Add haproxy/mmproxy combo

Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
2025-03-01 23:02:03 +00:00
parent ae66cfd854
commit a271e892c3
7 changed files with 101 additions and 41 deletions
--- a/hosts/jupiter/configs/mmproxy/default.nix
+++ b/hosts/jupiter/configs/mmproxy/default.nix
@@ -0,0 +1,42 @@
+{
+  inputs,
+  system,
+  pkgs,
+  ...
+}:
+let
+  selfPkgs = inputs.self.packages.${system};
+in
+{
+  environment.systemPackages = [ selfPkgs.go-mmproxy ];
+
+  boot.kernel.sysctl."net.ipv4.conf.all.route_localnet" = 1;
+
+  networking = {
+    iproute2 = {
+      enable = true;
+      rttablesExtraConfig = ''
+        100 mmproxy
+      '';
+    };
+
+    localCommands =
+      let
+        ip = "${pkgs.iproute2}/bin/ip";
+        iptables = "${pkgs.iptables}/bin/iptables";
+      in
+      ''
+        ${iptables} -t mangle -D PREROUTING -m mark --mark 100 -m comment --comment mmproxy -j CONNMARK --save-mark || true
+        ${iptables} -t mangle -I PREROUTING -m mark --mark 100 -m comment --comment mmproxy -j CONNMARK --save-mark
+
+        ${iptables} -t mangle -D OUTPUT -m connmark --mark 100 -m comment --comment mmproxy -j CONNMARK --restore-mark || true
+        ${iptables} -t mangle -I OUTPUT -m connmark --mark 100 -m comment --comment mmproxy -j CONNMARK --restore-mark
+
+        ${ip} rule del fwmark 100 lookup 100 || true
+        ${ip} rule add fwmark 100 lookup 100
+
+        ${ip} route del local 0.0.0.0/0 dev lo table 100 || true
+        ${ip} route add local 0.0.0.0/0 dev lo table 100
+      '';
+  };
+}
--- a/hosts/jupiter/default.nix
+++ b/hosts/jupiter/default.nix
@@ -26,6 +26,7 @@
    ../common/configs/system/users
    ../common/configs/system/zsh

+    ./configs/mmproxy
    ./configs/wireguard

    ./users/storm