phfroidmont/nixos-configs
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add work-proxy module

Browse source
This commit is contained in:
Paul-Henri Froidmont 2025-08-01 02:06:04 +02:00
parent 774273438f
commit 0f1b1ebbcf
Signed by: phfroidmont
GPG key ID: BE948AFD7E7873BE
6 changed files with 67 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

3
hosts/nixos-desktop/default.nix
View file

@ -1,4 +1,4 @@
{ ... }: { pkgs, config, ... }:
{ {
imports = [ ./hardware-configuration.nix ]; imports = [ ./hardware-configuration.nix ];
@ -14,6 +14,7 @@
docker.enable = true; docker.enable = true;
libvirt.enable = true; libvirt.enable = true;
languagetool.enable = true; languagetool.enable = true;
work-proxy.enable = true;
}; };
media = { media = {
mpd.enable = true; mpd.enable = true;

2
modules/desktop/wm.nix
View file

@ -182,7 +182,7 @@ in
bind = [ bind = [
"$mod, Return, exec, ${term}" "$mod, Return, exec, ${term}"
"$mod, C, killactive" "$mod, C, killactive"
"$mod SHIFT, Q, exit" # "$mod SHIFT, Q, exit"
"$mod SHIFT, A, exec, ${term} -e pulsemixer" "$mod SHIFT, A, exec, ${term} -e pulsemixer"
"$mod, W, exec, firefox" "$mod, W, exec, firefox"
"$mod, R, exec, ${term} -e yazi" "$mod, R, exec, ${term} -e yazi"

0
certs/Foyer-Group-Root-CA.crt → modules/services/certs/Foyer-Group-Root-CA.crt
View file

0
certs/Foyer-Sub-CA.crt → modules/services/certs/Foyer-Sub-CA.crt
View file

BIN
modules/services/certs/cacerts Normal file
View file

Binary file not shown.

64
modules/services/work-proxy.nix Normal file
View file

@ -0,0 +1,64 @@
{
config,
lib,
pkgs,
...
}:
let
cfg = config.modules.services.work-proxy;
in
{
options.modules.services.work-proxy = {
enable = lib.my.mkBoolOpt false;
};
config = lib.mkIf cfg.enable {
networking = {
proxy = {
httpProxy = "http://127.0.0.1:${toString config.services.tinyproxy.settings.Port}";
httpsProxy = "http://127.0.0.1:${toString config.services.tinyproxy.settings.Port}";
};
};
services.tinyproxy = {
enable = true;
settings = {
Port = 2345;
Upstream = [
''upstream socks5 localhost:5080 ".lefoyer.lu"''
''upstream socks5 localhost:5080 ".foyer.lu"''
''upstream socks5 localhost:5080 ".foyer.cloud"''
''upstream http localhost:3128 ".microsoftonline.com"''
];
};
};
security.pki.certificateFiles = [
"${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"
./certs/Foyer-Group-Root-CA.crt
./certs/Foyer-Sub-CA.crt
];
environment.variables = {
JAVAX_NET_SSL_TRUSTSTORE = ./certs/cacerts;
JAVA_OPTS = "-Dhttp.proxyHost=localhost -Dhttp.proxyPort=${toString config.services.tinyproxy.settings.Port} -Dhttps.proxyHost=localhost -Dhttps.proxyPort=${toString config.services.tinyproxy.settings.Port} -Djavax.net.ssl.trustStore=${./certs/cacerts} -Djavax.net.ssl.trustStorePassword=changeit";
};
home-manager.users.${config.user.name} = {
home.file.".sbt/repositories".text = ''
[repositories]
local
maven-local
nexus-maven: https://nexus.foyer.lu/repository/mvn-all/
nexus-ivy: https://nexus.foyer.lu/repository/ivy-all/, [organization]/[module]/(scala_[scalaVersion]/)(sbt_[sbtVersion]/)[revision]/[type]s/[artifact](-[classifier]).[ext]
nexus-ivy-sbt: https://nexus.foyer.lu/repository/ivy-all/, [organization]/[module]/(scala_[scalaVersion]/)(sbt_[sbtVersion]/)[revision]/[artifact](-[classifier])-[type].[ext]
'';
};
# users.users.${config.user.name}.extraGroups = [ "work-proxyd" ];
#
# environment.systemPackages = with pkgs; [ virt-manager ];
};
}