qenya/nixfiles
1
0
Fork 0
Code Issues 4 Pull requests Activity Actions

yevaud/pennykettle: Run SOCKS server

Browse source
This commit is contained in:
Katherina Walshe-Grey 2025-06-17 12:01:37 +01:00
parent 7e61ad0aac
commit a7052e1b8f
1 changed files with 18 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

19
hosts/yevaud/experiments/pennykettle.nix
View file

@ -59,7 +59,7 @@
}; };
routes = [ routes = [
{ Gateway = [ "0.0.0.0" ]; } { Gateway = [ "0.0.0.0" ]; }
{ Gateway = [ "::" ]; } { Gateway = [ "::" ]; } # TODO: ipv6 out is still not working for unclear reasons
]; ];
}; };
@ -81,6 +81,11 @@
}]; }];
}; };
}; };
networking.nat.enable = true;
networking.nat.enableIPv6 = true;
networking.nat.internalInterfaces = [ "ve-pennykettle1" ];
networking.nat.externalInterface = "wg-protonvpn";
}; };
}; };
@ -90,4 +95,16 @@
group = "systemd-network"; group = "systemd-network";
mode = "640"; mode = "640";
}; };
# TODO: password-protect the proxy instead of relying on only listening over Tailscale
services.microsocks = {
enable = true;
port = 1080;
ip = "::";
outgoingBindIp = "fc00::2";
# authUsername = "testusername123";
# authPasswordFile = pkgs.writeText "testpassword" "testpassworddonotuse";
# execWrapper = "${lib.getExe pkgs.strace}";
};
networking.firewall.interfaces."tailscale0".allowedTCPPorts = [ 1080 ];
} }