2
2
mirror of https://git.feal.no/felixalb/nixos-config.git synced 2024-12-21 19:57:30 +01:00

felixalbpc: Configure openstackclient, keymapp, keyring, ssh-agent

This commit is contained in:
Felix Albrigtsen 2024-11-05 13:20:59 +01:00
parent 9fe5f0aae7
commit 157c54ae65
4 changed files with 50 additions and 11 deletions

View File

@ -65,6 +65,7 @@
services.openssh = {
enable = true;
openFirewall = lib.mkDefault true;
settings = {
PermitRootLogin = "no";
PasswordAuthentication = false;
@ -78,8 +79,6 @@
'';
};
networking.firewall.allowedTCPPorts = [ 22 ];
users.users.felixalb = {
isNormalUser = true;
extraGroups = [

View File

@ -21,6 +21,26 @@
nameservers = [ "129.241.0.200" "129.241.0.201" "2001:700:300::200" "2001:700:300::201" ];
domain = "it.ntnu.no";
hostId = "f458d6aa";
# Allow SSH from IT and SSH gateways
firewall.extraCommands = ''
# IT VPN
iptables -I nixos-fw -p tcp -m tcp --dport 22 --source 129.241.117.0/24 -j nixos-fw-accept
ip6tables -I nixos-fw -p tcp -m tcp --dport 22 --source 2001:700:301:12::/63 -j nixos-fw-accept
# SSHGW
iptables -I nixos-fw -p tcp -m tcp --dport 22 --source 129.241.160.72/32 -j nixos-fw-accept
ip6tables -I nixos-fw -p tcp -m tcp --dport 22 --source 2001:700:300:6::72/128 -j nixos-fw-accept
# SSHGW
iptables -I nixos-fw -p tcp -m tcp --dport 22 --source 129.241.210.217/32 -j nixos-fw-accept
ip6tables -I nixos-fw -p tcp -m tcp --dport 22 --source 2001:700:300:1900::1:217/128 -j nixos-fw-accept
'';
firewall.extraStopCommands = ''
iptables -F nixos-fw
ip6tables -F nixos-fw
'';
};
console.keyMap = "no";
@ -28,14 +48,19 @@
nixpkgs.config = {
allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [
"copilot.vim"
"keymapp"
];
};
services.openssh.openFirewall = false;
users.users.felixalb = {
uid = 1328256;
openssh.authorizedKeys.keys = [ ];
};
hardware.keyboard.zsa.enable = true;
system.stateVersion = "24.05";
}

View File

@ -6,9 +6,10 @@
enable = true;
};
xkb = {
options = "ctrl:nocaps";
variant = "intl";
layout = "no,us";
# options = "ctrl:nocaps";
options = "nodeakeys";
variant = "altgr-intl";
layout = "us";
};
windowManager.qtile.enable = true;
};
@ -16,7 +17,10 @@
programs.hyprland.enable = true;
hardware.keyboard.zsa.enable = true;
environment.sessionVariables.NIXOS_OZONE_WL = "1";
environment.sessionVariables = {
NIXOS_OZONE_WL = "1";
SSH_AUTH_SOCK = "/run/user/${toString config.users.users.felixalb.uid}/keyring/ssh";
};
home-manager.users.felixalb = {
services = {
@ -38,6 +42,8 @@
};
};
services.gnome.gnome-keyring.enable = true;
hardware.opengl.enable = true;
# Audio

View File

@ -8,33 +8,39 @@ in {
];
home.packages = with pkgs; [
bc
catimg
chromium
dante
dig
element-desktop
gnome.gnome-keyring
hunspellDicts.en_US
hunspellDicts.nb_NO
jq
keymapp
libreoffice
maim
mpv
nixpkgs-2211.remmina
oauth2ms
openssl
openstackclient
pwgen
rofi-rbw-x11
unstable.tlclient
traceroute
virt-manager
w3m
(python311.withPackages (ps: with ps; [
(unstable.python311.withPackages (ps: with ps; [
numpy
pycryptodome
python-novaclient
requests
python-designateclient
python-heatclient
python-magnumclient
python-novaclient
python-openstackclient
]))
];
@ -58,7 +64,10 @@ in {
enable = true;
theme = "iggy";
};
zsh.shellAliases."rebuild" = "sudo nixos-rebuild switch --flake /config";
zsh = {
shellAliases."rebuild" = "sudo nixos-rebuild switch --flake /config";
prezto.pmodules = [ "ssh" ];
};
neovim.plugins = with pkgs.vimPlugins; [ copilot-vim ];
};