From e61ee5f645148b3f8944564e3b0b3e8d5b700e73 Mon Sep 17 00:00:00 2001
From: Paolo Sottovia <paolo.sottovia@canonical.com>
Date: Wed, 8 Nov 2023 15:34:27 +0100
Subject: [PATCH 1/3] Test self hosted runners

---
 .github/workflows/build.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml
index d4fa2c48..25e71eb2 100644
--- a/.github/workflows/build.yaml
+++ b/.github/workflows/build.yaml
@@ -5,7 +5,7 @@ on:
 
 jobs:
   lint:
-    runs-on: ubuntu-latest
+    runs-on: [self-hosted, linux, X64, jammy, xlarge]
     timeout-minutes: 5
     steps:
       - name: Checkout repository

From 7257ec01ebd175f0d7a7083df02fccf8a5028369 Mon Sep 17 00:00:00 2001
From: Paolo Sottovia <paolo.sottovia@canonical.com>
Date: Wed, 8 Nov 2023 15:55:55 +0100
Subject: [PATCH 2/3] test building

---
 .github/workflows/build.yaml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml
index 25e71eb2..78427567 100644
--- a/.github/workflows/build.yaml
+++ b/.github/workflows/build.yaml
@@ -5,7 +5,7 @@ on:
 
 jobs:
   lint:
-    runs-on: [self-hosted, linux, X64, jammy, xlarge]
+    runs-on: ubuntu-latest
     timeout-minutes: 5
     steps:
       - name: Checkout repository
@@ -18,7 +18,7 @@ jobs:
             --no-warnings rockcraft.yaml
 
   build:
-    runs-on: ubuntu-latest
+    runs-on: [self-hosted, linux, X64, jammy, xlarge]
     timeout-minutes: 30
     needs:
       - lint

From 72ffef77c586b059c194fc1bb53295d0595f8102 Mon Sep 17 00:00:00 2001
From: Paolo Sottovia <paolo.sottovia@canonical.com>
Date: Thu, 9 Nov 2023 11:11:57 +0100
Subject: [PATCH 3/3] Try out aproxy

---
 .github/workflows/build.yaml | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml
index 78427567..b8143480 100644
--- a/.github/workflows/build.yaml
+++ b/.github/workflows/build.yaml
@@ -39,6 +39,25 @@ jobs:
           sudo snap install yq
           sudo snap install rockcraft --classic --edge    
           sudo snap install --devmode --channel edge skopeo
+          sudo snap install aproxy --edge
+          sudo snap set aproxy proxy=squid.internal:3128
+          sudo nft -f - << EOF
+          define default-ip = $(ip route get $(ip route show 0.0.0.0/0 | grep -oP 'via \K\S+') | grep -oP 'src \K\S+')
+          define private-ips = { 10.0.0.0/8, 127.0.0.1/8, 172.16.0.0/12, 192.168.0.0/16 }
+          table ip aproxy
+          flush table ip aproxy
+          table ip aproxy {
+                chain prerouting {
+                      type nat hook prerouting priority dstnat; policy accept;
+                      ip daddr != \$private-ips tcp dport { 80, 443 } counter dnat to \$default-ip:8443
+                }
+
+                chain output {
+                      type nat hook output priority -100; policy accept;
+                      ip daddr != \$private-ips tcp dport { 80, 443 } counter dnat to \$default-ip:8443
+              }
+          }
+          EOF
 
       - name: Build image
         run: sudo make build