| Piotr Dobrowolski | a01905a | 2021-10-16 18:22:46 +0200 | [diff] [blame] | 1 | { pkgs, workspace, ... }: |
| 2 | |
| 3 | let |
| 4 | name = "laserproxy"; |
| 5 | user = name; |
| 6 | group = name; |
| 7 | in { |
| 8 | users.users."${user}" = { |
| 9 | group = "${group}"; |
| Piotr Dobrowolski | b6bc3e6 | 2021-10-16 21:56:59 +0200 | [diff] [blame^] | 10 | isSystemUser = true; |
| 11 | uid = 1004; |
| Piotr Dobrowolski | a01905a | 2021-10-16 18:22:46 +0200 | [diff] [blame] | 12 | }; |
| 13 | users.groups."${group}" = {}; |
| 14 | |
| 15 | systemd.services."${name}" = { |
| 16 | description = "Logging packet log from nftables"; |
| 17 | wantedBy = [ "multi-user.target" ]; |
| 18 | |
| 19 | serviceConfig.User = "${user}"; |
| 20 | serviceConfig.Type = "simple"; |
| 21 | |
| 22 | serviceConfig.ExecStart = "${workspace.hswaw.laserproxy}/bin/laserproxy -logtostderr -hspki_disable -web_address 127.0.0.1:2137"; |
| 23 | }; |
| 24 | |
| 25 | services.nginx.virtualHosts."laser.waw.hackerspace.pl" = { |
| 26 | listen = [ |
| 27 | { addr = "10.8.1.2"; port=80; ssl=false; } |
| 28 | #{ addr = "10.8.1.2"; port=433; ssl=true; } |
| 29 | ]; |
| 30 | locations."/" = { |
| 31 | proxyPass = "http://127.0.0.1:2137/"; |
| 32 | extraConfig = '' |
| 33 | proxy_set_header Host $host; |
| 34 | proxy_set_header X-Real-IP $remote_addr; |
| 35 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; |
| 36 | proxy_set_header X-Forwarded-Host $host:$server_port; |
| 37 | proxy_set_header X-Forwarded-Server $host; |
| 38 | proxy_set_header X-Forwarded-Proto $scheme; |
| 39 | |
| 40 | allow 10.0.0.0/8; |
| 41 | deny all; |
| 42 | ''; |
| 43 | }; |
| 44 | }; |
| 45 | |
| 46 | } |