diff options
Diffstat (limited to 'hosts/darkstar/default.nix')
| -rw-r--r-- | hosts/darkstar/default.nix | 30 |
1 files changed, 25 insertions, 5 deletions
diff --git a/hosts/darkstar/default.nix b/hosts/darkstar/default.nix index 8cdf25e..a0e92c4 100644 --- a/hosts/darkstar/default.nix +++ b/hosts/darkstar/default.nix @@ -24,10 +24,13 @@ zfs.package = pkgs.zfs_unstable; }; - environment.systemPackages = [ - pkgs.mitmproxy - pkgs.speedtest-go - ]; + environment = { + etc."mitmproxy-c64u.py".source = ./mitmproxy-c64u.py; + systemPackages = [ + pkgs.mitmproxy + pkgs.speedtest-go + ]; + }; imports = [ ./disks.nix @@ -120,7 +123,23 @@ system.stateVersion = "23.11"; - systemd.services."nftables-extra" = let rules_script = '' + systemd.services = { + "mitmproxy" = let rules_script = '' + ${pkgs.mitmproxy}/bin/mitmproxy -p 80 -s /etc/mitmproxy-c64u.py --mode reverse:http://hackerswithstyle.se:80 --set block_global=false + ''; in { + description = "proxy for C64 site hackerswithstyle.se"; + script = rules_script; + serviceConfig = { + Restart = "on-failure"; + RestartSec = 5; + StandardError = "append:/var/log/mitmproxy.log"; + StandardOutput = "append:/var/log/mitmproxy.log"; + Type = "simple"; + }; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + }; + "nftables-extra" = let rules_script = '' ${pkgs.nftables}/bin/nft -a list chain inet nixos-fw input | ${pkgs.gnugrep}/bin/grep @anveo | ${pkgs.gnugrep}/bin/grep -Eo 'handle [[:digit:]]+$' | ${pkgs.gnused}/bin/sed -e 's/^handle //' | while read handle; do ${pkgs.nftables}/bin/nft delete rule inet nixos-fw input handle ''${handle}; done if ${pkgs.nftables}/bin/nft list set inet nixos-fw anveo 2>/dev/null; then ${pkgs.nftables}/bin/nft delete set inet nixos-fw anveo; fi if ${pkgs.nftables}/bin/nft list ct helpers table inet nixos-fw | ${pkgs.gnugrep}/bin/grep -qE '^[[:space:]]*ct helper sip-5060 {$'; then ${pkgs.nftables}/bin/nft delete ct helper inet nixos-fw sip-5060; fi @@ -148,6 +167,7 @@ wantedBy = [ "multi-user.target" ]; after = [ "nftables.service" ]; partOf = [ "nftables.service" ]; + }; }; systemd.paths."nftables-extra" = { |