From 930c1bd90ad04b4676a2f3e1e6e53debccac76a8 Mon Sep 17 00:00:00 2001
From: sinavir <sinavir@sinavir.fr>
Date: Sun, 22 Dec 2024 02:46:44 +0100
Subject: [PATCH] feat(sni-proxy): init

---
 machines/labcore01/_configuration.nix |   1 +
 machines/labcore01/kfet/favicon.png   | Bin 0 -> 3606 bytes
 machines/labcore01/kfet/index.html    |  93 ++++++++++++++++++++++++++
 machines/labcore01/nginx.nix          |   8 +++
 machines/router02/_configuration.nix  |   1 +
 machines/router02/nginx-sni.nix       |  21 ++++++
 modules/default.nix                   |   3 +
 7 files changed, 127 insertions(+)
 create mode 100644 machines/labcore01/kfet/favicon.png
 create mode 100644 machines/labcore01/kfet/index.html
 create mode 100644 machines/labcore01/nginx.nix
 create mode 100644 machines/router02/nginx-sni.nix

diff --git a/machines/labcore01/_configuration.nix b/machines/labcore01/_configuration.nix
index 5c0b9f5..01e49f2 100644
--- a/machines/labcore01/_configuration.nix
+++ b/machines/labcore01/_configuration.nix
@@ -8,6 +8,7 @@ lib.extra.mkConfig {
   enabledServices = [
     # List of services to enable
     "unbound"
+    "nginx"
   ];
 
   extraConfig = { };
diff --git a/machines/labcore01/kfet/favicon.png b/machines/labcore01/kfet/favicon.png
new file mode 100644
index 0000000000000000000000000000000000000000..56fb42995770e3b66dcb1d383c634ebfb81fa8d4
GIT binary patch
literal 3606
zcmV+x4(aiUP)<h;3K|Lk000e1NJLTq003YB003YJ1^@s6;+S_h00006VoOIv0RI60
z0RN!9r;`8x010qNS#tmYib4PYib4UZe!H#!000McNliru;RPHGHY{-eYZU+h4Wmg!
zK~#9!?Okh76jv5LGcYiNFpRGR6;KexH)<3CW2xvytuhPZCfU4WqNS*@)Jjm%m@Nak
zYD!%~!bX#rY={~#7$8Q4MRC<2k`PBk1E@S?07o8icnl0PbM{9{<1jPbw|jcJ+s9Yc
zf4Xm<bMHO(dG0yqN&o=iF$9D3LCNTpurMeqF9$C#uZK<uD8@%7lc7qbLX}E|Z!KPo
zcTsZrGH?8Q_3DM*-rndclc7{9MHd$rXYdkV<wrzBpwVbVd+6P#kJEU^ty_m`wHgr-
z&1N$qBI<NH)YR8wb8|C3J#89}88ZeWA|lY$)zvPYr>9NB^z?L`GiT0&C4lG!3y==~
z*s_IlzNhl@vAeq)Nnkdc(QG!O$z(#EPKR2p7Be$5F(xJk)6&xL_U+sEgolW@`(H`o
z7eFshPfSTkA*z6r`KLMKE0@c$uC5N9iLS0L@d{wh+_`w>>{&G3*J9{UT3X5(|JK%4
zbT-UpGx`r1Vw1nCkhA}{X=(8MbI%FFTOyIbl`B`k)6<g|UQbP&2sKqzR^J2>fK)1l
zmfu@I>7``#e_Ka~!+F@aX%mbXF@m=;2L=R)XCIK9oXooN0RZyyPCCSYa%d=guw@Is
zYkfrV2p~2#)}jAT96#pJ{}~w>k9We3w4{r_{>u9QMQ^?dzJmsdraZ)Rz^IWU;mXyk
zoG@LqXc6q+zn`@LIvkh-)~#DdoYrJAL3VaFR8&+zMMVYNxN!qQLPB6>WF!Ox1VHBZ
z-@}?UYe1n;(9$Zsa)rGr!q?Xq5fM{TQaD@wWo2ixTGFK+IKY~xzrQ~*pR~h=iD*hB
z68tDRnUa>tWMaP$m_B0$Ha0dQBBIe~L{CpoP6XiP<;A%2jYcE(@7Iqt&z#&`VqP8!
z1tZ$~zx>iJt(KM+b^_S3V}}*7gv3Nn1fWu>7z^M(-+bc`&)V8rB0fz`O^j)~xw)Z6
zqp?Zv=+UFh1+aeodb=6qLMzB*I6y=^ecEyLgTY`R;+2z=!<mqEIvqP@9F<~f;J|?n
zR|eg<dH*&(|1>wcA5tt>xR5mui9~{hg@u0%nI;ns4-RH7fTW}($_)DX`8iY(3J(wB
z%D8Z$h?B}^(&M<`=kD%KI#O7^aB*>=RZ#VDP#?c^=~Cj#2n-D5q(TCNf{6GvHa7CD
zknGVq6$&(&OipVda=Dzi@^f-?IV<SIi4%!<mX($9Dgeei;WKB>IJ5~{v2rDG+P}Z>
z0%to;qsc^+POH@ltBR0HsbzBVRK7zD|G8}&QMw&FcS3V>GiL?$@bDl?$0bj8x*&;!
zdP`k;nKiT2)KqYFrPqG6wY5R~h7Ft+w5hR?Ox4}iCaeG?G<uj5Cr+?pG=9Pac=_d*
ziPFxUHxEpNLk6)vJ}~gX=m8Rm1SEEP0V0C2yPFlG?+za(N_R3pAI_aU%XvZNaye1D
zJFTtaRY&XfdN3M|jG3%_`)#5YSgX;%teG<fRS(zK)rofw(ChWk&7uc<l$1o2ZvOoF
zg6ro6Uj+f$Hx+GZX|a2>W)CGLB}C~qz4sodFJ2T}0D|`bs%2<ab~Yp8Q>RXaF=NKi
zrb|mths1;gQJhfKH#CTM4#@u>`6f)MRKi(;$+W$_9o~5Tb*C4UbnepLzRkPPEw;wq
z-YN^TI<_i^ix)2vZT<WA@6XGYf7q~LMEQ|OB*N-~R4Us7pgC5vc;0#E9iqYx8#avB
z!t$XB?boj#_G5NxXZfOc@7^{u)=Yh@cJCQDa3GPH;qKkLc{hWkLsfM(5uLGP$KvMA
zo3Wsv05234Vqsw+mX?-cTU(n2y-Sxa;q>X#>3Wsri@tsP+RR){O$|}zG<9`$hp<0&
z{1*hVL+$MBq|DcU^YU!|H*elNT(xQyexH?v20{z!`w<=<?zjN1T)j$vFui|2ZDvRX
z>5NCO*Hf#aD=I8n`JO#{I5EzpIb*gS!)zfVBZIPV_J*#W7(95eU;=1vZl=xOhaY~3
z)z#I)nWx(mKzw|>T_PTYM~ssuO%l`;zOB6-g@D;?#=xON9XpUID=)YE?Wdm#X#bx*
zdp7+1^Us2AvLrOBc4zV(5gbgm5%cr+x0&$9_3Jj@zqNQVgoKQv%)r)d+aND5Pw-u?
zf>0ys41|V;l5NDMgoWAM1N5|nkVqsrVZsF3?)UlUpNql;>MzecgF+%JD~oInh>DK3
z`njW{17$LqrB7F{Uf4misyKJ<oM`;d>g($T6+l8lBAJU)-@bjVx`<Avvr<Fn=H^m%
z=?g_gFm>uwW<!KR0e*gdP);%5FvXA|L*PbbC2&3Zo6Tm>>-BK!)-BM~)<X8tqmY%E
z31MMjFgY|7!o$K~z<>cTV88$X062K?AlVSKdd(Uu>0K_dbdLVvhaV`VeVL^*bx~2#
z9~+m52u@nQQmG_1N2Ei0dpq8`bqlv`-_AH6qsNXVUxseqzMaxmGA=HTa=BGiRpqd;
z?)mfQIZ=wO->`v`%6I1S*_GrxK&kx0pKC*WJZw!&wA+=`B_%K+B!pF$UbbwR#frgQ
zE{9IN9>T)IVOC_M%|rUy+FD3WO|?sN+t#hD^5Ws)0ZOG3%w{vRwY7m>ujfx4?dRub
za}qvz@)Tt&DK9T~s3m;y#TTqvXY$7%+cc1kjg4hR@6e$`;x|p~3B6wLa7Om+-OH-N
zjvqg6litmnH(Ak(Ua&w|(?p}u$oSmXQLje;fW4o6#_GT7ni{KjqehJaUteDU0MOLc
z!K&4(K_Zb58C{)qf=LXcAxP=%O{-4siOkGQPFh1~=oHM!$-!TK`30|CyN1mzE%%%p
zDk>^atyZI2t;TEDuVX_)1FA2nQ6ZPxq_twj3Y;~2w#B=OiV9v#(;XUu>?z}@U@#a&
z8FQ%TQ&m+ZIssS>L4iYuGVVe$nGE)^976bno0}Ua2lr03im(^cfDW&|@(Oqm_{$23
zmfwG;{@&6eyZ}@xl~tl2kI{z)aCdiyNs}gtS^)Mmy7#MGgn-4Ev}WyEt8www*Iu*f
zvf2~p&z~3d91vzh)7ukLsZ`iWc!Q1Y`}pzWi5;uC@SqgZGGfKbmBLQKw&EV#ym=E^
zTU%lE+O@RZY5DTy@E~JS=oDe+fX>cNt3*vrO#lFpoRmZxC}ZQsjl{P2e8ZC<=BS&C
zR9FGr-9g%d$z+0$Kly}~=z^FSQ3{}qXXgu60`RwUCVUrh@4joZm)wtaadDy)fVYhm
zp4AA@)g`O|da9!}8jaOY2M>KqNi-xRM3hTXSDB1xQz@tbdMe^<Ias{8=ndLluyf~5
z(Fvf5!1UbJ#YI>Fcq%P}=>^#F?Mg}cHzna2GiDI`=JJJLJGMFZ!@$xBkuw1pdbI4|
z;lpkIn3zcK(ejzd^h0H3WwdErgzf=d1_N1lZfb&EyLM5gnLBr`=!T(7mo8C$4+;tr
zRuy5(xdJGnMA0E8CPq{{;UAA3qYaBDs4Bw8$A^)QeEIU_wB{U6io1`4hYZ2u;$m!U
zY{bf{Dpd9EP5aNXWy{2NCP42W05rk(=uXgHc=1I}GyT`7D4X%w?&x&1<}8u3W{Fz>
zJ)PNTY}*k4@THetqAXBnXQ!2EBirY<vNF4T4iJR2oInsaNKj>5PdyGvkks__bm*ek
zLAtxULsV3hLlae0R1_eh-BlR?z~#&Ikz7a&4%~S@ShA2vpFVw<#Jv2|{BHDUr?srj
z@4rtJQ<Q|(-5|77@K&jW8-ipqnT0c(p}U)ySV2JnWx+oE^ix)uyc;-{3U}_@Av#QP
zadDx&s)WXt)A^V9xVgDubaXVD&1UTE?Bw)Dipa=Fr`#*^9gPngFo+)-JYs~f0)YE`
z00s>j#E9VJ$&)Dyr)zCx9EWq%s8O^&SWIZrc}xE7`RBzEw6DFr-KI8_3PnXluxHO6
zyWhP$J)xLE`1y#bPeXBWG3Df$l9IwGk95(v<UDIcIhX42;lpW%47FNK5n}QwJaXg+
zZA(Q&)M~Yim$)4r9h5Xb_#lC|9^jNaWXj9S;Z%M;%$za9Zklo9#sMP2;lqbP=H><i
ze0;#)-yeK@d>HXsxNsq3gQ~jvdKgL(!OPcg(1YCr002jf9O-nwt0ha8IOXnwufF<9
zyn$Ou@!Qp_u!~|Ya1;p%39xV9K34zc&_sS@+6zV50{{T!3I$_JYZ7eQw8^1-g-1kC
z(!WSCKk>Q@<>Gnr$tO9j{1-V;?0M5%9-+}_9v%Sz00smE(1wbkLUnZwCL|={=+UEj
zv5?bhwGWp7?mihA8N?yvGmad=m2a=YC!To1DS0_?-~ih@UpRdv!1I;nzP`Q?A0H2a
zK|$almqT~A5wy3pP+3_C7YYmE*s)`jnpLi_WXTfPyLYe6Z(Utoyju6+qxj5!_F0-+
zLi``>WvJLudE*A<cmKiu!dOK-DxmY2<jbPtu>kB~CQm`cd7p&E0);{W4Gj(V!Z7rN
zUa#lHvhR`Y0eZcj(kZW<gG-|y3xEbEa&qi`bL7h0$IDO#VTSF-jEIhYI5%Qqf>bJn
z?(S|Yp9q7&0PgPYkB1;<!)!K#QmM2$?&R|pjYql%+=ZW?A1sZH1vHu9>#x7&G-lmn
c0f-#`2L&H@H(bT$kN^Mx07*qoM6N<$f@V$TK>z>%

literal 0
HcmV?d00001

diff --git a/machines/labcore01/kfet/index.html b/machines/labcore01/kfet/index.html
new file mode 100644
index 0000000..501a2de
--- /dev/null
+++ b/machines/labcore01/kfet/index.html
@@ -0,0 +1,93 @@
+<!DOCTYPE html>
+<html>
+  <head>
+    <meta charset="UTF-8" />
+    <meta name="viewport" content="width=device-width" />
+    <title>Ouverture K-Fêt</title>
+<style>
+#main {
+  margin: 0;
+  padding: 0;
+  width: 100vw;
+  height: 100vh;
+  text-align: center;
+  font-weight: bold;
+  font-size: 15vw;
+  display: flex;
+  justify-content: center;
+  align-content: center;
+  flex-direction: column;
+}
+
+* {
+  margin: 0;
+  padding: 0;
+}
+
+.red {
+  background-color: red;
+  color: white;
+}
+
+.orange {
+  background-color: orange;
+  color: black;
+}
+
+
+.green {
+  background-color: green;
+  color: white;
+}
+
+#main > p {
+  overflow: hidden;
+  display: none;
+}
+
+.orange > #orange {
+  display: block;
+}
+
+.green > #green {
+  display: block;
+}
+
+.red > #red {
+  display: block;
+}
+
+</style>
+    <link rel="manifest" href="manifest.webmanifest" />
+  </head>
+  <body>
+    <div id="main" class="orange">
+      <p id="orange">Non défini</p>
+      <p id="red">Fermé</p>
+      <p id="green">Ouvert</p>
+    </div>
+    <script>
+// Créer une connexion WebSocket
+const socket = new WebSocket('wss://kfet.sinavir.fr/ws/');
+const div = document.getElementById("main");
+
+// Écouter les messages
+socket.addEventListener('message', function (event) {
+  console.log('Voici un message du serveur', event.data);
+  switch (JSON.parse(event.data).status) {
+    case "opened":
+      div.className = "green";
+      document.title = "🟢 Ouvert | K-Fêt";
+      break;
+    case "closed":
+      div.className = "red";
+      document.title = "🔴 Fermé | K-Fêt";
+      break;
+    default:
+      div.className = "orange";
+      document.title = "🟠 Indéfini | K-Fêt";
+  }
+});
+</script>
+  </body>
+</html>
diff --git a/machines/labcore01/nginx.nix b/machines/labcore01/nginx.nix
new file mode 100644
index 0000000..9083b67
--- /dev/null
+++ b/machines/labcore01/nginx.nix
@@ -0,0 +1,8 @@
+{
+  dgn-web.enable = true;
+  services.nginx.virtualHosts."kfet.lab.dgnum.eu" = {
+    enableACME = true;
+    forceSSL = true;
+    root = ./kfet;
+  };
+}
diff --git a/machines/router02/_configuration.nix b/machines/router02/_configuration.nix
index bcbef26..229f36b 100644
--- a/machines/router02/_configuration.nix
+++ b/machines/router02/_configuration.nix
@@ -9,6 +9,7 @@ lib.extra.mkConfig {
     # List of services to enable
     "networking"
     "wireguard"
+    "nginx-sni"
   ];
 
   extraConfig = { };
diff --git a/machines/router02/nginx-sni.nix b/machines/router02/nginx-sni.nix
new file mode 100644
index 0000000..ee8d586
--- /dev/null
+++ b/machines/router02/nginx-sni.nix
@@ -0,0 +1,21 @@
+{ meta, ... }:
+let
+  # Beware, jool will not translate. Prefer ipv6 proxy target
+  machines = builtins.mapAttrs (
+    host: { site, ... }: "v6.${host}.${site}.infra.lab.dgnum.eu:443"
+  ) meta.nodes;
+in
+{
+  dgn-web.enable = true;
+  services.nginx = {
+    sni-proxy = {
+      preStreamConfig = ''
+        resolver 127.0.0.53;
+      '';
+      enable = true;
+      redirects = {
+        "kfet.lab.dgnum.eu" = machines.labcore01;
+      };
+    };
+  };
+}
diff --git a/modules/default.nix b/modules/default.nix
index 40161a5..f0a7005 100644
--- a/modules/default.nix
+++ b/modules/default.nix
@@ -9,6 +9,9 @@
     ++ [
       "${sources."microvm.nix"}/nixos-modules/host"
       (import sources.proxmox-nixos).nixosModules.declarative-vms
+    ]
+    ++ (import sources.nix-modules { inherit lib; }).importModules [
+      "services/nginx-sni"
     ];
 
   dgn-notify.enable = false;