mirror of
https://git.feal.no/felixalb/nixos-config.git
synced 2024-12-21 19:57:30 +01:00
felixalbpc: Configure openstackclient, keymapp, keyring, ssh-agent
This commit is contained in:
parent
9fe5f0aae7
commit
157c54ae65
3
base.nix
3
base.nix
@ -65,6 +65,7 @@
|
||||
|
||||
services.openssh = {
|
||||
enable = true;
|
||||
openFirewall = lib.mkDefault true;
|
||||
settings = {
|
||||
PermitRootLogin = "no";
|
||||
PasswordAuthentication = false;
|
||||
@ -78,8 +79,6 @@
|
||||
'';
|
||||
};
|
||||
|
||||
networking.firewall.allowedTCPPorts = [ 22 ];
|
||||
|
||||
users.users.felixalb = {
|
||||
isNormalUser = true;
|
||||
extraGroups = [
|
||||
|
@ -21,6 +21,26 @@
|
||||
nameservers = [ "129.241.0.200" "129.241.0.201" "2001:700:300::200" "2001:700:300::201" ];
|
||||
domain = "it.ntnu.no";
|
||||
hostId = "f458d6aa";
|
||||
|
||||
# Allow SSH from IT and SSH gateways
|
||||
firewall.extraCommands = ''
|
||||
# IT VPN
|
||||
iptables -I nixos-fw -p tcp -m tcp --dport 22 --source 129.241.117.0/24 -j nixos-fw-accept
|
||||
ip6tables -I nixos-fw -p tcp -m tcp --dport 22 --source 2001:700:301:12::/63 -j nixos-fw-accept
|
||||
|
||||
# SSHGW
|
||||
iptables -I nixos-fw -p tcp -m tcp --dport 22 --source 129.241.160.72/32 -j nixos-fw-accept
|
||||
ip6tables -I nixos-fw -p tcp -m tcp --dport 22 --source 2001:700:300:6::72/128 -j nixos-fw-accept
|
||||
|
||||
# SSHGW
|
||||
iptables -I nixos-fw -p tcp -m tcp --dport 22 --source 129.241.210.217/32 -j nixos-fw-accept
|
||||
ip6tables -I nixos-fw -p tcp -m tcp --dport 22 --source 2001:700:300:1900::1:217/128 -j nixos-fw-accept
|
||||
'';
|
||||
|
||||
firewall.extraStopCommands = ''
|
||||
iptables -F nixos-fw
|
||||
ip6tables -F nixos-fw
|
||||
'';
|
||||
};
|
||||
|
||||
console.keyMap = "no";
|
||||
@ -28,14 +48,19 @@
|
||||
nixpkgs.config = {
|
||||
allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [
|
||||
"copilot.vim"
|
||||
"keymapp"
|
||||
];
|
||||
};
|
||||
|
||||
services.openssh.openFirewall = false;
|
||||
|
||||
users.users.felixalb = {
|
||||
uid = 1328256;
|
||||
openssh.authorizedKeys.keys = [ ];
|
||||
};
|
||||
|
||||
hardware.keyboard.zsa.enable = true;
|
||||
|
||||
system.stateVersion = "24.05";
|
||||
}
|
||||
|
||||
|
@ -6,9 +6,10 @@
|
||||
enable = true;
|
||||
};
|
||||
xkb = {
|
||||
options = "ctrl:nocaps";
|
||||
variant = "intl";
|
||||
layout = "no,us";
|
||||
# options = "ctrl:nocaps";
|
||||
options = "nodeakeys";
|
||||
variant = "altgr-intl";
|
||||
layout = "us";
|
||||
};
|
||||
windowManager.qtile.enable = true;
|
||||
};
|
||||
@ -16,7 +17,10 @@
|
||||
programs.hyprland.enable = true;
|
||||
|
||||
hardware.keyboard.zsa.enable = true;
|
||||
environment.sessionVariables.NIXOS_OZONE_WL = "1";
|
||||
environment.sessionVariables = {
|
||||
NIXOS_OZONE_WL = "1";
|
||||
SSH_AUTH_SOCK = "/run/user/${toString config.users.users.felixalb.uid}/keyring/ssh";
|
||||
};
|
||||
|
||||
home-manager.users.felixalb = {
|
||||
services = {
|
||||
@ -38,6 +42,8 @@
|
||||
};
|
||||
};
|
||||
|
||||
services.gnome.gnome-keyring.enable = true;
|
||||
|
||||
hardware.opengl.enable = true;
|
||||
|
||||
# Audio
|
||||
|
@ -8,33 +8,39 @@ in {
|
||||
];
|
||||
|
||||
home.packages = with pkgs; [
|
||||
bc
|
||||
catimg
|
||||
chromium
|
||||
dante
|
||||
dig
|
||||
element-desktop
|
||||
gnome.gnome-keyring
|
||||
hunspellDicts.en_US
|
||||
hunspellDicts.nb_NO
|
||||
jq
|
||||
keymapp
|
||||
libreoffice
|
||||
maim
|
||||
mpv
|
||||
nixpkgs-2211.remmina
|
||||
oauth2ms
|
||||
openssl
|
||||
openstackclient
|
||||
pwgen
|
||||
rofi-rbw-x11
|
||||
unstable.tlclient
|
||||
traceroute
|
||||
virt-manager
|
||||
w3m
|
||||
|
||||
(python311.withPackages (ps: with ps; [
|
||||
(unstable.python311.withPackages (ps: with ps; [
|
||||
numpy
|
||||
pycryptodome
|
||||
python-novaclient
|
||||
requests
|
||||
|
||||
python-designateclient
|
||||
python-heatclient
|
||||
python-magnumclient
|
||||
python-novaclient
|
||||
python-openstackclient
|
||||
]))
|
||||
];
|
||||
|
||||
@ -58,7 +64,10 @@ in {
|
||||
enable = true;
|
||||
theme = "iggy";
|
||||
};
|
||||
zsh.shellAliases."rebuild" = "sudo nixos-rebuild switch --flake /config";
|
||||
zsh = {
|
||||
shellAliases."rebuild" = "sudo nixos-rebuild switch --flake /config";
|
||||
prezto.pmodules = [ "ssh" ];
|
||||
};
|
||||
|
||||
neovim.plugins = with pkgs.vimPlugins; [ copilot-vim ];
|
||||
};
|
||||
|
Loading…
Reference in New Issue
Block a user