yanlin/nix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

remove tunnel functions

Browse source
This commit is contained in:
Yan Lin 2026-02-11 20:45:12 +01:00
parent b187febfcd
commit 8cb3aab57b
4 changed files with 0 additions and 290 deletions
Download patch file Download diff file Expand all files Collapse all files

68
modules/gnome/home.nix
View file

@ -250,73 +250,5 @@ in
};
};
# SSH tunnel functions for SOCKS proxy via GNOME system proxy
programs.zsh.initContent = ''
# SSH tunnel functions for easy VPN-like functionality
function tunnel-on() {
if [[ -z "$1" ]]; then
echo "Usage: tunnel-on <host>"
return 1
fi
local host="$1"
local port=1080 # Use port 1080 (standard SOCKS port)
# Check if there's already an active tunnel
local existing_tunnel=$(ps aux | grep -E "ssh -D $port" | grep -v grep)
if [[ -n "$existing_tunnel" ]]; then
echo "Existing tunnel detected. Switching to $host..."
echo "Stopping current tunnel..."
pkill -f "ssh -D $port"
sleep 1
fi
echo "Starting SOCKS tunnel to $host on port $port..."
# Start SSH tunnel in background
ssh -D $port -N -f "$host"
if [[ $? -eq 0 ]]; then
echo "Tunnel established. Configuring system proxy..."
# Configure GNOME system proxy settings
gsettings set org.gnome.system.proxy mode 'manual'
gsettings set org.gnome.system.proxy.socks host 'localhost'
gsettings set org.gnome.system.proxy.socks port $port
echo " System proxy enabled (localhost:$port -> $host)"
else
echo " Failed to establish tunnel to $host"
return 1
fi
}
function tunnel-off() {
local port=1080
echo "Disabling system proxy..."
gsettings set org.gnome.system.proxy mode 'none'
echo " System proxy disabled"
echo "Stopping SSH tunnels..."
pkill -f "ssh -D $port"
echo " SSH tunnels stopped"
}
function tunnel-status() {
local port=1080
echo "=== GNOME System Proxy Status ==="
echo "Mode: $(gsettings get org.gnome.system.proxy mode)"
echo "SOCKS Host: $(gsettings get org.gnome.system.proxy.socks host)"
echo "SOCKS Port: $(gsettings get org.gnome.system.proxy.socks port)"
echo ""
echo "=== Active SSH Tunnels ==="
local tunnels=$(ps aux | grep -E "ssh -D $port" | grep -v grep)
if [[ -n "$tunnels" ]]; then
echo "$tunnels"
else
echo "No active SSH tunnels"
fi
}
'';
};
}

119
modules/hyprland/home.nix
View file

@ -412,125 +412,6 @@
programs.zsh.initContent = ''
# Quickly restart Hyprland session (graceful logout)
alias hypr-restart='loginctl terminate-session'
# SSH tunnel functions for transparent system-wide SOCKS proxy via redsocks
function tunnel-on() {
if [[ -z "$1" ]]; then
echo "Usage: tunnel-on <host>"
return 1
fi
local host="$1"
local port=1080 # SOCKS port
local redsocks_port=12345 # Redsocks local port
# Check if there's already an active tunnel
local existing_tunnel=$(ps aux | grep -E "ssh -D $port" | grep -v grep)
if [[ -n "$existing_tunnel" ]]; then
echo "Existing tunnel detected. Switching to $host..."
echo "Stopping current tunnel..."
pkill -f "ssh -D $port"
sleep 1
fi
echo "Starting SOCKS tunnel to $host on port $port..."
# Start SSH tunnel in background
ssh -D $port -N -f "$host"
if [[ $? -ne 0 ]]; then
echo " Failed to establish tunnel to $host"
return 1
fi
echo " Tunnel established"
# Start redsocks
echo "Starting redsocks transparent proxy..."
redsocks -c ~/.config/redsocks/redsocks.conf
if [[ $? -ne 0 ]]; then
echo " Failed to start redsocks"
pkill -f "ssh -D $port"
return 1
fi
echo " Redsocks started"
# Configure iptables rules for transparent proxying
echo "Configuring iptables rules..."
# Create REDSOCKS chain if it doesn't exist
sudo iptables -t nat -N REDSOCKS 2>/dev/null || sudo iptables -t nat -F REDSOCKS
# Exclude localhost networks
sudo iptables -t nat -A REDSOCKS -d 127.0.0.0/8 -j RETURN
# Redirect all other TCP traffic to redsocks
sudo iptables -t nat -A REDSOCKS -p tcp -j REDIRECT --to-ports $redsocks_port
# Apply the REDSOCKS chain to OUTPUT
sudo iptables -t nat -A OUTPUT -p tcp -j REDSOCKS
echo " System-wide proxy enabled (localhost:$port -> $host)"
echo "All TCP traffic is now routed through the SSH tunnel"
}
function tunnel-off() {
local port=1080
echo "Removing iptables rules..."
# Remove REDSOCKS chain from OUTPUT
sudo iptables -t nat -D OUTPUT -p tcp -j REDSOCKS 2>/dev/null
# Flush and delete REDSOCKS chain
sudo iptables -t nat -F REDSOCKS 2>/dev/null
sudo iptables -t nat -X REDSOCKS 2>/dev/null
echo " iptables rules removed"
echo "Stopping redsocks..."
pkill -f "redsocks -c"
echo " Redsocks stopped"
echo "Stopping SSH tunnels..."
pkill -f "ssh -D $port"
echo " SSH tunnels stopped"
echo "System-wide proxy disabled"
}
function tunnel-status() {
local port=1080
local redsocks_port=12345
echo "=== SSH Tunnel Status ==="
local tunnels=$(ps aux | grep -E "ssh -D $port" | grep -v grep)
if [[ -n "$tunnels" ]]; then
echo " Active SSH tunnel:"
echo "$tunnels"
else
echo " No active SSH tunnels"
fi
echo ""
echo "=== Redsocks Status ==="
local redsocks=$(ps aux | grep -E "redsocks -c" | grep -v grep)
if [[ -n "$redsocks" ]]; then
echo " Redsocks running:"
echo "$redsocks"
else
echo " Redsocks not running"
fi
echo ""
echo "=== iptables REDSOCKS Chain ==="
if sudo iptables -t nat -L REDSOCKS -n 2>/dev/null | grep -q "Chain REDSOCKS"; then
echo " REDSOCKS chain exists:"
sudo iptables -t nat -L REDSOCKS -n --line-numbers
else
echo " REDSOCKS chain not configured"
fi
echo ""
echo "=== Network Test ==="
echo "Your current IP (via proxy if enabled):"
timeout 5 curl -s https://api.ipify.org 2>/dev/null || echo "Failed to fetch IP"
}
'';
# Cursor theme configuration