Emitter: Enable remote burp backups to Rupert

2023-03-24 21:56:32 +01:00 · 2023-03-24 21:56:32 +01:00 · 754445e11a
parent 4cd0b3d1c3
commit 754445e11a
1 changed files with 28 additions and 0 deletions
--- a/hosts/Emitter.nix
+++ b/hosts/Emitter.nix
@ -37,6 +37,34 @@
        gitUser = "fruchti";
    };

+
+    nixpkgs.overlays = [
+        (self: super: {
+            burp = (super.burp.overrideAttrs (old: {
+                postInstall = ''
+                    mv $out/sbin/burp $out/sbin/burp-untunneled
+                    cat > $out/sbin/burp <<-EOF
+                    #!/${pkgs.bash}/bin/bash
+                    ${pkgs.openssh}/bin/ssh -i /secrets/id_burp_remote -o IdentitiesOnly=yes -o ExitOnForwardFailure=yes -L 4971:localhost:4971 burp-remote@rupert.gvfr.de -f true
+                    $out/sbin/burp-untunneled \$@
+                    EOF
+                    chmod +x $out/sbin/burp
+                '';
+            }));
+        })
+    ];
+
+    services.burp = {
+        client = {
+            enable = true;
+            # Because of the port forward, the server will be localhost
+            server = "localhost";
+            frequency = "2:00";
+            passwordFile = "/secrets/burp_client_password";
+            sslKeyPasswordFile = "/secrets/burp_ssl_key_password";
+        };
+    };
+
    # This value determines the NixOS release from which the default
    # settings for stateful data, like file locations and database versions
    # on your system were taken. It’s perfectly fine and recommended to leave