Add work-proxy module
This commit is contained in:
Paul-Henri Froidmont
parent
774273438f
commit
0f1b1ebbcf
GPG key ID:
BE948AFD7E7873BE
6 changed files with 67 additions and 2 deletions
32
modules/services/certs/Foyer-Group-Root-CA.crt
Normal file
32
modules/services/certs/Foyer-Group-Root-CA.crt
Normal file
|
|
@ -0,0 +1,32 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIFYzCCA0ugAwIBAgIQGdeAPz782qlMfDK9Mp+7DjANBgkqhkiG9w0BAQsFADAe
|
||||
MRwwGgYDVQQDExNGb3llci1Hcm91cC1Sb290LUNBMB4XDTE5MDIxMjEyNDAzN1oX
|
||||
DTM5MDIxMjEyNTAzMlowHjEcMBoGA1UEAxMTRm95ZXItR3JvdXAtUm9vdC1DQTCC
|
||||
AiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAL1B7QRo9beAqb8aFGqGBlya
|
||||
veWDPu/0ZdF4v+GCspw2AvQx9EQW373QLxa9bdnbHmij8tah/hvLaYUksRl/0kbZ
|
||||
Gik6O8caY+06a3dYwpQkOCjV2tHoPiTsZUyg5hdsQYIvZXmtXlA+qcDc+N5WjPjU
|
||||
4/KY/kgJNCQBh7DM2OziE6SQMn+i+iKiIuJlCT8Q03Y3FZR0n4aOW90YGYKoISh8
|
||||
VKuacw0D22MvxhZX8X6zIuMpH8vEXsMwIcCBENEowi0bCye5Aj1Jeyw0mLRUaDfE
|
||||
aKxFZedrAC3pZKvX9SKLqMPM/NZLgK9WTbTG1c4KrRa1S/OKrUp36y4fgdgEjvPU
|
||||
WtDaGBSDOqVqylLC5FnJjYEJESQcuOzhiJyYqZY9Cme/9QoiAmPxAVjTFZVBVyJ/
|
||||
0r6JVygBYS5l3BbV7hJ76aVHrwy4f/CuHlnaIpax99wljvgf0QFEyXHGgzOu8tmc
|
||||
g08OhlwfydSttMrsrj1wLrOTYbGLek4l4G7hJrtbqV3M0U4lforXhEFl/PWTeh7u
|
||||
ytgW7RAqC/kCUVFPgZzcgAsFXJHPAhEGjMN8//eY13tn9D9dy8kxGYt+PMHWaPdH
|
||||
ZYEOrPXogQB8iU0Z7g9pjzX/GPjcsJG6wr2D8yhFmfkanKE3Q7x5xJoeATswpnT5
|
||||
gYBYJ8EMnQnSydjR/0pbAgMBAAGjgZwwgZkwDgYDVR0PAQH/BAQDAgEGMBIGA1Ud
|
||||
EwEB/wQIMAYBAf8CAQIwHQYDVR0OBBYEFNZ6BPnRJmRv4hzKAOWlKzYBvH8cMFQG
|
||||
A1UdIARNMEswSQYJKwYBBAGCnDkBMDwwOgYIKwYBBQUHAgIwLh4sAEwAZQBnAGEA
|
||||
bAAgAFAAbwBsAGkAYwB5ACAAUwB0AGEAdABlAG0AZQBuAHQwDQYJKoZIhvcNAQEL
|
||||
BQADggIBAEwuHKngSP8SxCQ0qCWM1uLCdLdpdHnn4WftOczJTotXA8RZvdKQn5N2
|
||||
BNR8PI3tQ7aauPB/0YNfaGDaDdg2g1is/1Oh0PFaN4mYcbZIJr6El+IDdcPcGngQ
|
||||
YZYHtXqJ3y82uVM1A8cWPfx44MT5eMoK9sqpaZJaQM12BkhYkUYiAn2qaIRHrj4d
|
||||
xa3mmuxUqNmxiVcFPv357TvmuGsbmgbtLE+zRzhNStoE3VNd0Efl7wYD84UpKB2x
|
||||
hC/V5AD+FXwleDdCz2o+U1IjBnBos+cksqsJiLvYg2Fn4C4rRD/bYanOSP3Lh4ll
|
||||
eHnXOuRDgJLyZj3MRTZl9LD5czxU+pk/luNgJyGiAuykVhcr52PKybxXYCnQmiXw
|
||||
uCS8DYNjth4uSWIQqPGiNsTerdDsGUFQznTblT5e9ZArXwsa+iGno0AIUPmg08EW
|
||||
/twNdm0NSVM2tzVoKsUJxNO0GwE+j4NLGdZgxs5NlpmlKqCVK+YX4XHkbfFMu5Z3
|
||||
Tl+QnLP+XbKej08mO6r8IEmJmnjKvpXOYxme9XCyAeArzrhvIwMfA0Qvy2qpTaBW
|
||||
WdCWCiVe2F3L3e0afsfIZ/QOApjgU0tT2iz+2cPfVYHMve0RES3CGjdMCN8WHOKt
|
||||
w654Qw7ZrChUoLsPfjyhlHUB7UipQtIDT79QFxtqdi+HWTO/59Wl
|
||||
-----END CERTIFICATE-----
|
||||
|
||||
40
modules/services/certs/Foyer-Sub-CA.crt
Normal file
40
modules/services/certs/Foyer-Sub-CA.crt
Normal file
|
|
@ -0,0 +1,40 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIG5zCCBM+gAwIBAgITZQAAAAgE68Dg5FuAUQAAAAAACDANBgkqhkiG9w0BAQsF
|
||||
ADAeMRwwGgYDVQQDExNGb3llci1Hcm91cC1Sb290LUNBMB4XDTE5MDIxMjE1MjYx
|
||||
N1oXDTI5MDIxMjE1MzYxN1owRDESMBAGCgmSJomT8ixkARkWAmx1MRcwFQYKCZIm
|
||||
iZPyLGQBGRYHbGVmb3llcjEVMBMGA1UEAxMMRm95ZXItU3ViLUNBMIIBIjANBgkq
|
||||
hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2lTHYcFx1SjtRKaKKYUwlZBd2PCt9D+D
|
||||
qdn7qwgL8sEFSvydfIWTyq8fI4VLvjCg93G7hdK/+IKvBMuExNaUXAwquyJ7Xfez
|
||||
sWPXSpCS9k8LbNpBcTQrjY6vi7ldtaveZlngzwTQ2DMj2jBcEecZCtSYjpF4Tvqd
|
||||
up9U0wmzJP447cxWg+9PvU8dnt2oipeZLGjh2CjQfm26yrKse/1hEtaBkmeDo9ko
|
||||
zWEiuJUjoYZ8Zi82iDftW2nwBK/4QBDPYXEcWcL2O+Y4lY5ccgQupqTIrKNuDlU0
|
||||
lUBaLWeiHH+arMACi8V2PtXssFaG/FOL5IiQrqDOwQTpxUPy5AGF7wIDAQABo4IC
|
||||
9jCCAvIwEAYJKwYBBAGCNxUBBAMCAQAwHQYDVR0OBBYEFKkHvhdxLAGlvxPEzggz
|
||||
LfoVCNLRMFQGA1UdIARNMEswSQYJKwYBBAGCnDkBMDwwOgYIKwYBBQUHAgIwLh4s
|
||||
AEwAZQBnAGEAbAAgAFAAbwBsAGkAYwB5ACAAUwB0AGEAdABlAG0AZQBuAHQwGQYJ
|
||||
KwYBBAGCNxQCBAweCgBTAHUAYgBDAEEwCwYDVR0PBAQDAgGGMBIGA1UdEwEB/wQI
|
||||
MAYBAf8CAQAwHwYDVR0jBBgwFoAU1noE+dEmZG/iHMoA5aUrNgG8fxwwggEKBgNV
|
||||
HR8EggEBMIH+MIH7oIH4oIH1hoHFbGRhcDovLy9DTj1Gb3llci1Hcm91cC1Sb290
|
||||
LUNBLENOPUZveWVyLUdyb3VwLVJvb3QtQ0EsQ049Q0RQLENOPVB1YmxpYyUyMEtl
|
||||
eSUyMFNlcnZpY2VzLENOPVNlcnZpY2VzLENOPUNvbmZpZ3VyYXRpb24sREM9bGVm
|
||||
b3llcixEQz1sdT9jZXJ0aWZpY2F0ZVJldm9jYXRpb25MaXN0P2Jhc2U/b2JqZWN0
|
||||
Q2xhc3M9Y1JMRGlzdHJpYnV0aW9uUG9pbnSGK2h0dHA6Ly9jcmwuZm95ZXIubHUv
|
||||
Rm95ZXItR3JvdXAtUm9vdC1DQS5jcmwwgf0GCCsGAQUFBwEBBIHwMIHtMIGxBggr
|
||||
BgEFBQcwAoaBpGxkYXA6Ly8vQ049Rm95ZXItR3JvdXAtUm9vdC1DQSxDTj1BSUEs
|
||||
Q049UHVibGljJTIwS2V5JTIwU2VydmljZXMsQ049U2VydmljZXMsQ049Q29uZmln
|
||||
dXJhdGlvbixEQz1sZWZveWVyLERDPWx1P2NBQ2VydGlmaWNhdGU/YmFzZT9vYmpl
|
||||
Y3RDbGFzcz1jZXJ0aWZpY2F0aW9uQXV0aG9yaXR5MDcGCCsGAQUFBzAChitodHRw
|
||||
Oi8vYWlhLmZveWVyLmx1L0ZveWVyLUdyb3VwLVJvb3QtQ0EuY3J0MA0GCSqGSIb3
|
||||
DQEBCwUAA4ICAQC0RdvBmQkEjTpP0VzBYojCnYBytzU/1eDtOS3t7vB7dRA6oo65
|
||||
nqjUXvf5jKUD3WA7bZoBL5WO9TFlzyKgPyfGaDks20vS4Xl/bdsq9Cv9wjoenrfa
|
||||
lTExbZ9u5+UgzY0dnjkJV6cUEx0v6dujviTgwyLPOL3/5JulkwmKb8tcuUedS0GP
|
||||
MbshL7J73IJ7t5ZwZkJMZ2fAQEsmGjWYupe9vdKCs4WDPiNrw9zU3seuWH5dWqfS
|
||||
0bO6QROc8Zqrd/+ZE7quxNFw8j/DtTrq+5Xg+uCOV6nGN6ANLbcF1DO6S8mmzXlF
|
||||
2cPO3UffxCKpM+3zg+NFfOS5S7H71lxm+SgD7Qf0SPxxDOUC3p3urmAKHWvvihfc
|
||||
Ttd9MOTcF5hi2Edl2NGrORxksnLAyOkPg/9H+JdL0J1h8RrkPhhl87fmQd1VONdP
|
||||
D8n4/r0hD4RuhWQtih/b/Ode3b2NjW77rHd+5/kHdFAQKoJwXZ2kulJ7ANtT2DkW
|
||||
hpzdvkhxOchnh39E2PEH6WiMAeKHXHgqGXqiGAWoLvIvk/ciP5VG3m/Nly9J2A7f
|
||||
C8OhpoJcExnxrL1rHH+QWO3wVvbYrtKSsKqMqS7Bu8gWsAbEw8HpXgdO5TyJ3RHM
|
||||
yql2gDHKnbshIff/7tjPNwk5mttAPHtignx/MvOnRmnJvpug31v0UVEcig==
|
||||
-----END CERTIFICATE-----
|
||||
|
||||
BIN
modules/services/certs/cacerts
Normal file
BIN
modules/services/certs/cacerts
Normal file
Binary file not shown.
64
modules/services/work-proxy.nix
Normal file
64
modules/services/work-proxy.nix
Normal file
|
|
@ -0,0 +1,64 @@
|
|||
{
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
}:
|
||||
|
||||
let
|
||||
cfg = config.modules.services.work-proxy;
|
||||
in
|
||||
{
|
||||
options.modules.services.work-proxy = {
|
||||
enable = lib.my.mkBoolOpt false;
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
|
||||
networking = {
|
||||
proxy = {
|
||||
httpProxy = "http://127.0.0.1:${toString config.services.tinyproxy.settings.Port}";
|
||||
httpsProxy = "http://127.0.0.1:${toString config.services.tinyproxy.settings.Port}";
|
||||
};
|
||||
};
|
||||
|
||||
services.tinyproxy = {
|
||||
enable = true;
|
||||
settings = {
|
||||
Port = 2345;
|
||||
Upstream = [
|
||||
''upstream socks5 localhost:5080 ".lefoyer.lu"''
|
||||
''upstream socks5 localhost:5080 ".foyer.lu"''
|
||||
''upstream socks5 localhost:5080 ".foyer.cloud"''
|
||||
''upstream http localhost:3128 ".microsoftonline.com"''
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
security.pki.certificateFiles = [
|
||||
"${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"
|
||||
./certs/Foyer-Group-Root-CA.crt
|
||||
./certs/Foyer-Sub-CA.crt
|
||||
];
|
||||
|
||||
environment.variables = {
|
||||
JAVAX_NET_SSL_TRUSTSTORE = ./certs/cacerts;
|
||||
JAVA_OPTS = "-Dhttp.proxyHost=localhost -Dhttp.proxyPort=${toString config.services.tinyproxy.settings.Port} -Dhttps.proxyHost=localhost -Dhttps.proxyPort=${toString config.services.tinyproxy.settings.Port} -Djavax.net.ssl.trustStore=${./certs/cacerts} -Djavax.net.ssl.trustStorePassword=changeit";
|
||||
};
|
||||
|
||||
home-manager.users.${config.user.name} = {
|
||||
home.file.".sbt/repositories".text = ''
|
||||
[repositories]
|
||||
local
|
||||
maven-local
|
||||
nexus-maven: https://nexus.foyer.lu/repository/mvn-all/
|
||||
nexus-ivy: https://nexus.foyer.lu/repository/ivy-all/, [organization]/[module]/(scala_[scalaVersion]/)(sbt_[sbtVersion]/)[revision]/[type]s/[artifact](-[classifier]).[ext]
|
||||
nexus-ivy-sbt: https://nexus.foyer.lu/repository/ivy-all/, [organization]/[module]/(scala_[scalaVersion]/)(sbt_[sbtVersion]/)[revision]/[artifact](-[classifier])-[type].[ext]
|
||||
'';
|
||||
};
|
||||
|
||||
# users.users.${config.user.name}.extraGroups = [ "work-proxyd" ];
|
||||
#
|
||||
# environment.systemPackages = with pkgs; [ virt-manager ];
|
||||
};
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue