nixos-config/hosts/ws-think/configuration.nix

{
  inputs,
  pkgs,
  config,
  ...
}:

{
  # State version
  system.stateVersion = "24.05";

  # Machine hostname
  networking.hostName = "ws-think";

  # Set up users
  sops.secrets."passwords/jan-hashed" = {
    sopsFile = "${inputs.secrets}/secrets/ws-think.enc.yaml";
    neededForUsers = true;
  };
  users.mutableUsers = false;
  users.users.Jan = {
    hashedPasswordFile = config.sops.secrets."passwords/jan-hashed".path;
    # Extra admin groups
    # TODO: Streamline setup of this
    extraGroups = [
      "wheel"
      "wireshark"
      "podman"
      "libvirtd"
    ];
  };

  # Set up kerberos
  security.krb5 = {
    enable = true;
    settings = {
      libdefaults = {
        rdns = false;
      };
      realms = (inputs.secrets.gewis.krb5Realm);
    };
  };

  services.netbird = {
    enable = true;
  };

  # SSH X11 forwarding
  programs.ssh.forwardX11 = true;

  # Enable older samba versions
  services.samba = {
    enable = true;
    settings = {
      global = {
        "invalid users" = [ "root" ];
        "passwd program" = "/run/wrappers/bin/passwd %u";
        "security" = "user";
        "client min protocol" = "NT1";
      };
    };
  };

  # TODO: Remove once laptop is properly integrated into domain
  programs.ssh = {
    package = pkgs.openssh_gssapi;
    extraConfig = ''
      GSSAPIAuthentication yes
    '';
  };

  # Enable virtualisation for VMs
  virtualisation.libvirtd.enable = true;
  programs.virt-manager.enable = true;

  # Enable wireshark
  programs.wireshark = {
    enable = true;
    dumpcap.enable = true;
    usbmon.enable = true;
  };

  # Enable Nix-LD
  programs.nix-ld = {
    enable = true;
  };

  # Set up wstunnel client
  services.wstunnel = {
    enable = true;
    clients.wg-tunnel = {
      connectTo = "wss://tunnel.bulthuis.dev:443";
      settings.local-to-remote = [
        "udp://51820:10.10.40.100:51820"
      ];
    };
  };

  # Enable flatpak
  services.flatpak.enable = true;

  # Module setup
  modules = {
    profiles.laptop.enable = true;
  };

  # Set up podman
  virtualisation.podman = {
    enable = true;
    dockerCompat = true;
    dockerSocket.enable = true;
    autoPrune.enable = true;
  };

  # Set up hardware
  imports = [ ./hardware-configuration.nix ];
}
feat: Add new laptop configuration 2025-11-30 12:28:39 +01:00			`{`
			`inputs,`
			`pkgs,`
feat: Finished user setup 2025-11-30 16:19:03 +01:00			`config,`
feat: Add new laptop configuration 2025-11-30 12:28:39 +01:00			`...`
			`}:`

			`{`
			`# State version`
			`system.stateVersion = "24.05";`

			`# Machine hostname`
			`networking.hostName = "ws-think";`

feat: Finished user setup 2025-11-30 16:19:03 +01:00			`# Set up users`
			`sops.secrets."passwords/jan-hashed" = {`
			`sopsFile = "${inputs.secrets}/secrets/ws-think.enc.yaml";`
			`neededForUsers = true;`
			`};`
			`users.mutableUsers = false;`
			`users.users.Jan = {`
			`hashedPasswordFile = config.sops.secrets."passwords/jan-hashed".path;`
			`# Extra admin groups`
			`# TODO: Streamline setup of this`
			`extraGroups = [`
			`"wheel"`
			`"wireshark"`
			`"podman"`
			`"libvirtd"`
			`];`
			`};`
feat: Add new laptop configuration 2025-11-30 12:28:39 +01:00
			`# Set up kerberos`
			`security.krb5 = {`
			`enable = true;`
			`settings = {`
			`libdefaults = {`
			`rdns = false;`
			`};`
			`realms = (inputs.secrets.gewis.krb5Realm);`
			`};`
			`};`

			`services.netbird = {`
			`enable = true;`
			`};`

			`# SSH X11 forwarding`
			`programs.ssh.forwardX11 = true;`

			`# Enable older samba versions`
			`services.samba = {`
			`enable = true;`
			`settings = {`
			`global = {`
			`"invalid users" = [ "root" ];`
			`"passwd program" = "/run/wrappers/bin/passwd %u";`
			`"security" = "user";`
			`"client min protocol" = "NT1";`
			`};`
			`};`
			`};`

			`# TODO: Remove once laptop is properly integrated into domain`
			`programs.ssh = {`
			`package = pkgs.openssh_gssapi;`
			`extraConfig = ''`
			`GSSAPIAuthentication yes`
			`'';`
			`};`

			`# Enable virtualisation for VMs`
			`virtualisation.libvirtd.enable = true;`
			`programs.virt-manager.enable = true;`

			`# Enable wireshark`
			`programs.wireshark = {`
			`enable = true;`
			`dumpcap.enable = true;`
			`usbmon.enable = true;`
			`};`

			`# Enable Nix-LD`
			`programs.nix-ld = {`
			`enable = true;`
			`};`

			`# Set up wstunnel client`
			`services.wstunnel = {`
			`enable = true;`
			`clients.wg-tunnel = {`
			`connectTo = "wss://tunnel.bulthuis.dev:443";`
			`settings.local-to-remote = [`
			`"udp://51820:10.10.40.100:51820"`
			`];`
			`};`
			`};`

			`# Enable flatpak`
			`services.flatpak.enable = true;`

			`# Module setup`
			`modules = {`
			`profiles.laptop.enable = true;`
			`};`

			`# Set up podman`
			`virtualisation.podman = {`
			`enable = true;`
			`dockerCompat = true;`
			`dockerSocket.enable = true;`
			`autoPrune.enable = true;`
			`};`

			`# Set up hardware`
			`imports = [ ./hardware-configuration.nix ];`
			`}`