| { pkgs, workspace, ... }: |
| |
| let |
| name = "laserproxy"; |
| user = name; |
| group = name; |
| in { |
| users.users."${user}" = { |
| group = "${group}"; |
| isSystemUser = true; |
| uid = 1004; |
| }; |
| users.groups."${group}" = {}; |
| |
| systemd.services."${name}" = { |
| description = "Logging packet log from nftables"; |
| wantedBy = [ "multi-user.target" ]; |
| after = ["network-addresses-laser.service"]; |
| |
| serviceConfig.User = "${user}"; |
| serviceConfig.Type = "simple"; |
| serviceConfig.Restart = "always"; |
| serviceConfig.RestartSec = "30"; |
| serviceConfig.ExecStart = "${workspace.hswaw.laserproxy}/bin/laserproxy -logtostderr -hspki_disable -web_address 127.0.0.1:2137"; |
| }; |
| |
| services.nginx.virtualHosts."laser.waw.hackerspace.pl" = { |
| listen = [ |
| { addr = "10.8.1.2"; port=80; ssl=false; } |
| #{ addr = "10.8.1.2"; port=433; ssl=true; } |
| ]; |
| locations."/" = { |
| proxyPass = "http://127.0.0.1:2137/"; |
| extraConfig = '' |
| proxy_set_header Host $host; |
| proxy_set_header X-Real-IP $remote_addr; |
| proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; |
| proxy_set_header X-Forwarded-Host $host:$server_port; |
| proxy_set_header X-Forwarded-Server $host; |
| proxy_set_header X-Forwarded-Proto $scheme; |
| |
| allow 10.0.0.0/8; |
| deny all; |
| ''; |
| }; |
| }; |
| |
| } |