system/modules/nixos/programs/communication/telegram.nix

{ config, pkgs, lib, ... }:


let
  cfg = config.local.programs.communication.telegram;

  hostAddress = "192.168.7.10";
  localAddress = "192.168.7.21";

  hostRunPackage = pkgs.writeScript "cont-run" ''
    host=telegram.containers
    if [ -z "$(ssh-keygen -F $host)" ]; then
      ssh-keyscan -H $host >> ~/.ssh/known_hosts
    fi
    ssh -o PubkeyAuthentication=no kira@$host $@
  '';

  hostPackageScript = pkgs.writeScriptBin "${cfg.package.meta.mainProgram}" ''
    ${hostRunPackage} ${cfg.package.meta.mainProgram} $@
  '';

  hostTelegram = pkgs.runCommand "${cfg.package.meta.mainProgram}" { } ''
    mkdir $out
    cp -r ${hostPackageScript}/bin $out/bin
    cp -r ${cfg.package}/share $out/share
  '';
in
{
  options.local.programs.communication.telegram = with lib; {
    enable = mkEnableOption "tdesktop. telegram client";
    package = mkPackageOption pkgs "tdesktop" { };
  };

  config = lib.mkIf cfg.enable {
    environment.systemPackages = [ hostTelegram ];

    hardware.pulseaudio = {
      systemWide = true;
      support32Bit = true;
      tcp = {
        enable = true;
        anonymousClients.allowedIpRanges = [ "127.0.0.1" "192.168.7.0/24" ];
      };
    };

    networking = {
      firewall = {
        allowedTCPPorts = [ 4713 ];
        trustedInterfaces = [ "ve-*" ];
      };
      nat = {
        enable = true;
        internalInterfaces = [ "ve-telegram" ];
        externalInterface = "wg0";
      };
    };

    containers.telegram = {
      autoStart = true;
      ephemeral = true;

      privateNetwork = true;
      inherit hostAddress localAddress;

      bindMounts = {
        "/tmp/.X11-unix" = { };
        "/etc/ssh/keys" = {
          isReadOnly = false;
          hostPath = "/persistence/per-machine/telegram/etc/ssh/keys";
        };
        "/run/opengl-driver/lib" = { };
        "/run/opengl-driver-32/lib" = { };
      };

      config = { pkgs, ... }: {
        system.stateVersion = "23.11";

        fonts = {
          inherit (config.fonts) enableDefaultPackages packages;
          fontconfig = { inherit (config.fonts.fontconfig) defaultFonts; };
        };

        services.openssh = {
          enable = true;
          settings = {
            PasswordAuthentication = true;
            MaxAuthTries = 2;
          };
          hostKeys = [
            {
              bits = 4096;
              path = "/etc/ssh/keys/ssh_host_rsa_key";
              type = "rsa";
            }
            {
              path = "/etc/ssh/keys/ssh_host_ed25519_key";
              type = "ed25519";
            }
          ];
        };

        users.users.kira = {
          isNormalUser = true;
          home = "/home/kira";
          password = "hello";
          extraGroups = [ "pulse-access" ];
          packages = [cfg.package];
        };

        environment.sessionVariables = {
          DISPLAY = ":0";
          PULSE_SERVER = "tcp:${hostAddress}:4713";
        };
      };
    };
  };
}
modules/communications: move skype and telegram to the containers 2024-09-05 18:45:09 +03:00			`{ config, pkgs, lib, ... }:`


			`let`
			`cfg = config.local.programs.communication.telegram;`

			`hostAddress = "192.168.7.10";`
			`localAddress = "192.168.7.21";`

			`hostRunPackage = pkgs.writeScript "cont-run" ''`
			`host=telegram.containers`
			`if [ -z "$(ssh-keygen -F $host)" ]; then`
			`ssh-keyscan -H $host >> ~/.ssh/known_hosts`
			`fi`
			`ssh -o PubkeyAuthentication=no kira@$host $@`
			`'';`

			`hostPackageScript = pkgs.writeScriptBin "${cfg.package.meta.mainProgram}" ''`
			`${hostRunPackage} ${cfg.package.meta.mainProgram} $@`
			`'';`

			`hostTelegram = pkgs.runCommand "${cfg.package.meta.mainProgram}" { } ''`
			`mkdir $out`
			`cp -r ${hostPackageScript}/bin $out/bin`
			`cp -r ${cfg.package}/share $out/share`
			`'';`
			`in`
			`{`
			`options.local.programs.communication.telegram = with lib; {`
			`enable = mkEnableOption "tdesktop. telegram client";`
			`package = mkPackageOption pkgs "tdesktop" { };`
			`};`

			`config = lib.mkIf cfg.enable {`
			`environment.systemPackages = [ hostTelegram ];`

			`hardware.pulseaudio = {`
			`systemWide = true;`
			`support32Bit = true;`
			`tcp = {`
			`enable = true;`
			`anonymousClients.allowedIpRanges = [ "127.0.0.1" "192.168.7.0/24" ];`
			`};`
			`};`

			`networking = {`
			`firewall = {`
			`allowedTCPPorts = [ 4713 ];`
			`trustedInterfaces = [ "ve-*" ];`
			`};`
			`nat = {`
			`enable = true;`
			`internalInterfaces = [ "ve-telegram" ];`
			`externalInterface = "wg0";`
			`};`
			`};`

			`containers.telegram = {`
			`autoStart = true;`
			`ephemeral = true;`

			`privateNetwork = true;`
			`inherit hostAddress localAddress;`

			`bindMounts = {`
			`"/tmp/.X11-unix" = { };`
			`"/etc/ssh/keys" = {`
			`isReadOnly = false;`
			`hostPath = "/persistence/per-machine/telegram/etc/ssh/keys";`
			`};`
			`"/run/opengl-driver/lib" = { };`
			`"/run/opengl-driver-32/lib" = { };`
			`};`

			`config = { pkgs, ... }: {`
			`system.stateVersion = "23.11";`

			`fonts = {`
			`inherit (config.fonts) enableDefaultPackages packages;`
			`fontconfig = { inherit (config.fonts.fontconfig) defaultFonts; };`
			`};`

			`services.openssh = {`
			`enable = true;`
			`settings = {`
			`PasswordAuthentication = true;`
			`MaxAuthTries = 2;`
			`};`
			`hostKeys = [`
			`{`
			`bits = 4096;`
			`path = "/etc/ssh/keys/ssh_host_rsa_key";`
			`type = "rsa";`
			`}`
			`{`
			`path = "/etc/ssh/keys/ssh_host_ed25519_key";`
			`type = "ed25519";`
			`}`
			`];`
			`};`

			`users.users.kira = {`
			`isNormalUser = true;`
			`home = "/home/kira";`
			`password = "hello";`
			`extraGroups = [ "pulse-access" ];`
			`packages = [cfg.package];`
			`};`

			`environment.sessionVariables = {`
			`DISPLAY = ":0";`
			`PULSE_SERVER = "tcp:${hostAddress}:4713";`
			`};`
			`};`
			`};`
			`};`
			`}`