From d87c809ec6d97246037731138fea66c412f182e6 Mon Sep 17 00:00:00 2001
From: bluepython508 <16466646+bluepython508@users.noreply.github.com>
Date: Wed, 9 Apr 2025 01:15:15 +0100
Subject: [PATCH] Add TLS support (only over tcp)

---
 flake.nix |  2 +-
 main.go   | 11 +++++++++--
 2 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/flake.nix b/flake.nix
index 10f297f..b932481 100644
--- a/flake.nix
+++ b/flake.nix
@@ -47,7 +47,7 @@
         proxies = mkOption {
           type = attrsOf (submodule ({config, ...}: {
             options = let
-              proto = enum ["udp" "tcp" "unix"];
+              proto = enum ["udp" "tcp" "unix" "tls"];
             in {
               enable = mkOption {
                 type = bool;
diff --git a/main.go b/main.go
index 1ba39a3..26195ce 100644
--- a/main.go
+++ b/main.go
@@ -24,11 +24,18 @@ func (dialer Dialer) Dial() (net.Conn, error) {
 }
 
 func Forward(server *tsnet.Server, proto, port, dst string, finish chan error) {
-	ln, err = server.Listen(proto, fmt.Sprint(":", port))
-	defer ln.Close()
+	var ln net.Listener
+	var err error
+	if proto == "tls" {
+		proto = "tcp"
+		ln, err = server.ListenTLS(proto, fmt.Sprint(":", port))
+	} else {
+		ln, err = server.Listen(proto, fmt.Sprint(":", port))
+	}
 	if err != nil {
 		finish <- err
 	}
+	defer ln.Close()
 	err = netforward.Forward(Dialer { proto: proto, addr: dst }, ln)
 	if err != nil {
 		finish <- err