus.foyer.lu/repository/ivy-all/, [organization]/[module]/(scala_[scalaVersion]/)(sbt_[sbtVersion]/)[revision]/[type]s/[artifact](-[classifier]).[ext] + nexus-ivy-sbt: https://nexus.foyer.lu/repository/ivy-all/, [organization]/[module]/(scala_[scalaVersion]/)(sbt_[sbtVersion]/)[revision]/[artifact](-[classifier])-[type].[ext] + ''; + }; + + # users.users.${config.user.name}.extraGroups = [ "work-proxyd" ]; + # + # environment.systemPackages = with pkgs; [ virt-manager ]; + }; +}