From 1d4d55fd2ca8ed9a7957c94723b20a539a77444f Mon Sep 17 00:00:00 2001
From: MFlossmann <michael.flossmann@posteo.net>
Date: Sun, 13 Oct 2024 13:58:00 +0200
Subject: [PATCH] add VR stuff and mitmproxy

---
 hosts/remus/configuration.nix        | 15 ++++++++++++++-
 modules/nixOS/bundles/gaming.nix     | 10 ++++++++--
 modules/nixOS/features/mitmproxy.nix | 24 ++++++++++++++++++++++++
 3 files changed, 46 insertions(+), 3 deletions(-)
 create mode 100644 modules/nixOS/features/mitmproxy.nix

diff --git a/hosts/remus/configuration.nix b/hosts/remus/configuration.nix
index 9c16ec2..d8d24a4 100644
--- a/hosts/remus/configuration.nix
+++ b/hosts/remus/configuration.nix
@@ -47,6 +47,8 @@
     v4l-utils
     wf-recorder
     obs-studio
+    mitmproxy  # for checking what facebook collects
+    linux-wifi-hotspot
   ];
 
   programs.kdeconnect.enable = true;
@@ -57,22 +59,33 @@
     bundles.gaming = {
       enable = true;
       remotePlay = true;
+      alvr = true;
     };
 
     services.syncthing.enable = true;
 
     ausweisapp.enable = true;
 
+    mitmproxy = {
+      enable = true;
+      routeAP = true;
+      accessPoint = "wlp5s0f3u3";
+      mitmPort = 8080;
+    };
+
     home-users = {
       "prunebutt" = {
         userConfig = ./home.nix;
         userSettings = {
-          extraGroups = ["networkmanager" "wheel" "libvirtd" "docker"];
+          extraGroups = ["networkmanager" "wheel" "libvirtd" "docker" "wireshark" "adbusers"];
         };
       };
     };
   };
 
+  programs.adb.enable = true;
+
+  programs.wireshark.enable = true;
   # List packages installed in system profile. To search, run:
   # $ nix search wget
 
diff --git a/modules/nixOS/bundles/gaming.nix b/modules/nixOS/bundles/gaming.nix
index aad6889..5c95979 100644
--- a/modules/nixOS/bundles/gaming.nix
+++ b/modules/nixOS/bundles/gaming.nix
@@ -3,8 +3,9 @@
   localCfg = config.myNixOS.bundles.gaming;
 in {
   options = {
-    myNixOS.bundles.gaming.remotePlay = lib.mkEnableOption {
-      default = true;
+    myNixOS.bundles.gaming = {
+      remotePlay = lib.mkEnableOption { default = true; };
+      alvr = lib.mkEnableOption { default = false; };
     };
   };
 
@@ -22,4 +23,9 @@ in {
   environment.sessionVariables = {
     STEAM_EXTRA_COMPAT_TOOLS_PATHS = "/home/${mainUser}/.steam/root/compatibilitytools.d";
   };
+
+  programs.alvr = {
+    enable = localCfg.alvr;
+    openFirewall = localCfg.alvr;
+  };
 }
diff --git a/modules/nixOS/features/mitmproxy.nix b/modules/nixOS/features/mitmproxy.nix
new file mode 100644
index 0000000..7be4cb8
--- /dev/null
+++ b/modules/nixOS/features/mitmproxy.nix
@@ -0,0 +1,24 @@
+{config, pkgs, lib, ...}: let
+  localCfg = config.myNixOS.mitmproxy;
+in {
+  options.myNixOS.mitmproxy = {
+    routeAP = lib.mkEnableOption { default = true; };
+    accessPoint = lib.mkOption {
+      type = lib.types.str;
+    };
+    mitmPort = lib.mkOption { default = 8080; };
+  };
+
+  environment.systemPackages = [ pkgs.mitmproxy ];
+
+  networking.firewall = lib.mkIf localCfg.routeAP {
+    extraCommands = let 
+      accessPoint = localCfg.accessPoint; 
+      port = localCfg.mitmPort;
+    in /*bash*/ ''
+      iptables -t nat -A PREROUTING -i ${accessPoint} -p tcp --dport 80 -j REDIRECT --to-port ${builtins.toString port}
+      iptables -t nat -A PREROUTING -i ${accessPoint} -p tcp --dport 443 -j REDIRECT --to-port ${builtins.toString port}
+    '';
+    allowedTCPPorts = [ localCfg.mitmPort ];
+  };
+}