wip: home proxy

2023-04-09 00:37:43 +02:00 · 2023-04-09 00:37:43 +02:00 · 3f717f4b28
commit 3f717f4b28
parent 893f33e7f9
3 changed files with 19 additions and 0 deletions
--- a/secret/hosts/attic.nix
+++ b/secret/hosts/attic.nix
--- a/system/hosts/attic.nix
+++ b/system/hosts/attic.nix
@ -17,6 +17,8 @@ in

    (import ../nixos/atticd.nix (args // { inherit secret; }))

+    (import ../nixos/home-proxy.nix (args // { inherit secret; }))
+
    ../nixos/tailscale.nix
  ];

--- a/system/nixos/home-proxy.nix
+++ b/system/nixos/home-proxy.nix
@ -0,0 +1,17 @@
+{ pkgs, config, secret, ... }:
+
+{
+  services.nginx.streamConfig = ''
+    upstream home {
+      resolver 1.1.1.1 ipv6=off;
+      server ${secret.nginx.upstream.home.hostname}:${secret.nginx.upstream.home.port};
+    }
+
+    server {
+      listen ${secret.nginx.upstream.home.port};
+      proxy_pass home;
+    }
+  '';
+
+  networking.firewall.interfaces."enp1s0".allowedTCPPorts = [ secret.nginx.upstream.home.port ];
+}