Simplify proxy setup with tailscale

2025-08-05 19:30:54 +02:00 · 2025-08-05 19:30:54 +02:00 · dc877e8e2c
commit dc877e8e2c
parent bff91b2a42
2 changed files with 3 additions and 73 deletions
--- a/hosts/nixos-desktop/default.nix
+++ b/hosts/nixos-desktop/default.nix
@ -50,6 +50,8 @@
    };
  };
  services.tailscale.enable = true;
  # Allow to externally control MPD
  networking.firewall.allowedTCPPorts = [ 6600 ];
--- a/modules/services/work-proxy.nix
+++ b/modules/services/work-proxy.nix
@ -14,78 +14,6 @@ in
  };
  config = lib.mkIf cfg.enable {
    services.dnsmasq = {
      enable = true;
      settings = {
        server = [
          "/lefoyer.lu/127.0.0.1#1053"
          "/foyer.lu/127.0.0.1#1053"
          "/foyer.cloud/127.0.0.1#1053"
          "1.1.1.1"
        ];
        no-resolv = true;
        interface = "lo";
        bind-interfaces = true;
      };
    };
    networking = {
      proxy = {
        httpProxy = "http://127.0.0.1:${toString config.services.tinyproxy.settings.Port}";
        httpsProxy = "http://127.0.0.1:${toString config.services.tinyproxy.settings.Port}";
      };
    };
    services.tinyproxy = {
      enable = true;
      settings = {
        LogLevel = "Info";
        Port = 2345;
        Upstream = [
          ''upstream socks5 127.0.0.1:5080 ".lefoyer.lu"''
          ''upstream socks5 127.0.0.1:5080 ".foyer.lu"''
          ''upstream socks5 127.0.0.1:5080 ".foyer.cloud"''
          ''upstream http   127.0.0.1:3128 ".microsoftonline.com"''
        ];
      };
    };
    services.redsocks = {
      enable = false;
      log_debug = true;
      log_info = true;
      redsocks = [
        {
          port = 12345;
          proxy = "127.0.0.1:5080";
          type = "socks5";
          redirectCondition = "-d 10.134.0.0/16";
          doNotRedirect = [
            "-p tcp -m owner --uid-owner redsocks"
            "-p tcp --dport 80"
            "-p tcp --dport 443"
          ];
        }
        # {
        #   port = 12345;
        #   proxy = "127.0.0.1:${toString config.services.tinyproxy.settings.Port}";
        #   type = "http-relay";
        #   redirectCondition = "--dport 80";
        #   doNotRedirect = [
        #     "-p tcp -m owner --uid-owner tinyproxy"
        #   ];
        # }
        # {
        #   port = 12346;
        #   proxy = "127.0.0.1:${toString config.services.tinyproxy.settings.Port}";
        #   type = "http-connect";
        #   redirectCondition = "--dport 443";
        #   doNotRedirect = [
        #     "-p tcp -m owner --uid-owner tinyproxy"
        #   ];
        # }
      ];
    };
    security.pki.certificateFiles = [
      "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"
@ -95,7 +23,7 @@ in
    environment.variables = {
      JAVAX_NET_SSL_TRUSTSTORE = ./certs/cacerts;
-      JAVA_OPTS = "-Dhttp.proxyHost=localhost -Dhttp.proxyPort=${toString config.services.tinyproxy.settings.Port} -Dhttps.proxyHost=localhost -Dhttps.proxyPort=${toString config.services.tinyproxy.settings.Port} -Djavax.net.ssl.trustStore=${./certs/cacerts} -Djavax.net.ssl.trustStorePassword=changeit";
+      JAVA_OPTS = "-Djavax.net.ssl.trustStore=${./certs/cacerts} -Djavax.net.ssl.trustStorePassword=changeit";
    };
    home-manager.users.${config.user.name} = {