feat: setup termix and wireproxy for sock5 proxy.

2026-01-31 13:54:42 +01:00 · 2026-01-31 13:54:42 +01:00 · 2363adccc0
commit 2363adccc0
parent 02062743f8
9 changed files with 135 additions and 24 deletions
--- a/modules/servers/per-server/tyr/secrets.nix
+++ b/modules/servers/per-server/tyr/secrets.nix
@ -43,6 +43,18 @@
      paperless-ngx = {
        file = ../../../../secrets/paperless-ngx.age;
      };
+      wg-wireproxy = {
+        file = ../../../../secrets/wg-wireproxy.age;
+        owner = "wireproxy";
+        group = "wireproxy";
+      };
+      wireproxy = {
+        file = ../../../../secrets/wireproxy.age;
+        path = "/etc/wireproxy/wireproxy.conf";
+        owner = "wireproxy";
+        group = "wireproxy";
+        symlink = false;
+      };
    };
  };
 }
--- a/modules/servers/per-server/tyr/services/dns.nix
+++ b/modules/servers/per-server/tyr/services/dns.nix
@ -85,6 +85,7 @@
          ''"linkwarden.home.cronyakatsuki.xyz IN A 192.168.0.5"''
          ''"paperless.home.cronyakatsuki.xyz IN A 192.168.0.5"''
          ''"komga.home.cronyakatsuki.xyz IN A 192.168.0.5"''
+          ''"termix.home.cronyakatsuki.xyz IN A 192.168.0.5"''
        ];
      };
    };
--- a/modules/servers/per-server/tyr/services/termix.nix
+++ b/modules/servers/per-server/tyr/services/termix.nix
@ -0,0 +1,39 @@
+{
+  virtualisation.oci-containers.containers.termix = {
+    image = "ghcr.io/lukegus/termix:latest";
+    autoStart = true;
+    ports = [
+      "8484:8484"
+    ];
+    labels = {
+      "io.containers.autoupdate" = "registry";
+    };
+    volumes = [
+      "/var/lib/termix:/app/data:U"
+    ];
+    extraOptions = ["--network=host"];
+    environment.PORT = "8484";
+  };
+
+  services.restic.backups = {
+    local.paths = ["/var/lib/termix"];
+    server.paths = ["/var/lib/termix"];
+  };
+
+  services.traefik.dynamicConfigOptions.http = {
+    services.termix.loadBalancer.servers = [
+      {
+        url = "http://localhost:8484";
+      }
+    ];
+
+    routers.termix = {
+      rule = "Host(`termix.home.cronyakatsuki.xyz`)";
+      tls = {
+        certResolver = "porkbun";
+      };
+      service = "termix";
+      entrypoints = "websecure";
+    };
+  };
+}
--- a/modules/servers/per-server/tyr/services/wireproxy.nix
+++ b/modules/servers/per-server/tyr/services/wireproxy.nix
@ -0,0 +1,34 @@
+{pkgs, ...}: {
+  systemd.services.wireproxy = {
+    enable = true;
+    description = "Wireproxy";
+    after = ["network.target"];
+    wants = ["network.target"];
+
+    serviceConfig = {
+      Type = "simple";
+      Restart = "always";
+      RestartSec = 3;
+      User = "wireproxy";
+      Group = "wireproxy";
+      WorkingDirectory = "/var/lib/wireproxy";
+      StateDirectory = "wireproxy";
+    };
+
+    script = "${pkgs.wireproxy}/bin/wireproxy";
+
+    wantedBy = ["multi-user.target"];
+  };
+
+  users = {
+    users.wireproxy = {
+      isSystemUser = true;
+      home = "/var/lib/wireproxy";
+      createHome = true;
+      group = "wireproxy";
+    };
+    groups.wireproxy = {};
+  };
+
+  networking.firewall.allowedTCPPorts = [25344];
+}