Simplify proxy setup with tailscale

2025-08-05 19:30:54 +02:00 · 2025-08-05 19:30:54 +02:00 · dc877e8e2c
commit dc877e8e2c
parent bff91b2a42
2 changed files with 3 additions and 73 deletions
--- a/hosts/nixos-desktop/default.nix
+++ b/hosts/nixos-desktop/default.nix
@ -50,6 +50,8 @@
    };
  };

+  services.tailscale.enable = true;
+
  # Allow to externally control MPD
  networking.firewall.allowedTCPPorts = [ 6600 ];

--- a/modules/services/work-proxy.nix
+++ b/modules/services/work-proxy.nix
@ -14,78 +14,6 @@ in
  };

  config = lib.mkIf cfg.enable {
-    services.dnsmasq = {
-      enable = true;
-      settings = {
-        server = [
-          "/lefoyer.lu/127.0.0.1#1053"
-          "/foyer.lu/127.0.0.1#1053"
-          "/foyer.cloud/127.0.0.1#1053"
-          "1.1.1.1"
-        ];
-        no-resolv = true;
-        interface = "lo";
-        bind-interfaces = true;
-      };
-    };
-
-    networking = {
-      proxy = {
-        httpProxy = "http://127.0.0.1:${toString config.services.tinyproxy.settings.Port}";
-        httpsProxy = "http://127.0.0.1:${toString config.services.tinyproxy.settings.Port}";
-      };
-    };
-
-    services.tinyproxy = {
-      enable = true;
-      settings = {
-        LogLevel = "Info";
-        Port = 2345;
-        Upstream = [
-          ''upstream socks5 127.0.0.1:5080 ".lefoyer.lu"''
-          ''upstream socks5 127.0.0.1:5080 ".foyer.lu"''
-          ''upstream socks5 127.0.0.1:5080 ".foyer.cloud"''
-          ''upstream http   127.0.0.1:3128 ".microsoftonline.com"''
-        ];
-      };
-    };
-
-    services.redsocks = {
-      enable = false;
-      log_debug = true;
-      log_info = true;
-      redsocks = [
-        {
-          port = 12345;
-          proxy = "127.0.0.1:5080";
-          type = "socks5";
-          redirectCondition = "-d 10.134.0.0/16";
-          doNotRedirect = [
-            "-p tcp -m owner --uid-owner redsocks"
-            "-p tcp --dport 80"
-            "-p tcp --dport 443"
-          ];
-        }
-        # {
-        #   port = 12345;
-        #   proxy = "127.0.0.1:${toString config.services.tinyproxy.settings.Port}";
-        #   type = "http-relay";
-        #   redirectCondition = "--dport 80";
-        #   doNotRedirect = [
-        #     "-p tcp -m owner --uid-owner tinyproxy"
-        #   ];
-        # }
-        # {
-        #   port = 12346;
-        #   proxy = "127.0.0.1:${toString config.services.tinyproxy.settings.Port}";
-        #   type = "http-connect";
-        #   redirectCondition = "--dport 443";
-        #   doNotRedirect = [
-        #     "-p tcp -m owner --uid-owner tinyproxy"
-        #   ];
-        # }
-      ];
-    };

    security.pki.certificateFiles = [
      "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"
@ -95,7 +23,7 @@ in

    environment.variables = {
      JAVAX_NET_SSL_TRUSTSTORE = ./certs/cacerts;
-      JAVA_OPTS = "-Dhttp.proxyHost=localhost -Dhttp.proxyPort=${toString config.services.tinyproxy.settings.Port} -Dhttps.proxyHost=localhost -Dhttps.proxyPort=${toString config.services.tinyproxy.settings.Port} -Djavax.net.ssl.trustStore=${./certs/cacerts} -Djavax.net.ssl.trustStorePassword=changeit";
+      JAVA_OPTS = "-Djavax.net.ssl.trustStore=${./certs/cacerts} -Djavax.net.ssl.trustStorePassword=changeit";
    };

    home-manager.users.${config.user.name} = {