49 lines
1.4 KiB
Nix
49 lines
1.4 KiB
Nix
{ config, lib, pkgs, ... }:
|
|
{
|
|
services.burp.server = {
|
|
enable = true;
|
|
dataDirectory = "/data/burp";
|
|
sslKeyPasswordFile = "/secrets/burp_server_ssl_key_password";
|
|
workingDirRecoveryMethod = "resume";
|
|
maxResumeAttempts = 3;
|
|
keep = [ 14 4 6 2 ];
|
|
clients = lib.listToAttrs (map (client: {
|
|
name = client;
|
|
value = {
|
|
passwordFile = "/secrets/burp_client_passwords/${client}";
|
|
};
|
|
}) [
|
|
config.networking.hostName
|
|
"Pullach"
|
|
"Disco"
|
|
"Berthold"
|
|
"Ernesto"
|
|
"Emitter"
|
|
]);
|
|
superClients = [
|
|
config.networking.hostName
|
|
];
|
|
timerArgs = [
|
|
"20h"
|
|
"Mon,Tue,Wed,Thu,Fri,Sat,Sun,00,01,02,03,04,05,06,07,08,17,18,19,20,21,22,23"
|
|
];
|
|
};
|
|
|
|
# Used for other clients to open an SSH tunnel to the burp server
|
|
users.users.burp-remote = {
|
|
isNormalUser = false;
|
|
isSystemUser = true;
|
|
createHome = false;
|
|
group = "nogroup";
|
|
# A shell is necessary for the user to run `sleep`
|
|
shell = pkgs.bash;
|
|
openssh.authorizedKeys.keys = [
|
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIItwImll4vcrfRQZjf6zkEGJswpL9EdWRiibXtjis99J root@Emitter"
|
|
];
|
|
};
|
|
services.openssh.extraConfig = ''
|
|
Match User burp-remote
|
|
ForceCommand ${pkgs.coreutils}/bin/sleep 10
|
|
'';
|
|
}
|