Gitiles
Code Review Sign In
gerrit.hackerspace.pl / hscloud / 32624090e4834774fd886b0e4b4e80bab46d8b7d / . / hswaw / machines / customs.hackerspace.pl / laserproxy / service.nix
blob: e9e361a562307d3ecc1a3c24aa2caef3c9cca855 [file] [log] [blame]
Piotr Dobrowolskia01905a2021-10-16 18:22:46 +0200[diff] [blame]1{ pkgs, workspace, ... }:
2
3let
4 name = "laserproxy";
5 user = name;
6 group = name;
7in {
8 users.users."${user}" = {
9 group = "${group}";
Piotr Dobrowolskib6bc3e62021-10-16 21:56:59 +0200[diff] [blame]10 isSystemUser = true;
11 uid = 1004;
Piotr Dobrowolskia01905a2021-10-16 18:22:46 +0200[diff] [blame]12 };
13 users.groups."${group}" = {};
14
15 systemd.services."${name}" = {
16 description = "Logging packet log from nftables";
17 wantedBy = [ "multi-user.target" ];
vukoe8a5d8f2022-06-26 19:09:43 +0200[diff] [blame]18 after = ["network-addresses-laser.service"];
Piotr Dobrowolskia01905a2021-10-16 18:22:46 +0200[diff] [blame]19
20 serviceConfig.User = "${user}";
21 serviceConfig.Type = "simple";
vukoe8a5d8f2022-06-26 19:09:43 +0200[diff] [blame]22 serviceConfig.Restart = "always";
23 serviceConfig.RestartSec = "30";
Piotr Dobrowolskia01905a2021-10-16 18:22:46 +0200[diff] [blame]24 serviceConfig.ExecStart = "${workspace.hswaw.laserproxy}/bin/laserproxy -logtostderr -hspki_disable -web_address 127.0.0.1:2137";
25 };
26
27 services.nginx.virtualHosts."laser.waw.hackerspace.pl" = {
28 listen = [
29 { addr = "10.8.1.2"; port=80; ssl=false; }
30 #{ addr = "10.8.1.2"; port=433; ssl=true; }
31 ];
32 locations."/" = {
33 proxyPass = "http://127.0.0.1:2137/";
34 extraConfig = ''
35 proxy_set_header Host $host;
36 proxy_set_header X-Real-IP $remote_addr;
37 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
38 proxy_set_header X-Forwarded-Host $host:$server_port;
39 proxy_set_header X-Forwarded-Server $host;
40 proxy_set_header X-Forwarded-Proto $scheme;
41
42 allow 10.0.0.0/8;
43 deny all;
44 '';
45 };
46 };
47
48}