felixalbpc: Configure openstackclient, keymapp, keyring, ssh-agent

base.nix

@@ -65,6 +65,7 @@
 
   services.openssh = {
     enable = true;
+    openFirewall = lib.mkDefault true;
     settings = {
       PermitRootLogin = "no";
       PasswordAuthentication = false;
@@ -78,8 +79,6 @@
     '';
   };
 
-  networking.firewall.allowedTCPPorts = [ 22 ];
-
   users.users.felixalb = {
     isNormalUser = true;
     extraGroups = [

hosts/felixalbpc/configuration.nix

@@ -21,6 +21,26 @@
     nameservers = [ "129.241.0.200" "129.241.0.201" "2001:700:300::200" "2001:700:300::201" ];
     domain = "it.ntnu.no";
     hostId = "f458d6aa";
+
+    # Allow SSH from IT and SSH gateways
+    firewall.extraCommands = ''
+      # IT VPN
+      iptables -I nixos-fw -p tcp -m tcp --dport 22 --source 129.241.117.0/24 -j nixos-fw-accept
+      ip6tables -I nixos-fw -p tcp -m tcp --dport 22 --source 2001:700:301:12::/63 -j nixos-fw-accept
+
+      # SSHGW
+      iptables -I nixos-fw -p tcp -m tcp --dport 22 --source 129.241.160.72/32 -j nixos-fw-accept
+      ip6tables -I nixos-fw -p tcp -m tcp --dport 22 --source 2001:700:300:6::72/128 -j nixos-fw-accept
+
+      # SSHGW
+      iptables -I nixos-fw -p tcp -m tcp --dport 22 --source 129.241.210.217/32 -j nixos-fw-accept
+      ip6tables -I nixos-fw -p tcp -m tcp --dport 22 --source 2001:700:300:1900::1:217/128 -j nixos-fw-accept
+    '';
+
+    firewall.extraStopCommands = ''
+      iptables -F nixos-fw
+      ip6tables -F nixos-fw
+    '';
   };
 
   console.keyMap = "no";
@@ -28,14 +48,19 @@
   nixpkgs.config = {
     allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [
       "copilot.vim"
+      "keymapp"
     ];
   };
 
+  services.openssh.openFirewall = false;
+
   users.users.felixalb = {
     uid = 1328256;
     openssh.authorizedKeys.keys = [ ];
   };
 
+  hardware.keyboard.zsa.enable = true;
+
   system.stateVersion = "24.05";
 }
 

hosts/felixalbpc/desktop/default.nix

@@ -6,9 +6,10 @@
       enable = true;
     };
     xkb = {
-      options = "ctrl:nocaps";
-      variant = "intl";
-      layout = "no,us";
+      # options = "ctrl:nocaps";
+      options = "nodeakeys";
+      variant = "altgr-intl";
+      layout = "us";
     };
     windowManager.qtile.enable = true;
   };
@@ -16,7 +17,10 @@
   programs.hyprland.enable = true;
 
   hardware.keyboard.zsa.enable = true;
-  environment.sessionVariables.NIXOS_OZONE_WL = "1";
+  environment.sessionVariables = {
+    NIXOS_OZONE_WL = "1";
+    SSH_AUTH_SOCK = "/run/user/${toString config.users.users.felixalb.uid}/keyring/ssh";
+  };
 
   home-manager.users.felixalb = {
     services = {
@@ -38,6 +42,8 @@
     };
   };
 
+  services.gnome.gnome-keyring.enable = true;
+
   hardware.opengl.enable = true;
 
   # Audio

hosts/felixalbpc/home.nix

@@ -8,33 +8,39 @@ in {
   ];
 
   home.packages = with pkgs; [
+    bc
     catimg
     chromium
     dante
     dig
     element-desktop
-    gnome.gnome-keyring
     hunspellDicts.en_US
     hunspellDicts.nb_NO
     jq
+    keymapp
     libreoffice
     maim
     mpv
     nixpkgs-2211.remmina
     oauth2ms
     openssl
-    openstackclient
     pwgen
     rofi-rbw-x11
     unstable.tlclient
     traceroute
+    virt-manager
     w3m
 
-    (python311.withPackages (ps: with ps; [
+    (unstable.python311.withPackages (ps: with ps; [
       numpy
       pycryptodome
-      python-novaclient
       requests
+
+      python-designateclient
+      python-heatclient
+      python-magnumclient
+      python-novaclient
+      python-openstackclient
     ]))
   ];
 
@@ -58,7 +64,10 @@ in {
       enable = true;
       theme = "iggy";
     };
-    zsh.shellAliases."rebuild" = "sudo nixos-rebuild switch --flake /config";
+    zsh = {
+      shellAliases."rebuild" = "sudo nixos-rebuild switch --flake /config";
+      prezto.pmodules = [ "ssh" ];
+    };
 
     neovim.plugins = with pkgs.vimPlugins; [ copilot-vim ];
   };