Jan/nixos-config
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
nixos-config/hosts/20212060/configuration.nix

207 lines
4.5 KiB
Nix
Raw Normal View History

break: Add temporary laptop configuration
2025-11-14 14:22:33 +01:00
{
inputs,
pkgs,
lib,
...
}:
Progress
2025-05-13 14:26:22 +02:00
{
# State version
system.stateVersion = "24.05";
# Machine hostname
networking.hostName = "20212060";
# Admin users
Installed wireshark
2025-05-28 15:58:52 +02:00
users.users.jan.extraGroups = [
"wheel"
"wireshark"
break: Add temporary laptop configuration
2025-11-14 14:22:33 +01:00
"podman"
Installed wireshark
2025-05-28 15:58:52 +02:00
];
Progress
2025-05-13 14:26:22 +02:00
Added kerberos config
2025-06-07 21:14:59 +02:00
# Set up kerberos
security.krb5 = {
enable = true;
settings = {
libdefaults = {
rdns = false;
};
realms = (inputs.secrets.gewis.krb5Realm);
};
};
break: Add temporary laptop configuration
2025-11-14 14:22:33 +01:00
services.netbird = {
enable = true;
};
# TODO: Move clatd setup
# services.clatd = {
# enable = true;
# enableNetworkManagerIntegration = true;
# };
# networking.networkmanager.settings = {
# connection."ipv6.clat" = "yes";
# };
networking.networkmanager.package = pkgs.networkmanager.overrideAttrs (
final: prev: {
src = pkgs.fetchFromGitLab {
domain = "gitlab.freedesktop.org";
owner = "Mstrodl";
repo = "NetworkManager";
# rev = "d367285a1fec5167f2fa94af2ea1448b6e21650e";
# sha256 = "0BHxuJ6KtFoVxh2Xt0bq4oM3q87QBhtawyMtixz/cPs=";
rev = "fa3b0c6ade05a67316520d143608c5bd9963a23c";
hash = "sha256-7TENrRDKXMFPWv6oDuBWBYIBrDvNsy/JGtkppMk1oQo=";
};
postPatch = prev.postPatch + ''
substituteInPlace meson.build \
--replace "find_program('clang'" "find_program('${pkgs.stdenv.cc.targetPrefix}clang'"
'';
hardeningDisable = [
"zerocallusedregs"
"shadowstack"
"pacret"
];
nativeBuildInputs =
prev.nativeBuildInputs
++ (with pkgs; [
xdp-tools
bpftools
buildPackages.llvmPackages.clang
buildPackages.llvmPackages.libllvm
]);
buildInputs =
prev.buildInputs
++ (with pkgs; [
libbpf
]);
mesonFlags = prev.mesonFlags ++ [
"-Dclat=true"
"-Dnbft=false"
"-Dbpf-compiler=clang"
];
}
);
Set up ssh client with GSSAPI auth
2025-07-30 16:06:17 +02:00
# TODO: Remove once laptop is properly integrated into domain
programs.ssh = {
package = pkgs.openssh_gssapi;
extraConfig = ''
GSSAPIAuthentication yes
'';
};
Added vpn vm with wstunnel server
2025-05-28 12:23:31 +02:00
# Enable virtualisation for VMs
Enabled libvirtd
2025-05-18 15:01:05 +02:00
virtualisation.libvirtd.enable = true;
Installed wireshark
2025-05-28 15:58:52 +02:00
# Enable wireshark
programs.wireshark = {
enable = true;
dumpcap.enable = true;
usbmon.enable = true;
};
Set up ssh client with GSSAPI auth
2025-07-30 16:06:17 +02:00
# Enable Nix-LD
programs.nix-ld = {
enable = true;
};
Added vpn vm with wstunnel server
2025-05-28 12:23:31 +02:00
# Set up wstunnel client
services.wstunnel = {
enable = true;
clients.wg-tunnel = {
Changed tunnel address
2025-05-28 12:36:12 +02:00
connectTo = "wss://tunnel.bulthuis.dev:443";
Set up ssh client with GSSAPI auth
2025-07-30 16:06:17 +02:00
settings.local-to-remote = [
Reenable timeout
2025-05-29 09:59:09 +02:00
"udp://51820:10.10.40.100:51820"
Added vpn vm with wstunnel server
2025-05-28 12:23:31 +02:00
];
};
};
break: Add temporary laptop configuration
2025-11-14 14:22:33 +01:00
# Enable flatpak
services.flatpak.enable = true;
# Set up MADD
# services.madd-client = {
# enable = true;
# endpoint = "http://localhost:3000";
# interface = "wlp0s20f3";
# };
# services.madd-server = {
# enable = true;
# settings = {
# bind = "127.0.0.1:3000";
# zone = "lab.bulthuis.dev";
# networks = [ "10.0.0.0/8" ];
# registration_limit = 1;
# dns_server = "127.0.0.1:2053";
# tsig_key_name = "madd";
# tsig_key_file = "/home/jan/Code/MADD/madd.tsig";
# tsig_algorithm = "hmac-sha256";
# data_dir = "/var/lib/madd";
# };
# };
Added vpn vm with wstunnel server
2025-05-28 12:23:31 +02:00
# Module setup
Progress
2025-05-13 14:26:22 +02:00
modules = {
profiles.laptop.enable = true;
};
imports = [
./hardware-configuration.nix
];
break: Add temporary laptop configuration
2025-11-14 14:22:33 +01:00
virtualisation.podman = {
enable = true;
dockerCompat = true;
dockerSocket.enable = true;
autoPrune.enable = true;
};
environment.systemPackages =
let
wrapProgram =
pkg: bwrapArgs:
pkgs.runCommandLocal pkg.name { bwrapArgs = (lib.join " \\\n" bwrapArgs) + " \\"; } ''
mkdir -p $out
# Link all top level folders
ln -s ${pkg}/* $out
# Except for bin
rm $out/bin
mkdir -p $out/bin
# Wrap each executable
for file in ${pkg}/bin/*; do
base=$(basename $file)
echo "#!/usr/bin/env bash" > $out/bin/$base
echo "exec ${pkgs.bubblewrap}/bin/bwrap \\" >> $out/bin/$base
echo "$bwrapArgs" >> $out/bin/$base
echo "-- $file \"\$@\"" >> $out/bin/$base
chmod +x $out/bin/$base
done
'';
wish = pkgs.writeShellScriptBin "wish" ''
env
exec ${lib.getExe pkgs.firefox} "$@"
'';
in
[
(wrapProgram wish [
"--new-session"
"--unshare-all"
"--clearenv"
"--dev /dev"
"--proc /proc"
"--ro-bind /nix/store /nix/store"
"--bind $HOME/Code $HOME/Code"
])
];
Progress
2025-05-13 14:26:22 +02:00
}
Reference in New Issue Copy Permalink