From 89a576d94f8951fc88fbb2790a3440a4d0d82332 Mon Sep 17 00:00:00 2001
From: jz8132543 <i@dora.im>
Date: Wed, 6 Mar 2024 16:02:02 +0800
Subject: [PATCH] test: NAT

---
 .../base/environment/isNAT/default.nix        | 52 ++++++++-----------
 nixos/modules/services/derp.nix               |  2 +-
 2 files changed, 24 insertions(+), 30 deletions(-)

diff --git a/nixos/modules/base/environment/isNAT/default.nix b/nixos/modules/base/environment/isNAT/default.nix
index b741a938..9df244ec 100644
--- a/nixos/modules/base/environment/isNAT/default.nix
+++ b/nixos/modules/base/environment/isNAT/default.nix
@@ -4,22 +4,6 @@
   ...
 }: let
   cfg = config.services.traefik.dynamicConfigOptions.http.routers;
-  jsonValue = with lib.types; let
-    valueType =
-      nullOr (oneOf [
-        bool
-        int
-        float
-        str
-        (lazyAttrsOf valueType)
-        (listOf valueType)
-      ])
-      // {
-        description = "JSON value";
-        emptyValue.value = {};
-      };
-  in
-    valueType;
 in
   with lib; {
     options.environment = {
@@ -44,22 +28,32 @@ in
           The port of http alt
         '';
       };
+      services.traefik.dynamicConfigOptions.type = mkForce types.attrset;
     };
-    options.services.traefik.dynamicConfigOptions.http.routers =
+    config = {
+      # services.traefik.dynamicConfigOptions.http.routers = attrsets.updateManyAttrsByPath [
+      #   lists.forEach
+      #   (attrsets.mapAttrsToList (name: value: name) cfg)
+      #   (x: {
+      #     path = [x "entryPoints"];
+      #     update = old: old ++ ["https-alt"];
+      #   })
+      # ];
       # if config.environment.isNAT
       # then
-      mkOption {
-        type = types.attrsOf (types.submodule ({config, ...}: {
-          freeformType = types.attrsOf types.jsonValue;
-          config.entryPoints = ["https-alt"];
-          options.entryPoints = mkOption {
-            type = types.listOf types.str;
-            default = ["https-alt"];
-          };
-        }));
-      };
-    # else {};
-    config = {
+      networking.nftables.ruleset = ''
+        table ip nat {
+          chain prerouting {
+            type nat hook prerouting priority 0; policy accept;
+            tcp dport ${config.environment.AltHTTP} redirect to 80
+            tcp dport ${config.environment.AltHTTPS} redirect to 443
+          }
+
+          chain postrouting {
+            type nat hook postrouting priority 0; policy accept;
+          }
+        }
+      '';
       networking.firewall.allowedTCPPorts = with config.environment; [AltHTTPS AltHTTP];
       networking.firewall.allowedUDPPorts = with config.environment; [AltHTTPS];
     };
diff --git a/nixos/modules/services/derp.nix b/nixos/modules/services/derp.nix
index 68bbc762..b94b041d 100644
--- a/nixos/modules/services/derp.nix
+++ b/nixos/modules/services/derp.nix
@@ -29,7 +29,7 @@
     routers = {
       derp = {
         rule = "Host(`${config.networking.fqdn}`)";
-        # entryPoints = ["https"];
+        entryPoints = ["https"];
         service = "derp";
       };
     };