magpie: remove restya, add 3proxy

2024-03-17 19:33:03 +01:00 · 2024-03-17 19:33:03 +01:00 · d9ae2d4e69
commit d9ae2d4e69
parent c66a23bf94
1 changed files with 26 additions and 20 deletions
--- a/magpie/configuration.nix
+++ b/magpie/configuration.nix
@ -13,8 +13,6 @@
  nix.optimise.automatic = true;
  nix.settings.experimental-features = ["nix-command" "flakes"];

-  nixpkgs.overlays = [ nvim.overlays.${system}.overlay ];
-
  # Use the systemd-boot EFI boot loader.
  boot.loader.systemd-boot.enable = true;
  boot.loader.systemd-boot.configurationLimit = 2;
@ -41,6 +39,7 @@
    fzy
    git
    goatcounter.packages.${system}.goatcounter
+    nvim.packages.${system}.nvim
    htop-vim
    nvim
    pciutils
@ -93,13 +92,6 @@
    };
  };

-  services.restya-board = {
-    enable = true;
-    virtualHost.serverName = "board.project-cloud.net";
-    virtualHost.listenHost = "localhost";
-    virtualHost.listenPort = 4001;
-  };
-
  services.goatcounter = {
    enable = true;
    environmentFile = "/var/lib/goatcounter.env";
@ -182,15 +174,6 @@
      };
    };

-    virtualHosts."board.project-cloud.net" = {
-      quic = true;
-      forceSSL = true;
-      enableACME = true;
-      locations."/" = {
-        proxyPass = "http://localhost:${toString config.services.restya-board.virtualHost.listenPort}";
-      };
-    };
-
    virtualHosts."stats.project-cloud.net" = {
      quic = true;
      forceSSL = true;
@ -247,6 +230,24 @@
    ProtectSystem = lib.mkForce false;
  };

+  services._3proxy = {
+    enable = true;
+    services = [
+      {
+        type = "socks";
+        auth = ["strong"];
+        acl = [
+          {
+            rule = "allow";
+            users = ["3proxy_user"];
+          }
+        ];
+	bindPort = 13128;
+      }
+    ];
+    usersFile = config.sops.secrets."3proxy".path;
+  };
+
  security.acme = {
    acceptTerms = true;
    defaults.email = "asmir.abdulahovic@gmail.com";
@ -276,8 +277,13 @@
    owner = config.users.users.nextcloud.name;
  };

+  sops.secrets."3proxy" = {
+    sopsFile = ./secrets/3proxy.yaml;
+  };
+
+
  networking.firewall.enable = true;
-  networking.firewall.allowedTCPPorts = [80 443 587];
+  networking.firewall.allowedTCPPorts = [80 443 587 13128];
  networking.firewall.allowedUDPPorts = [];
  networking.firewall.allowPing = true;
  networking.firewall.logRefusedConnections = lib.mkDefault false;