From 157c54ae655d192374da7271c5c131b8a86a300a Mon Sep 17 00:00:00 2001 From: Felix Albrigtsen Date: Tue, 5 Nov 2024 13:20:59 +0100 Subject: [PATCH] felixalbpc: Configure openstackclient, keymapp, keyring, ssh-agent --- base.nix | 3 +-- hosts/felixalbpc/configuration.nix | 25 +++++++++++++++++++++++++ hosts/felixalbpc/desktop/default.nix | 14 ++++++++++---- hosts/felixalbpc/home.nix | 19 ++++++++++++++----- 4 files changed, 50 insertions(+), 11 deletions(-) diff --git a/base.nix b/base.nix index 4fbc4fe..3dbc4fa 100644 --- a/base.nix +++ b/base.nix @@ -65,6 +65,7 @@ services.openssh = { enable = true; + openFirewall = lib.mkDefault true; settings = { PermitRootLogin = "no"; PasswordAuthentication = false; @@ -78,8 +79,6 @@ ''; }; - networking.firewall.allowedTCPPorts = [ 22 ]; - users.users.felixalb = { isNormalUser = true; extraGroups = [ diff --git a/hosts/felixalbpc/configuration.nix b/hosts/felixalbpc/configuration.nix index bdf1fa2..64d1655 100644 --- a/hosts/felixalbpc/configuration.nix +++ b/hosts/felixalbpc/configuration.nix @@ -21,6 +21,26 @@ nameservers = [ "129.241.0.200" "129.241.0.201" "2001:700:300::200" "2001:700:300::201" ]; domain = "it.ntnu.no"; hostId = "f458d6aa"; + + # Allow SSH from IT and SSH gateways + firewall.extraCommands = '' + # IT VPN + iptables -I nixos-fw -p tcp -m tcp --dport 22 --source 129.241.117.0/24 -j nixos-fw-accept + ip6tables -I nixos-fw -p tcp -m tcp --dport 22 --source 2001:700:301:12::/63 -j nixos-fw-accept + + # SSHGW + iptables -I nixos-fw -p tcp -m tcp --dport 22 --source 129.241.160.72/32 -j nixos-fw-accept + ip6tables -I nixos-fw -p tcp -m tcp --dport 22 --source 2001:700:300:6::72/128 -j nixos-fw-accept + + # SSHGW + iptables -I nixos-fw -p tcp -m tcp --dport 22 --source 129.241.210.217/32 -j nixos-fw-accept + ip6tables -I nixos-fw -p tcp -m tcp --dport 22 --source 2001:700:300:1900::1:217/128 -j nixos-fw-accept + ''; + + firewall.extraStopCommands = '' + iptables -F nixos-fw + ip6tables -F nixos-fw + ''; }; console.keyMap = "no"; @@ -28,14 +48,19 @@ nixpkgs.config = { allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ "copilot.vim" + "keymapp" ]; }; + services.openssh.openFirewall = false; + users.users.felixalb = { uid = 1328256; openssh.authorizedKeys.keys = [ ]; }; + hardware.keyboard.zsa.enable = true; + system.stateVersion = "24.05"; } diff --git a/hosts/felixalbpc/desktop/default.nix b/hosts/felixalbpc/desktop/default.nix index 652f2e6..c649610 100644 --- a/hosts/felixalbpc/desktop/default.nix +++ b/hosts/felixalbpc/desktop/default.nix @@ -6,9 +6,10 @@ enable = true; }; xkb = { - options = "ctrl:nocaps"; - variant = "intl"; - layout = "no,us"; + # options = "ctrl:nocaps"; + options = "nodeakeys"; + variant = "altgr-intl"; + layout = "us"; }; windowManager.qtile.enable = true; }; @@ -16,7 +17,10 @@ programs.hyprland.enable = true; hardware.keyboard.zsa.enable = true; - environment.sessionVariables.NIXOS_OZONE_WL = "1"; + environment.sessionVariables = { + NIXOS_OZONE_WL = "1"; + SSH_AUTH_SOCK = "/run/user/${toString config.users.users.felixalb.uid}/keyring/ssh"; + }; home-manager.users.felixalb = { services = { @@ -38,6 +42,8 @@ }; }; + services.gnome.gnome-keyring.enable = true; + hardware.opengl.enable = true; # Audio diff --git a/hosts/felixalbpc/home.nix b/hosts/felixalbpc/home.nix index bd9dee5..496df2e 100644 --- a/hosts/felixalbpc/home.nix +++ b/hosts/felixalbpc/home.nix @@ -8,33 +8,39 @@ in { ]; home.packages = with pkgs; [ + bc catimg chromium dante dig element-desktop - gnome.gnome-keyring hunspellDicts.en_US hunspellDicts.nb_NO jq + keymapp libreoffice maim mpv nixpkgs-2211.remmina oauth2ms openssl - openstackclient pwgen rofi-rbw-x11 unstable.tlclient traceroute + virt-manager w3m - (python311.withPackages (ps: with ps; [ + (unstable.python311.withPackages (ps: with ps; [ numpy pycryptodome - python-novaclient requests + + python-designateclient + python-heatclient + python-magnumclient + python-novaclient + python-openstackclient ])) ]; @@ -58,7 +64,10 @@ in { enable = true; theme = "iggy"; }; - zsh.shellAliases."rebuild" = "sudo nixos-rebuild switch --flake /config"; + zsh = { + shellAliases."rebuild" = "sudo nixos-rebuild switch --flake /config"; + prezto.pmodules = [ "ssh" ]; + }; neovim.plugins = with pkgs.vimPlugins; [ copilot-vim ]; };