From bff91b2a42a94cb0e1ef9887413b9e102369cfd5 Mon Sep 17 00:00:00 2001 From: Paul-Henri Froidmont Date: Tue, 5 Aug 2025 14:58:34 +0200 Subject: [PATCH] Update work-proxy --- modules/services/work-proxy.nix | 70 ++++++++++++++++++++++++++------- 1 file changed, 55 insertions(+), 15 deletions(-) diff --git a/modules/services/work-proxy.nix b/modules/services/work-proxy.nix index 00b591d..4e54cc7 100644 --- a/modules/services/work-proxy.nix +++ b/modules/services/work-proxy.nix @@ -18,9 +18,9 @@ in enable = true; settings = { server = [ - "/lefoyer.lu/10.33.0.100" - "/foyer.lu/10.33.0.100" - "/foyer.cloud/10.33.0.100" + "/lefoyer.lu/127.0.0.1#1053" + "/foyer.lu/127.0.0.1#1053" + "/foyer.cloud/127.0.0.1#1053" "1.1.1.1" ]; no-resolv = true; @@ -39,16 +39,54 @@ in services.tinyproxy = { enable = true; settings = { + LogLevel = "Info"; Port = 2345; Upstream = [ - ''upstream socks5 localhost:5080 ".lefoyer.lu"'' - ''upstream socks5 localhost:5080 ".foyer.lu"'' - ''upstream socks5 localhost:5080 ".foyer.cloud"'' - ''upstream http localhost:3128 ".microsoftonline.com"'' + ''upstream socks5 127.0.0.1:5080 ".lefoyer.lu"'' + ''upstream socks5 127.0.0.1:5080 ".foyer.lu"'' + ''upstream socks5 127.0.0.1:5080 ".foyer.cloud"'' + ''upstream http 127.0.0.1:3128 ".microsoftonline.com"'' ]; }; }; + services.redsocks = { + enable = false; + log_debug = true; + log_info = true; + redsocks = [ + { + port = 12345; + proxy = "127.0.0.1:5080"; + type = "socks5"; + redirectCondition = "-d 10.134.0.0/16"; + doNotRedirect = [ + "-p tcp -m owner --uid-owner redsocks" + "-p tcp --dport 80" + "-p tcp --dport 443" + ]; + } + # { + # port = 12345; + # proxy = "127.0.0.1:${toString config.services.tinyproxy.settings.Port}"; + # type = "http-relay"; + # redirectCondition = "--dport 80"; + # doNotRedirect = [ + # "-p tcp -m owner --uid-owner tinyproxy" + # ]; + # } + # { + # port = 12346; + # proxy = "127.0.0.1:${toString config.services.tinyproxy.settings.Port}"; + # type = "http-connect"; + # redirectCondition = "--dport 443"; + # doNotRedirect = [ + # "-p tcp -m owner --uid-owner tinyproxy" + # ]; + # } + ]; + }; + security.pki.certificateFiles = [ "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt" ./certs/Foyer-Group-Root-CA.crt @@ -61,14 +99,16 @@ in }; home-manager.users.${config.user.name} = { - home.file.".sbt/repositories".text = '' - [repositories] - local - maven-local - nexus-maven: https://nexus.foyer.lu/repository/mvn-all/ - nexus-ivy: https://nexus.foyer.lu/repository/ivy-all/, [organization]/[module]/(scala_[scalaVersion]/)(sbt_[sbtVersion]/)[revision]/[type]s/[artifact](-[classifier]).[ext] - nexus-ivy-sbt: https://nexus.foyer.lu/repository/ivy-all/, [organization]/[module]/(scala_[scalaVersion]/)(sbt_[sbtVersion]/)[revision]/[artifact](-[classifier])-[type].[ext] - ''; + home = { + file.".sbt/repositories".text = '' + [repositories] + local + maven-local + nexus-maven: https://nexus.foyer.lu/repository/mvn-all/ + nexus-ivy: https://nexus.foyer.lu/repository/ivy-all/, [organization]/[module]/(scala_[scalaVersion]/)(sbt_[sbtVersion]/)[revision]/[type]s/[artifact](-[classifier]).[ext] + nexus-ivy-sbt: https://nexus.foyer.lu/repository/ivy-all/, [organization]/[module]/(scala_[scalaVersion]/)(sbt_[sbtVersion]/)[revision]/[artifact](-[classifier])-[type].[ext] + ''; + }; }; environment.systemPackages = with pkgs; [ chisel ];