nix/hosts/jupiter/configs/mmproxy/default.nix

{
  inputs,
  system,
  pkgs,
  ...
}:
let
  selfPkgs = inputs.self.packages.${system};
in
{
  environment.systemPackages = [ selfPkgs.go-mmproxy ];

  boot.kernel.sysctl."net.ipv4.conf.all.route_localnet" = 1;

  networking = {
    iproute2 = {
      enable = true;
      rttablesExtraConfig = ''
        100 mmproxy
      '';
    };

    localCommands =
      let
        ip = "${pkgs.iproute2}/bin/ip";
        iptables = "${pkgs.iptables}/bin/iptables";
      in
      ''
        ${iptables} -t mangle -D PREROUTING -m mark --mark 100 -m comment --comment mmproxy -j CONNMARK --save-mark || true
        ${iptables} -t mangle -I PREROUTING -m mark --mark 100 -m comment --comment mmproxy -j CONNMARK --save-mark

        ${iptables} -t mangle -D OUTPUT -m connmark --mark 100 -m comment --comment mmproxy -j CONNMARK --restore-mark || true
        ${iptables} -t mangle -I OUTPUT -m connmark --mark 100 -m comment --comment mmproxy -j CONNMARK --restore-mark

        ${ip} rule del fwmark 100 lookup 100 || true
        ${ip} rule add fwmark 100 lookup 100

        ${ip} route del local 0.0.0.0/0 dev lo table 100 || true
        ${ip} route add local 0.0.0.0/0 dev lo table 100
      '';
  };
}