Emitter: Enable remote burp backups to Rupert

This commit is contained in:
fruchti 2023-03-24 21:56:32 +01:00
parent 4cd0b3d1c3
commit 754445e11a

View file

@ -37,6 +37,34 @@
gitUser = "fruchti"; gitUser = "fruchti";
}; };
nixpkgs.overlays = [
(self: super: {
burp = (super.burp.overrideAttrs (old: {
postInstall = ''
mv $out/sbin/burp $out/sbin/burp-untunneled
cat > $out/sbin/burp <<-EOF
#!/${pkgs.bash}/bin/bash
${pkgs.openssh}/bin/ssh -i /secrets/id_burp_remote -o IdentitiesOnly=yes -o ExitOnForwardFailure=yes -L 4971:localhost:4971 burp-remote@rupert.gvfr.de -f true
$out/sbin/burp-untunneled \$@
EOF
chmod +x $out/sbin/burp
'';
}));
})
];
services.burp = {
client = {
enable = true;
# Because of the port forward, the server will be localhost
server = "localhost";
frequency = "2:00";
passwordFile = "/secrets/burp_client_password";
sslKeyPasswordFile = "/secrets/burp_ssl_key_password";
};
};
# This value determines the NixOS release from which the default # This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions # settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave # on your system were taken. Its perfectly fine and recommended to leave