hswaw/machines/customs: check in code.hackerspace.pl/vuko/customs
Change-Id: Ic698cce2ef0060a54b195cf90574696b8be1eb0f
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1162
Reviewed-by: informatic <informatic@hackerspace.pl>
diff --git a/hswaw/machines/customs.hackerspace.pl/laserproxy/service.nix b/hswaw/machines/customs.hackerspace.pl/laserproxy/service.nix
new file mode 100644
index 0000000..c82ef5b
--- /dev/null
+++ b/hswaw/machines/customs.hackerspace.pl/laserproxy/service.nix
@@ -0,0 +1,45 @@
+{ pkgs, workspace, ... }:
+
+let
+ name = "laserproxy";
+ user = name;
+ group = name;
+in {
+ users.users."${user}" = {
+ group = "${group}";
+ useDefaultShell = true;
+ };
+ users.groups."${group}" = {};
+
+ systemd.services."${name}" = {
+ description = "Logging packet log from nftables";
+ wantedBy = [ "multi-user.target" ];
+
+ serviceConfig.User = "${user}";
+ serviceConfig.Type = "simple";
+
+ serviceConfig.ExecStart = "${workspace.hswaw.laserproxy}/bin/laserproxy -logtostderr -hspki_disable -web_address 127.0.0.1:2137";
+ };
+
+ services.nginx.virtualHosts."laser.waw.hackerspace.pl" = {
+ listen = [
+ { addr = "10.8.1.2"; port=80; ssl=false; }
+ #{ addr = "10.8.1.2"; port=433; ssl=true; }
+ ];
+ locations."/" = {
+ proxyPass = "http://127.0.0.1:2137/";
+ extraConfig = ''
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Host $host:$server_port;
+ proxy_set_header X-Forwarded-Server $host;
+ proxy_set_header X-Forwarded-Proto $scheme;
+
+ allow 10.0.0.0/8;
+ deny all;
+ '';
+ };
+ };
+
+}